PEM encoded public keys

Question

PEM encoded public keys

jonahcwest opened this issue 5 years ago · comments

Using a PEM encoded public key like the following:

-----BEGIN CERTIFICATE-----
abc123...
-----END CERTIFICATE-----

And decoding it with the following:

try {
    auto decoded = jwt::decode(token, algorithms({"rs256"}), secret(cert));
} catch (jwt::InvalidSignatureError &e) {
    std::cout << e.what();
}

where cert is the certificate above, a jwt::InvalidSignatureError is thrown with the message verification failed. Using the same certificate on jwt.io with a valid token works. Does the certificate need to be processed by something else before it can be used to decode a token? If so, should documentation be added for this? I'm using the Google Sign-In API and most of the other libraries I've used work fine.

Arun Muralidharan · Answer 1 · Fri Jul 26 2019 22:43:58 GMT+0800 (China Standard Time)

@jonahcwest
Would it be possible to share the certificate that you are testing with privately ? If you can please do send it out on arun11299@gmail.com.

Also provide the OS, openssl version that you are using.

jonahcwest · Answer 2 · Sun Jul 28 2019 09:16:41 GMT+0800 (China Standard Time)

The certificate is the Google OAuth certificate from googleapis.com/oauth2/v1/certs. The result of openssl version is OpenSSL 1.1.1c 28 May 2019. I'm using the debian:buster Docker image.

I'm pretty sure I was using the correct key and all, but I'm going to give it another shot.