tippexs · March 4, 2021 10:03
diff --git a/auth_jwe_demo.pl b/auth_jwe_demo.pl
 #!/usr/bin/perl
 
 use Crypt::JWT;
 use Crypt::Misc;
 use Data::Dumper;

 $Data::Dumper::Terse = 1;

 # specify the key to encrypt payload and produce tag - it should match enc algorithm used
 # In our case for a A128CBC-HS256 key we need 256bit base64u encoded key-string.
 # hmac SHA256 = HS256
 # Create a 256bit / 32byte symetric key base64url encoded: 
 # openssl rand 32 | openssl dgst -binary -sha256 | base64 | tr '+\/' '-_' | tr -d '='

 my $a128cbc_key_b64 = '0r_2UoMrBK2mz-RWLFHBhaVr204Np0mVG0WIQQLTsl0';

 # Decode a Base64/URL-Safe string to raw bytes
 my $a128cbc_key = Crypt::Misc::decode_b64u($a128cbc_key_b64);

 # create JWK (can be put in a file to use in Nginx configuration)

 # Find out more about kty: https://www.rfc-editor.org/rfc/rfc7518.html#section-6.1
 # oct = octet sequenze (used for symetric keys. Can be used for JWE as well as for JWS)
 # RSA normaly used for JWS.

 my $jwk_kty = "oct";
 my $jwk_alg = "A128CBC-HS256";

 my $jwk = '{"keys": [{"alg":"' . $jwk_alg . '", "kty":"' . $jwk_kty . '", "k":"' . $a128cbc_key_b64 . '"}]}';

 print "JWK = " . $jwk . "\n\n";

 # generating JWE token with the key for 'a128cbc-hs256'
 # Read more about AES_128_CBC_HMAC_SHA_256 https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-5.2.3
 # key depends on alg = dir: string (raw octects) or perl HASH ref with JWK, kty=>'oct', length depends on 'enc' algorithm
 my $jwe_token = Crypt::JWT::encode_jwt(
    payload=>{
        iss=>'http://s.example.com', 
        sub=>'1234567890',
        aud=>'ABCDEFGHIJ',
        name=>'Jonh Doe'
    }, 
    relative_exp=>36000,
    key=>$a128cbc_key, 
    alg=>'dir', 
    enc=>'A128CBC-HS256');

 print "JWE = " . $jwe_token . "\n\n";

 # decrypting and decoding JWE

 my $jwe_decoded = Crypt::JWT::decode_jwt(token=>$jwe_token, key=>$a128cbc_key);
 my @parts = split /\./, $jwe_token;
 
 print "Header  = " . Crypt::Misc::decode_b64u(@parts[0]) . "\n";
 print "Key     = " . @parts[1] . "\n";
 print "IV      = " . @parts[2] . "\n";
 print "Payload = " . (Dumper $jwe_decoded);
 print "Tag     = " . @parts[4] . "\n";
diff --git a/auth_jws_demo.pl b/auth_jws_demo.pl
 #!/usr/bin/perl

 use Crypt::JWT;
 use Crypt::Misc;
 use Data::Dumper;

 # hs256 requires 
 my $hs256_key_b64 = '0r_2UoMrBK2mz-RWLFHBhaVr204Np0mVG0WIQQLTsl0';

 my $hs256_key = Crypt::Misc::decode_b64u($hs256_key_b64);


 my $jwk_kty = "oct";
 my $jwk_alg = "HS256";

 my $jwk = '{"keys": [{"alg":"' . $jwk_alg . '", "kty":"' . $jwk_kty . '", "k":"' . $hs256_key_b64 . '"}]}';

 print "JWK = " . $jwk . "\n\n";

 my $jwt_token = Crypt::JWT::encode_jwt(
    payload=>{
        iss=>'http://s.example.com', 
        sub=>'1234567890',
        aud=>'ABCDEFGHIJ',
        name=>'Jonh Doe'
    }, 
    relative_exp=>36000,
    key=>$hs256_key, 
    alg=>'HS256');

 print "JWT = " . $jwt_token . "\n\n";


 my $jwt_decoded = Crypt::JWT::decode_jwt(token=>$jwt_token, key=>$hs256_key);
 my @parts = split /\./, $jwt_token;
 
 print "Header  = " . Crypt::Misc::decode_b64u(@parts[0]) . "\n";
 print "Key     = " . @parts[1] . "\n";
 print "IV      = " . @parts[2] . "\n";
 print "Payload = " . (Dumper $jwt_decoded);
 print "Tag     = " . @parts[4] . "\n";
	#!/usr/bin/perl

	use Crypt::JWT;
	use Crypt::Misc;
	use Data::Dumper;

	$Data::Dumper::Terse = 1;

	# specify the key to encrypt payload and produce tag - it should match enc algorithm used
	# In our case for a A128CBC-HS256 key we need 256bit base64u encoded key-string.
	# hmac SHA256 = HS256
	# Create a 256bit / 32byte symetric key base64url encoded:
	# openssl rand 32 \| openssl dgst -binary -sha256 \| base64 \| tr '+\/' '-_' \| tr -d '='

	my $a128cbc_key_b64 = '0r_2UoMrBK2mz-RWLFHBhaVr204Np0mVG0WIQQLTsl0';

	# Decode a Base64/URL-Safe string to raw bytes
	my $a128cbc_key = Crypt::Misc::decode_b64u($a128cbc_key_b64);

	# create JWK (can be put in a file to use in Nginx configuration)

	# Find out more about kty: https://www.rfc-editor.org/rfc/rfc7518.html#section-6.1
	# oct = octet sequenze (used for symetric keys. Can be used for JWE as well as for JWS)
	# RSA normaly used for JWS.

	my $jwk_kty = "oct";
	my $jwk_alg = "A128CBC-HS256";

	my $jwk = '{"keys": [{"alg":"' . $jwk_alg . '", "kty":"' . $jwk_kty . '", "k":"' . $a128cbc_key_b64 . '"}]}';

	print "JWK = " . $jwk . "\n\n";

	# generating JWE token with the key for 'a128cbc-hs256'
	# Read more about AES_128_CBC_HMAC_SHA_256 https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-5.2.3
	# key depends on alg = dir: string (raw octects) or perl HASH ref with JWK, kty=>'oct', length depends on 'enc' algorithm
	my $jwe_token = Crypt::JWT::encode_jwt(
	payload=>{
	iss=>'http://s.example.com',
	sub=>'1234567890',
	aud=>'ABCDEFGHIJ',
	name=>'Jonh Doe'
	},
	relative_exp=>36000,
	key=>$a128cbc_key,
	alg=>'dir',
	enc=>'A128CBC-HS256');

	print "JWE = " . $jwe_token . "\n\n";

	# decrypting and decoding JWE

	my $jwe_decoded = Crypt::JWT::decode_jwt(token=>$jwe_token, key=>$a128cbc_key);
	my @parts = split /\./, $jwe_token;

	print "Header = " . Crypt::Misc::decode_b64u(@parts[0]) . "\n";
	print "Key = " . @parts[1] . "\n";
	print "IV = " . @parts[2] . "\n";
	print "Payload = " . (Dumper $jwe_decoded);
	print "Tag = " . @parts[4] . "\n";