I'm busy with a client library for Let's Encrypt and need to authorize by computing a base64url encoded thumbprint of the key, but the server is rejecting my result. I wonder if the note about prepended zero octets in the specifications below has anything to do with it.
keyAuthorization = token || '.' || base64url(Thumbprint(accountKey))
The "Thumbprint" step indicates the computation specified in
[RFC7638], using the SHA-256 digest [FIPS180-4]. As noted in
[RFC7518] any prepended zero octets in the fields of a JWK object
MUST be stripped before doing the computation.
--- https://tools.ietf.org/html/draft-ietf-acme-acme-15#section-8.1
My code
generatePrivateKey :: IO JWK
generatePrivateKey = genJWK (ECGenParam P_256)
viewThumbprint :: JWK -> String
viewThumbprint jwk = view (re (base64url . digest) . utf8 . _Text) d
where
d :: Digest SHA256
d = view thumbprint jwk
Are zero octets stripped before the computation or is there anything else not looking right?
I'm busy with a client library for Let's Encrypt and need to authorize by computing a base64url encoded thumbprint of the key, but the server is rejecting my result. I wonder if the note about prepended zero octets in the specifications below has anything to do with it.
My code
Are zero octets stripped before the computation or is there anything else not looking right?