Forum Discussion

Rene_C_'s avatar
Icon for Nimbostratus rankNimbostratus
Jan 04, 2021

JWT verify signature with CRYPTO::verify fails


preface: i dont have APM available for this specific issue.

I get a JWT sent in the Auth header, and i can just parse it fine from within an irule. the part that i just cannot get to work is to verify the signature.

It always fails, no matter what i try and if i try to do a CRYPTO::sign with the same data/alg/key, i always get different results from i.e.

log local0.debug [b64encode [CRYPTO::sign -alg hmac-sha512 -key "test1234" "{\"alg\":\"HS512\",\"typ\": \"JWT\"}.{\"sub\":\"indy\",\"iat\":1609754374,\"exp\":1609754434}"]]

this gives a completely different result than on (apart from the signature on being b64url-encoded).

Any idea why?



No RepliesBe the first to reply