[gnutls-help] Verifying signatures encoded with gnutls_hmac_fast
Nicolas Mora
nicolas at babelouest.org
Fri May 19 21:44:11 CEST 2017
Hello,
I'm trying to adapt libjwt to work with gnutls instead of openssl:
https://github.com/benmcollins/libjwt
Basically, it's used to sign/verify json web tokens using the following
algorithms: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512
With Gnutls, I'm able to sign/verify HS* signatures, I'm also able to
sign RS* signatures, but when it comes to verify those, I can't make it
work.
To sign tokens with RS*, I use gnutls_hmac_fast, but I couldn't find an
equivalent to verify the signatures, so I follow the following algorithm:
gnutls_pubkey_import(pubkey, &cert_dat, GNUTLS_X509_FMT_PEM);
gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA256, 0, &data, &sig);
with sig as a base64 decoded signature, and cert_dat as the content of a
public key file
The result is always "-89: Public key signature verification has failed."
I also tried with GNUTLS_DIG_SHA256 as verify algorithm, the same one
used in gnutls_hmac_fast, but it didn't work as well.
I couldn't find how to solve my problem, what did I miss?
My SHA verifying code can be found at:
https://github.com/babelouest/libjwt/blob/gnutls/libjwt/jwt.c#L654
(very quick and dirty, sorry for the mess)
More information about the Gnutls-help
mailing list