解密 JWE 时出错

Question

JWE 解密的新事物。我有一个执行 JWE 的服务器，并根据服务器和客户端之间共享的密钥将其发送到客户端。

我正在使用 Jose4j 进行解密并收到此错误

java.lang.NullPointerException：JWE 的明文负载尚未设置。

我正在使用此链接中显示的示例代码，接收器部分

https://bitbucket.org/b_c/jose4j/wiki/JWE%20Examples

我对服务器一无所知，只是在编写客户端。如果paylaod本身没有出现或者该框架正在尝试解密，我会感到困惑。

感谢任何调试问题的指针

问候， 阿拉文

Answer 1

只有在没有设置有效负载时，getCompactSerialization() 方法才会抛出该特定异常 - getCompactSerialization() 是发送/加密端创建 JWE 的最后一步。如果您正在解密，则不应调用它。也许你在某个地方接到了一个意外电话？否则，您使用的代码以及示例原始 JWE 值可能有助于解决问题（和密钥，如果它只是一个测试并且您可以共享它们）。

Answer 2

JWE 在获取纯文本负载之前需要 2 级解密。

首先从 JWE 到 JWS。 然后在验证签名后从 JWS 到 JWT。下面的代码会做到这一点。

  // That other party, the receiver, can then use JsonWebEncryption to decrypt the message.
        JsonWebEncryption receiverJwe = new JsonWebEncryption();

        // Set the compact serialization on new Json Web Encryption object
        //This is the received payload JWE payload 
        receiverJwe.setCompactSerialization(result.toString());


        // Symmetric encryption, like we are doing here, requires that both parties have the same key.
        // The key will have had to have been securely exchanged out-of-band somehow.
        receiverJwe.setKey(secretKeySpec);

        // Set the "alg" header, which indicates the key management mode for this JWE.
        // In this example we are using the direct key management mode, which means
        // the given key will be used directly as the content encryption key.
        //receiverJwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.DIRECT);

        //receiverJwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256);

        // Get the message that was encrypted in the JWE. This step performs the actual decryption steps.
        String jwsPayload = receiverJwe.getPlaintextString();

        // And do whatever you need to do with the clear text message.
        System.out.println("plaintext: " + jwsPayload);

        // Create a new JsonWebSignature object
        JsonWebSignature jws = new JsonWebSignature();

        jws.setCompactSerialization(jwsPayload);

        jws.setKey(secretKeySpec);

        boolean signatureVerified = jws.verifySignature();

        // Do something useful with the result of signature verification
        System.out.println("JWS Signature is valid: " + signatureVerified);

        // Get the payload, or signed content, from the JWS
        String payload = jws.getPayload();

        // Do something useful with the content
        System.out.println("JWS payload: " + payload);