Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Intermittent failures verifying using rs256 in browserify #91

Closed
bnolan opened this issue May 19, 2015 · 4 comments
Closed

Intermittent failures verifying using rs256 in browserify #91

bnolan opened this issue May 19, 2015 · 4 comments

Comments

@bnolan
Copy link

bnolan commented May 19, 2015

This key fails to sign and verify using RS256 in browserify, but passes in node.js.

var NodeRSA = require('node-rsa');
var tape = require('tape');
var jwt = require('jsonwebtoken');

tape('test', function (t) {
  var details = {"publicKey":"-----BEGIN PUBLIC KEY-----\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKgmVzdsFz5lDE5Rme6qYcvcoExVlQTo\nBfnASFh1bpv4ych/A5r9Ip1q0eJDGv9JLVIecTxUPgHWUt1Ikr/TQGUCAwEAAQ==\n-----END PUBLIC KEY-----","privateKey":"-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAKgmVzdsFz5lDE5Rme6qYcvcoExVlQToBfnASFh1bpv4ych/A5r9\nIp1q0eJDGv9JLVIecTxUPgHWUt1Ikr/TQGUCAwEAAQJAFvXtUOcUoXOA46zm3R0s\n73538RR6ncnlDv5/onyelvOADuwgCjJZ5ZR0Mhcb8sCR8XME8td/vNcDx3qJvHNH\nPQIhAOLYtPGD4qtjfFo2JnanbEW4899GdhMBjzc9qSqls7ybAiEAvcJ/+xTVEEX2\n/6b7iwfHQhve5PsIZzydtfhoiHwoRv8CIEntcdqbro1IWMhViWd13JVEV0XWgrhi\n87d/AtiBM/gtAiAMYAzcoQUsJIPxNECfVoiGJS8qG7z2jptybJrUm9Q8nQIhAI2X\n3TMJLjVmg/9WLFJGeD9MZIQ8oNwfN44r7wq85ttN\n-----END RSA PRIVATE KEY-----","pkf":"18:3e:57:98:fa:f3:c3:18:a8:61:9c:44:73:96:a2:f9:a2:1f:19:13"}

  var key = new NodeRSA(details.privateKey);

  t.same(key.exportKey('private'), details.privateKey);
  t.same(key.exportKey('public'), details.publicKey);

  var msg = {
    publicKey: details.publicKey,
    session: 'boop'
  };

  var message = jwt.sign(msg, details.privateKey, { algorithm: 'RS256'});

  var d = jwt.decode(message);
  var verified;

  try {
    verified = jwt.verify(message, d.publicKey, {algorithms: ['RS256']});
  } catch (e) {
    console.log(e);
    verified = false;
  }
  t.ok(verified, 'jwt is verified');
  t.end();
});
@bnolan
Copy link
Author

bnolan commented May 19, 2015

This replicates every time in chrome for me:

tape('generate keys', function (t) {
  function generateKey () {
    var key = new NodeRSA({b: 512});

    var message = jwt.sign({ hello: 'world' }, key.exportKey('pkcs8-private'), { algorithm: 'RS256' });
    try {
      jwt.verify(message, key.exportKey('pkcs8-public'));
    } catch (e) {
      throw new Error('Stupid jwt / nodeRSA bug');
    }
  }

  for (var x = 0; x < 100; x++) {
    generateKey();
  };

  t.end();
});

@bnolan
Copy link
Author

bnolan commented May 19, 2015

I get the same result using the keypair module, which makes me think its a JWT via browserify bug.

I'm using zuul to browserify and run my tests if you want to replicate.

@bnolan bnolan mentioned this issue May 19, 2015
Closed
This was referenced May 19, 2015
Closed
Merged
@calvinmetcalf
Copy link

this should be fixed

@ziluvatar ziluvatar reopened this Apr 4, 2017
@mortenanders
Copy link

mortenanders commented Oct 16, 2019
edited

Maybe I am overlooking something, but I don't think this is fixed.
After transpiling with browserify and trying to sign with "RS256" the following error is thrown:

TypeError: Cannot read property 'split' of undefined

Apparently the cipher id does not exist in aesid.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bnolan @calvinmetcalf @ziluvatar @mortenanders