Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Digital Signature with ECDSA not implemented according to RFC 7518 #21

Open
paceto256 opened this issue Jul 7, 2016 · 0 comments
Open

Digital Signature with ECDSA not implemented according to RFC 7518 #21

paceto256 opened this issue Jul 7, 2016 · 0 comments

Comments

@paceto256
Copy link

paceto256 commented Jul 7, 2016
edited
Loading

ES256, ES384 are not implemented according to RFC 7518

RFC 7518:
"Generate a digital signature of the JWS Signing Input using ECDSA
P-256 SHA-256 with the desired private key. The output will be
the pair (R, S), where R and S are 256-bit unsigned integers ..."

here is the problematic sign method:
https://github.com/psecio/jwt/blob/master/src/Psecio/Jwt/Jwt.php#L324

test case:

  1. create private & public key with ES384.
  2. use the private key and this lib to sign the token
    use the signed token generated by this lib and try to validate it using the public key and this tool:
    http://kjur.github.io/jsjws/tool_jwt.html (working correct by RFC7518)

here is a working implementation with ES256, ES384, etc you can check
https://github.com/lcobucci/jwt/blob/master/src/Signer/Ecdsa.php#L82

Regards,
Plamen
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@paceto256