Using node-jose, how do I decrypt the data I just encrypted?

Question

I am trying to implement simple JOSE encrypt and decrypt functions using node-jose.

My code is as follows (written using Node 8.2.1)

const { JWE } = require('node-jose');

const jose = (publicKey, privateKey) => {
  async function encrypt(raw) {
    if (!raw) throw new Error('Missing raw data.')
    const buffer = new Buffer(JSON.stringify(raw));
    return JWE.createEncrypt(publicKey).update(buffer).final();
  }

  async function decrypt(encrypted) {
    if (!encrypted) throw new Error('Missing encrypted data.')
    const buffer = new Buffer(JSON.stringify(encrypted));
    return JWE.createDecrypt(privateKey).decrypt(buffer);
  }

  return { encrypt, decrypt }
}

module.exports = jose;

I generate an RSA keypair using generate-rsa-keypair.

So testing via this code the encryption side of things works fine

const { JWK } = require('node-jose');
const keygen = require('generate-rsa-keypair');
const jose = require('./src/utils/jose');

const rawKeys = keygen();

const makeKey = pem => JWK.asKey(pem, 'pem');

async function start() {
  const publicKey = await makeKey(rawKeys.public)
  const privateKey = await makeKey(rawKeys.private)

  const raw = {
    iss: 'test',
    exp: new Date().getTime() + 3600,
    sub: {
      test: 'This is a test',
    },
  };

  const { encrypt, decrypt } = jose(publicKey, privateKey);

  return encrypt(raw).then(encrypted => decrypt(encrypted));
}

return start().then((result) => {
  console.log('decrypted', result)
}, (err) => {
  console.error(err);
});

the encrypted result is

{
  recipients: [ { encrypted_key: 'ciNiK6Unq30zCAXxIl2Dx9b8bZAi79qbpL1yUCwTFnSghFLrIZ11_D2ozt5on3r3ThUu96oDLZPcNShbqWPMV49NvQAsSNGdemhgzmTt3Lf3rJn1YiqvJvqf5NIXdmzjdoEZi-d9224mGpZGVKtIIFeT6-0hYgm5zNqq_aF_X2jy5IiF-mAGspNdXIk_KXPrTVbnU-XL9J5aAoG2Lp51Te1WzGA4Fjg4Ve5ZTzH6TLlQ5R5Ob_14liK-INrSi3armwXrtMgJcTmI_4oBtORtZp8AjaXzecFO_GzifvRVCSKx2vmpy9KaECpskMhZBHVx9RX9cvGKh7hq3Y7vsUucZw' } ],
  protected: 'eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6IldLWS1ONDRXM2RnanA4U2ZxSlp3TldqV3AzUG1XZ29UczhjRDh3eWNSUWciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0',
  iv: 'wvqir2ewtQPfDHQtzl6IUg',
  ciphertext: 'ZwIrL_3739LI17rh3gWDUA6lXIL7ewkSh54FO_RwumC0qh9B0DcAr8RyXsfPbW19cV4u7SbZNSRP6B8qNOTy-2iENlqBISfE_kolDt8g5sg',
  tag: 'z8nwrJfRgOi1hYMBI9lGeQ'
}

but when I try to decrypt that I get

Error: no key found
  at processKey (node_modules/node-jose/lib/jwe/decrypt.js:157:22)

There are very few examples of using node-jose so I am unsure of the following

1. I am assuming I ought to be decrypting with the private key. But that's just an assumption. None of the examples show use of public/private key pairs, just a single key.
2. I'm assuming that the results of the encryption can just be strringified and turned into a buffer and passed into decrypt but perhaps that's not the case.

How does this really work?

Answer 1

1. When using public/private key pairs, the private key is used to decrypt and the public key is used to encrypt.

2. The input to JWEDecrypter.decrypt() is the promised output from JWEEncrypter.final().

Change your decrypt function to:

async function decrypt(encrypted) {
  if (!encrypted) throw new Error('Missing encrypted data.')
  return JWE.createDecrypt(privateKey).decrypt(encrypted);
}