Cannot verify a JWT token via EC Key #5228
Comments
Hi @presidioshuta - thank you for opening this issue. Just FYI for future reference I see you're using @azure/keyvault-keys which is hosted at https://github.com/azure/azure-sdk-for-js - so feel free to create any future issues there. But I can help you with this - it does look related to base64url and while I'm not too familiar with base64url library I took your code snippet and got it working by using plain base64: let digest = crypto.createHash("sha256").update(payload).digest();
const signResult = await cryptoClient.sign(ecKeyAlgo, digest);
const signResultB64 = Buffer.from(signResult.result).toString("base64"); // base64, not base64url
const jwt = `${payload}.${signResultB64}`;
const jwtSignature = jwt.split(".")[2];
const signature = Buffer.from(jwtSignature, "base64"); // use base64 as the encoding when creating the buffer
digest = crypto.createHash("sha256").update(Buffer.from(payload)).digest();
console.log("VERIFY RESULT", await cryptoClient.verify(ecKeyAlgo, digest, signature)); Hope this helps! I'm far from an expert in this area but it does not look related to the KeyVault client library so I think focusing on being able to successfully encode and decode using base64 or base64url without losing the padding would likely be a good path forward... |
Experimenting a little bit more with the base64url library the following works as well, but is likely not the most elegant solution (it might be doing too many unnecessary conversions but it gives a starting point): let digest = crypto.createHash("sha256").update(payload).digest();
const signResult = await cryptoClient.sign(ecKeyAlgo, digest);
const signResultB64 = base64url.encode(Buffer.from(signResult.result));
const jwt = `${payload}.${signResultB64}`;
...
const jwtSignature = jwt.split(".")[2];
const signature = Buffer.from(base64url.toBuffer(jwtSignature));
console.log("VERIFY RESULT", await cryptoClient.verify(ecKeyAlgo, digest, signature)); |
Prepare for my L O V E We are cooking with fire now. Thank you! |
I've successfully created/signed/verified an RSA Key but cannot do so for an EC Key using a JWT (I'm getting a
false
result). I'm guessing that a base64 operation may to blame, but I'm not sure.examples.ts:
index.ts:
jwt.ts:
The text was updated successfully, but these errors were encountered: