search

frasertweedale / hs-jose

Haskell JOSE and JWT library
http://hackage.haskell.org/package/jose
Apache License 2.0
122 stars 46 forks source link

Details on calculation of thumbprint #76

Closed mschristiansen closed 5 years ago

mschristiansen commented 5 years ago

I'm busy with a client library for Let's Encrypt and need to authorize by computing a base64url encoded thumbprint of the key, but the server is rejecting my result. I wonder if the note about prepended zero octets in the specifications below has anything to do with it.

keyAuthorization = token || '.' || base64url(Thumbprint(accountKey)) The "Thumbprint" step indicates the computation specified in [RFC7638], using the SHA-256 digest [FIPS180-4]. As noted in [RFC7518] any prepended zero octets in the fields of a JWK object MUST be stripped before doing the computation. --- https://tools.ietf.org/html/draft-ietf-acme-acme-15#section-8.1

My code

generatePrivateKey :: IO JWK
generatePrivateKey = genJWK (ECGenParam P_256)

viewThumbprint :: JWK -> String
viewThumbprint jwk = view (re (base64url . digest) . utf8 . _Text) d
  where
    d :: Digest SHA256
    d = view thumbprint jwk

Are zero octets stripped before the computation or is there anything else not looking right?

mschristiansen commented 5 years ago

My answer was elsewhere in the specifications.