How can we pass ECDH apv value for JWE about jwx HOT 7 CLOSED

Ahhhh....

I'm currently away from my computer so I haven't got much more than play.golang.org to fiddle with, but seems like there might have been an omission in the Encrypt/Decrypt API to pass these extra values.

Will look into it further when I'm back in my seat

from jwx.

@lestrrat Thanks. Yes this seems working now.
you are right i was setting headers same way you did in the test however i was having issue in decrypting message.

Thanks again.

from jwx.

@mirrayeesahmad release done. Thanks for the heads up.

from jwx.

Hi, this code does not compile.
Also, what is your expected behavior, and what is it giving you instead?

from jwx.

Sorry i pasted wrong code. there was typo.

Here is the latest.

package main

import (
	"crypto/ecdsa"
	"crypto/elliptic"
	"crypto/rand"
	"fmt"
	"github.com/lestrrat-go/jwx/v2/jwa"
	"github.com/lestrrat-go/jwx/v2/jwe"
	"log"
)

func main() {
	privateKey, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
	if err != nil {
		log.Printf("failed to generate private key: %s", err)
		return
	}
	payload := []byte("Message to Communicate")

	// I want to pass apv for ECDH algo
	encrypted, err := jwe.Encrypt(
		payload,
		jwe.WithJSON(),
		jwe.WithKey(jwa.ECDH_ES, privateKey.PublicKey),
		jwe.WithContentEncryption(jwa.A128GCM),
	)

	if err != nil {
		fmt.Println(err)
	}

	fmt.Println(string(encrypted))

	decrypted, err := jwe.Decrypt(
		encrypted,
		jwe.WithKey(jwa.ECDH_ES, privateKey),
	)

	if err != nil {
		fmt.Printf("failed to decrypt payload: %s\n", err)
		return
	}

	fmt.Printf("%s\n", decrypted)
}

I need to pass apv when algo is ECDH_S. it is shared between sender and receiver. i want to encrypt and decrypt using same apv.

from jwx.

Okay so I made #804.
So I think there were a couple of problems:

The first one was that I didn't document anywhere how to use apu/apv or any other header values. TBH I just didn't have enough test cases that uses apu/apv to recognize this. So if in the future if you feel like it, we would very much appreciate it if you can provide more actual use cases to the JWE test suite. I didn't add a big section on it, but I at least mentioned it here.

The second one was a real bug. When encrypting, apu/apv values were not taken into account to compute the aad value, so when these values were present you were able to encrypt (but the encryption was wrong) and the decryption would thus fail. This has been addressed in #804

All in all, I think the test case in #804 should be the expected behavior, and also shows the way to access these field (jwe.WithPerRecipientHeaders for encryption, and use jwe.WithMessage to retrieve them when decrypting). Please check and let me know if this works as expected, and I'll merge + make a release

from jwx.

Thanks for speedy response! I really appreciate it.

from jwx.