Hi Stefan,
I'm not exactly sure what you're asking in your bolded text of your response. Please advise of any specific questions you have.
The policy samples referenced in my previous comments do use the jose module, and use for the encrypt algorithm
// - A128CBC-HS256
// - A192CBC-HS384
// - A256CBC-HS512
// - A128GCM
// - A192GCM
// - A256GCM
and the key encryption algorithm
// - RSA1_5 (Key Encryption algorithm)
// - RSA-OAEP (Key Encryption algorithm)
// - RSA-OAEP-256 (Key Encryption algorithm)
// - A128KW (Key Wrapping algorithm)
// - A192KW (Key Wrapping algorithm)
// - A256KW (Key Wrapping algorithm)
and for sign/verify, the signing algorithm
// HS256
// HS384
// HS512
// RS256
// RS384
// RS512
// ES256
// ES384
// ES512
// PS256
// PS384
// PS512
The policies are meant to be dynamic, so they specify an enumeration for these properties when the policy is added to an API assembly, those values are made available to the GatewayScript which is using them in the JOSE functions. If you're requiring algorithms not specified about, then that would need to be a request for enhancement.
Please reference the jose module documentation at https://www.ibm.com/docs/en/datapower-gateway/10.5.0?topic=apis-jose-module and use the GatewayScript code in the encrypt, decrypt, sign and verify sample policies as an example of code using that module to do what you'd need to do.
Regards,
Steve
------------------------------
Steve Linn
Senior Consulting I/T Specialist
IBM
------------------------------
Original Message:
Sent: Fri March 01, 2024 12:03 AM
From: Stefen Salvatore
Subject: Decryption using RSA/ECB/OAEPPADDING in Gatewayscript
Hi @Steve Linn,
I have gone through the repository where I found jose.parse() again in the decryption policy.
Use Case Description:
Sample Final Encrypted Payload:
T0JOYzhRK2F2bk1iUG5PL3Jhb3l2bE5nZHYzZ0dHZ2F2RU90UTk2RkRUSzIwYnMwOWNBaW9BOC9wUmNGT1ZiR0xSanhIVFFPdkN6THN3TjUyWGFnS1BGN2dZRlhSZDdpVTM0SHE4bXBwSW56SW5HSktmSWZreU9EUllFcHI0M0Z3VmZEWjhxV2FJMGhXS0JmZENJQUR0OFl0VWQxMThVaC9xTHFyV1VBT2QzUmdtU05Gb1RWMmI0TFh2VGwrWVc3VGJ2eWpwaERpVEUzbUJGdTBGT3V0Vk92bkN3YjBGWVpva0hIcVR0K2NEa2VuSjBZbFQ4WGROV1N2Vm5DeStnOSt5WnByQXBGZ0cxUnFWWlJERW5lOVkxT1huQ0hSVGlWTHQ5dyswNFNNREhOZ2E0c1FRY1N3NDVQZUtFQktUeklFYmg3TWhiYWs5anRxcUtpRithRjJrTXFGekVXREdZSFFFT3YyUkhCWklBK2ZkWWR3cGd5UjJlK0phQ2t4N2RLLzB6d1JCQXVJVVFpR1h1R1BvdnJqUFRSYUNWY243LzBwcmlwYStDMDJIOERGOWVvTTNYYmVDZFJOc0c5NmRCVFBjaGxPN1o1elh4eGdJZnI3aEUzY3djTXdQVERobE1mZHhWZGVNQ3JDaDU2Tit1REVoOTk5UnJ5WGJ0VUhtL3BOOEdqRHo0bHFLNVp2NHV0cmlZTG5GaEY1SUIrdUk2Rm56U3NpZUM2MDBweUQ0cGNXV29BNWU2V2tZT1M0clJtaDFsQUp4QzNBQ3pjRE1KeGtSb1RCUEIwSW4ybEZwRzAwL1RmdkxIN0EzN0ZCZE9lbEI2ZzhIazY1MnAxSG5PeUNqemZ1TThqN3RLMG03Q25SNzl1Nlh4M09DblJaQTRUaXF6S0hXa2NuWW89OkVwelBtOWZMcTZSN0tVQU5hc1ZiSElPQVR1S3FqYmJ2SEc2alAxOVBtcXpUNUV3M3FpZmFTQmF4dkNhbW9Vb2p6N0hNbWV1RFUrOXFGSjBrTlhJRnJFSE5xL3N2Q1VmbHphQXgweldvMHQ5Wm1EdU9GaGV0N3c2MnRZTDgwU085UnVnOEFnK21RRmpFaWdqb21YOGpLcVFiTW80UUo2cXpkTENJeVF6RmxSb2szVEhvYUFFbWxtb0FuREpLdFlOaDpIOTV4dVlsdWd0K0hUVm9sSVYwckIxVlptMDN6RGFqQkdNbEwxekdjZlltcFJicDFHTHlkTkYydzMxblRNUldlS1Q0N01HU3pWTVlWWjBqdkFyM201b3ZlQUYwTllLdXVMUDRucG04aWVMblRqNzFXV1EwSWpiTStjcElwWk1kMnJUdmtqcENZLzBKK2VSRXdXUjZGS2o0aDU1L3A3Ym1iSmJQek53cW40TmJieE9BbWt4QVZEQ2pVbUx6bnA0UXAzMWtnNGRxQVBaYVE2SGxLNGZPOHg5Y0ZoRVNIVER3NVpJM0h1YUVXaXlVS2phZmNMREI0d2lNMXQ4RkxkL1FsSEgxM0hkeTZEZWtobllJU243S0l3RVA0bnlnTEtwaGRKMENCa2s5ZVdGazA0WHFBam1PVGdBbmhtSU10eEVKMlZnNnNBTVFicG4wWGdHdTRJb2kxZ2hvaU5neXg3UUNzRFV3UHljRVNZTzhvWkJ6aWk5M1l2SEJ4VlpJdTR1VzJEa1A0akk1VllrOUlEcnl2Q3liV2pIZ2VHbmw0Mm82YmZ4UWY1dU9VbjE0aGtyM1JrQzZqMDAwNnR5ZTRyVmQ2M0xMZzhXbUpLblcrOTRlWlVNTVErV0dGVWt0bE5JSzcvVUx3dkpWNmVOanNIdXU3L0VwNy9RMjlBVjJMblF1NmwrRmwwck1MVm5LYVR4NmVKU0g0dGVrYVRrUTdUSXZnVW5EaXV6MVpLVzlhTmZRSVlONnpVTjliT1BBbitEanp6bk1HVmI5SW5sK1dqMm11MEoyK3dJOXNzdUdOeDdjbm4vUTZ1RFBkY2loTmZGcStUSGV1OVVRWUhTN3pHVDJBMnpsVStYcytWdjFUU0dCVHY0QlpmTlRkTndmL25KSUk4T210UG42aDYraz0=
After Base64 Decode:
OBNc8Q+avnMbPnO/raoyvlNgdv3gGGgavEOtQ96FDTK20bs09cAioA8/pRcFOVbGLRjxHTQOvCzLswN52XagKPF7gYFXRd7iU34Hq8mppInzInGJKfIfkyODRYEpr43FwVfDZ8qWaI0hWKBfdCIADt8YtUd118Uh/qLqrWUAOd3RgmSNFoTV2b4LXvTl+YW7TbvyjphDiTE3mBFu0FOutVOvnCwb0FYZokHHqTt+cDkenJ0YlT8XdNWSvVnCy+g9+yZprApFgG1RqVZRDEne9Y1OXnCHRTiVLt9w+04SMDHNga4sQQcSw45PeKEBKTzIEbh7Mhbak9jtqqKiF+aF2kMqFzEWDGYHQEOv2RHBZIA+fdYdwpgyR2e+JaCkx7dK/0zwRBAuIUQiGXuGPovrjPTRaCVcn7/0pripa+C02H8DF9eoM3XbeCdRNsG96dBTPchlO7Z5zXxxgIfr7hE3cwcMwPTDhlMfdxVdeMCrCh56N+uDEh999RryXbtUHm/pN8GjDz4lqK5Zv4utriYLnFhF5IB+uI6FnzSsieC600pyD4pcWWoA5e6WkYOS4rRmh1lAJxC3ACzcDMJxkRoTBPB0In2lFpG00/TfvLH7A37FBdOelB6g8Hk652p1HnOyCjzfuM8j7tK0m7CnR79u6Xx3OCnRZA4TiqzKHWkcnYo=
:
EpzPm9fLq6R7KUANasVbHIOATuKqjbbvHG6jP19PmqzT5Ew3qifaSBaxvCamoUojz7HMmeuDU+9qFJ0kNXIFrEHNq/svCUflzaAx0zWo0t9ZmDuOFhet7w62tYL80SO9Rug8Ag+mQFjEigjomX8jKqQbMo4QJ6qzdLCIyQzFlRok3THoaAEmlmoAnDJKtYNh
:
H95xuYlugt+HTVolIV0rB1VZm03zDajBGMlL1zGcfYmpRbp1GLydNF2w31nTMRWeKT47MGSzVMYVZ0jvAr3m5oveAF0NYKuuLP4npm8ieLnTj71WWQ0IjbM+cpIpZMd2rTvkjpCY/0J+eREwWR6FKj4h55/p7bmbJbPzNwqn4NbbxOAmkxAVDCjUmLznp4Qp31kg4dqAPZaQ6HlK4fO8x9cFhESHTDw5ZI3HuaEWiyUKjafcLDB4wiM1t8FLd/QlHH13Hdy6DekhnYISn7KIwEP4nygLKphdJ0CBkk9eWFk04XqAjmOTgAnhmIMtxEJ2Vg6sAMQbpn0XgGu4Ioi1ghoiNgyx7QCsDUwPycESYO8oZBzii93YvHBxVZIu4uW2DkP4jI5VYk9IDryvCybWjHgeGnl42o6bfxQf5uOUn14hkr3RkC6j0006tye4rVd63LLg8WmJKnW+94eZUMMQ+WGFUktlNIK7/ULwvJV6eNjsHuu7/Ep7/Q29AV2LnQu6l+Fl0rMLVnKaTx6eJSH4tekaTkQ7TIvgUnDiuz1ZKW9aNfQIYN6zUN9bOPAn+DjzznMGVb9Inl+Wj2mu0J2+wI9ssuGNx7cnn/Q6uDPdcihNfFq+THeu9UQYHS7zGT2A2zlU+Xs+Vv1TSGBTv4BZfNTdNwf/nJII8OmtPn6h6+k=
Encrypted DynamicKey ( decrypt using pvt key + RSA/ECB/OAEPPADDING): Encrypted Payload (using plain dynamic key + A256GCM): Signature (RSA-SHA256)
I Can able to implement below 2
Encrypted and Decrypt Payload (using plain dynamic key + A256GCM) : Signature and Verification (RSA-SHA256)
Kindly help me regarding this.
------------------------------
Stefen Salvatore
Original Message:
Sent: Thu February 29, 2024 09:30 AM
From: Steve Linn
Subject: Decryption using RSA/ECB/OAEPPADDING in Gatewayscript
Hi Stefen,
I ported the publicly available samplev5 user defined policies that were jose based GatewayScript into API Gateway user defined policies. Perhaps those samples will help, see https://github.com/ibm-apiconnect/policy-apigw/tree/master/user-defined-policies.
Regards,
Steve
------------------------------
Steve Linn
Senior Consulting I/T Specialist
IBM
Original Message:
Sent: Thu February 29, 2024 08:41 AM
From: Stefen Salvatore
Subject: Decryption using RSA/ECB/OAEPPADDING in Gatewayscript
Hi @Steve Linn , @Hermann Stamm-Wilbrandt , @Joseph Morgan and Team,
Java:
private static String getEncryptHeader(String keyPlainText, String publicKeyStr) {
try {
byte[] keyByteArr = keyPlainText.getBytes();
PublicKey key = getPublicKey(publicKeyStr);
Cipher cipher = Cipher.getInstance('RSA/ECB/OAEPPADDING');
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] encryptedByte = cipher.doFinal(keyByteArr);
System.out.println("EncryptedHeaders:" + Base64.getEncoder().encodeToString(encryptedByte));
return Base64.getEncoder().encodeToString(encryptedByte);
} catch (Exception e) {
e.printStackTrace();
return "";
}
}
Iam Unable to decrypt it using crypto module since invalid algorithm and unable to decrypt using jose since the body is not parsed when i use jose.parse.
So could anyone Please provide equivalent gatewayscript code if Datapower supports the above java functionality.
------------------------------
Stefen Salvatore
------------------------------