Uncaught RuntimeException during verification.

[notdodo]

Hi!
I'm using your library with PHP 7.0.5 on archlinux with nginx (1.8.1)
I've created my private and public keys with a ruby script

require 'json/jwt'

private_key = OpenSSL::PKey::EC.new 'secp521r1'
private_key.generate_key

open 'private.key', 'w' do |io| io.write private_key.to_pem end

public_key = OpenSSL::PKey::EC.new private_key
public_key.private_key = nil

open 'public.key', 'w' do |io| io.write public_key.to_pem end

and then I wrapped your sample code in a class

require __DIR__ . '/../vendor/autoload.php';
use Namshi\JOSE\SimpleJWS;

class JWTAuth {

        private $privateKey;
        private $publicKey;
        private $alg = 'ES512';
        private $jws;

        public function __construct() {
                $this->publicKey = "/usr/share/nginx/html/embedded/config/public.key";
                $this->privateKey = "/usr/share/nginx/html/embedded/config/private.key";

                $this->jws = new SimpleJWS(array( 'alg' => $this->alg));

                // payload could be the username
                $this->jws->setPayload(array( 'uid' => 'embedded16'));
                $this->jws->sign(file_get_contents($this->privateKey));
                setcookie('sessionID', $this->jws->getTokenString());
        }

        public function isValid() : bool {
                print_r($this->jws->getPayload());
                return $this->jws->isValid(file_get_contents($this->publicKey), $this->alg);
        }
}

The cookie is setted but I run into this error:

Fatal error: Uncaught RuntimeException: Unknown error during verification. in /usr/share/nginx/html/embedded/vendor/namshi/jose/src/Namshi/JOSE/Signer/OpenSSL/PublicKey.php:43 Stack trace: #0 /usr/share/nginx/html/embedded/vendor/namshi/jose/src/Namshi/JOSE/JWS.php(159): Namshi\JOSE\Signer\OpenSSL\PublicKey->verify('-----BEGIN PUBL...', '', 'eyJhbGciOiJFUzU...') #1 /usr/share/nginx/html/embedded/vendor/namshi/jose/src/Namshi/JOSE/SimpleJWS.php(54): Namshi\JOSE\JWS->verify('-----BEGIN PUBL...', 'ES512') #2 /usr/share/nginx/html/embedded/phplibs/JWS.php(27): Namshi\JOSE\SimpleJWS->isValid('-----BEGIN PUBL...', 'ES512') #3 /usr/share/nginx/html/embedded/index.php(16): JWTAuth->isValid() #4 {main} thrown in /usr/share/nginx/html/embedded/vendor/namshi/jose/src/Namshi/JOSE/Signer/OpenSSL/PublicKey.php on line 43

EDIT: the payload is correctly printed

[odino]

Hi Edoardo, this seems a problem with the key itself -- can you share some
test keys? Can you run your code with the example key in this repo?

On Mon, Apr 11, 2016 at 2:16 PM, Edoardo Rosa notifications@github.com
wrote:

Hi!
I'm using your library to with PHP 7.0.5 on archlinux with nginx (1.8.1)
I've created my private and public keys with a rugby script

require 'json/jwt'

private_key = OpenSSL::PKey::EC.new 'secp521r1'
private_key.generate_key

open 'private.key', 'w' do |io| io.write private_key.to_pem end

public_key = OpenSSL::PKey::EC.new private_key
public_key.private_key = nil

open 'public.key', 'w' do |io| io.write public_key.to_pem end

and then I wrapped your sample code in a class

require DIR . '/../vendor/autoload.php';use Namshi\JOSE\SimpleJWS;class JWTAuth { private $privateKey; private $publicKey; private $alg = 'ES512'; private $jws; public function __construct() { $this->publicKey = "/usr/share/nginx/html/embedded/config/public.key"; $this->privateKey = "/usr/share/nginx/html/embedded/config/private.key"; $this->jws = new SimpleJWS(array( 'alg' => $this->alg)); // payload could be the username $this->jws->setPayload(array( 'uid' => 'embedded16')); $this->jws->sign(file_get_contents($this->privateKey)); setcookie('sessionID', $this->jws->getTokenString()); } public function isValid() : bool { print_r($this->jws->getPayload()); return $this->jws->isValid(file_get_contents($this->publicKey), $this->alg); }}

The cookie is setted but I run into this error:

Fatal error: Uncaught RuntimeException: Unknown error during verification. in /usr/share/nginx/html/embedded/vendor/namshi/jose/src/Namshi/JOSE/Signer/OpenSSL/PublicKey.php:43 Stack trace: #0 /usr/share/nginx/html/embedded/vendor/namshi/jose/src/Namshi/JOSE/JWS.php(159): Namshi\JOSE\Signer\OpenSSL\PublicKey->verify('-----BEGIN PUBL...', '', 'eyJhbGciOiJFUzU...') #1 /usr/share/nginx/html/embedded/vendor/namshi/jose/src/Namshi/JOSE/SimpleJWS.php(54): Namshi\JOSE\JWS->verify('-----BEGIN PUBL...', 'ES512') #2 /usr/share/nginx/html/embedded/phplibs/JWS.php(27): Namshi\JOSE\SimpleJWS->isValid('-----BEGIN PUBL...', 'ES512') #3 /usr/share/nginx/html/embedded/index.php(16): JWTAuth->isValid() #4 {main} thrown in /usr/share/nginx/html/embedded/vendor/namshi/jose/src/Namshi/JOSE/Signer/OpenSSL/PublicKey.php on line 43

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
#93

Nadalin Alessandro
http://www.linkedin.com/in/alessandronadalin
www.odino.org
www.twitter.com/_odino_

[notdodo]

my keys (only for testing purpose):

-----BEGIN EC PRIVATE KEY-----
MIHcAgEBBEIBpnH7gjL2mp2Yg2yxKGwDXnX8T8stO1JGuCkXc3myZbAnQ1rvczdk
9NuuxodWTpH0coUteqtSOccOrKs6DEgD6vegBwYFK4EEACOhgYkDgYYABAAUhvqp
j3xPjgUMh91cLv3wDk+T9qjU7QoeYL5lEgX64sHafKGs9auYN3qwgfzlXXxxnkiJ
lzRxWXjwC853KirNNADrZhvw4r0nfrSyJbNfFZsDqhTHQHz+sF+H8PNT4AezJacX
uEDwHmHawl7oZ0gplRzwJFnG+5db9bWcAmW9AYSmog==
-----END EC PRIVATE KEY-----

-----BEGIN PUBLIC KEY-----
MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAFIb6qY98T44FDIfdXC798A5Pk/ao
1O0KHmC+ZRIF+uLB2nyhrPWrmDd6sIH85V18cZ5IiZc0cVl48AvOdyoqzTQA62Yb
8OK9J360siWzXxWbA6oUx0B8/rBfh/DzU+AHsyWnF7hA8B5h2sJe6GdIKZUc8CRZ
xvuXW/W1nAJlvQGEpqI=
-----END PUBLIC KEY-----

Same result with your sample es512 keys.

I forgot to mention my main.php and I used composer to install JOSE

$j = new JWTAuth();
echo ($j->isValid())? "OK": "Invalid";

[waylandzhang]

Same problem here with your ES256 sample keys

[odino]

could you try with the latest master? @tdhsmith just sent a patch to make the error more user-friendly :)