Closed hemml closed 2 years ago
glv2
commented
2 years ago Yes, E is the public exponent. Many implementation of RSA use a small public exponent like 65537 (or even 3 or 17). Currently Ironclad is using a random exponent coprime with Phi.
hemml
commented
2 years ago Ok, thank you for the explanation! I'm sorry if here is a wrong place for this question, but may be you can say what can be wrong in the following code to make a RS256 JOSE signature:
(multiple-value-bind (priv-key pub-key) (ironclad:generate-key-pair :rsa :num-bits 4096)
(setf *acme-pub-key* pub-key)
(setf *acme-priv-key* priv-key)))
(ironclad:sign-message
*acme-priv-key*
(ironclad:digest-sequence
:sha256
(ironclad:ascii-string-to-byte-array
(format nil "~A.~A" protected payload)))))where protected and payload are url-safe-base64-encoded json strings.
glv2
commented
2 years ago According to https://datatracker.ietf.org/doc/html/rfc7518#section-3.3 it looks like RS256 JOSE signatures require the use of PKCS1-v1.5 padding of the message. However Ironclad only has PKCS1-v2.1 so far (OAEP and PSS), see issue #41.
I've never used it, but maybe https://github.com/fukamachi/jose has what you're looking for...
hemml
commented
2 years ago Thanks a lot! This may be an issue!
I'm trying to make ACME (RFC8555) client and always got "JWS verification error" from LetsEncrypt's server. May be it because I'm constructing a wrong jwk in my request. The following code:
gives me something like:
Is the
:Ea public key exponent? In all examples I saweis a much smaller integer.