def decrypt(self, token, key=None, cek=None): if not key and not cek: raise MissingKey("On of key or cek must be specified") jwe = JWEnc().unpack(token) if len(jwe) != 5: raise WrongNumberOfParts(len(jwe)) if not cek: jek = jwe.encrypted_key() if isinstance(key, SYMKey): try: key = key.key.encode('utf8') except AttributeError: key = key.key # The iv for this function must be 64 bit cek = aes_unwrap_key(key, jek) msg = self._decrypt( jwe.headers["enc"], cek, jwe.ciphertext(), jwe.b64_protected_header(), jwe.initialization_vector(), jwe.authentication_tag()) if "zip" in self and self["zip"] == "DEF": msg = zlib.decompress(msg) return msg
def dec_setup(self, token, key=None, **kwargs): self.headers = token.headers self.iv = token.initialization_vector() self.ctxt = token.ciphertext() self.tag = token.authentication_tag() # Handle EPK / Curve if "epk" not in self.headers or "crv" not in self.headers["epk"]: raise Exception( "Ephemeral Public Key Missing in ECDH-ES Computation") epubkey = ECKey(**self.headers["epk"]) apu = apv = "" if "apu" in self.headers: apu = b64d(self.headers["apu"].encode()) if "apv" in self.headers: apv = b64d(self.headers["apv"].encode()) if self.headers["alg"] == "ECDH-ES": try: dk_len = KEYLEN[self.headers["enc"]] except KeyError: raise Exception("Unknown key length for algorithm") self.cek = ecdh_derive_key(epubkey.curve, key.d, (epubkey.x, epubkey.y), apu, apv, str(self.headers["enc"]).encode(), dk_len) elif self.headers["alg"] in [ "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW" ]: _pre, _post = self.headers['alg'].split("+") klen = int(_post[1:4]) kek = ecdh_derive_key(epubkey.curve, key.d, (epubkey.x, epubkey.y), apu, apv, str(_post).encode(), klen) self.cek = aes_unwrap_key(kek, token.encrypted_key()) else: raise Exception("Unsupported algorithm %s" % self.headers["alg"]) return self.cek
def decrypt(self, token, key=None, cek=None): if not key and not cek: raise MissingKey("On of key or cek must be specified") jwe = JWEnc().unpack(token) if not cek: jek = jwe.encrypted_key() # The iv for this function must be 64 bit cek = aes_unwrap_key(key, jek) msg = self._decrypt( jwe.headers["enc"], cek, jwe.ciphertext(), jwe.b64_protected_header(), jwe.initialization_vector(), jwe.authentication_tag()) if "zip" in self and self["zip"] == "DEF": msg = zlib.decompress(msg) return msg
def decrypt(self, token, key=None, cek=None): if not key and not cek: raise MissingKey("On of key or cek must be specified") jwe = JWEnc().unpack(token) if not cek: jek = jwe.encrypted_key() # The iv for this function must be 64 bit cek = aes_unwrap_key(key, jek) msg = self._decrypt(jwe.headers["enc"], cek, jwe.ciphertext(), jwe.b64_protected_header(), jwe.initialization_vector(), jwe.authentication_tag()) if "zip" in self and self["zip"] == "DEF": msg = zlib.decompress(msg) return msg
def dec_setup(self, token, key=None, **kwargs): self.headers = token.headers self.iv = token.initialization_vector() self.ctxt = token.ciphertext() self.tag = token.authentication_tag() # Handle EPK / Curve if "epk" not in self.headers or "crv" not in self.headers["epk"]: raise Exception( "Ephemeral Public Key Missing in ECDH-ES Computation") epubkey = ECKey(**self.headers["epk"]) apu = apv = "" if "apu" in self.headers: apu = b64d(self.headers["apu"].encode()) if "apv" in self.headers: apv = b64d(self.headers["apv"].encode()) if self.headers["alg"] == "ECDH-ES": try: dk_len = KEYLEN[self.headers["enc"]] except KeyError: raise Exception("Unknown key length for algorithm") self.cek = ecdh_derive_key(epubkey.curve, key.d, (epubkey.x, epubkey.y), apu, apv, str(self.headers["enc"]).encode(), dk_len) elif self.headers["alg"] in ["ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW"]: _pre, _post = self.headers['alg'].split("+") klen = int(_post[1:4]) kek = ecdh_derive_key(epubkey.curve, key.d, (epubkey.x, epubkey.y), apu, apv, str(_post).encode(), klen) self.cek = aes_unwrap_key(kek, token.encrypted_key()) else: raise Exception("Unsupported algorithm %s" % self.headers["alg"]) return self.cek