cancel
Showing results for 
Search instead for 
Did you mean: 

JWT verify signature with CRYPTO::verify fails

Rene_C_
Nimbostratus
Nimbostratus

Hi,

 

preface: i dont have APM available for this specific issue.

 

I get a JWT sent in the Auth header, and i can just parse it fine from within an irule. the part that i just cannot get to work is to verify the signature.

 

It always fails, no matter what i try and if i try to do a CRYPTO::sign with the same data/alg/key, i always get different results from i.e. jwt.io.

 

log local0.debug [b64encode [CRYPTO::sign -alg hmac-sha512 -key "test1234" "{\"alg\":\"HS512\",\"typ\": \"JWT\"}.{\"sub\":\"indy\",\"iat\":1609754374,\"exp\":1609754434}"]]

 

this gives a completely different result than on jwt.io (apart from the signature on jwt.io being b64url-encoded).

 

Any idea why?

 

Thanks,

Rene

 

0 REPLIES 0