Bug 1571200

Summary: Decryption of http with jwk+json is broken
Product: [Fedora] Fedora Reporter: Marius Vollmer <mvollmer>
Component: clevisAssignee: Nathaniel McCallum <npmccallum>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 27CC: javierm, npmccallum
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-08-27 20:16:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marius Vollmer 2018-04-24 09:45:25 UTC 
clevis-8-1.fc27.x86_64

$ echo foo | clevis encrypt http '{ "url": "http://192.168.100.1:8888", "http": true, "type": "jwk+json" }' | clevis decrypt
Invalid key!
Usage: jose jwe dec -i JWE [-I CT] -k JWK [-p] [-O PT]

Decrypts a JWE using the supplied JWKs and outputs plaintext

  -i JSON --input=JSON     Parse JWE from JSON
  -i FILE --input=FILE     Read JWE from FILE
  -i -    --input=-        Read JWE from standard input

  -I FILE --detached=FILE  Read decoded ciphertext from FILE
  -I -    --detached=-     Read decoded ciphertext from standard input

  -p      --password       Prompt for a decryption password, if necessary

  -k FILE --key=FILE       Read JWK(Set) from FILE
  -k -    --key=-          Read JWK(Set) from standard input

  -O JSON --detach=JSON    Parse JWE from JSON
  -O FILE --detach=FILE    Read JWE from FILE
  -O -    --detach=-       Read JWE from standard input
                           Default: "-"

"octet-stream" works fine:

$ echo foo | clevis encrypt http '{ "url": "http://192.168.100.1:8888", "http": true, "type": "octet-stream" }' | clevis decrypt
foo

Hopefully fixed by https://github.com/latchset/clevis/pull/47
Comment 1 Nathaniel McCallum 2018-08-27 20:16:27 UTC 
We have removed this pin upstream.