IPWorks Encrypt 2020 JavaScript Edition

Questions / Feedback?

Decrypt Method

Decrypts the payload.

Syntax

async jwe.decrypt(): Promise<void>

Remarks

This method decrypts the input data.

Before calling the Decrypt method set InputMessage or InputFile to a valid compact serialized JWE string. For instance:

eyJhbGciOiJBMjU2R0NNS1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiaXYiOiJMa0tNeTZ5Qlpfbzh6QW92IiwidGFnIjoiSmpMTkRsV3l3bWt3V2pMa0NLU0xxQSJ9.wiwySYm6fXZre-3IdT1tb_02KMQDrMICwUawVf7Gjhc.k84s7ne8J41QnA5BQ31k_A.kjIveRjjNYV4x92CVE9Agw.uAygkyeO2KWeFQIy9JLU0A

The type and format of the private key depends on the algorithm used to encrypt the data. The following table summarizes the relationship:

AlgorithmPrivate Key Location
AESKey
RSA and ECDHCertificate
PBESKeyPassword

If the correct Key or Certificate is not known ahead of time the KeyId parameter of the RecipientInfo event may be used to identify the correct key.

If this method returns without error decryption was successful. If decryption fails then this method fails with an error. After calling this method the payload will be present in the OutputMessage or file specified by OutputFile and the Header* properties will contain the headers. Headers of the parsed message are also available through the HeaderParam event.

The following properties are applicable when calling this method:

Input and Output Properties

The class will determine the source and destination of the input and output based on which properties are set.

The order in which the input properties are checked is as follows:

When a valid source is found the search stops. The order in which the output properties are checked is as follows:

Notes for AES Algorithms (A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW, A256GCMKW)

To decrypt messages that use AES encryption Key must be set to a key of appropriate length for the algorithm. For instance a 256 bit key would be used for A256KW.

The key must be known by both parties in order for encryption and decryption to take place.


byte[] key = new byte[] { 164, 60, 194, 0, 161, 189, 41, 38, 130, 89, 141, 164, 45, 170, 159, 209, 69, 137, 243, 216, 191, 131, 47, 250, 32, 107, 231, 117, 37, 158, 225, 234 };

Jwe jwe = new Jwe();
jwe.KeyB = key;
jwe.InputMessage = encryptedData;
jwe.Decrypt();

string decryptedData = jwe.OutputMessage;

Notes for RSA Algorithms (RSA1_5, RSA-OEAP, RSA-OAEP-256)

The RSA based algorithms use asymmetric encryption. Encrypting is done with a public key and decryption is done with a private key. The certificate with private key must be specified. For instance:


Jwe jwe = new Jwe();
jwe.Certificate = new Certificate(CertStoreTypes.cstPFXFile, "..\\jwt.pfx", "password", "*");
jwe.InputMessage = encryptedData;
jwe.Decrypt();

string decryptedData = jwe.OutputMessage;

Notes for ECDH Algorithms (ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW)

ECDH algorithms require a valid ECC private key to decrypt the message. If the key was originally created with the ECC class the PEM encoded PrivateKey may be used directly with the Certificate property.


Jwe jwe = new Jwe();
jwe.Certificate = new Certificate(CertStoreTypes.cstPEMKeyFile, privKeyFile, "", "*");
jwe.InputMessage = encryptedData;
jwe.Decrypt();

string decryptedData = jwe.OutputMessage;

To use an ECC private key created by other means the ECC class may be used to import the key parameters. Populate the Rx, Ry, and KB properties of the ECC component first to obtain the PEM formatted public key. For instance:


Ecc ecc = new Ecc();

byte[] x_bytes = new byte[] { 171, 170, 196, 151, 94, 196, 231, 12, 128, 232, 17, 61, 45, 105, 41, 209, 192, 187, 112, 242, 110, 178, 95, 240, 36, 55, 83, 171, 190, 176, 78, 13 };
byte[] y_bytes = new byte[] { 197, 75, 134, 245, 245, 28, 199, 9, 7, 117, 1, 54, 49, 178, 135, 252, 62, 89, 35, 180, 117, 80, 231, 23, 110, 250, 28, 124, 219, 253, 224, 156 };
byte[] k_bytes = new byte[] { 81, 65, 201, 24, 235, 249, 162, 148, 169, 150, 109, 181, 61, 238, 145, 122, 31, 30, 151, 94, 239, 90, 222, 217, 63, 103, 54, 2, 176, 232, 248, 168 };

ecc.Key.RxB = x_bytes;
ecc.Key.RyB = y_bytes;
ecc.Key.KB = k_bytes;

string privKey = ecc.Key.PrivateKey;

Jwe jwe = new Jwe();
jwe.Certificate = new Certificate(CertStoreTypes.cstPEMKeyBlob, privKey, "", "*");
jwe.InputMessage = encryptedData;
jwe.Decrypt();

string decryptedData = jwe.OutputMessage;

Notes for PBES Algorithms (PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW

PBES algorithms derive a content encryption key from the KeyPassword property. Set KeyPassword to the shared secret.


Jwe jwe = new Jwe();
jwe.KeyPassword = "secret";
jwe.InputMessage = encryptedData;
jwe.Decrypt();

string decryptedData = jwe.OutputMessage;

Notes for Direct Shared Keys

When Direct encryption is used the Key property must be set to a valid symmetric key that will be used directly by the ContentEncryptionAlgorithm. For instance:


byte[] key = new byte[] { 164, 60, 194, 0, 161, 189, 41, 38, 130, 89, 141, 164, 45, 170, 159, 209, 69, 137, 243, 216, 191, 131, 47, 250, 32, 107, 231, 117, 37, 158, 225, 234 };

Jwe jwe = new Jwe();
jwe.KeyB = key;
jwe.InputMessage = encryptedData;
jwe.Decrypt();

string decryptedData = jwe.OutputMessage;

Copyright (c) 2022 /n software inc. - All rights reserved.
IPWorks Encrypt 2020 JavaScript Edition - Version 20.0 [Build 8262]