Closed adamkissvcc closed 3 years ago
This error is expected given the input is too short.
NIST P-521 uses 521 bits, hence 521/8 = 65.125 bytes, hence the Y value must be 66 bytes (rounded up).
As RFC 7518 says: "The length of this octet string MUST be the full size of a coordinate for the curve specified in the "crv" parameter. For example, if the value of "crv" is "P-521", the octet string must be 66 octets long".
If any1 else comes here, it's fixed in Gluu 4.2.1, see: https://support.gluu.org/authentication/8780/wrong-size-of-ec-x-value-in-jwks_uri-while-using-openid/ https://github.com/GluuFederation/oxAuth/issues/1461
Hi!
We are trying to connect ory kratos and gluu. Gluu is a java auth solution, with openid provedir functionality. At some point it generates an ES512 signed token, for which we get an error in kratos, that comes from jose:
invalid EC public key, wrong length for y
The y value byte length is 65 after base64 decode. If I pad it to 66 bytes, the check works, so as far as i can see the x/y values seem to be correct. (I'm no expert in encryption algs/jwt, there might be something I'm missing.)
test code:
output: