JOSESwift icon indicating copy to clipboard operation
JOSESwift copied to clipboard
verified publisher icon airsidemobile

Add ECDH support for JWE Key Management

Open anthony-dedieu-ariadnext opened this issue 3 years ago • 5 comments

Add EC support for JWE Key Management

ECDH-ES - Elliptic Curve Diffie-Hellman Ephemeral Static key agreement using Concat KDF ECDH_ES_A128KW - ECDH-ES using Concat KDF and CEK wrapped with "A128KW" ECDH_ES_A192KW - ECDH-ES using Concat KDF and CEK wrapped with "A192KW" ECDH_ES_A256KW - ECDH-ES using Concat KDF and CEK wrapped with "A256KW"

This pull request is a continuation of #245 which has been closed a while ago due to inactivity.

Tests have been fixed, TODOs have been resolved.

anthony-dedieu-ariadnext avatar Jan 28 '22 15:01 anthony-dedieu-ariadnext

Thank you for your great work @MichalRucinsky and @anthony-dedieu-ariadnext! Any chance for getting this merged?

tobihagemann avatar Jul 21 '22 13:07 tobihagemann

I have been trying this branch, and I keep getting tripped up by cast(_:to:) from KeyManagementMode.swift returning nil unexpectedly. In the case I am testing, cast(_:to:) is invoked from line 80 of KeyManagementMode.swift. The expectation, then, is that encryptionKey references an instance of ECKeyEncryption.PublicKey (an alias for EC.PublicKey, which itself is an alias for ECPublicKey). In the debugger, I see this:

(lldb) po something
▿ ECPublicKey
  - keyType : JOSESwift.JWKKeyType.EC
...

(lldb) po _1
JOSESwift.ECPublicKey

(lldb) expr type(of: something)
(JOSESwift.JWK.Type) $R2 = JOSESwift.ECPublicKey

Even though things seem to align, the is operator is returning false, and I get back nil as a result. As far as I can tell, this all works correctly in the test coverage for this PR. When called from my app, however, something is amiss.

I am using Xcode 14.2 with this branch of JOSESwift added via SPM. Does anyone know what could be causing this behavior?

patrickhartling avatar Apr 24 '23 15:04 patrickhartling

Sorry to see this feature stall out - any recommendations on other libraries that would handle ECDH encrypted JWE tokens?

snydersaurus avatar Jul 03 '23 14:07 snydersaurus

Sorry to see this feature stall out - any recommendations on other libraries that would handle ECDH encrypted JWE tokens?

There is a fork of this branch which contains the changes merged: https://github.com/ariadnext/JOSESwift/tree/JWE-ECDH

Apart from this I am not aware of any other one.

@anthony-dedieu-ariadnext Is your code used already actively in production?

DarkoDamjanovic avatar Jul 04 '23 13:07 DarkoDamjanovic

@anthony-dedieu-ariadnext @tobihagemann @patrickhartling @DarkoDamjanovic

Can any one guide me for the exact steps to create Concat KDF 256-bit CEK (Using server public key and application EphemeralPrivate key used for ECDH-ES). And use that key to generate JWE encrypted string?

KunalDev avatar Mar 28 '24 08:03 KunalDev