search

golang-jwt / jwt

Go implementation of JSON Web Tokens (JWT).
https://golang-jwt.github.io/jwt/
MIT License
6.98k stars 336 forks source link

x509: malformed tbs certificate #293

Closed Moranilt closed 1 year ago

Moranilt commented 1 year ago

I want to sign my toklens using RSA256. For that I've generated public and private PEM keys, where private key create with x509.MarshalPKCS1PrivateKey and public key with x509.MarshalPKCS1PublicKey.

And when I'm using jwt.ParseRSAPublicKeyFromPEM, I've go an error x509: malformed tbs certificate. I thought that I did something wrong while generating keys, but I didn't. The answer was inside the jwt.ParseRSAPublicKeyFromPEM, it's using x509.ParsePKIXPublicKey istead of x509.ParsePKCS1PublicKey. So I should change the algorythm to generate public key with x509.MarshalPKIXPublicKey.

But it's not obvious! Can someone explain to me why is it done in such way(using x509.ParsePKIXPublicKey), but not using x509.ParsePKCS1PublicKey if name of the function(ParseRSAPublicKeyFromPEM) is telling me to use RSA PUBLIC KEY which will be the pair to my private key?

oxisto commented 1 year ago

Hi!

The problem was that these functions were never really meant to be part of the public API and they are a little bit of a mess. I know that there is an outstanding issue on these functions, I did not have the time and muse to look into them honestly.

There is a (stale) PR that tries to correct this here: https://github.com/golang-jwt/jwt/pull/120. It is slightly out of sync with the main branch. I can try to see whether it makes sense to pick it up again and try to understand the error better.