Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RS256 RSA decode problem #55

Closed
sinclairzx81 opened this issue Jul 3, 2018 · 1 comment
Closed

RS256 RSA decode problem #55

sinclairzx81 opened this issue Jul 3, 2018 · 1 comment

Comments

@sinclairzx81
Copy link

sinclairzx81 commented Jul 3, 2018
edited
Loading

Hi,

I am looking for some advice with regards to decode and verification of tokens signed with RS256. We seem to be receiving invalid signature errors when passing in the suggested der public key format.

For some back story, We currently have remote systems generating and signing these tokens, the JWT token we need to verify is signed remotely by a nodejs process leveraging this library (https://github.com/auth0/node-jsonwebtoken). Much of the implementation details with regards to signing are fairly typical, but I have some uncertainty with regards to converting and passing the .der format to your library.

For some information on the RSA signing, as well as the public key conversion and some example implementation, I submit the following info.

public / private pem generation (node system)

# generates private.pem
ssh-keygen -t rsa -b 2048 -f private.pem -N ''
# generates public.pem
openssl rsa -in private.pem -pubout -outform PEM -out public.pem

which are then converted to the .der format with the following.

convert public.pem to public.der (for use in rust)

openssl rsa -pubin -in public.pem -outform DER -out public.der

sample code to use the token

fn load_key(filename: &str) -> Vec<u8> {
  let mut buffer = Vec::<u8>::new();
  let mut file   = File::open(filename).unwrap();
  file.read_to_end(&mut buffer).unwrap();
  buffer
}

fn main() {
    let encoded = "<encoded jwt string>";
    // this works fine, suggesting the token is correct.
    let decoded = dangerous_unsafe_decode::<Claims>(&encoded).unwrap();

    // seems to fail with "invalid signature".
    let public_key = load_key("./public.der");
    let validation = Validation::new(Algorithm::RS256);
    let decoded = decode::<Claims>(&encoded, &public_key, &validation).unwrap();
}

Any assistance you could provide would be hugely appreciated.

Regards
S
@sinclairzx81
Copy link
Author

sinclairzx81 commented Jul 3, 2018
edited
Loading

Just realised the issue was related to generating the der directly from the public.pem. Following along with the information at the bottom of your readme solved the problem...

public / private pem generation (node system)

# generates private.pem
ssh-keygen -t rsa -b 2048 -f private.pem -N ''
# generates public.pem
openssl rsa -in private.pem -pubout -outform PEM -out public.pem

convert public.pem to public.der (for use in rust)

# convert private.pem (above) to private.der.
openssl rsa -in private.pem -outform DER -out private.der

# generate the public.der from private.der
openssl rsa -in private.der -inform DER -RSAPublicKey_out -outform DER -out public.der

Cheers

@pythoneer pythoneer mentioned this issue Oct 14, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sinclairzx81