Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RSA public key exponent too long? #50

Closed
hemml opened this issue Feb 10, 2022 · 4 comments
Closed

RSA public key exponent too long? #50

hemml opened this issue Feb 10, 2022 · 4 comments

Comments

@hemml
Copy link

hemml commented Feb 10, 2022

I'm trying to make ACME (RFC8555) client and always got "JWS verification error" from LetsEncrypt's server.
May be it because I'm constructing a wrong jwk in my request.
The following code:

(multiple-value-bind (priv-key pub-key) (ironclad:generate-key-pair :rsa :num-bits 4096)
  (print (ironclad:destructure-public-key pub-key)))

gives me something like:

(:E
 208085713664532760971160044664858453515928358938952263096107908738599293669243046165663481672665658831438261132368819790975618388615388814482557962887920548899877895925722585282327853629197113431705213579236181753719896978086489331618659800367374191972758732411952131514254997916693086837157948595405088665763217101230882063867377603769393470068081039685352174609157542776783920221098498533691024912388252839944675353915049625353166097918241314581876016439746483179626955546303256337901522365062568673049670238222822415120387686801894236279012907900417634049761766002129395269621625913887544460236370729242879332583372923675932492543059271216834389621638163764602702607225020049609564817890964587226225555294052892075399225352975057675874455782243385198369924188409538252612308137502658568930107954244763004226304719985151076344649633746314477132921172392255220583400570833361507385525575043927141735126168975220181187727034652911233864706872701111503782825310517644748733109249870663724953931009303834002334200382306489315365717859917278272096270168052147125730525305088904624397117712610111748932325807716901724004172273813651381741347232291552714200595971654261210128210008811942691869188818168919639363370647874725865035935485851
 :N
 883341698746903501464703537622227135044932644736638679968312155203622118126451734635967362407240214857554764403351993263863180051222571771542081362092560597011061650343993798256131731924879401236533110193063092256021109695236429214631260972568090817523012926382890236045404797306232897540999639365360591206741296934677942448598483888302346806834951285824748275966356671766111215325639136139446606943592186687731962347577584558469561626374319647216978003904112699745463354705636614762416376352862401704195920696448389380598743625387835559431755955129772874812521458380291129856778437605979534091540188673599682735602749703978221786843600777281892992237292454283393486078207029552871705295602135762730649544315168572868250020457368764675225223304466648555304243218335193402657282619777083024992415352799334266402541810712909109253277407192121969324866574791494508618836605762158595285367386491105291425724906736751621631967647386736461431221391017149259897582303187196979221156127192050475932346666676006354525052023709025782323922462774767420291174648982235763916784337183699250078987655983751925516990690801662882103794483119232502652698882185314167234294306169049163295742093586985764864288625609063327554740797018267536904880899727)

Is the :E a public key exponent? In all examples I saw e is a much smaller integer.
@glv2
Copy link
Collaborator

glv2 commented Feb 10, 2022

Yes, E is the public exponent.
Many implementation of RSA use a small public exponent like 65537 (or even 3 or 17). Currently Ironclad is using a random exponent coprime with Phi.

@hemml
Copy link
Author

hemml commented Feb 10, 2022

Ok, thank you for the explanation!
I'm sorry if here is a wrong place for this question, but may be you can say what can be wrong in the following code to make a RS256 JOSE signature:

(multiple-value-bind (priv-key pub-key) (ironclad:generate-key-pair :rsa :num-bits 4096)
  (setf *acme-pub-key* pub-key)
  (setf *acme-priv-key* priv-key)))

(ironclad:sign-message
             *acme-priv-key* 
             (ironclad:digest-sequence
                  :sha256
                  (ironclad:ascii-string-to-byte-array 
                      (format nil "~A.~A" protected payload)))))

where protected and payload are url-safe-base64-encoded json strings.

@glv2
Copy link
Collaborator

glv2 commented Feb 10, 2022

According to https://datatracker.ietf.org/doc/html/rfc7518#section-3.3 it looks like RS256 JOSE signatures require the use of PKCS1-v1.5 padding of the message. However Ironclad only has PKCS1-v2.1 so far (OAEP and PSS), see issue #41.

I've never used it, but maybe https://github.com/fukamachi/jose has what you're looking for...

@hemml
Copy link
Author

hemml commented Feb 10, 2022

Thanks a lot! This may be an issue!

@hemml hemml closed this as completed Feb 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hemml @glv2