GithubHelp home page GithubHelp logo

Comments (5)

Keats avatar Keats commented on June 12, 2024

Maybe our pem decoder (https://github.com/Keats/jsonwebtoken/blob/master/src/pem/decoder.rs) doesn't work well in some cases? I don't know, I haven't touched that part in years

from jsonwebtoken.

EvilWatermelon avatar EvilWatermelon commented on June 12, 2024

I have a similiar problem with the error message Error(InvalidKeyFormat)

I found this function with the comment:

/// Can only be PKCS8
    pub fn as_ec_public_key(&self) -> Result<&[u8]> {
        match self.standard {
            Standard::Pkcs1 => Err(ErrorKind::InvalidKeyFormat.into()),
            Standard::Pkcs8 => match self.pem_type {
                PemType::EcPublic => extract_first_bitstring(&self.asn1),
                _ => Err(ErrorKind::InvalidKeyFormat.into()),
            },
        }
    }

As far as I know I can't convert a ec public key to the pkcs8 format. This seems to be a bug?

from jsonwebtoken.

delbonis avatar delbonis commented on June 12, 2024

I believe I'm having a similar issue. I'm following basically the exact same steps as the above but the library is telling me InvalidEcdsaKey when I try to sign a token. Did OpenSSL change the structure recently and now it's breaking the decoder?

from jsonwebtoken.

p-lindberg avatar p-lindberg commented on June 12, 2024

I tried to use an ECDSA key generated by pulumi's privatekey resource and couldn't get it to work. Then I found that the library refuses to parse ECDSA keys in the PKCS#1 format, which apparently is what pulumi generates, as far as I understand it. There's this comment in the code:

// No "EC PRIVATE KEY"
// https://security.stackexchange.com/questions/84327/converting-ecc-private-key-to-pkcs1-format
// "there is no such thing as a "PKCS#1 format" for elliptic curve (EC) keys"

As I understand it, the PKCS#1 format was meant exclusively for RSA keys, and the library author has therefore decided not to support it for ECDSA keys. At the same time, I was able to parse the same key in .NET with no issues, so it seems that at least some other libraries/frameworks allow this format to be used for ECDSA keys.

Given that this format appears to be used for ECDSA keys out in the wild, and that other libraries support it, wouldn't it make sense to support it in jsonwebtoken as well?

from jsonwebtoken.

eighty4 avatar eighty4 commented on June 12, 2024

@p-lindberg that sounds like a separate issue. My error was fixed by changing the elliptic curve and not the container.

from jsonwebtoken.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.