This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

JWT Key encryption using RSA-OAEP-256

Posted on 04-22-2021 12:22 AM
amotupalli
New Member
Reply posted on --/--/---- --:-- AM

We are facing EJT error as below

ejt_error : AES/GCM/NoPadding decryption failed: Tag mismatch!

Can anyone please help on this.

Thank You,

Lakshmi.

EDITED

We are trying to JWT encrypted the data using below code

Client :

String accessToken = getPrudentialAccessToken(); // AccessToken
logger.debug("Plain Payload  : " + checkKycRequest.toString());
checkKycRequest.setTaxStatus("01");
checkKycRequest.setIsNewVersion("FTM");
checkKycRequest.setFirstPan("BDJPA0600D");
String jsonObject = new Gson().toJson(checkKycRequest);
logger.debug(jsonObject);
jsonObject = generatePublicKeyRsaInputEncryption(jsonObject);
logger.debug(jsonObject);
HttpEntity<String> entity = new HttpEntity<>(updateObjWithEmptyStrings(jsonObject, true),
                                        IciciPrudentialUtils.getHeader(accessToken));
String fullUrl = config.getOauthUrls().getCheckKyc();
logger.debug(fullUrl);
RestTemplate template = new RestTemplate();
ResponseEntity<String> tranResponseEntity = template.exchange(fullUrl, HttpMethod.POST, entity,
  String.class);

Encryption :

public static String getEncryptWithPublicKey(String payload) {
        JWEAlgorithm alg = JWEAlgorithm.RSA_OAEP_256;
        EncryptionMethod encryptionMethod = EncryptionMethod.A256GCM;
        try {
                RSAPublicKey key = readPublicKey();
                JWEObject jwe = new JWEObject(new JWEHeader(alg, encryptionMethod), new Payload(payload));
                jwe.encrypt(new RSAEncrypter(key));
                return jwe.serialize();
        } catch (Exception e) {
                logger.debug(e.getMessage());
        }
        return null;
}
public static RSAPublicKey readPublicKey() throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
    String key = new String(readFileBytes("public.key.prudential"), Charset.defaultCharset());
    String publicKeyPEM = key.replace("-----BEGIN PUBLIC KEY-----", "").replaceAll(System.lineSeparator(), "")
                                .replace("-----END PUBLIC KEY-----", "").replaceAll("\\s+", "");
    byte[] decoded = Base64.getDecoder().decode(publicKeyPEM);
    X509EncodedKeySpec spec = new X509EncodedKeySpec(decoded);
    KeyFactory keyFactory = KeyFactory.getInstance("RSA");
    return (RSAPublicKey) keyFactory.generatePublic(spec);
}
public static byte[] readFileBytes(String key) throws IOException {
    return Files.readAllBytes(Paths.get(Utils.loadPropertiesWithStaticProperty(key)));
}

When we are trying to decrypt the above encrypted data output using java callout. We are using the below xml code of java callout policy

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<JavaCallout name="Java-Callout-2">
    <Properties>
        <Property name="key-encryption">RSA-OAEP-256</Property>
        <Property name="content-encryption">A256GCM</Property>
        <Property name="debug">true</Property>
        <Property name="source">request.content</Property>
        <Property name="private-key">{private.my_private_key}</Property>
    </Properties>
    <ClassName>com.google.apigee.edgecallouts.VerifyEncryptedJwt</ClassName>
    <ResourceURL>java://something-here.jar</ResourceURL>
</JavaCallout>

While executing the API we are facing issue

ejt_error : AES/GCM/NoPadding decryption failed: Tag mismatch!

Thank You,

Lakshmi Motupalli

0 4 2,358
Topic Labels
0 Likes
4 REPLIES 4
Top Solution Authors
View all