This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

APIGEE JWE Encryption Keys generation

Posted on 04-05-2024 07:09 AM
AbhishekAw
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi Team,

We did a POC of using Encrypted JWT with the following setting where my 

Algorithms used for Key is A256KW and Content is A256GCM and the SecretKey provided is in hex format with the value "D8A2209DF448D653592FBB3519781A4DD8A2209DF448D653592FBB3519781A4D" and it is working as expected. My token is getting generated perfectly and its encrypted with the following settings.

 

<GenerateJWT async="false" continueOnError="false" enabled="true" name="JWT-generation">
    <DisplayName>JWT-generation-Demo</DisplayName>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <Algorithms>
        <Key>A256KW</Key>
        <Content>A256GCM</Content>
    </Algorithms>
    <SecretKey encoding="hex">
        <Value ref="private.aes.encryption.key"/>
    </SecretKey>
    <OutputVariable>generatedJWT</OutputVariable>
</GenerateJWT>

 

 My Question is how can I generate the SecretKey very similar to what I have used above encoded in hex???  

I don't want to create it from online tools so any good documentations or commands reference would help.

example: D8A2209DF448D653592FBB3519781A4DD8A2209DF448D653592FBB3519781A4D

4 3 116
Topic Labels
3 REPLIES 3

Posted on --/--/---- --:-- AM
AbhishekAw
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

@dchiesa1  Please recommend something 

Posted on --/--/---- --:-- AM
AbhishekAw
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

@dchiesa1  Can you please help me here, I would be very helpful

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

That representation (D8A2209DF448D...)  is a hex-encoding of a key.

You can google for hints on how to get a hex encoding of a byte stream. 

An AES key is just any stream of bytes.  Where you "get" that key, is sort of up to you. Probably you want to generate that key with a random number generator.  In Nodejs, you can refer here to generate random bytes. Or in Java, refer here. And then you'd do something like this to print it. Resulting in:

$ jshell
|  Welcome to JShell -- Version 11.0.21
|  For an introduction type: /help intro

jshell> byte[] bytes = new byte[32];
bytes ==> byte[32] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ... , 0, 0, 0, 0, 0, 0, 0, 0 }

jshell> java.security.SecureRandom.getInstanceStrong().nextBytes(bytes);

jshell> String.format("%032x", new java.math.BigInteger(1, bytes));
$3 ==> "43e3fff8a5dbea6ba8d7beae75d5767d8730971bae9e15400ccf1aa24ec9ac00"

jshell> /exit
|  Goodbye

If you have a STRING, a human-readable string, you can encode the string into a hex byte stream like this: 

// encode from UTF-8 String to hex
let arg = 'string-to-encode';
let hex = Buffer.from(arg, 'utf-8').toString('hex');
console.log(`${arg}:\n  ${hex}`);

and the result is like this:

abcdefg:
  61626364656667

 But your key (D8A2209D...) is not decodable via UTF-8 into a readable string.

 

Top Solution Authors
View all