Comments (5)
Maybe our pem decoder (https://github.com/Keats/jsonwebtoken/blob/master/src/pem/decoder.rs) doesn't work well in some cases? I don't know, I haven't touched that part in years
from jsonwebtoken.
I have a similiar problem with the error message Error(InvalidKeyFormat)
I found this function with the comment:
/// Can only be PKCS8
pub fn as_ec_public_key(&self) -> Result<&[u8]> {
match self.standard {
Standard::Pkcs1 => Err(ErrorKind::InvalidKeyFormat.into()),
Standard::Pkcs8 => match self.pem_type {
PemType::EcPublic => extract_first_bitstring(&self.asn1),
_ => Err(ErrorKind::InvalidKeyFormat.into()),
},
}
}
As far as I know I can't convert a ec public key to the pkcs8
format. This seems to be a bug?
from jsonwebtoken.
I believe I'm having a similar issue. I'm following basically the exact same steps as the above but the library is telling me InvalidEcdsaKey
when I try to sign a token. Did OpenSSL change the structure recently and now it's breaking the decoder?
from jsonwebtoken.
I tried to use an ECDSA key generated by pulumi's privatekey resource and couldn't get it to work. Then I found that the library refuses to parse ECDSA keys in the PKCS#1 format, which apparently is what pulumi generates, as far as I understand it. There's this comment in the code:
// No "EC PRIVATE KEY"
// https://security.stackexchange.com/questions/84327/converting-ecc-private-key-to-pkcs1-format
// "there is no such thing as a "PKCS#1 format" for elliptic curve (EC) keys"
As I understand it, the PKCS#1 format was meant exclusively for RSA keys, and the library author has therefore decided not to support it for ECDSA keys. At the same time, I was able to parse the same key in .NET with no issues, so it seems that at least some other libraries/frameworks allow this format to be used for ECDSA keys.
Given that this format appears to be used for ECDSA keys out in the wild, and that other libraries support it, wouldn't it make sense to support it in jsonwebtoken as well?
from jsonwebtoken.
@p-lindberg that sounds like a separate issue. My error was fixed by changing the elliptic curve and not the container.
from jsonwebtoken.
Related Issues (20)
- Urlsafe base64 hmac keys HOT 2
- Misleading function name `DecodingKey::from_ed_der`. HOT 8
- Support Extra Key/Value Pairs in the Header HOT 3
- Add support for negative leeway values HOT 8
- How to customize the Header field HOT 3
- `validate_exp` should also reject tokens that contain a `exp` field but that can not be parsed
- src/pem as a separate crate? HOT 1
- Invalid signature HOT 1
- InvalidKeyFomat when using private.pem file
- Create Dummy Instances of Error HOT 2
- 大佬看下,生成的token,我定了30秒有效期,超过了30秒怎么还能解码呢, HOT 6
- Question: expected audience in validation but not encoded in the JWT seems a valid option HOT 6
- Feature Request: encryption of jsonwebtoken HOT 1
- Support algorithm: `none` HOT 1
- Validation: `required_spec_claims` HashSet should use a non-allocating value type. HOT 1
- Validation: Allow validation of custom claims HOT 1
- validation.rs panics due to improper exp while calculating less_then window/leeway HOT 5
- Feature request : optionnaly use aws-lc-rs instead of ring HOT 4
- Add `ES256K` algorithm HOT 1
- exp field reported as missing when present but of wrong type
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jsonwebtoken.