arun11299 / cpp-jwt

JSON Web Token library for C++
MIT License
393 stars 112 forks source link

Unable to sign ES256 JWT #21

Closed jstarschuyler closed 6 years ago

jstarschuyler commented 6 years ago

I've been attempting to use this library in one of our projects for the past day but I am unable to sign the JWT with the ES256 algorithm. We are using Openssl 1.0.2 and it is correctly linked into our project.

We've followed your examples and test code:

// kid and iss are strings defined by the 3rd party API
jwt::jwt_object obj{
  algorithm("ES256"),
  headers({
    {"kid", kid},
  }),
  payload({
    {"iss", iss}
  }),
    secret(privateKey)
};
// iat and exp are calculated elsewhere, in milliseconds
obj.add_claim("iat", iat)
  .add_claim("exp", exp);
const string sig = obj.signature();

I've managed to trace the issue to line 207 in algorithm.ipp:

  EVP_PKEY* pkey = PEM_read_bio_PrivateKey(
      bio_ptr.get(), nullptr, nullptr, nullptr);

pkey is getting set to NULL, which eventually causes an error to be thrown.

Our secret/private key is in the PEM format. From various sources online, I tried to add new lines to our PEM string, to simulate being read from a file, but that did not help.

Any help you can provide would be very appreciated. Thanks!

arun11299 commented 6 years ago

Hello @jstarschuyler Would it be possible for you to share the public and the private key that you are using. Otherwise the commands you used to generate them.

Thanks.

jstarschuyler commented 6 years ago

I cannot disclose those.

arun11299 commented 6 years ago

Ok. Are the tests passing ?

jstarschuyler commented 6 years ago

I haven't integrated them into our test build yet but let me try that now. We also use the Google Test Framework so I don't imagine it will take long.

jstarschuyler commented 6 years ago

I was unable to get the tests running with our system. However I found this article which solved my problem: https://forums.developer.apple.com/thread/82950

Apparently Apple will provide a .p8 file looks like it's in the PEM format. OpenSSL requires the private key to be broken up into 64-character chunks per line.