Hi everyone,
Our iOS application uses a Web service that returns content encrypted using JWE (https://tools.ietf.org/html/rfc7516). The server encrypts the content using a public key provided by the app in a previous call, and the app decodes the JWE and decrypts the content using its private key.
We encounter issues to decrypt the content, in particular for algorithms that encrypt or derive a symmetric key which is then used to encrypt the content using AES GCM:
- RSA OAEP 256 with A256 GCM: RSAES using Optimal Asymmetric Encryption Padding (OAEP) (RFC 3447), with the SHA-256 hash function and the MGF1 with SHA-256 mask generation function; AES in Galois/Counter Mode (GCM) (NIST.800-38D) using a 256 bit key
- ECDH ES A256KW with A256GCM: Elliptic Curve Diffie-Hellman Ephemeral Static key agreement per "ECDH-ES", where the agreed-upon key is used to wrap the Content Encryption Key (CEK) with the "A256KW" function; AES in Galois/Counter Mode (GCM) (NIST.800-38D) using a 256 bit key
Is there a way to format JWE attributes (encrypted content key, IV, authentication tag, cipher text) so that it can be passed as parameter to the SecKeyCreateDecryptedData method with a SecKeyAlgorithm like rsaEncryptionOAEPSHA256AESGCM or eciesEncryptionStandardVariableIVX963SHA256AESGCM? If not, is there an alternative that would allow to perform the decryption step by step?
I tried to read the code made available by Apple but I couldn't figure out the exact data format and the documentation is not so clear about the operations performed in those cases.
Thanks in advance