Skip to content

Instantly share code, notes, and snippets.

@alokmenghrajani

alokmenghrajani/gist:026ed6845046b3a9ccf3

Created September 9, 2015 10:28
Show Gist options
  • Save alokmenghrajani/026ed6845046b3a9ccf3 to your computer and use it in GitHub Desktop.
Save alokmenghrajani/026ed6845046b3a9ccf3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
diff --git a/Gruntfile.js b/Gruntfile.js
index eb0c686..79a5646 100644
--- a/Gruntfile.js
+++ b/Gruntfile.js
@@ -16,7 +16,7 @@ module.exports = function(grunt) {
src: [
'lib/jose-core.js',
'lib/jose-jwe-webcryptographer.js',
- 'lib/jose-jwe-utils.js',
+ 'lib/jose-utils.js',
'lib/jose-jwe-encrypt.js',
'lib/jose-jwe-decrypt.js',
'lib/jose-jws-sign.js',
@@ -32,7 +32,7 @@ module.exports = function(grunt) {
src: [
'lib/jose-core.js',
'lib/jose-jwe-webcryptographer.js',
- 'lib/jose-jwe-utils.js',
+ 'lib/jose-utils.js',
'lib/jose-jwe-encrypt.js',
'lib/jose-jwe-decrypt.js',
'lib/jose-jws-sign.js',
@@ -64,8 +64,7 @@ module.exports = function(grunt) {
files: [
{pattern: 'dist/jose-testing.js', watching: false, included: false},
{pattern: 'test/qunit-promises.js', watching: false, included: false},
- 'test/jose-jwe-test.html',
- 'test/jose-jws-test.html'
+ 'test/jose-jwe-test.html'
],
autoWatch: true,
browsers: ['Chrome'],
diff --git a/README.md b/README.md
index 28cb174..c0a3389 100644
--- a/README.md
+++ b/README.md
@@ -5,14 +5,14 @@ Javascript library for Jose JWE and JWS
Overview
--------
-JavaScript library to sign/verify and encrypt/decrypt data in JSON Web Signatures
-and Web Encryption (JWE) formats. This library is designed to work in the browser
-(tested in Chrome 38). It can do RSA-based public/private crypto as well
-as shared key encryption.
+JavaScript library to sign/verify and encrypt/decrypt data in JSON Web
+Signatures and Web Encryption (JWE) formats. This library is designed to work in
+the browser (tested in Chrome 38). It can do RSA-based public/private crypto as
+well as shared key encryption.
-Both JWE and JWS are encapsulation formats which makes it easy to share signatures
-and ciphertext between different platforms: data signed or encrypted in a browser
-can be verified or decrypted in Go, Java, etc.
+Both JWE and JWS are encapsulation formats which makes it easy to share
+signatures and ciphertext between different platforms: data signed or encrypted
+in a browser can be verified or decrypted in Go, Java, etc.
The library uses compact representation. There is therefore no support for
multiple recipients in JWE messages. It should be easy to add that if needed.
@@ -93,7 +93,7 @@ Example signature
var signer = new JoseJWS.Signer(cryptographer);
signer.addSigner(rsa_key).then(function() {
signer.sign(plaintext.textContent, null, {}).then(function(message) {
-
+
console.log(message);
var verifier = new JoseJWS.Verifier(cryptographer, message);
verifier.addRecipient(rsa_key).then(function() {
diff --git a/lib/jose-jwe-decrypt.js b/lib/jose-jwe-decrypt.js
index 8c2dfac..7e53c50 100644
--- a/lib/jose-jwe-decrypt.js
+++ b/lib/jose-jwe-decrypt.js
@@ -21,13 +21,13 @@
* in mind that decryption mutates the cryptographer.
* @param key_promise Promise<CryptoKey>, either RSA or shared key
*/
-JoseJWE.Decrypter = function (cryptographer, key_promise) {
+JoseJWE.Decrypter = function(cryptographer, key_promise) {
this.cryptographer = cryptographer;
this.key_promise = key_promise;
this.headers = {};
};
-JoseJWE.Decrypter.prototype.getHeaders = function () {
+JoseJWE.Decrypter.prototype.getHeaders = function() {
return this.headers;
};
@@ -37,8 +37,7 @@ JoseJWE.Decrypter.prototype.getHeaders = function () {
* @param cipher_text String
* @return Promise<String>
*/
-JoseJWE.Decrypter.prototype.decrypt = function (cipher_text) {
- var that = this;
+JoseJWE.Decrypter.prototype.decrypt = function(cipher_text) {
// Split cipher_text in 5 parts
var parts = cipher_text.split(".");
if (parts.length != 5) {
@@ -46,17 +45,17 @@ JoseJWE.Decrypter.prototype.decrypt = function (cipher_text) {
}
// part 1: header
- that.headers = JSON.parse(Utils.Base64Url.decode(parts[0]));
- if (!that.headers.alg) {
+ this.headers = JSON.parse(Utils.Base64Url.decode(parts[0]));
+ if (!this.headers.alg) {
return Promise.reject(Error("decrypt: missing alg"));
}
- if (!that.headers.enc) {
+ if (!this.headers.enc) {
return Promise.reject(Error("decrypt: missing enc"));
}
- that.cryptographer.setKeyEncryptionAlgorithm(this.headers.alg);
- that.cryptographer.setContentEncryptionAlgorithm(this.headers.enc);
+ this.cryptographer.setKeyEncryptionAlgorithm(this.headers.alg);
+ this.cryptographer.setContentEncryptionAlgorithm(this.headers.enc);
- if (that.headers.crit) {
+ if (this.headers.crit) {
// We don't support the crit header
return Promise.reject(Error("decrypt: crit is not supported"));
}
@@ -67,12 +66,12 @@ JoseJWE.Decrypter.prototype.decrypt = function (cipher_text) {
// the Million Message Attack on Cryptographic Message Syntax". We currently
// only support RSA-OAEP, so we don't generate a key if unwrapping fails.
var encrypted_cek = Utils.Base64Url.decodeArray(parts[1]);
- var cek_promise = that.key_promise.then(function (key) {
+ var cek_promise = this.key_promise.then(function(key) {
return this.cryptographer.unwrapCek(encrypted_cek, key);
- }.bind(that));
+ }.bind(this));
// part 3: decrypt the cipher text
- var plain_text_promise = that.cryptographer.decrypt(
+ var plain_text_promise = this.cryptographer.decrypt(
cek_promise,
Utils.arrayFromString(parts[0]),
Utils.Base64Url.decodeArray(parts[2]),
diff --git a/lib/jose-jwe-encrypt.js b/lib/jose-jwe-encrypt.js
index c498d57..7b53315 100644
--- a/lib/jose-jwe-encrypt.js
+++ b/lib/jose-jwe-encrypt.js
@@ -20,7 +20,7 @@
* @param cryptographer an instance of WebCryptographer (or equivalent).
* @param key_promise Promise<CryptoKey>, either RSA or shared key
*/
-JoseJWE.Encrypter = function (cryptographer, key_promise) {
+JoseJWE.Encrypter = function(cryptographer, key_promise) {
this.cryptographer = cryptographer;
this.key_promise = key_promise;
this.userHeaders = {};
@@ -39,7 +39,7 @@ JoseJWE.Encrypter = function (cryptographer, key_promise) {
* @param k String
* @param v String
*/
-JoseJWE.Encrypter.prototype.addHeader = function (k, v) {
+JoseJWE.Encrypter.prototype.addHeader = function(k, v) {
this.userHeaders[k] = v;
};
@@ -49,8 +49,7 @@ JoseJWE.Encrypter.prototype.addHeader = function (k, v) {
* @param plain_text String
* @return Promise<String>
*/
-JoseJWE.Encrypter.prototype.encrypt = function (plain_text) {
- var that = this;
+JoseJWE.Encrypter.prototype.encrypt = function(plain_text) {
/**
* Encrypts plain_text with CEK.
*
@@ -58,25 +57,24 @@ JoseJWE.Encrypter.prototype.encrypt = function (plain_text) {
* @param plain_text string
* @return Promise<json>
*/
- var encryptPlainText = function (cek_promise, plain_text) {
- var self = this;
+ var encryptPlainText = function(cek_promise, plain_text) {
// Create header
var headers = {};
- for(var i in self.userHeaders) {
- headers[i] = self.userHeaders[i];
+ for (var i in this.userHeaders) {
+ headers[i] = this.userHeaders[i];
}
- headers.alg = self.cryptographer.getKeyEncryptionAlgorithm();
- headers.enc = self.cryptographer.getContentEncryptionAlgorithm();
+ headers.alg = this.cryptographer.getKeyEncryptionAlgorithm();
+ headers.enc = this.cryptographer.getContentEncryptionAlgorithm();
var jwe_protected_header = Utils.Base64Url.encode(JSON.stringify(headers));
// Create the IV
- var iv = self.cryptographer.createIV();
+ var iv = this.cryptographer.createIV();
// Create the AAD
var aad = Utils.arrayFromString(jwe_protected_header);
plain_text = Utils.arrayFromString(plain_text);
- return self.cryptographer.encrypt(iv, aad, cek_promise, plain_text).then(function (r) {
+ return this.cryptographer.encrypt(iv, aad, cek_promise, plain_text).then(function(r) {
r.header = jwe_protected_header;
r.iv = iv;
return r;
@@ -84,20 +82,20 @@ JoseJWE.Encrypter.prototype.encrypt = function (plain_text) {
};
// Create a CEK key
- var cek_promise = that.cryptographer.createCek();
+ var cek_promise = this.cryptographer.createCek();
// Key & Cek allows us to create the encrypted_cek
- var encrypted_cek = Promise.all([that.key_promise, cek_promise]).then(function (all) {
- var key = all[0];
- var cek = all[1];
- return this.cryptographer.wrapCek(cek, key);
- }.bind(this));
+ var encrypted_cek = Promise.all([this.key_promise, cek_promise]).then(function(all) {
+ var key = all[0];
+ var cek = all[1];
+ return this.cryptographer.wrapCek(cek, key);
+ }.bind(this));
// Cek allows us to encrypy the plain text
- var enc_promise = encryptPlainText.bind(that, cek_promise, plain_text)();
+ var enc_promise = encryptPlainText.bind(this, cek_promise, plain_text)();
// Once we have all the promises, we can base64 encode all the pieces.
- return Promise.all([encrypted_cek, enc_promise]).then(function (all) {
+ return Promise.all([encrypted_cek, enc_promise]).then(function(all) {
var encrypted_cek = all[0];
var data = all[1];
return data.header + "." +
diff --git a/lib/jose-jwe-webcryptographer.js b/lib/jose-jwe-webcryptographer.js
index ee93ec5..691637f 100644
--- a/lib/jose-jwe-webcryptographer.js
+++ b/lib/jose-jwe-webcryptographer.js
@@ -21,10 +21,9 @@
* duplication or callback vs Promise based API issues.
*/
var WebCryptographer = function() {
- var that = this;
- that.setKeyEncryptionAlgorithm("RSA-OAEP");
- that.setContentEncryptionAlgorithm("A256GCM");
- that.setContentSignAlgorithm("RS256");
+ this.setKeyEncryptionAlgorithm("RSA-OAEP");
+ this.setContentEncryptionAlgorithm("A256GCM");
+ this.setContentSignAlgorithm("RS256");
};
Jose.WebCryptographer = WebCryptographer;
@@ -92,10 +91,9 @@ WebCryptographer.prototype.wrapCek = function(cek, key) {
};
WebCryptographer.prototype.unwrapCek = function(cek, key) {
- var that = this;
- var hack = getCekWorkaround(that.content_encryption);
- var extractable = (that.content_encryption.specific_cek_bytes > 0);
- var key_encryption = that.key_encryption.id;
+ var hack = getCekWorkaround(this.content_encryption);
+ var extractable = (this.content_encryption.specific_cek_bytes > 0);
+ var key_encryption = this.key_encryption.id;
return crypto.subtle.unwrapKey("raw", cek, key, key_encryption, hack.id, extractable, hack.dec_op);
};
@@ -275,7 +273,6 @@ WebCryptographer.prototype.decrypt = function(cek_promise, aad, iv, cipher_text,
};
return crypto.subtle.decrypt(dec, enc_key, cipher_text);
}).catch(function(err) {
- console.log(err);
return Promise.reject(Error("decryptCiphertext: MAC failed."));
});
});
diff --git a/lib/jose-jws-sign.js b/lib/jose-jws-sign.js
index b114667..2eb0c53 100644
--- a/lib/jose-jws-sign.js
+++ b/lib/jose-jws-sign.js
@@ -45,7 +45,7 @@ JoseJWS.Signer = function (cryptographer) {
*/
JoseJWS.Signer.prototype.addSigner = function (rsa_key, key_id, aad, header) {
var that = this,
- key_promise = isCryptoKey(rsa_key) ? new Promise(function (resolve) {
+ key_promise = Utils.isCryptoKey(rsa_key) ? new Promise(function (resolve) {
resolve(rsa_key);
}) : Jose.Utils.importRsaPrivateKey(rsa_key, aad && aad.alg ? aad.alg : that.cryptographer.getContentSignAlgorithm(), "sign"),
kid_promise;
@@ -54,7 +54,7 @@ JoseJWS.Signer.prototype.addSigner = function (rsa_key, key_id, aad, header) {
kid_promise = new Promise(function (resolve) {
resolve(key_id);
});
- } else if (isCryptoKey(rsa_key)) {
+ } else if (Utils.isCryptoKey(rsa_key)) {
throw new Error("key_id is a mandatory argument when the key is a CryptoKey");
} else {
kid_promise = Jose.WebCryptographer.keyId(rsa_key);
@@ -127,7 +127,7 @@ JoseJWS.Signer.prototype.sign = function (payload, aad, header) {
}
if (!protectedHeader.alg) {
- protectedHeader.alg = cryptographer.getContentSignAlgorithm();
+ protectedHeader.alg = that.cryptographer.getContentSignAlgorithm();
protectedHeader.typ = "JWT";
}
diff --git a/lib/jose-jws-verify.js b/lib/jose-jws-verify.js
index bfacef4..214b5ef 100644
--- a/lib/jose-jws-verify.js
+++ b/lib/jose-jws-verify.js
@@ -126,7 +126,7 @@ JoseJWS.Verifier.prototype.addRecipient = function (rsa_key, key_id, alg) {
var that = this,
kid_promise,
- key_promise = isCryptoKey(rsa_key) ? new Promise(function (resolve) {
+ key_promise = Utils.isCryptoKey(rsa_key) ? new Promise(function (resolve) {
resolve(rsa_key);
}) : Jose.Utils.importRsaPublicKey(rsa_key, alg || that.cryptographer.getContentSignAlgorithm(), "verify");
@@ -134,7 +134,7 @@ JoseJWS.Verifier.prototype.addRecipient = function (rsa_key, key_id, alg) {
kid_promise = new Promise(function (resolve) {
resolve(key_id);
});
- } else if (isCryptoKey(rsa_key)) {
+ } else if (Utils.isCryptoKey(rsa_key)) {
throw new Error("key_id is a mandatory argument when the key is a CryptoKey");
} else {
console.log("it's not safe to not pass a key_id");
diff --git a/lib/jose-jwe-utils.js b/lib/jose-utils.js
similarity index 93%
rename from lib/jose-jwe-utils.js
rename to lib/jose-utils.js
index 070c48b..a8655fd 100644
--- a/lib/jose-jwe-utils.js
+++ b/lib/jose-utils.js
@@ -30,14 +30,9 @@ var Utils = {};
* @return Promise<CryptoKey>
*/
Jose.Utils.importRsaPublicKey = function(rsa_key, alg) {
- var jwk,
- config = null,
- rk,
- usage;
-
- alg = alg || rsa_key.alg || "RSA-OAEP";
-
- usage = getKeyUsageByAlg(alg);
+ var jwk;
+ var config;
+ var usage = getKeyUsageByAlg(alg);
if (usage.publicKey == "wrapKey") {
if (!rsa_key.alg) {
@@ -46,7 +41,7 @@ Jose.Utils.importRsaPublicKey = function(rsa_key, alg) {
jwk = Utils.convertRsaKey(rsa_key, ["n", "e"]);
config = getCryptoConfig(alg);
} else {
- rk = {};
+ var rk = {};
for (var name in rsa_key) {
if (rsa_key.hasOwnProperty(name)) {
rk[name] = rsa_key[name];
@@ -76,14 +71,9 @@ Jose.Utils.importRsaPublicKey = function(rsa_key, alg) {
* @return Promise<CryptoKey>
*/
Jose.Utils.importRsaPrivateKey = function(rsa_key, alg) {
- var jwk,
- config,
- rk,
- usage;
-
- alg = alg || rsa_key.alg || "RSA-OAEP";
-
- usage = getKeyUsageByAlg(alg);
+ var jwk;
+ var config;
+ var usage = getKeyUsageByAlg(alg);
if (usage.privateKey == "unwrapKey") {
if (!rsa_key.alg) {
@@ -92,7 +82,7 @@ Jose.Utils.importRsaPrivateKey = function(rsa_key, alg) {
jwk = Utils.convertRsaKey(rsa_key, ["n", "e", "d", "p", "q", "dp", "dq", "qi"]);
config = getCryptoConfig("RSA-OAEP");
} else {
- rk = {};
+ var rk = {};
for (var name in rsa_key) {
if (rsa_key.hasOwnProperty(name)) {
rk[name] = rsa_key[name];
@@ -144,16 +134,12 @@ Utils.arrayish = function(arr) {
* @return json
*/
Utils.convertRsaKey = function(rsa_key, parameters) {
- var r = {},
- alg;
+ var r = {};
+ var alg;
// Check that we have all the parameters
var missing = [];
- parameters.map(function(p) {
- if (typeof(rsa_key[p]) == "undefined") {
- missing.push(p);
- }
- });
+ parameters.map(function(p){if (typeof(rsa_key[p]) == "undefined") { missing.push(p); }});
if (missing.length > 0) {
Jose.assert(false, "convertRsaKey: Was expecting " + missing.join());
@@ -173,11 +159,9 @@ Utils.convertRsaKey = function(rsa_key, parameters) {
getCryptoConfig(rsa_key.alg);
alg = rsa_key.alg;
} catch (er) {
+ Jose.assert(alg, "convertRsaKey: expecting rsa_key['alg'] to have a valid value");
}
}
-
- Jose.assert(alg, "convertRsaKey: expecting rsa_key['alg'] to have a valid value");
-
r.alg = alg;
// note: we punt on checking key_ops
@@ -353,17 +337,16 @@ Utils.sha256 = function(str) {
});
};
-var isCryptoKey = function(rsa_key) {
-
+Utils.isCryptoKey = function(rsa_key) {
var hexStr = /[a-f0-9]{2}(:[a-f0-9]{2})+/i;
- if (typeof window.CryptoKey != 'undefined') {
+ if (typeof(window.CryptoKey) != 'undefined') {
return rsa_key instanceof CryptoKey;
}
if (rsa_key instanceof Object) {
return hexStr.test(rsa_key.n) &&
- ((hexStr.test(rsa_key.e) || typeof rsa_key.e == 'number') ||
+ ((hexStr.test(rsa_key.e) || typeof(rsa_key.e) == 'number') ||
(hexStr.test(rsa_key.d) &&
hexStr.test(rsa_key.p) &&
hexStr.test(rsa_key.q) &&
diff --git a/test/jose-jwe-test.html b/test/jose-jwe-test.html
index 3cfb96c..5157964 100644
--- a/test/jose-jwe-test.html
+++ b/test/jose-jwe-test.html
@@ -1,325 +1,325 @@
<!doctype html>
<html>
-<head>
- <meta charset="utf-8">
- <title>Jose JWE Test</title>
-
- <script src="qunit-promises.js"></script>
- <script src="../dist/jose-testing.js"></script>
-
- <script>
- test("encryption using RSAES OAEP and AES GCM (keys & IV from appendix-A.1)", function(assert) {
- var cryptographer = new Jose.WebCryptographer();
- cryptographer.createIV = function() {
- return new Uint8Array([227, 197, 117, 252, 2, 219, 233, 68, 180, 225, 77, 219]);
- };
- cryptographer.createCek = function() {
- var cek = new Uint8Array([177, 161, 244, 128, 84, 143, 225, 115, 63, 180, 3, 255, 107, 154, 212, 246, 138, 7, 110, 91, 112, 46, 34, 105, 47, 130, 203, 46, 122, 234, 64, 252]);
- return crypto.subtle.importKey("raw", cek, {name: "AES-GCM"}, true, ["encrypt"]);
- };
- var rsa_key =
- {
- "kty": "RSA",
- "n": "oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW"+
- "cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S"+
- "psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a"+
- "sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS"+
- "tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj"+
- "YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw",
- "e": "AQAB",
- "d": "kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N"+
- "WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9"+
- "3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk"+
- "qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl"+
- "t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd"+
- "VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ",
- "p": "1r52Xk46c-LsfB5P442p7atdPUrxQSy4mti_tZI3Mgf2EuFVbUoDBvaRQ-"+
- "SWxkbkmoEzL7JXroSBjSrK3YIQgYdMgyAEPTPjXv_hI2_1eTSPVZfzL0lf"+
- "fNn03IXqWF5MDFuoUYE0hzb2vhrlN_rKrbfDIwUbTrjjgieRbwC6Cl0",
- "q": "wLb35x7hmQWZsWJmB_vle87ihgZ19S8lBEROLIsZG4ayZVe9Hi9gDVCOBm"+
- "UDdaDYVTSNx_8Fyw1YYa9XGrGnDew00J28cRUoeBB_jKI1oma0Orv1T9aX"+
- "IWxKwd4gvxFImOWr3QRL9KEBRzk2RatUBnmDZJTIAfwTs0g68UZHvtc",
- "dp": "ZK-YwE7diUh0qR1tR7w8WHtolDx3MZ_OTowiFvgfeQ3SiresXjm9gZ5KL"+
- "hMXvo-uz-KUJWDxS5pFQ_M0evdo1dKiRTjVw_x4NyqyXPM5nULPkcpU827"+
- "rnpZzAJKpdhWAgqrXGKAECQH0Xt4taznjnd_zVpAmZZq60WPMBMfKcuE",
- "dq": "Dq0gfgJ1DdFGXiLvQEZnuKEN0UUmsJBxkjydc3j4ZYdBiMRAy86x0vHCj"+
- "ywcMlYYg4yoC4YZa9hNVcsjqA3FeiL19rk8g6Qn29Tt0cj8qqyFpz9vNDB"+
- "UfCAiJVeESOjJDZPYHdHY8v1b-o-Z2X5tvLx-TCekf7oxyeKDUqKWjis",
- "qi": "VIMpMYbPf47dT1w_zDUXfPimsSegnMOA1zTaX7aGk_8urY6R8-ZW1FxU7"+
- "AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3"+
- "eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY"
+ <head>
+ <meta charset="utf-8">
+ <title>Jose JWE Test</title>
+
+ <script src="qunit-promises.js"></script>
+ <script src="../dist/jose-testing.js"></script>
+
+ <script>
+ test("encryption using RSAES OAEP and AES GCM (keys & IV from appendix-A.1)", function(assert) {
+ var cryptographer = new Jose.WebCryptographer();
+ cryptographer.createIV = function() {
+ return new Uint8Array([227, 197, 117, 252, 2, 219, 233, 68, 180, 225, 77, 219]);
};
- var public_rsa_key = Jose.Utils.importRsaPublicKey(rsa_key);
- var plain_text = "The true sign of intelligence is not knowledge but imagination.";
- var encrypter = new JoseJWE.Encrypter(cryptographer, public_rsa_key);
- var cipher_text_promise = encrypter.encrypt(plain_text);
-
- assert.willEqual(cipher_text_promise.then(function(result){return result.split('.').length}),
- 5, "got right number of components");
-
- assert.willEqual(cipher_text_promise.then(function(result){return result.split('.')[0]}),
- "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ",
- "got expected header");
-
- assert.willEqual(cipher_text_promise.then(function(result){return result.split('.')[2]}),
- "48V1_ALb6US04U3b",
- "got expected IV");
-
- assert.willEqual(cipher_text_promise.then(function(result){return result.split('.')[3]}),
- "5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6jiSdiwkIr3ajwQzaBtQD_A",
- "got expected cipher text");
-
- assert.willEqual(cipher_text_promise.then(function(result){return result.split('.')[4]}),
- "XFBoMYUZodetZdvTiFvSkQ",
- "got expected tag");
-
- var private_rsa_key = Jose.Utils.importRsaPrivateKey(rsa_key);
- var decrypter = new JoseJWE.Decrypter(cryptographer, private_rsa_key);
- var decrypted_plain_text_promise = cipher_text_promise.then(function(cipher_text){
- return decrypter.decrypt(cipher_text);
- });
- assert.willEqual(decrypted_plain_text_promise, plain_text, "Error: got expected decrypted plain text");
-
- // Modify string and check for invalid tag
- var mac_failure = cipher_text_promise.then(function(cipher_text) {
- cipher_text = cipher_text.split('.');
- cipher_text.pop();
- cipher_text.push("WFBoMYUZodetZdvTiFvSkQ");
- return decrypter.decrypt(cipher_text.join('.'));
- });
- assert.wontEqual(mac_failure, "OperationError: ", "invalid tag did not cause failure");
- });
-
- // We can't test appendix-A.2 because Chrome dropped support for RSAES-PKCS1-V1_5.
- test("encryption using AES Key Wrap and AES_128_CBC_HMAC_SHA_256 (keys & IV from appendix-A.3)", function(assert) {
- var cryptographer = new Jose.WebCryptographer();
- cryptographer.setKeyEncryptionAlgorithm("A128KW");
- cryptographer.setContentEncryptionAlgorithm("A128CBC-HS256");
-
- cryptographer.createIV = function() {
- return new Uint8Array([3, 22, 60, 12, 43, 67, 104, 105, 108, 108, 105, 99, 111, 116, 104, 101]);
- };
- cryptographer.createCek = function() {
- var cek = new Uint8Array([4, 211, 31, 197, 84, 157, 252, 254, 11, 100, 157, 250, 63, 170, 106, 206, 107, 124, 212, 45, 111, 107, 9, 219, 200, 177, 0, 240, 143, 156, 44, 207]);
- return crypto.subtle.importKey("raw", cek, {name: "AES-GCM"}, true, ["encrypt"]);
- };
- var shared_key = {"kty":"oct", "k":"GawgguFyGrWKav7AX4VKUg"};
- shared_key = crypto.subtle.importKey("jwk", shared_key, {name: "AES-KW"}, true, ["wrapKey", "unwrapKey"]);
-
- var plain_text = "Live long and prosper.";
- var encrypter = new JoseJWE.Encrypter(cryptographer, shared_key);
- var cipher_text_promise = encrypter.encrypt(plain_text);
-
- assert.willEqual(cipher_text_promise.then(function(result){return result.split('.').length}),
- 5, "got right number of components");
-
- assert.willEqual(cipher_text_promise.then(function(result){return result.split('.')[0]}),
- "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
- "got expected header");
-
- assert.willEqual(cipher_text_promise.then(function(result){return result.split('.')[1]}),
- "6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ",
- "got expected encrypted key");
-
- assert.willEqual(cipher_text_promise.then(function(result){return result.split('.')[2]}),
- "AxY8DCtDaGlsbGljb3RoZQ",
- "got expected IV");
-
- assert.willEqual(cipher_text_promise.then(function(result){return result.split('.')[3]}),
- "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY",
- "got expected cipher text");
-
- assert.willEqual(cipher_text_promise.then(function(result){return result.split('.')[4]}),
- "U0m_YmjN04DJvceFICbCVQ",
- "got expected tag");
-
- var decrypter = new JoseJWE.Decrypter(cryptographer, shared_key);
- var decrypted_plain_text_promise = cipher_text_promise.then(function(cipher_text){
- return decrypter.decrypt(cipher_text);
- });
- assert.willEqual(decrypted_plain_text_promise, plain_text, "got expected decrypted plain text");
-
- // Modify string and check for invalid tag
- var mac_failure = cipher_text_promise.then(function(cipher_text) {
- cipher_text = cipher_text.split('.');
- cipher_text.pop();
- cipher_text.push("WEm_YmjN04DJvceFICbCVQ");
- return decrypter.decrypt(cipher_text.join('.'));
- });
- assert.wontEqual(mac_failure, "Error: decryptCiphertext: MAC failed.", "invalid tag did not cause failure");
- });
-
- test("key import", function(assert) {
- var cryptographer = new Jose.WebCryptographer();
- cryptographer.setContentEncryptionAlgorithm("A128CBC-HS256");
-
- // Key was generated with: `openssl genrsa 1024 | openssl rsa -text`
- var rsa_key = {
- "e": 65537,
- "n": "00:bf:53:bf:5b:19:bc:80:5c:88:15:d8:a5:f7:70:cf:c7:0c:aa:f5:b4:07:b8:d1:7b:3a:34:fc:b3:d8:25:46:86:58:5a:d5:69:49:8d:83:23:cd:e2:87:cd:4a:6d:39:a6:8a:dd:dd:c2:e4:d0:ce:7b:a3:d8:28:f8:f0:af:eb:87:2f:f5:c5:bc:5b:c2:08:ec:67:8a:96:57:bb:b6:6b:b5:a2:7d:ab:ff:67:13:09:1b:32:ba:89:c2:27:fd:1b:00:8b:1b:a0:44:3f:a5:4c:39:75:cd:dd:be:75:e6:c7:a5:4f:27:e3:e8:91:0b:1f:38:b7:f5:f7:03:88:f5:1e:b5",
- "d": "0d:f4:61:c4:97:3f:f4:6c:cb:50:2c:99:0e:4f:20:18:78:88:0f:9b:ad:e4:81:02:e7:df:ed:7e:80:89:57:77:7d:02:43:06:86:e2:d7:69:c9:1e:78:a1:34:88:7a:e7:f6:c0:ef:e7:c3:20:a7:ae:c4:e8:83:34:84:f9:8f:c8:10:22:b5:19:ad:07:de:18:5d:d2:ff:27:c2:a7:42:1b:9a:6b:64:43:75:6e:e7:6d:5e:3a:77:fd:2a:65:18:a5:e9:46:79:ea:50:60:a9:27:21:7b:da:71:9b:00:0d:07:63:0f:e4:a7:f7:d7:3c:32:19:b2:73:a5:2b:24:8d:01",
- "p": "00:de:16:f5:44:0a:bf:b5:4c:00:ce:1b:fe:e9:33:6b:47:66:0e:f9:a8:b1:44:ee:54:3f:1c:51:0d:36:fb:40:3a:53:61:46:3b:63:ee:6b:95:54:1d:b2:49:30:47:92:fd:b7:69:87:a5:f0:91:ab:16:ed:1d:0a:c3:ee:27:3c:71",
- "q": "00:dc:8a:57:d7:1a:ba:2d:e9:07:39:bf:64:ef:b2:f2:91:20:6c:32:4b:0d:15:2e:78:ab:a5:99:c5:4f:25:40:cc:8a:9c:d4:f5:3d:ab:a7:e1:e6:d4:97:90:66:bc:fb:45:af:c6:84:1d:1c:56:f6:18:7a:b2:81:27:e3:fa:38:85",
- "dp": "00:9b:4b:2e:61:4f:aa:d1:98:bd:8f:61:a0:13:6c:b2:fd:0f:ee:34:c0:b2:83:e2:aa:e2:1e:68:c6:76:c5:a5:19:a3:a8:07:36:0c:20:70:f5:d0:05:9b:de:f5:75:76:e1:16:59:22:52:f4:2e:c7:95:96:63:92:5d:82:af:c8:e1",
- "dq": "74:1d:fb:05:ec:b2:9e:3d:95:6a:58:55:82:c7:4b:64:12:18:25:9a:d2:76:96:93:3e:7c:e0:ab:bc:72:36:dd:fb:15:7c:22:eb:a7:97:ab:1f:68:4b:ac:e2:0b:1a:99:a4:64:f7:66:84:67:5d:07:a2:82:9d:f2:2c:dc:b0:29",
- "qi": "0c:c8:32:20:2e:df:d7:85:0f:e6:50:ec:ba:1b:6f:60:dd:18:79:3f:d4:ac:d8:6c:bf:05:d7:68:11:3f:2e:1b:26:d5:63:9d:c7:02:0f:e0:c2:70:49:c9:d1:7b:68:66:da:17:36:f5:f2:6b:4e:06:bd:db:29:04:c6:34:7a:e0"
- };
-
- var public_rsa_key = Jose.Utils.importRsaPublicKey(rsa_key, "RSA-OAEP");
- var plain_text = "Look deep into nature, and then you will understand everything better. --Albert Einstein";
- var encrypter = new JoseJWE.Encrypter(cryptographer, public_rsa_key);
- var cipher_text_promise = encrypter.encrypt(plain_text);
-
- var private_rsa_key = Jose.Utils.importRsaPrivateKey(rsa_key, "RSA-OAEP");
- var decrypted_plain_text_promise = cipher_text_promise.then(function(cipher_text){
+ cryptographer.createCek = function() {
+ var cek = new Uint8Array([177, 161, 244, 128, 84, 143, 225, 115, 63, 180, 3, 255, 107, 154, 212, 246, 138, 7, 110, 91, 112, 46, 34, 105, 47, 130, 203, 46, 122, 234, 64, 252]);
+ return crypto.subtle.importKey("raw", cek, {name: "AES-GCM"}, true, ["encrypt"]);
+ };
+ var rsa_key =
+ {
+ "kty": "RSA",
+ "n": "oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW"+
+ "cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S"+
+ "psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a"+
+ "sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS"+
+ "tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj"+
+ "YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw",
+ "e": "AQAB",
+ "d": "kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N"+
+ "WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9"+
+ "3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk"+
+ "qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl"+
+ "t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd"+
+ "VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ",
+ "p": "1r52Xk46c-LsfB5P442p7atdPUrxQSy4mti_tZI3Mgf2EuFVbUoDBvaRQ-"+
+ "SWxkbkmoEzL7JXroSBjSrK3YIQgYdMgyAEPTPjXv_hI2_1eTSPVZfzL0lf"+
+ "fNn03IXqWF5MDFuoUYE0hzb2vhrlN_rKrbfDIwUbTrjjgieRbwC6Cl0",
+ "q": "wLb35x7hmQWZsWJmB_vle87ihgZ19S8lBEROLIsZG4ayZVe9Hi9gDVCOBm"+
+ "UDdaDYVTSNx_8Fyw1YYa9XGrGnDew00J28cRUoeBB_jKI1oma0Orv1T9aX"+
+ "IWxKwd4gvxFImOWr3QRL9KEBRzk2RatUBnmDZJTIAfwTs0g68UZHvtc",
+ "dp": "ZK-YwE7diUh0qR1tR7w8WHtolDx3MZ_OTowiFvgfeQ3SiresXjm9gZ5KL"+
+ "hMXvo-uz-KUJWDxS5pFQ_M0evdo1dKiRTjVw_x4NyqyXPM5nULPkcpU827"+
+ "rnpZzAJKpdhWAgqrXGKAECQH0Xt4taznjnd_zVpAmZZq60WPMBMfKcuE",
+ "dq": "Dq0gfgJ1DdFGXiLvQEZnuKEN0UUmsJBxkjydc3j4ZYdBiMRAy86x0vHCj"+
+ "ywcMlYYg4yoC4YZa9hNVcsjqA3FeiL19rk8g6Qn29Tt0cj8qqyFpz9vNDB"+
+ "UfCAiJVeESOjJDZPYHdHY8v1b-o-Z2X5tvLx-TCekf7oxyeKDUqKWjis",
+ "qi": "VIMpMYbPf47dT1w_zDUXfPimsSegnMOA1zTaX7aGk_8urY6R8-ZW1FxU7"+
+ "AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3"+
+ "eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY"
+ };
+ var public_rsa_key = Jose.Utils.importRsaPublicKey(rsa_key, "RSA-OAEP");
+ var plain_text = "The true sign of intelligence is not knowledge but imagination.";
+ var encrypter = new JoseJWE.Encrypter(cryptographer, public_rsa_key);
+ var cipher_text_promise = encrypter.encrypt(plain_text);
+
+ assert.willEqual(cipher_text_promise.then(function(result){return result.split('.').length}),
+ 5, "got right number of components");
+
+ assert.willEqual(cipher_text_promise.then(function(result){return result.split('.')[0]}),
+ "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ",
+ "got expected header");
+
+ assert.willEqual(cipher_text_promise.then(function(result){return result.split('.')[2]}),
+ "48V1_ALb6US04U3b",
+ "got expected IV");
+
+ assert.willEqual(cipher_text_promise.then(function(result){return result.split('.')[3]}),
+ "5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6jiSdiwkIr3ajwQzaBtQD_A",
+ "got expected cipher text");
+
+ assert.willEqual(cipher_text_promise.then(function(result){return result.split('.')[4]}),
+ "XFBoMYUZodetZdvTiFvSkQ",
+ "got expected tag");
+
+ var private_rsa_key = Jose.Utils.importRsaPrivateKey(rsa_key, "RSA-OAEP");
var decrypter = new JoseJWE.Decrypter(cryptographer, private_rsa_key);
- return decrypter.decrypt(cipher_text);
- });
- assert.willEqual(decrypted_plain_text_promise, plain_text, "got expected decrypted plain text");
- });
-
- test("extra headers", function(assert) {
- var cryptographer = new Jose.WebCryptographer();
- cryptographer.setKeyEncryptionAlgorithm("A128KW");
- var shared_key = {"kty":"oct", "k":"GawgguFyGrWKav7AX4VKUg"};
- shared_key = crypto.subtle.importKey("jwk", shared_key, cryptographer.key_encryption.id, true, ["wrapKey", "unwrapKey"]);
- var plain_text = "I only went out for a walk and finally concluded to stay out till sundown, for going out, I found, was really going in. --John Muir";
-
- var encrypter = new JoseJWE.Encrypter(cryptographer, shared_key);
- encrypter.addHeader("cty", "text/plain");
- var cipher_text_promise = encrypter.encrypt(plain_text);
-
- var decrypter = new JoseJWE.Decrypter(cryptographer, shared_key);
- var decrypted_plain_text_promise = cipher_text_promise.then(function(cipher_text){
- return decrypter.decrypt(cipher_text);
+ var decrypted_plain_text_promise = cipher_text_promise.then(function(cipher_text){
+ return decrypter.decrypt(cipher_text);
+ });
+ assert.willEqual(decrypted_plain_text_promise, plain_text, "Error: got expected decrypted plain text");
+
+ // Modify string and check for invalid tag
+ var mac_failure = cipher_text_promise.then(function(cipher_text) {
+ cipher_text = cipher_text.split('.');
+ cipher_text.pop();
+ cipher_text.push("WFBoMYUZodetZdvTiFvSkQ");
+ return decrypter.decrypt(cipher_text.join('.'));
+ });
+ assert.wontEqual(mac_failure, "OperationError: ", "invalid tag did not cause failure");
});
- assert.willEqual(decrypted_plain_text_promise.then(function(_){return decrypter.getHeaders()['cty']}), "text/plain", "got expected header");
- });
-
- test("RSA-OAEP-256 with A256CBC-HS512", function(assert) {
- var cryptographer = new Jose.WebCryptographer();
- cryptographer.setKeyEncryptionAlgorithm("RSA-OAEP-256");
- cryptographer.setContentEncryptionAlgorithm("A256CBC-HS512");
- var key_promise = crypto.subtle.generateKey({
- name: "RSA-OAEP",
- hash: {name: "SHA-256"},
- modulusLength: 2048,
- publicExponent: new Uint8Array([0x01, 0x00, 0x01])}, false, ["wrapKey", "unwrapKey"]);
- var plain_text = "Always remember that you are absolutely unique. Just like everyone else. --Margaret Mead";
-
- var decrypted_plain_text_promise = key_promise.then(function(key) {
- var encrypter = new JoseJWE.Encrypter(cryptographer, Promise.resolve(key.publicKey));
- return encrypter.encrypt(plain_text).then(function(cipher_text) {
- var decrypter = new JoseJWE.Decrypter(cryptographer, Promise.resolve(key.privateKey));
+
+ // We can't test appendix-A.2 because Chrome dropped support for RSAES-PKCS1-V1_5.
+ test("encryption using AES Key Wrap and AES_128_CBC_HMAC_SHA_256 (keys & IV from appendix-A.3)", function(assert) {
+ var cryptographer = new Jose.WebCryptographer();
+ cryptographer.setKeyEncryptionAlgorithm("A128KW");
+ cryptographer.setContentEncryptionAlgorithm("A128CBC-HS256");
+
+ cryptographer.createIV = function() {
+ return new Uint8Array([3, 22, 60, 12, 43, 67, 104, 105, 108, 108, 105, 99, 111, 116, 104, 101]);
+ };
+ cryptographer.createCek = function() {
+ var cek = new Uint8Array([4, 211, 31, 197, 84, 157, 252, 254, 11, 100, 157, 250, 63, 170, 106, 206, 107, 124, 212, 45, 111, 107, 9, 219, 200, 177, 0, 240, 143, 156, 44, 207]);
+ return crypto.subtle.importKey("raw", cek, {name: "AES-GCM"}, true, ["encrypt"]);
+ };
+ var shared_key = {"kty":"oct", "k":"GawgguFyGrWKav7AX4VKUg"};
+ shared_key = crypto.subtle.importKey("jwk", shared_key, {name: "AES-KW"}, true, ["wrapKey", "unwrapKey"]);
+
+ var plain_text = "Live long and prosper.";
+ var encrypter = new JoseJWE.Encrypter(cryptographer, shared_key);
+ var cipher_text_promise = encrypter.encrypt(plain_text);
+
+ assert.willEqual(cipher_text_promise.then(function(result){return result.split('.').length}),
+ 5, "got right number of components");
+
+ assert.willEqual(cipher_text_promise.then(function(result){return result.split('.')[0]}),
+ "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
+ "got expected header");
+
+ assert.willEqual(cipher_text_promise.then(function(result){return result.split('.')[1]}),
+ "6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ",
+ "got expected encrypted key");
+
+ assert.willEqual(cipher_text_promise.then(function(result){return result.split('.')[2]}),
+ "AxY8DCtDaGlsbGljb3RoZQ",
+ "got expected IV");
+
+ assert.willEqual(cipher_text_promise.then(function(result){return result.split('.')[3]}),
+ "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY",
+ "got expected cipher text");
+
+ assert.willEqual(cipher_text_promise.then(function(result){return result.split('.')[4]}),
+ "U0m_YmjN04DJvceFICbCVQ",
+ "got expected tag");
+
+ var decrypter = new JoseJWE.Decrypter(cryptographer, shared_key);
+ var decrypted_plain_text_promise = cipher_text_promise.then(function(cipher_text){
return decrypter.decrypt(cipher_text);
});
+ assert.willEqual(decrypted_plain_text_promise, plain_text, "got expected decrypted plain text");
+
+ // Modify string and check for invalid tag
+ var mac_failure = cipher_text_promise.then(function(cipher_text) {
+ cipher_text = cipher_text.split('.');
+ cipher_text.pop();
+ cipher_text.push("WEm_YmjN04DJvceFICbCVQ");
+ return decrypter.decrypt(cipher_text.join('.'));
+ });
+ assert.wontEqual(mac_failure, "Error: decryptCiphertext: MAC failed.", "invalid tag did not cause failure");
});
- assert.willEqual(decrypted_plain_text_promise, plain_text, "got expected decrypted plain text");
- });
- test("A256KW with A128GCM", function(assert) {
- var cryptographer = new Jose.WebCryptographer();
- cryptographer.setKeyEncryptionAlgorithm("A256KW");
- cryptographer.setContentEncryptionAlgorithm("A128GCM");
+ test("key import", function(assert) {
+ var cryptographer = new Jose.WebCryptographer();
+ cryptographer.setContentEncryptionAlgorithm("A128CBC-HS256");
+
+ // Key was generated with: `openssl genrsa 1024 | openssl rsa -text`
+ var rsa_key = {
+ "e": 65537,
+ "n": "00:bf:53:bf:5b:19:bc:80:5c:88:15:d8:a5:f7:70:cf:c7:0c:aa:f5:b4:07:b8:d1:7b:3a:34:fc:b3:d8:25:46:86:58:5a:d5:69:49:8d:83:23:cd:e2:87:cd:4a:6d:39:a6:8a:dd:dd:c2:e4:d0:ce:7b:a3:d8:28:f8:f0:af:eb:87:2f:f5:c5:bc:5b:c2:08:ec:67:8a:96:57:bb:b6:6b:b5:a2:7d:ab:ff:67:13:09:1b:32:ba:89:c2:27:fd:1b:00:8b:1b:a0:44:3f:a5:4c:39:75:cd:dd:be:75:e6:c7:a5:4f:27:e3:e8:91:0b:1f:38:b7:f5:f7:03:88:f5:1e:b5",
+ "d": "0d:f4:61:c4:97:3f:f4:6c:cb:50:2c:99:0e:4f:20:18:78:88:0f:9b:ad:e4:81:02:e7:df:ed:7e:80:89:57:77:7d:02:43:06:86:e2:d7:69:c9:1e:78:a1:34:88:7a:e7:f6:c0:ef:e7:c3:20:a7:ae:c4:e8:83:34:84:f9:8f:c8:10:22:b5:19:ad:07:de:18:5d:d2:ff:27:c2:a7:42:1b:9a:6b:64:43:75:6e:e7:6d:5e:3a:77:fd:2a:65:18:a5:e9:46:79:ea:50:60:a9:27:21:7b:da:71:9b:00:0d:07:63:0f:e4:a7:f7:d7:3c:32:19:b2:73:a5:2b:24:8d:01",
+ "p": "00:de:16:f5:44:0a:bf:b5:4c:00:ce:1b:fe:e9:33:6b:47:66:0e:f9:a8:b1:44:ee:54:3f:1c:51:0d:36:fb:40:3a:53:61:46:3b:63:ee:6b:95:54:1d:b2:49:30:47:92:fd:b7:69:87:a5:f0:91:ab:16:ed:1d:0a:c3:ee:27:3c:71",
+ "q": "00:dc:8a:57:d7:1a:ba:2d:e9:07:39:bf:64:ef:b2:f2:91:20:6c:32:4b:0d:15:2e:78:ab:a5:99:c5:4f:25:40:cc:8a:9c:d4:f5:3d:ab:a7:e1:e6:d4:97:90:66:bc:fb:45:af:c6:84:1d:1c:56:f6:18:7a:b2:81:27:e3:fa:38:85",
+ "dp": "00:9b:4b:2e:61:4f:aa:d1:98:bd:8f:61:a0:13:6c:b2:fd:0f:ee:34:c0:b2:83:e2:aa:e2:1e:68:c6:76:c5:a5:19:a3:a8:07:36:0c:20:70:f5:d0:05:9b:de:f5:75:76:e1:16:59:22:52:f4:2e:c7:95:96:63:92:5d:82:af:c8:e1",
+ "dq": "74:1d:fb:05:ec:b2:9e:3d:95:6a:58:55:82:c7:4b:64:12:18:25:9a:d2:76:96:93:3e:7c:e0:ab:bc:72:36:dd:fb:15:7c:22:eb:a7:97:ab:1f:68:4b:ac:e2:0b:1a:99:a4:64:f7:66:84:67:5d:07:a2:82:9d:f2:2c:dc:b0:29",
+ "qi": "0c:c8:32:20:2e:df:d7:85:0f:e6:50:ec:ba:1b:6f:60:dd:18:79:3f:d4:ac:d8:6c:bf:05:d7:68:11:3f:2e:1b:26:d5:63:9d:c7:02:0f:e0:c2:70:49:c9:d1:7b:68:66:da:17:36:f5:f2:6b:4e:06:bd:db:29:04:c6:34:7a:e0"
+ };
- var shared_key = {"kty":"oct", "k":"GawgguFyGrWKav7AX4VKUg"};
- shared_key = crypto.subtle.importKey("jwk", shared_key, cryptographer.key_encryption.id, true, ["wrapKey", "unwrapKey"]);
+ var public_rsa_key = Jose.Utils.importRsaPublicKey(rsa_key, "RSA-OAEP");
+ var plain_text = "Look deep into nature, and then you will understand everything better. --Albert Einstein";
+ var encrypter = new JoseJWE.Encrypter(cryptographer, public_rsa_key);
+ var cipher_text_promise = encrypter.encrypt(plain_text);
- var plain_text = "All generalizations are false, including this one. --Mark Twain";
- var encrypter = new JoseJWE.Encrypter(cryptographer, shared_key);
- var cipher_text_promise = encrypter.encrypt(plain_text);
+ var private_rsa_key = Jose.Utils.importRsaPrivateKey(rsa_key, "RSA-OAEP");
+ var decrypted_plain_text_promise = cipher_text_promise.then(function(cipher_text){
+ var decrypter = new JoseJWE.Decrypter(cryptographer, private_rsa_key);
+ return decrypter.decrypt(cipher_text);
+ });
+ assert.willEqual(decrypted_plain_text_promise, plain_text, "got expected decrypted plain text");
+ });
+
+ test("extra headers", function(assert) {
+ var cryptographer = new Jose.WebCryptographer();
+ cryptographer.setKeyEncryptionAlgorithm("A128KW");
+ var shared_key = {"kty":"oct", "k":"GawgguFyGrWKav7AX4VKUg"};
+ shared_key = crypto.subtle.importKey("jwk", shared_key, cryptographer.key_encryption.id, true, ["wrapKey", "unwrapKey"]);
+ var plain_text = "I only went out for a walk and finally concluded to stay out till sundown, for going out, I found, was really going in. --John Muir";
+
+ var encrypter = new JoseJWE.Encrypter(cryptographer, shared_key);
+ encrypter.addHeader("cty", "text/plain");
+ var cipher_text_promise = encrypter.encrypt(plain_text);
- var decrypted_plain_text_promise = cipher_text_promise.then(function(cipher_text){
var decrypter = new JoseJWE.Decrypter(cryptographer, shared_key);
- return decrypter.decrypt(cipher_text)
+ var decrypted_plain_text_promise = cipher_text_promise.then(function(cipher_text){
+ return decrypter.decrypt(cipher_text);
+ });
+ assert.willEqual(decrypted_plain_text_promise.then(function(_){return decrypter.getHeaders()['cty']}), "text/plain", "got expected header");
});
- assert.willEqual(decrypted_plain_text_promise, plain_text, "got expected decrypted plain text");
- });
-
- test("setting invalid algorithm", function(assert) {
- var cryptographer = new Jose.WebCryptographer();
- assert.throws(function(){cryptographer.setKeyEncryptionAlgorithm("blah")}, "got exception when setting invalid algorithm");
- });
-
- test("importing public key", function(assert) {
- var rsa_key = {
- "e": 65537
- };
- assert.throws(function(){Jose.Utils.importRsaPublicKey(rsa_key, "RSA-OAEP")}, "got exception when importing invalid key");
-
- rsa_key = {
- "alg": "foo",
- "e": 65537,
- "n": "bf:53:bf:5b:19:bc:80"
- };
- assert.throws(function(){Jose.Utils.importRsaPublicKey(rsa_key, "RSA-OAEP")}, "got exception when importing invalid key");
-
- rsa_key = {
- "e": 65537,
- "n": []
- };
- assert.throws(function(){Jose.Utils.importRsaPublicKey(rsa_key, "RSA-OAEP")}, "got exception when importing invalid key");
- });
-
- test("various decryption failures", function(assert) {
- var cryptographer = new Jose.WebCryptographer();
- cryptographer.setKeyEncryptionAlgorithm("A128KW");
-
- var shared_key = {"kty":"oct", "k":"GawgguFyGrWKav7AX4VKUg"};
- shared_key = crypto.subtle.importKey("jwk", shared_key, {name: "AES-KW"}, true, ["wrapKey", "unwrapKey"]);
-
- var plain_text = "A yawn is a silent scream for coffee. --unknown";
- var encrypter = new JoseJWE.Encrypter(cryptographer, shared_key);
- var cipher_text_promise = encrypter.encrypt(plain_text);
-
- var decrypter = new JoseJWE.Decrypter(cryptographer, shared_key);
- var decrypt_truncated_input_promise = cipher_text_promise.then(function(cipher_text){
- cipher_text = cipher_text.split('.').slice(1).join('.');
- return decrypter.decrypt(cipher_text);
+
+ test("RSA-OAEP-256 with A256CBC-HS512", function(assert) {
+ var cryptographer = new Jose.WebCryptographer();
+ cryptographer.setKeyEncryptionAlgorithm("RSA-OAEP-256");
+ cryptographer.setContentEncryptionAlgorithm("A256CBC-HS512");
+ var key_promise = crypto.subtle.generateKey({
+ name: "RSA-OAEP",
+ hash: {name: "SHA-256"},
+ modulusLength: 2048,
+ publicExponent: new Uint8Array([0x01, 0x00, 0x01])}, false, ["wrapKey", "unwrapKey"]);
+ var plain_text = "Always remember that you are absolutely unique. Just like everyone else. --Margaret Mead";
+
+ var decrypted_plain_text_promise = key_promise.then(function(key) {
+ var encrypter = new JoseJWE.Encrypter(cryptographer, Promise.resolve(key.publicKey));
+ return encrypter.encrypt(plain_text).then(function(cipher_text) {
+ var decrypter = new JoseJWE.Decrypter(cryptographer, Promise.resolve(key.privateKey));
+ return decrypter.decrypt(cipher_text);
+ });
+ });
+ assert.willEqual(decrypted_plain_text_promise, plain_text, "got expected decrypted plain text");
});
- assert.wontEqual(decrypt_truncated_input_promise, "Error: decrypt: invalid input", "truncated input did not cause failure");
- var decrypt_missing_alg_promise = cipher_text_promise.then(function(cipher_text){
- cipher_text = cipher_text.split('.');
- cipher_text[0] = 'eyJlbmMiOiJBMjU2R0NNIn0=';
- return decrypter.decrypt(cipher_text.join('.'));
+ test("A256KW with A128GCM", function(assert) {
+ var cryptographer = new Jose.WebCryptographer();
+ cryptographer.setKeyEncryptionAlgorithm("A256KW");
+ cryptographer.setContentEncryptionAlgorithm("A128GCM");
+
+ var shared_key = {"kty":"oct", "k":"GawgguFyGrWKav7AX4VKUg"};
+ shared_key = crypto.subtle.importKey("jwk", shared_key, cryptographer.key_encryption.id, true, ["wrapKey", "unwrapKey"]);
+
+ var plain_text = "All generalizations are false, including this one. --Mark Twain";
+ var encrypter = new JoseJWE.Encrypter(cryptographer, shared_key);
+ var cipher_text_promise = encrypter.encrypt(plain_text);
+
+ var decrypted_plain_text_promise = cipher_text_promise.then(function(cipher_text){
+ var decrypter = new JoseJWE.Decrypter(cryptographer, shared_key);
+ return decrypter.decrypt(cipher_text)
+ });
+ assert.willEqual(decrypted_plain_text_promise, plain_text, "got expected decrypted plain text");
});
- assert.wontEqual(decrypt_missing_alg_promise, "Error: decrypt: missing alg", "missing alg in header did not cause failure");
- var decrypt_missing_enc_promise = cipher_text_promise.then(function(cipher_text){
- cipher_text = cipher_text.split('.');
- cipher_text[0] = 'eyJhbGciOiJBMTI4S1cifQ==';
- return decrypter.decrypt(cipher_text.join('.'));
+ test("setting invalid algorithm", function(assert) {
+ var cryptographer = new Jose.WebCryptographer();
+ assert.throws(function(){cryptographer.setKeyEncryptionAlgorithm("blah")}, "got exception when setting invalid algorithm");
});
- assert.wontEqual(decrypt_missing_enc_promise, "Error: decrypt: missing enc", "missing enc in header did not cause failure");
- var decrypt_crit_header_promise = cipher_text_promise.then(function(cipher_text){
- cipher_text = cipher_text.split('.');
- cipher_text[0] = 'eyJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiQTEyOEtXIiwiY3JpdCI6ImJsYWgifQ==';
- return decrypter.decrypt(cipher_text.join('.'));
+ test("importing public key", function(assert) {
+ var rsa_key = {
+ "e": 65537
+ };
+ assert.throws(function(){Jose.Utils.importRsaPublicKey(rsa_key, "RSA-OAEP")}, "got exception when importing invalid key");
+
+ rsa_key = {
+ "alg": "foo",
+ "e": 65537,
+ "n": "bf:53:bf:5b:19:bc:80"
+ };
+ assert.throws(function(){Jose.Utils.importRsaPublicKey(rsa_key, "RSA-OAEP")}, "got exception when importing invalid key");
+
+ rsa_key = {
+ "e": 65537,
+ "n": []
+ };
+ assert.throws(function(){Jose.Utils.importRsaPublicKey(rsa_key, "RSA-OAEP")}, "got exception when importing invalid key");
+ });
+
+ test("various decryption failures", function(assert) {
+ var cryptographer = new Jose.WebCryptographer();
+ cryptographer.setKeyEncryptionAlgorithm("A128KW");
+
+ var shared_key = {"kty":"oct", "k":"GawgguFyGrWKav7AX4VKUg"};
+ shared_key = crypto.subtle.importKey("jwk", shared_key, {name: "AES-KW"}, true, ["wrapKey", "unwrapKey"]);
+
+ var plain_text = "A yawn is a silent scream for coffee. --unknown";
+ var encrypter = new JoseJWE.Encrypter(cryptographer, shared_key);
+ var cipher_text_promise = encrypter.encrypt(plain_text);
+
+ var decrypter = new JoseJWE.Decrypter(cryptographer, shared_key);
+ var decrypt_truncated_input_promise = cipher_text_promise.then(function(cipher_text){
+ cipher_text = cipher_text.split('.').slice(1).join('.');
+ return decrypter.decrypt(cipher_text);
+ });
+ assert.wontEqual(decrypt_truncated_input_promise, "Error: decrypt: invalid input", "truncated input did not cause failure");
+
+ var decrypt_missing_alg_promise = cipher_text_promise.then(function(cipher_text){
+ cipher_text = cipher_text.split('.');
+ cipher_text[0] = 'eyJlbmMiOiJBMjU2R0NNIn0=';
+ return decrypter.decrypt(cipher_text.join('.'));
+ });
+ assert.wontEqual(decrypt_missing_alg_promise, "Error: decrypt: missing alg", "missing alg in header did not cause failure");
+
+ var decrypt_missing_enc_promise = cipher_text_promise.then(function(cipher_text){
+ cipher_text = cipher_text.split('.');
+ cipher_text[0] = 'eyJhbGciOiJBMTI4S1cifQ==';
+ return decrypter.decrypt(cipher_text.join('.'));
+ });
+ assert.wontEqual(decrypt_missing_enc_promise, "Error: decrypt: missing enc", "missing enc in header did not cause failure");
+
+ var decrypt_crit_header_promise = cipher_text_promise.then(function(cipher_text){
+ cipher_text = cipher_text.split('.');
+ cipher_text[0] = 'eyJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiQTEyOEtXIiwiY3JpdCI6ImJsYWgifQ==';
+ return decrypter.decrypt(cipher_text.join('.'));
+ });
+ assert.wontEqual(decrypt_crit_header_promise, "Error: decrypt: crit is not supported", "crit in header did not cause failure");
+
+ var decrypt_invalid_iv_promise = cipher_text_promise.then(function(cipher_text){
+ cipher_text = cipher_text.split('.');
+ cipher_text[2] = 'w4kHDJEum_fHW-U';
+ return decrypter.decrypt(cipher_text.join('.'));
+ });
+ assert.wontEqual(decrypt_invalid_iv_promise, "Error: decryptCiphertext: invalid IV", "invalid IV did not cause failure");
+
+ var cryptographer2 = new Jose.WebCryptographer();
+ cryptographer2.setKeyEncryptionAlgorithm("A128KW");
+ cryptographer2.createIV = function() { return new Uint8Array(new Array(11)); };
+ var encrypter2 = new JoseJWE.Encrypter(cryptographer2, shared_key);
+ assert.wontEqual(encrypter2.encrypt(plain_text), "Error: invalid IV length", "fails to encrypt when we don't have the right IV length");
});
- assert.wontEqual(decrypt_crit_header_promise, "Error: decrypt: crit is not supported", "crit in header did not cause failure");
- var decrypt_invalid_iv_promise = cipher_text_promise.then(function(cipher_text){
- cipher_text = cipher_text.split('.');
- cipher_text[2] = 'w4kHDJEum_fHW-U';
- return decrypter.decrypt(cipher_text.join('.'));
+ test("caniuse", function(assert) {
+ assert.equal(Jose.caniuse(), true);
});
- assert.wontEqual(decrypt_invalid_iv_promise, "Error: decryptCiphertext: invalid IV", "invalid IV did not cause failure");
-
- var cryptographer2 = new Jose.WebCryptographer();
- cryptographer2.setKeyEncryptionAlgorithm("A128KW");
- cryptographer2.createIV = function() { return new Uint8Array(new Array(11)); };
- var encrypter2 = new JoseJWE.Encrypter(cryptographer2, shared_key);
- assert.wontEqual(encrypter2.encrypt(plain_text), "Error: invalid IV length", "fails to encrypt when we don't have the right IV length");
- });
-
- test("caniuse", function(assert) {
- assert.equal(Jose.caniuse(), true);
- });
- </script>
-</head>
-<body>
-<div id="qunit"></div>
-</body>
+ </script>
+ </head>
+ <body>
+ <div id="qunit"></div>
+ </body>
</html>
\ No newline at end of file
diff --git a/test/jose-jws-test.html b/test/jose-jws-test.html
index 6c48cae..a9bf254 100644
--- a/test/jose-jws-test.html
+++ b/test/jose-jws-test.html
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<html lang="en">
-<head>
+ <head>
<meta charset="UTF-8">
<title>Jose JWS Test</title>
- <script src="qunit-promises.js"></script>
<script src="../dist/jose-testing.js"></script>
<script>
- var rsa_key = {
+ test("signature using RSASSA-PKCS1-v1_5 with SHA-256 (keys from appendix-A.2.1)", function (assert) {
+ var rsa_key = {
"n": "A1:F8:16:0A:E2:E3:C9:B4:65:CE:8D:2D:65:62:63:36:2B:92:7D:BE:29:E1:F0:24:77:FC:16:25:CC:90:A1:36:E3:8B:D9:34:97:C5:B6:EA:63:DD:77:11:E6:7C:74:29:F9:56:B0:FB:8A:8F:08:9A:DC:4B:69:89:3C:C1:33:3F:53:ED:D0:19:B8:77:84:25:2F:EC:91:4F:E4:85:77:69:59:4B:EA:42:80:D3:2C:0F:55:BF:62:94:4F:13:03:96:BC:6E:9B:DF:6E:BD:D2:BD:A3:67:8E:EC:A0:C6:68:F7:01:B3:8D:BF:FB:38:C8:34:2C:E2:FE:6D:27:FA:DE:4A:5A:48:74:97:9D:D4:B9:CF:9A:DE:C4:C7:5B:05:85:2C:2C:0F:5E:F8:A5:C1:75:03:92:F9:44:E8:ED:64:C1:10:C6:B6:47:60:9A:A4:78:3A:EB:9C:6C:9A:D7:55:31:30:50:63:8B:83:66:5C:6F:6F:7A:82:A3:96:70:2A:1F:64:1B:82:D3:EB:F2:39:22:19:49:1F:B6:86:87:2C:57:16:F5:0A:F8:35:8D:9A:8B:9D:17:C3:40:72:8F:7F:87:D8:9A:18:D8:FC:AB:67:AD:84:59:0C:2E:CF:75:93:39:36:3C:07:03:4D:6F:60:6F:9E:21:E0:54:56:CA:E5:E9:A1",
"e": 65537,
"d": "12:AE:71:A4:69:CD:0A:2B:C3:7E:52:6C:45:00:57:1F:1D:61:75:1D:64:E9:49:70:7B:62:59:0F:9D:0B:A5:7C:96:3C:40:1E:3F:CF:2F:2C:D3:BD:EC:88:E5:03:BF:C6:43:9B:0B:28:C8:2F:7D:37:97:67:1F:52:13:EE:D8:C1:5A:25:D8:D5:CE:A0:02:5E:E3:AB:2E:8B:7F:79:21:6F:C6:3B:EA:56:27:53:B4:06:44:C6:A1:51:27:D9:B2:95:45:40:A0:BB:E1:A3:05:56:98:2D:4E:9F:DE:5F:64:25:F1:4D:4B:71:34:41:B5:5D:C7:3B:9B:4A:ED:CC:92:AC:E3:92:7E:37:F5:7D:0C:FD:5E:75:81:FA:51:2C:8F:49:61:A9:EB:0B:80:F8:A8:07:46:72:8A:55:FF:46:47:1F:34:25:06:3B:9D:53:64:2F:5E:DE:1E:84:D6:13:08:1A:FA:5C:22:D0:51:28:5B:D6:3B:94:3B:56:5D:89:8A:05:68:54:13:E5:3C:3C:6C:65:25:FF:1F:E3:4E:3D:DC:70:F0:D5:64:50:FD:A4:8B:A1:2E:10:4E:9D:EB:9F:B8:18:81:E1:C4:BD:F2:5D:92:47:F4:50:C8:65:92:79:68:E7:73:34:F4:41:4F:75:A7:50:E1:39:54:6E:3A:8A:73:9D",
@@ -16,46 +16,17 @@
"dp": "07:02:9F:57:70:24:AB:9F:CC:15:90:C5:64:29:D6:FB:0C:E5:F8:20:A8:F3:75:A8:66:F9:CB:43:00:93:78:3B:FC:BB:39:6E:45:29:E6:EF:52:37:40:22:DD:86:BA:84:D9:EF:58:93:1B:EE:C5:D0:5F:A5:3F:CF:23:B6:33:F8:53:8A:9E:ED:51:E8:7B:09:78:30:A3:9F:5D:92:93:7B:E6:02:4B:55:DB:36:F7:E0:C0:9D:CB:B7:29:75:38:7F:61:5A:FB:B6:CB:36:BB:AB:E7:79:3C:2B:03:CE:AB:66:DB:B9:31:BA:F5:0B:55:EC:9A:F9:31:1D:00:1D:62:8D",
"dq": "87:FF:7A:FA:62:B5:47:FE:E0:96:1B:2E:9B:CD:5D:67:18:D3:9D:8C:A7:3D:B6:69:1F:38:99:8D:E7:87:71:76:2C:5D:A6:8C:C2:43:A5:38:3B:16:6B:B2:3D:C5:70:E8:47:06:CA:80:1E:F5:F6:BA:E6:23:6A:0A:AF:A3:77:0E:8F:54:D1:A8:DA:1C:5F:8D:28:99:F0:82:33:1D:DB:0F:5C:8F:3D:FF:FA:4C:8D:97:10:2B:DA:FE:08:2A:11:8D:A6:63:39:88:88:0E:4B:55:59:9C:E6:7A:F2:6E:BF:A5:B2:C1:4A:9D:E7:B2:C4:DD:96:AB:DD:D2:D2:22:4C:75",
"qi": "21:87:7B:0C:73:A1:AD:6B:F1:93:03:D0:B1:13:36:B4:E8:2B:8D:B7:2B:7E:FB:50:26:2A:5D:F8:39:5C:C7:25:6E:B8:CF:6C:40:B7:60:8D:59:36:A3:2D:BA:17:41:26:A5:27:06:2E:AD:8C:A3:05:FB:7E:17:7F:40:94:37:C9:DC:B9:71:8E:D8:20:18:BC:EF:0F:77:20:A2:C4:75:F9:DB:26:DA:0E:3C:B5:16:D0:84:EB:25:17:8E:82:8D:5C:AB:D4:9B:B3:16:1A:C0:18:1F:A7:F8:21:E8:0E:7A:D3:79:36:F9:94:30:54:AD:09:29:21:EE:2C:59:2E:43:75"
- };
- /*
- rsa_key = {
- // n = modulus
- "n": "00:c2:4b:af:0f:2d:2b:ad:36:72:a7:91:0f:ee:30:a0:95:d5:3a:46:82:86:96:7e:42:c6:fe:8f:20:97:af:49:f6:48:a3:91:53:ac:2e:e6:ec:9a:9a:e0:0a:fb:1c:db:44:40:5b:8c:fc:d5:1c:cb:b6:9b:60:c0:a8:ac:06:f1:6b:29:5e:2f:7b:09:d9:93:32:da:3f:db:53:9c:2e:ea:3b:41:7f:6b:c9:7b:88:9f:2e:c5:dd:42:1e:7f:8f:04:f6:60:3c:fe:43:6d:32:10:ce:8d:99:cb:76:f7:10:97:05:af:28:1e:39:0f:78:35:50:7b:8e:28:22:a4:7d:11:51:22:d1:0e:ab:6b:6f:96:cb:cf:7d:eb:c6:aa:a2:6a:2e:97:2a:93:af:a5:89:e6:c8:bc:9f:fd:85:2b:0f:b4:c0:e4:ca:b5:a7:9a:01:05:81:93:6b:f5:8d:1c:f7:f3:77:0e:6e:53:34:92:0f:48:21:34:33:44:14:5e:4a:00:41:3a:7d:cb:38:82:c1:65:e0:79:ea:a1:05:84:b2:6e:40:19:77:1a:0e:38:4b:28:1f:34:b5:cb:ac:c5:2f:58:51:d7:ec:a8:08:0e:7c:c0:20:c1:5e:a1:4d:b1:30:17:63:0e:e7:58:8e:7f:6e:9f:a4:77:8b:1e:a2:d2:2e:1b:e9",
-
- // e = publicExponent
- "e": 65537,
-
- // d = privateExponent
- "d": "37:b6:4b:f4:26:17:a8:0b:3c:c5:1f:ab:59:b9:47:d2:ae:d9:8e:ee:4e:79:48:ab:0d:34:61:06:0f:78:8b:d4:ba:ef:6b:f4:7a:22:d8:c4:6f:70:89:5d:9c:b3:a1:8b:e8:88:57:dd:07:9e:c2:2b:12:52:a3:eb:b9:a8:24:01:7e:53:2b:7a:34:50:d7:0c:75:d8:69:a3:87:dd:4b:fc:c1:c3:2f:bd:0e:57:16:8d:ea:de:8e:de:ff:e4:9a:9f:aa:e8:d2:5f:b3:27:ef:f9:ca:50:97:2e:fd:99:1c:34:dd:0c:bb:dd:d0:b9:bf:4f:dc:9d:de:94:50:66:2c:58:7e:c2:31:8b:41:56:49:6a:e6:11:14:53:a1:45:0d:15:8b:26:79:0f:c9:dc:ac:dc:c7:bc:55:2c:96:ed:a7:29:09:04:ee:00:74:60:e1:bc:97:7b:0a:b6:f2:83:82:79:65:e0:aa:88:9f:90:b0:0d:76:4d:3c:08:7e:a5:05:19:d4:8b:54:d3:f1:c1:a3:e3:a5:1e:aa:d6:c4:94:ad:6c:b3:8f:85:06:8a:6f:52:f8:a3:c3:e0:8d:67:35:2f:d4:18:fc:70:f4:71:bf:18:88:d6:a7:b7:04:8e:d3:06:ca:83:c3:2d:21:98:65:c9:41:2c:77:bf:4c:7c:8c:2c:01",
-
- // p = prime1
- "p": "00:fa:d6:06:46:5c:04:70:e6:ec:47:02:96:02:a5:e2:41:9d:bd:7b:97:28:a4:c5:3b:b5:9b:0a:6b:7d:b6:44:8a:28:1e:d1:ef:cb:44:ef:eb:4d:08:74:80:f5:cf:3b:b7:40:10:60:c9:18:1e:a5:76:4b:41:37:06:b2:71:03:60:25:77:db:d0:b2:21:dc:b0:32:90:a2:10:9a:d5:e6:e3:11:42:a1:9a:7a:26:3c:d3:12:56:db:25:07:69:be:ae:2c:b9:33:6c:29:e3:65:b9:5b:05:84:05:e6:da:c4:f4:3f:ab:84:60:6e:f0:5f:ba:a8:98:8f:72:2c:c8:40:d1",
-
- // q = prime2
- "q": "00:c6:4b:ac:fe:40:1c:dc:6c:78:07:cc:3e:db:4e:d5:d0:17:3b:8f:04:f0:ae:c4:22:0d:8b:0a:4d:0f:9e:fe:c7:e6:38:b5:53:ba:a9:e8:f0:47:28:14:25:95:6a:79:ab:db:86:97:82:c5:1e:bd:80:a5:aa:a2:b7:a5:c7:48:17:c4:d9:c7:4f:50:2a:69:67:15:4c:0b:f5:e6:fb:20:23:5d:ea:ae:6c:c6:74:ba:cc:f8:06:2b:41:1f:b6:3f:2a:93:fa:f9:e1:ee:93:c3:92:ad:49:c7:8f:db:72:ff:6b:f0:f0:d6:2f:83:ce:1c:82:16:89:57:01:9f:49:2f:99",
+ };
+ var cryptographer = new Jose.WebCryptographer(),
+ signer = new JoseJWS.Signer(cryptographer),
+ plain_text = "The true sign of intelligence is not knowledge but imagination.",
+ sign_text_promise;
+ cryptographer.setContentSignAlgorithm("RS256");
+ var ads_promise = signer.addSigner(rsa_key);
- // dp = exponent1
- "dp": "57:d4:c1:75:b9:9a:c4:7d:d7:96:35:cd:99:37:c4:b5:fd:29:f0:30:c9:c6:88:59:94:09:a9:e8:61:a8:84:ef:6b:84:ff:35:dc:13:53:7f:2d:06:1c:e5:5b:2d:29:57:cd:52:ee:d0:fb:65:1f:c3:00:2e:e1:b9:b2:99:e7:f8:ae:a5:fd:8e:62:11:81:59:21:1b:8b:e4:0c:93:81:b9:58:bd:e0:20:5b:4d:30:57:28:40:c9:93:79:b9:09:4f:ab:d1:5d:b4:2e:26:b5:e3:e5:7f:54:ef:4c:1a:a6:84:70:16:fa:cf:59:89:49:bb:ee:75:1d:25:79:90:d5:41",
-
- // dq = exponent2
- "dq": "00:ab:eb:a8:8c:b7:21:4e:aa:6c:56:b6:6a:38:d1:dc:e6:91:7d:fd:bd:96:be:af:25:a7:00:49:6a:0e:85:16:f8:51:4e:11:48:0a:aa:8d:5e:e5:12:86:85:1f:4a:35:3b:1f:15:4d:fe:fe:d0:6c:14:41:8d:f3:8d:ad:99:5d:93:de:03:c2:9d:ad:2f:58:3b:1b:67:d7:66:d7:60:1a:b9:0f:10:0d:32:19:cd:d2:b7:2a:c2:8e:75:e3:fc:aa:3f:4c:15:68:d8:cd:74:27:37:e0:2d:fb:6b:6a:24:05:f7:9b:e9:f2:89:37:89:57:86:21:eb:e9:17:6a:f6:94:e1",
-
- // qi = coefficient
- "qi": "0a:ed:5f:30:67:d5:e5:6e:4a:7a:35:49:fe:16:2f:1e:91:2b:39:c3:01:d3:d4:c0:4d:b3:fc:08:b0:66:e9:44:10:9e:5b:5a:ea:83:a5:9c:95:7a:58:70:35:28:e5:4d:ba:19:de:0d:66:f9:db:5c:f6:5b:24:27:9d:0b:2d:44:40:eb:33:3a:19:e2:1d:c0:b0:16:99:d1:c1:52:84:02:d6:67:06:32:f8:4d:cb:42:9f:7c:8a:e0:ad:df:40:6f:e4:8c:f6:f6:9e:1d:bd:43:e3:38:91:a2:d0:9e:60:ff:9d:8c:fb:72:5b:df:95:30:17:d2:f2:cb:7d:92:56:0a"
- };
-
- */
- var cryptographer = new Jose.WebCryptographer(),
- signer = new JoseJWS.Signer(cryptographer),
- plain_text = "The true sign of intelligence is not knowledge but imagination.",
- sign_text_promise;
- cryptographer.setContentSignAlgorithm("RS256");
- var ads_promise = signer.addSigner(rsa_key);
-
- test("signature using RSASSA-PKCS1-v1_5 with SHA-256 (keys from appendix-A.2.1)", function (assert) {
assert.willEqual(ads_promise.then(function () {
return signer.sign(plain_text, null, {}).then(function (signature) {
- var b64uxp = /^[a-z0-9_\-]+$/i;
+ var b64uxp = /^[a-z0-9_-]+$/i;
return b64uxp.test(signature.payload) &&
b64uxp.test(signature.signature) &&
b64uxp.test(signature.signature);
@@ -64,14 +35,14 @@
assert.willEqual(ads_promise.then(function () {
return signer.sign(plain_text, null, {}).then(function (signature) {
- var xp = /([a-z0-9\-_]+\.){2}[a-z0-9\-_]+/i;
+ var xp = /([a-z0-9_-]+\.){2}[a-z0-9_-]+/i;
return xp.test(signature.CompactSerialize());
});
}), true, "got correct compact serialization format");
assert.willEqual(ads_promise.then(function () {
return signer.sign(plain_text, null, {}).then(function (signature) {
-var verifier = new JoseJWS.Verifier(cryptographer, signature);
+ var verifier = new JoseJWS.Verifier(cryptographer, signature);
return verifier.addRecipient(rsa_key).then(function() {
return verifier.verify().then(function(result) {
return result.filter(function(value) {
@@ -85,8 +56,8 @@ var verifier = new JoseJWS.Verifier(cryptographer, signature);
});
</script>
-</head>
-<body>
-<div id="qunit"></div>
-</body>
+ </head>
+ <body>
+ <div id="qunit"></div>
+ </body>
</html>
\ No newline at end of file
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment