Decrypting Encrypted JSON Web Tokens (JWE) with Ruby

Featured image for sharing metadata for article

There are a number of great standards for encrypting data, and one I interact with quite a lot is JSON Web Encryption.

As mentioned in Why I Actively Discourage Online Tooling like jwt.io and Online JSON Validators, I like having the option to use offline tools (which I can audit more easily) for common tasks.

Fortunately, the jose gem allows us to do this pretty nicely, and it has some really useful utilities for parsing different key formats.

We can create the following script:

require 'jose'

# if using a PEM file
key = JOSE::JWK.from_pem ARGV[0]
# if using a JWK
key = JOSE::JWK.from_map JSON.parse(File.read ARGV[0])
token = File.read ARGV[1]

puts JOSE::JWE.block_decrypt(key, token).first

This allows us to execute it as such:

# i.e. if using PEMs
$ ruby decrypt.rb key.pem jwe.txt
The true sign of intelligence is not knowledge but imagination.

Written by Jamie Tanna's profile image Jamie Tanna on , and last updated on .

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under the Apache License 2.0.

#blogumentation #ruby #jwt.

This post was filed under articles.

Interactions with this post

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.