RS256: Generated RSA Keys(2048bit) have sometimes 2047 modulus length

[breadbakerman]

When verifying JWT tokens (compactVerify) that have been signed with an 2048bit RSA key, key length check fails stating that the modulus length is 2047.

In other frameworks I have noticed that they go down the route of allowing 2047bit length RSA keys to mitigate such errors.

Is it be possible change the value in

jose/src/runtime/browser/check_key_length.ts

Line 4 in c80d0e1

if (typeof modulusLength !== 'number' || modulusLength < 2048) {

Thanks in advance.

[panva]

The key is either 2048 and above or it isnt, and the private key's modulus is the same as the public key's modulus, so their lengths are always the same :)

This check is entirely intentional and per the JWA specification.

Please share more details if you can.

[breadbakerman]

Yes, I mixed key length and modulus length.
Though the keys I generate are of 2048bit length, the modulus length is sometimes 2047 and thus fails the check.

I think what happens is described here: https://randomoracle.wordpress.com/2019/12/04/off-by-one-the-curious-case-of-2047-bit-rsa-keys/

Thanks in advance.

[panva]

Despite the difference in difficulty of factoring being marginal at best, it's still a requirement to be 2048 at least.

[breadbakerman]

I changed the way keys are generated (it's a small go service now) and my problem went away. Keys now have a modulus length of 2048 and pass the check.
Thank you for your patience.