解密JWE时出错

Question

对JWE解密有点陌生。我有一个服务器，它执行JWE并根据服务器和客户端之间共享的密钥将其发送到客户端。

我正在使用一个Jose4j来解密并得到这个错误。

java.lang.NullPointerException:未设置JWE的明文有效载荷.

我正在使用示例代码，如本链接所示，接收方部分

c/jose4j/wiki/JWE%20Examples

我对服务器没有任何洞察力，只是在编写客户机。我很困惑，如果paylaod本身没有来，或者这个框架是愚蠢的，试图解密。

任何用于调试该问题的指针都将受到赞赏。

你好，阿拉文德

Answer 1

只有在没有有效负载集的情况下，才会从getCompactSerialization()方法抛出该异常& getCompactSerialization()是发送/加密端创建JWE的最后一步。如果你在解密，你不应该这么说。也许你在某个地方有个意外电话？否则，您使用的代码以及示例原始JWE值可能会帮助麻烦(和键，如果它只是一个测试，并且您可以共享它们)。

Answer 2

在获得纯文本有效负载之前，JWE需要两个级别的解密。

所以首先由JWE到JWS。验证签名后，从JWS到JWT。下面的代码可以做到这一点。

  // That other party, the receiver, can then use JsonWebEncryption to decrypt the message.
        JsonWebEncryption receiverJwe = new JsonWebEncryption();

        // Set the compact serialization on new Json Web Encryption object
        //This is the received payload JWE payload 
        receiverJwe.setCompactSerialization(result.toString());


        // Symmetric encryption, like we are doing here, requires that both parties have the same key.
        // The key will have had to have been securely exchanged out-of-band somehow.
        receiverJwe.setKey(secretKeySpec);

        // Set the "alg" header, which indicates the key management mode for this JWE.
        // In this example we are using the direct key management mode, which means
        // the given key will be used directly as the content encryption key.
        //receiverJwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.DIRECT);

        //receiverJwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256);

        // Get the message that was encrypted in the JWE. This step performs the actual decryption steps.
        String jwsPayload = receiverJwe.getPlaintextString();

        // And do whatever you need to do with the clear text message.
        System.out.println("plaintext: " + jwsPayload);

        // Create a new JsonWebSignature object
        JsonWebSignature jws = new JsonWebSignature();

        jws.setCompactSerialization(jwsPayload);

        jws.setKey(secretKeySpec);

        boolean signatureVerified = jws.verifySignature();

        // Do something useful with the result of signature verification
        System.out.println("JWS Signature is valid: " + signatureVerified);

        // Get the payload, or signed content, from the JWS
        String payload = jws.getPayload();

        // Do something useful with the content
        System.out.println("JWS payload: " + payload);