Support for JWT verification without x5c.

[bburli]

I have a use case where jwk doesn't have x5c but only e and n for RSA256. I noticed that it's not possible to only pass e and n to the library and get the jwt verified.

1. Does the library assume that we use OpenSSL methods to create RSA key with e and n and then user it for verification or am I missing something?
2. I did try that and I keep getting error:04067072: rsa routines:r sa_ossl_public_decrypt: padding check failed. I am far from an OpenSSL expert but I tried using all padding methods and none works. How do I know the padding method used in signature?

Thanks in advance.

[prince-chrismc]

Currently you need to calculate the public key from the modulus and exponent and use that.

https://github.com/Thalhammer/jwt-cpp/issues/160#issuecomment-910611571 Should give you a good start.

Of course if you be interested in adding a function to the library with an example I would be very willing to help get the PR in merged.

It's a common feature request and would be a great contribution 👍

[bburli]

@prince-chrismc Thank you. I would be very willing. I will get back to you.

[dr0pdb]

I ended up implementing JWK JSON to PEM conversion for RSA and EC keys in this function in YugabyteDB. Hopefully it is useful.

[prince-chrismc]

Thanks ! There's some interesting bits

[bburli]

@prince-chrismc Oh my! I totally missed that I had wanted to do this! My apologies. Is it done or can I take it up? I do intend to do this and there is enough to go on thanks to you and @dr0pdb.

[bburli]

NM, I saw the linked PR just now :(

[prince-chrismc]

The current PR is failing so you are more then welcome to open a a new one!

[bburli]

@prince-chrismc Sure, will give it a shot. Thanks.