Layer7 API Management

Expand all | Collapse all

Using RSA Public Key to Encrypt with Encode Json Web Token

  • 1.  Using RSA Public Key to Encrypt with Encode Json Web Token

    Posted 07-23-2018 11:05 PM

    We are working with a partner who has provided a public key which needs to be used to encrypt a JSON Web Token (JWT), thus becoming a JWE.

     

    Previous discussions with CA support have indicated that the CA API Gateway is not capable of doing this.

     

    Has anyone been able to make this work?

     

    Example of the Public Key format (note: NOT a Public Cert):

    -----BEGIN PUBLIC KEY-----
    MIIBIjANBxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END PUBLIC KEY-----

     

    We have tried populating this in a context variable as follows (note: not a certificate, so we cannot import this in the Manage certificates screen):

     

    Usage of the key in Encode Json Web Token properties:

     

    Our 3rd party has indicated the following

    AlgorithmEncryptionKey Size
    RSA-OAEPA256CBC-HS5122048

     

    Error in Gateway Audit Events:



  • 2.  Re: Using RSA Public Key to Encrypt with Encode Json Web Token

    Posted 12-13-2018 06:37 PM
      |   view attached

    Good afternoon,

     

    Building on the work done in this community post (Encode json web token properties  ) that also links this Document (How to sign a payload using Encode JSON web token - CA Knowledge). I used the policy from the document to build out a new policy that will take a variable with the Base64 of the RSA Public Key (in this case stored in a variable but can be extracted from any source) and decode it into a certificate variable to be used in the Encode JSON Web Token assertion.

     

    Sincerely,

     

    Stephen Hughes

    Broadcom Support  

    Attachment(s)