Merge pull request #36 from PandaTechAM/development

Jose

Author: HaikAsatryan

Readme.md

@@ -14,6 +14,7 @@ scattered code to handle everyday cryptographic tasks. The library provides an *
 - Secure random generation,
 - Password validation/strength checks,
 - Masking of sensitive data.
+- JOSE (**JWE only**): simple sealed-envelope encryption (RSA-OAEP-256 + AES-256-GCM) with JWK + `kid` thumbprint.
 
 Whether you need to **encrypt data**, **hash passwords**, or **generate secure random tokens**, PandaTech.Crypto
 provides lightweight abstractions over popular cryptographic solutions, ensuring simplicity and usability without
@@ -204,6 +205,35 @@ byte[] newCipher = AesMigration.MigrateFromOldNonHashed(oldCiphertext);
 
 The library provides nullable-friendly variants too (`MigrateFromOldHashedNullable`, etc.).
 
+### JoseJwe — Simple JWE (RSA-OAEP-256 + A256GCM)
+
+Confidentiality-only envelopes using JOSE **JWE** (no signatures). Keys are **RSA JWKs**, and `kid` is the **RFC 7638
+thumbprint** of the public JWK.
+
+```csharp
+using Pandatech.Crypto.Helpers;
+using System.Text;
+
+// 1) Issue RSA keys (2048+)
+// returns public/private JWKs and kid (thumbprint of public JWK)
+var (publicJwk, privateJwk, kid) = JoseJwe.IssueKeys();
+
+// 2) Encrypt to recipient’s public key (header includes kid)
+var plaintext = Encoding.UTF8.GetBytes("hello");
+var jwe = JoseJwe.Encrypt(publicJwk, plaintext, kid);
+
+// 3) Decrypt with recipient’s private key
+if (JoseJwe.TryDecrypt(privateJwk, jwe, out var bytes))
+{
+   var text = Encoding.UTF8.GetString(bytes);
+}
+```
+
+#### Security notes
+- RSA key **size ≥ 2048** bits (enforced).
+- `kid` must match the supplied `publicJwk` (enforced).
+- This is **encryption only** (no authenticity). If you need signing later, add JWS separately.
+
 ### Argon2id Class
 
 **Default Configurations**

src/Pandatech.Crypto/Helpers/Aes256Gcm.cs

@@ -47,12 +47,12 @@ public static void Encrypt(Stream input, Stream output, string? key)
 
       using var aes = new AesGcm(k, TagSize);
 
-      var plain     = new byte[DefaultChunkSize];
-      var cipher    = new byte[DefaultChunkSize];   // <— you removed this; we need it
-      var tagBuf    = new byte[TagSize];
-      var nonceBuf  = new byte[NonceSize];
+      var plain = new byte[DefaultChunkSize];
+      var cipher = new byte[DefaultChunkSize]; // <— you removed this; we need it
+      var tagBuf = new byte[TagSize];
+      var nonceBuf = new byte[NonceSize];
       var frameLen4 = new byte[4];
-      var aadLen    = 5 + NonceSize + 4;
+      var aadLen = 5 + NonceSize + 4;
 
       ulong counter = 0;
       int read;
@@ -62,16 +62,16 @@ public static void Encrypt(Stream input, Stream output, string? key)
       {
          DeriveNonce(baseNonce, counter, nonceBuf);
 
-         var p   = plain.AsSpan(0, read);
-         var c   = cipher.AsSpan(0, read);
+         var p = plain.AsSpan(0, read);
+         var c = cipher.AsSpan(0, read);
          var tag = tagBuf.AsSpan();
 
          aes.Encrypt(nonceBuf, p, c, tag, header[..aadLen]);
 
          BinaryPrimitives.WriteUInt32LittleEndian(frameLen4, (uint)read);
-         output.Write(frameLen4);   // len
-         output.Write(tagBuf);      // tag
-         output.Write(c);           // ciphertext
+         output.Write(frameLen4); // len
+         output.Write(tagBuf); // tag
+         output.Write(c); // ciphertext
 
          counter++;
       }

src/Pandatech.Crypto/Helpers/Aes256SivLegacy.cs

@@ -10,6 +10,7 @@
 
 namespace Pandatech.Crypto.Helpers;
 
+[Obsolete("This is a legacy implementation of AES256-SIV. Use Aes256Siv instead.", false)]
 public static class Aes256SivLegacy
 {
    private static string? GlobalKey { get; set; }

src/Pandatech.Crypto/Helpers/JoseJwe.cs

@@ -0,0 +1,192 @@
+using System.Security.Cryptography;
+using System.Text;
+using System.Text.Json;
+using Jose;
+
+namespace Pandatech.Crypto.Helpers;
+
+public static class JoseJwe
+{
+   public static (string PublicJwk, string PrivateJwk, string Kid) IssueKeys(int bits = 2048)
+   {
+      if (bits < 2048)
+      {
+         throw new ArgumentOutOfRangeException(nameof(bits), "RSA key must be >= 2048 bits.");
+      }
+
+      using var rsa = RSA.Create(bits);
+      var pubJwk = ExportPublicJwk(rsa);
+      var prvJwk = ExportPrivateJwk(rsa);
+      var kid = Thumbprint(pubJwk);
+      return (pubJwk, prvJwk, kid);
+   }
+
+   public static string Encrypt(string publicJwk, byte[] payload, string kid)
+   {
+      // Validate kid matches public key
+      var computed = Thumbprint(publicJwk);
+      if (!string.Equals(computed, kid, StringComparison.Ordinal))
+      {
+         throw new ArgumentException("kid does not match publicJwk (RFC7638).", nameof(kid));
+      }
+
+      using var rsa = ImportPublic(publicJwk);
+
+      // JWE: RSA-OAEP-256 + A256GCM; compact serialization; header includes kid
+      return JWT.EncodeBytes(
+         payload,
+         rsa,
+         JweAlgorithm.RSA_OAEP_256,
+         JweEncryption.A256GCM,
+         extraHeaders: new Dictionary<string, object>
+         {
+            ["kid"] = kid
+         }
+      );
+   }
+
+   public static bool TryDecrypt(string privateJwk, string jwe, out byte[] payload)
+   {
+      try
+      {
+         using var rsa = ImportPrivate(privateJwk);
+         payload = JWT.DecodeBytes(jwe, rsa, JweAlgorithm.RSA_OAEP_256, JweEncryption.A256GCM);
+         return true;
+      }
+      catch
+      {
+         payload = [];
+         return false;
+      }
+   }
+
+   public static string ComputeKid(string publicJwk) => Thumbprint(publicJwk);
+
+   private static RSA ImportPublic(string jwkJson)
+   {
+      using var doc = JsonDocument.Parse(jwkJson);
+      var r = doc.RootElement;
+      if (r.GetProperty("kty")
+           .GetString() != "RSA") throw new ArgumentException("kty must be RSA.");
+      var n = Base64Url.Decode(r.GetProperty("n")
+                                .GetString()!);
+
+      if (n.Length * 8 < 2048)
+      {
+         throw new CryptographicException("RSA public key must be >= 2048 bits.");
+      }
+
+      var e = Base64Url.Decode(r.GetProperty("e")
+                                .GetString()!);
+      var p = new RSAParameters
+      {
+         Modulus = n,
+         Exponent = e
+      };
+      var rsa = RSA.Create();
+      rsa.ImportParameters(p);
+      return rsa;
+   }
+
+   private static RSA ImportPrivate(string jwkJson)
+   {
+      using var doc = JsonDocument.Parse(jwkJson);
+      var r = doc.RootElement;
+      if (r.GetProperty("kty")
+           .GetString() != "RSA")
+      {
+         throw new ArgumentException("kty must be RSA.");
+      }
+
+      var n = Base64Url.Decode(r.GetProperty("n")
+                                .GetString()!);
+      if (n.Length * 8 < 2048)
+      {
+         throw new CryptographicException("RSA private key must be >= 2048 bits.");
+      }
+
+      var pars = new RSAParameters
+      {
+         Modulus = Base64Url.Decode(r.GetProperty("n")
+                                     .GetString()!),
+
+         Exponent = Base64Url.Decode(r.GetProperty("e")
+                                      .GetString()!),
+         D = Base64Url.Decode(r.GetProperty("d")
+                               .GetString()!)
+      };
+
+      // optional CRT params if present
+      Try(r, "p", out pars.P);
+      Try(r, "q", out pars.Q);
+      Try(r, "dp", out pars.DP);
+      Try(r, "dq", out pars.DQ);
+      Try(r, "qi", out pars.InverseQ);
+
+      var rsa = RSA.Create();
+      rsa.ImportParameters(pars);
+      return rsa;
+
+      static void Try(JsonElement root, string name, out byte[]? val)
+      {
+         val = root.TryGetProperty(name, out var v) ? Base64Url.Decode(v.GetString()!) : null;
+      }
+   }
+
+   private static string ExportPublicJwk(RSA rsa)
+   {
+      var p = rsa.ExportParameters(false);
+      var o = new
+      {
+         kty = "RSA",
+         n = Base64Url.Encode(p.Modulus!),
+         e = Base64Url.Encode(p.Exponent!)
+      };
+      return JsonSerializer.Serialize(o);
+   }
+
+   private static string ExportPrivateJwk(RSA rsa)
+   {
+      var p = rsa.ExportParameters(true);
+      var o = new
+      {
+         kty = "RSA",
+         n = Base64Url.Encode(p.Modulus!),
+         e = Base64Url.Encode(p.Exponent!),
+         d = Base64Url.Encode(p.D!),
+         p = p.P is null ? null : Base64Url.Encode(p.P),
+         q = p.Q is null ? null : Base64Url.Encode(p.Q),
+         dp = p.DP is null ? null : Base64Url.Encode(p.DP),
+         dq = p.DQ is null ? null : Base64Url.Encode(p.DQ),
+         qi = p.InverseQ is null ? null : Base64Url.Encode(p.InverseQ)
+      };
+      var json = JsonSerializer.Serialize(o);
+      // remove nulls (compact)
+      using var doc = JsonDocument.Parse(json);
+      using var ms = new MemoryStream();
+      using var w = new Utf8JsonWriter(ms);
+      w.WriteStartObject();
+      foreach (var prop in doc.RootElement
+                              .EnumerateObject()
+                              .Where(prop => prop.Value.ValueKind != JsonValueKind.Null))
+      {
+         prop.WriteTo(w);
+      }
+
+      w.WriteEndObject();
+      w.Flush();
+      return Encoding.UTF8.GetString(ms.ToArray());
+   }
+
+   // RFC 7638 thumbprint over {"e","kty","n"} with lexicographic keys
+   private static string Thumbprint(string publicRsaJwk)
+   {
+      using var doc = JsonDocument.Parse(publicRsaJwk);
+      var r = doc.RootElement;
+      var canonical =
+         $$"""{"e":"{{r.GetProperty("e").GetString()}}" ,"kty":"RSA","n":"{{r.GetProperty("n").GetString()}}"}"""
+            .Replace(" ", "");
+      var hash = SHA256.HashData(Encoding.ASCII.GetBytes(canonical));
+      return Base64Url.Encode(hash);
+   }
+}

src/Pandatech.Crypto/Pandatech.Crypto.csproj

@@ -8,12 +8,12 @@
         <Copyright>MIT</Copyright>
         <PackageIcon>pandatech.png</PackageIcon>
         <PackageReadmeFile>Readme.md</PackageReadmeFile>
-        <Version>6.0.0</Version>
+        <Version>6.1.0</Version>
         <Title>Pandatech.Crypto</Title>
         <PackageTags>Pandatech, library, encryption, hash, algorythms, security</PackageTags>
         <Description>PandaTech.Crypto is a .NET library simplifying common cryptograhic functions.</Description>
         <RepositoryUrl>https://github.com/PandaTechAM/be-lib-pandatech-crypto</RepositoryUrl>
-        <PackageReleaseNotes>Aes256Siv breaking changes introduced and AES256GCM. Refer to readme.md</PackageReleaseNotes>
+        <PackageReleaseNotes>Easy Jose interface added. Refer to readme.md for changes</PackageReleaseNotes>
     </PropertyGroup>
 
     <ItemGroup>
@@ -23,6 +23,7 @@
 
     <ItemGroup>
         <PackageReference Include="BouncyCastle.NetCore" Version="2.2.1"/>
+        <PackageReference Include="jose-jwt" Version="5.2.0" />
         <PackageReference Include="Konscious.Security.Cryptography.Argon2" Version="1.3.1"/>
         <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.8" />
     </ItemGroup>

test/Pandatech.Crypto.Tests/Aes256SivTests.cs

@@ -42,7 +42,7 @@ public void Deterministic_SamePlaintextSameCiphertext()
     public void EmptyInput_Produces16ByteV_AndDecryptsToEmpty()
     {
         var key = Key();
-        var c = Aes256Siv.Encrypt(Array.Empty<byte>(), key);
+        var c = Aes256Siv.Encrypt([], key);
         Assert.Equal(16, c.Length); // V only
         var p = Aes256Siv.DecryptToBytes(c, key);
         Assert.Empty(p);