Notice
Recent Posts
Recent Comments
Link
투케이2K
968. (Android/Java) [nimbusds] JWE AES 256 GCM 디코딩 복호화 수행 실시 - A256GCM , A256GCMKW 본문
Android
968. (Android/Java) [nimbusds] JWE AES 256 GCM 디코딩 복호화 수행 실시 - A256GCM , A256GCMKW
투케이2K 2025. 4. 3. 07:47[개발 환경 설정]
개발 툴 : AndroidStudio
개발 언어 : Java / Kotlin

[소스 코드]
// --------------------------------------------------------------------------------------
[개발 및 테스트 환경]
// --------------------------------------------------------------------------------------
- 언어 : Java / Kotlin
- 개발 툴 : AndroidStudio
- 기술 구분 : nimbusds / JWE / JWT / AES
// --------------------------------------------------------------------------------------
// --------------------------------------------------------------------------------------
[nimbusds 라이브러리 의존성 부여 설정 : build.gradle]
// --------------------------------------------------------------------------------------
// TODO [JWE 암복호화 관련]
implementation 'com.nimbusds:nimbus-jose-jwt:10.0.2'
// --------------------------------------------------------------------------------------
// --------------------------------------------------------------------------------------
[Java : 소스 코드]
// --------------------------------------------------------------------------------------
// --------------------------------------------------------------------
// TODO [전역 변수 선언]
// --------------------------------------------------------------------
private static final String AES256_GCM_KEY = "0123456789abcdef0123456789abcdef"; // [32 바이트]
// --------------------------------------------------------------------
// TODO [AES GCM : JWE 디코딩 수행]
// --------------------------------------------------------------------
// TODO [Call Method]
// --------------------------------------------------------------------
/*
String jweString = "eyJjdHkiOiJhcHBsaWNhdGlvbi9qc29uIiwidHlwIjoiSldFIiwiZW5jIjoiQTI1NkdDTSIsInRhZyI6IlNpSHZYTG80cTI1YWtQRFJlUUNsZFEiLCJhbGciOiJBMjU2R0NNS1ciLCJpdiI6Ijd4MjZfRXU2WkUzUGpVSk8ifQ.eCRJcf8caoVZxu9JU6cGSb-T1jijbhgdiHcj-exh4v8.Py6XijHl4h2gnIVU.odlLdIhawgDzGiCdXHaxwdSlkErnTJR2g-g_3hsLQ_sqINNsAIQSxkx04LFF81BpIeyJvkTLbKI9Gxu3fpk81BVIodETpZM4f6fA6FTfd2fZNh-25YmxWf3cfcqtrD39X_w.vf_Mldxxn1VpnViVT-rrSQ";
C_JWE_Encryption_Module.decodeAes256GcmJwe(jweString);
*/
// --------------------------------------------------------------------
// TODO [Return Data]
// --------------------------------------------------------------------
/*
D///===========//: ================================================
I/: [LOG :: CLASS PLACE :: com.example.javaproject.C_Module.C_JWE_Encryption_Module.decodeAes256GcmJwe(C_JWE_Encryption_Module.java:621)]
I/: ----------------------------------------------------
I/: [LOG :: DESCRIPTION :: C_JWE_Encryption_Module :: decodeAes256GcmJwe :: EncryptedJWT.parse 정보 확인]
I/: ----------------------------------------------------
I/: [LOG :: getHeader :: {"cty":"application/json","typ":"JWE","enc":"A256GCM","tag":"SiHvXLo4q25akPDReQCldQ","alg":"A256GCMKW","iv":"7x26_Eu6ZE3PjUJO"}]
I/: ----------------------------------------------------
I/: [LOG :: getEncryptedKey :: eCRJcf8caoVZxu9JU6cGSb-T1jijbhgdiHcj-exh4v8]
I/: ----------------------------------------------------
I/: [LOG :: getCipherText :: odlLdIhawgDzGiCdXHaxwdSlkErnTJR2g-g_3hsLQ_sqINNsAIQSxkx04LFF81BpIeyJvkTLbKI9Gxu3fpk81BVIodETpZM4f6fA6FTfd2fZNh-25YmxWf3cfcqtrD39X_w]
I/: ----------------------------------------------------
I/: [LOG :: getIV :: Py6XijHl4h2gnIVU]
I/: ----------------------------------------------------
I/: [LOG :: getAuthTag :: vf_Mldxxn1VpnViVT-rrSQ]
I/: ----------------------------------------------------
I/: [LOG :: getState :: DECRYPTED]
D///===========//: ================================================
D///===========//: ================================================
I/: [LOG :: CLASS PLACE :: com.example.javaproject.C_Module.C_JWE_Encryption_Module.decodeAes256GcmJwe(C_JWE_Encryption_Module.java:654)]
I/: ----------------------------------------------------
I/: [LOG :: DESCRIPTION :: C_JWE_Encryption_Module :: decodeAes256GcmJwe :: JWE 디코딩 수행]
I/: ----------------------------------------------------
I/: [LOG :: KEY :: 0123456789abcdef0123456789abcdef]
I/: ----------------------------------------------------
I/: [LOG :: Decode :: {iss=App, exp=1743486179, iat=1743486119, employeeNo=T_1234567890, name=투케이}]
D///===========//: ================================================
*/
// --------------------------------------------------------------------
public static String decodeAes256GcmJwe(String jweString){
String returnData = null; // [Return 데이터]
String M_LOG = null; // [Log 데이터]
try {
// -----------------------------------------------
// TODO [1] : [key >> Byte 변환]
// -----------------------------------------------
byte keyBytes [] = AES256_GCM_KEY.getBytes(StandardCharsets.UTF_8);
// -----------------------------------------------
// TODO [2] : [SecretKey 가져오기]
// -----------------------------------------------
SecretKeySpec secretKeySpec = new SecretKeySpec(keyBytes, "AES");
// -----------------------------------------------
// TODO [3] : [EncryptedJWT 생성] / [디코딩 수행 실시]
// -----------------------------------------------
// TODO 참고 : AESDecrypter 을 사용해 단독 디코딩 수행 시 getEncryptedKey, getIV 파싱 후 복호화 필요
// -----------------------------------------------
//*
EncryptedJWT decryptedJWT = EncryptedJWT.parse(jweString);
//JWEObject decryptedJWT = JWEObject.parse(jweString);
//decryptedJWT.decrypt(new DirectDecrypter(secretKeySpec)); // TODO [알고리즘 : DIR]
decryptedJWT.decrypt(new AESDecrypter(secretKeySpec)); // TODO [알고리즘 : JWEAlgorithm.A256GCMKW]
S_Log._D_(ACTIVITY_NAME + " :: decodeAes256GcmJwe :: EncryptedJWT.parse 정보 확인", new String[]{
"getHeader :: " + decryptedJWT.getHeader(),
"getEncryptedKey :: " + decryptedJWT.getEncryptedKey(),
"getCipherText :: " + decryptedJWT.getCipherText(),
"getIV :: " + decryptedJWT.getIV(),
"getAuthTag :: " + decryptedJWT.getAuthTag(),
"getState :: " + decryptedJWT.getState()
});
String payloadString = decryptedJWT.getPayload().toJSONObject().toString();
// */
// -----------------------------------------------
// TODO [4] : [payloadString 토큰 널 체크 수행]
// -----------------------------------------------
if (C_Util.stringNotNull(payloadString) == true){
returnData = payloadString;
}
else {
M_LOG = "Error : payloadString Is Null";
}
}
catch (Exception e){
e.printStackTrace();
M_LOG = "Exception : " + e.getMessage();
}
try { M_LOG = (M_LOG != null) ? M_LOG : ( (returnData != null) ? "Decode :: " + returnData : "Decode :: null" ); } catch (Exception el){}
S_Log._D_(ACTIVITY_NAME + " :: decodeAes256GcmJwe :: JWE 디코딩 수행", new String[]{"KEY :: " + AES256_GCM_KEY, String.valueOf(M_LOG)});
return returnData;
}
// --------------------------------------------------------------------------------------
// --------------------------------------------------------------------------------------
[참고 사이트]
// --------------------------------------------------------------------------------------
[온라인 JWT 토큰 복호화 및 헤더 값 확인 참고 사이트]
https://fusionauth.io/dev-tools/jwt-decoder
[라이브러리] [nimbus-jose-jwt] JWE (JSON Web Encryption) JSON 웹 암호화 및 복호화 라이브러리
https://blog.naver.com/kkh0977/223817959400?trackingCode=blog_bloghome_searchlist
[JWT (Json Web Token) 개념 설명]
https://blog.naver.com/kkh0977/222934042760?trackingCode=blog_bloghome_searchlist
[JWE (JSON Web Encryption) JSON 웹 암호화 설명]
https://blog.naver.com/kkh0977/223817878517?trackingCode=blog_bloghome_searchlist
// --------------------------------------------------------------------------------------
반응형
'Android' 카테고리의 다른 글
Comments