I'm trying to import an ECDSA public key from a JWKS using j

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

No success trying to import an ECDSA public key from a JWKS about ruby-jwt HOT 2 CLOSED

kplattret commented on June 1, 2024 1

No success trying to import an ECDSA public key from a JWKS

from ruby-jwt.

Comments (2)

kplattret commented on June 1, 2024 3

Hi @anakinj, thanks for your reply and sorry I'm only replying now. This was indeed a padding issue with the JWK. After trying a few things, we figured out that all we needed was to apply zero-padding to the non-encoded value, which we achieved this way:

private def apply_zero_padding_as_needed(jwk)
  valid_jwk = jwk.clone

  %i(x y).each do |elem|
    coords = Base64.urlsafe_decode64(valid_jwk[elem])
    length = coords.length
    diff = EXPECTED_COORDS_LENGTH - length # 66 bytes

    valid_jwk[elem] = Base64.urlsafe_encode64(("\x00" * diff) + coords) if diff > 0
  end

  valid_jwk
end

The error was neither with Ruby's openssl nor with the jwt gem. 👍

from ruby-jwt.

anakinj commented on June 1, 2024

A little disclaimer: Im not an EC expert :)

It looks like the X value in the key is missing something, the encoded value is one char shorter than the y value. Is this JWK published publicly somewhere?

Also switching the x value to a valid encoded number makes the error different:

JWT::JWK::EC.import(
  kty: 'EC',
  crv: 'P-521',
  x: 'oLuW4nFqoUuR8d7FVsUoI62libYdQlWGtLStnqdudLY92bQ0ra5eZAbkunrGTR9-w9mr4o2Etyb6pC7YB2-23WM',
  y: 'AX1cjkGMiltikPrkX49qwuJDdcETaTsj-kyFP8jsF9W5XAB3Z4tBiQtc72DQnJYeKyAV_T6qZTtFKFr-Tp4iu-j7'
) => EC_POINT_bn2point: invalid encoding

JWT::JWK::EC.import(
  kty: 'EC',
  crv: 'P-521',
  x: 'AafgvMTsTt3-Z7g663VUz0CwW7GN8x83YV-dFwylobgjUKaGRuCgCvpOj5OP1mDPm7CHwGhI-yKUtMDYNfu7O_Uz',
  y: 'AX1cjkGMiltikPrkX49qwuJDdcETaTsj-kyFP8jsF9W5XAB3Z4tBiQtc72DQnJYeKyAV_T6qZTtFKFr-Tp4iu-j7'
) =>  EC_POINT_bn2point: point is not on curve

from ruby-jwt.

Recommend Projects