Closed ProofOfKeags closed 2 years ago
@CaptJakk what type are you starting with?
PEM encoded elliptic curve public keys, so I can extract the x,y coordinates myself or with another library, but then I need to be able to form a JWK with the coordinates and curve parameters, so that I can do claims packet validation.
I too have the same issue. I want to eventually get JWK
from a PEM encoded bytestring.
I have been able to do this for RSA, by using fromKeyMaterial
. Now, even if your KeyMaterial
can be a ECKeyMaterial ECKeyParameters
, there is no way for me to construct a ECKeyParameters
. Any help would be much appreciated.
I put in a PR that looks like it was verbally accepted yesterday but not merged. I forked the repo and made the change if you need it ASAP. But otherwise it looks like it will be merged soon On Tue, Jul 31, 2018 at 5:28 PM Anon Ray notifications@github.com wrote:
I too have the same issue. I want to eventually get JWK from a PEM encoded bytestring.
I have been able to do this for RSA, by using fromKeyMaterial. Now, even if your KeyMaterial can be a ECKeyMaterial ECKeyParameters, there is no way for me to construct a ECKeyParameters. Any help would be much appreciated.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/frasertweedale/hs-jose/issues/61#issuecomment-409400207, or mute the thread https://github.com/notifications/unsubscribe-auth/AD2Mc90VLQ5tbxX8tGonH92MPtBLSCVXks5uMOgIgaJpZM4T3Rwq .
Thanks! I will look into your PR if it doesn't get merged soon.
My changes to this library: https://github.com/tekul/jose-jwt/tree/master/Jose were added yesterday. This should do the exports that you need.
@frasertweedale what are your plans/ideas for exposing the constructor ECKeyParameters
? Do you have any particular reservation?
@frasertweedale am I missing something or this means that I cannot validate a ES512 JWT having only it's public key? I was going to build a JWK
but got stuck on the fromKeyMaterial
just like described above. Is there a different path that I'm overlooking to do it, considering my public key is base64 encoded?
For future reference, the simplest way I found to accomplish the above was to use a JWK representation and the FromJSON
instance. Doing so made it very simple to produce the JWK type for both the keypair and the public key alone.
ECKeyParameters
constructor is not exported due to the possibility of constructing a value where the point is not on the given curve. Signature forgery attacks are possible if you can induce the verifier to use such an invalid key for verification.
We now have Crypto.JOSE.JWA.JWK.ecParametersFromX509
, which deals with the ASN.1 serialisation of EC keys used in X.509. Crypto.JOSE.JWK.fromX509Certificate
also supports ECDSA keys.
I think this use case is covered, but if not, please re-open with more details about the data you want to convert from.
It appears there is no way to create a Public Key for ECDSA because none of the constructors are exported. Is there a way around this. I'm willing to put in a PR if you have a vague idea for how you'd like to do this.