-
Notifications
You must be signed in to change notification settings - Fork 255
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ES256 errors with InvalidEcdsaKey #331
Comments
Maybe our pem decoder (https://github.com/Keats/jsonwebtoken/blob/master/src/pem/decoder.rs) doesn't work well in some cases? I don't know, I haven't touched that part in years |
I have a similiar problem with the error message I found this function with the comment:
As far as I know I can't convert a ec public key to the |
I believe I'm having a similar issue. I'm following basically the exact same steps as the above but the library is telling me |
I tried to use an ECDSA key generated by pulumi's privatekey resource and couldn't get it to work. Then I found that the library refuses to parse ECDSA keys in the PKCS#1 format, which apparently is what pulumi generates, as far as I understand it. There's this comment in the code:
As I understand it, the PKCS#1 format was meant exclusively for RSA keys, and the library author has therefore decided not to support it for ECDSA keys. At the same time, I was able to parse the same key in .NET with no issues, so it seems that at least some other libraries/frameworks allow this format to be used for ECDSA keys. Given that this format appears to be used for ECDSA keys out in the wild, and that other libraries support it, wouldn't it make sense to support it in jsonwebtoken as well? |
@p-lindberg that sounds like a separate issue. My error was fixed by changing the elliptic curve and not the container. |
Deep down in
ring::io::der::expect_tag_and_get_value
I always get an error bubbling up to an InvalidEcdsaKey. I think my brain melted trying to figure out the problem.This is how I'm generating keys:
Here's the private key:
Here's the key you use in tests:
I adapted your test and ran the test using the same curve your key uses and the curve I used based on a guide on Akamai and the test worked once I switched to prime256v1. I started typing this issue after an hour of debugging but found the fix while collecting all the details. Is there a reason one curve would work but not another? With the right info I'd like to document it so it doesn't trip up someone else.
The text was updated successfully, but these errors were encountered: