Closed Moranilt closed 1 year ago
Hi!
The problem was that these functions were never really meant to be part of the public API and they are a little bit of a mess. I know that there is an outstanding issue on these functions, I did not have the time and muse to look into them honestly.
There is a (stale) PR that tries to correct this here: https://github.com/golang-jwt/jwt/pull/120. It is slightly out of sync with the main branch. I can try to see whether it makes sense to pick it up again and try to understand the error better.
I want to sign my toklens using RSA256. For that I've generated public and private PEM keys, where private key create with
x509.MarshalPKCS1PrivateKey
and public key withx509.MarshalPKCS1PublicKey
.And when I'm using
jwt.ParseRSAPublicKeyFromPEM
, I've go an errorx509: malformed tbs certificate
. I thought that I did something wrong while generating keys, but I didn't. The answer was inside thejwt.ParseRSAPublicKeyFromPEM
, it's usingx509.ParsePKIXPublicKey
istead ofx509.ParsePKCS1PublicKey
. So I should change the algorythm to generate public key withx509.MarshalPKIXPublicKey
.But it's not obvious! Can someone explain to me why is it done in such way(using x509.ParsePKIXPublicKey), but not using
x509.ParsePKCS1PublicKey
if name of the function(ParseRSAPublicKeyFromPEM) is telling me to use RSA PUBLIC KEY which will be the pair to my private key?