Problem while verifying the token and PubKey #214
Comments
|
@engharb that's weird, can you send that pub key (both jwk and pem)? |
|
It would be awesome to know your PHP and OpenSSL versions =) |
|
Ahh another thing 😄 would be good to have a token issued with that key as well =) |
|
@lcobucci Thank you for replaying.
I used that key to generate the public key (by the way is it possible to generate pubKey from JWK in PHP?). |
|
@lcobucci this means there is no way to convert JWK to PEM (PubKey) using i.e PHP API.! |
|
I've converted that JWK using spomky-labs/jose and this is the PEM I get back: And everything seems to work regarding OpenSSL integration with that content: $key = openssl_get_publickey('-----BEGIN PUBLIC KEY-----
MB8wDQYJKoZIhvcNAQEBBQADDgAwCwIGalongtesAgEA
-----END PUBLIC KEY-----');
$details = openssl_pkey_get_details($key);
var_dump($details, $details['type'] === \OPENSSL_KEYTYPE_RSA);
/*
Outputs:
array(4) {
["bits"]=>
int(47)
["key"]=>
string(97) "-----BEGIN PUBLIC KEY-----
MB8wDQYJKoZIhvcNAQEBBQADDgAwCwIGalongtesAgEA
-----END PUBLIC KEY-----
"
["rsa"]=>
array(2) {
["n"]=>
string(6) "jZ'?"
["e"]=>
string(0) ""
}
["type"]=>
int(0)
}
bool(true)
*/ |
|
You can also see that converting the JWK using that node lib outputs a different pem: instead of: |
|
@lcobucci I am sorry for redundantly asking simple questions but I still struggling with this new theme for me (very kind of you). Yes I have used jwk-to-pem lib and I got such resulted key But I need a generating such key from PHP server side (i.e PHP library). |
|
You can use that lib I linked till I get all my stuff sorted out and implement this here 😂 This is the script I used: equire 'vendor/autoload.php';
use Jose\KeyConverter\RSAKey;
$key = new RSAKey(
[
'alg'=> 'RS256',
'kid'=> 'BBVBBBLD/5oNT23mYB1BBtBfBgB++BgBB+BBBbbbbbB=',
'kty'=> 'RSA',
'use'=> 'sig',
'e'=> 'AAAA',
'n'=> 'a long test',
]
);
echo (string) $key; // this is the PEMOf course that I completely understand if you switch completely to |
|
@lcobucci Thank you a lot that what I was looking for. |
|
@lcobucci I have one more question. after verifying the Signature process is succeeded I want to i.e unhash/decode the signature in order to be able to read the encoded data(data) from it. From there I will be sure that the data is from the authentic server side (reading that from payload means may I read modified data by a hacker or untrusted third-party), Do you have any Idea? regards, |
I have the following problem "It was not possible to parse your key, reason: error:0906D06C:PEM routines:PEM_read_bio:no start line".
Here is my code:
$signer = new Sha256();dump($token->verify($signer, $pubKey));I have updated openssl in VM which hosts my Web-services, but I still get the same error.
My key alg is RS256 but when I use aws.cognito idToken to generate PubKey, the resulted PubKey is 384 length not 256. Does that make sense?
I used https://npm.runkit.com/jwk-to-pem, and it verifies correctly my token with generated pub_key, but not with lcobucci/jwt.
I need your help.
Regards,
The text was updated successfully, but these errors were encountered: