John Davidson

php - Firebase/JWT encryption with public Key

0 comments
Message:


Hi i'm developing an architecture with an application authorization server(AS) and some client applications(CA) in PHP.
Users that are signing in a CA will login by SSO on AS and on success will be redirect to CA with some parameters stored in a JWT token.
I generate a pair of keys to implement asymmetric encryption, where private is secret and stored on the AS and public is shared around CAs.


I'm using Firebase/JWT library for PHP and i'm able to encode token generated by AS using JWT::encode($this->token, $privateKey, 'RS256') with AS private key.
At the same way the CA receives the token and decode it using
JWT::decode($jwt_token, $key, array('RS256'))
and all works fine...


But i want to introduce another secure step at the beginning.
I want generate a token in the CA(with the same library), containing referral CA infos (like app code, and other CA parameters to send to AS) before this were redirect to AS for login and i want to encrypt this token with public shared key of AS so that only AS can decrypt the token with its own private key.
In simple words Bob(CA) encrypt a message with Alice's(AS) public key so that only Alice can decrypt it with her own private key.


I'm trying to do that with same method
JWT::encode($this->token, $_ALICES_PUBLIC_KEY, 'RS256')


but it seems that the JWT::encode method only accept PRIVATE type keys and i'm getting the following error
PHP Warning: openssl_sign(): supplied key param cannot be coerced into a private key


Any help is appreciated. thanks


My Answer:
It seems like the JWT library you are using does not support encrypting with a public key.

One way to achieve your goal is to manually encrypt the token with the public key before encoding it with JWT. You can use the openssl_public_encrypt function in PHP to encrypt the token with the public key, and then encode the encrypted token with JWT.

Here is an example of how you can encrypt the token with the public key:

php
// Load Alice's public key
$publicKey = file_get_contents('path/to/alices/public/key.pem');

// Encrypt the token with Alice's public key
openssl_public_encrypt($this->token, $encryptedToken, $publicKey);

// Encode the encrypted token with JWT
$jwtToken = JWT::encode($encryptedToken, $privateKey, 'RS256');


On the AS side, you can decrypt the token with the private key before decoding it with JWT:

php
// Load Alice's private key
$privateKey = file_get_contents('path/to/alices/private/key.pem');

// Decrypt the token with Alice's private key
openssl_private_decrypt($encryptedToken, $decryptedToken, $privateKey);

// Decode the decrypted token with JWT
$decodedToken = JWT::decode($decryptedToken, $key, array('RS256'));


This way, only the AS with the private key can decrypt the token encrypted with the public key, ensuring secure communication between the CA and AS.

Rate this post

5 of 5 based on 8141 votes

Comments



© 2024 Hayatsk.info - Personal Blogs Platform. All Rights Reserved.
Create blog  |  Privacy Policy  |  Terms & Conditions  |  Contact Us