Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stricter RSA key generation from jwk parameters #524

Merged
merged 6 commits into from
Oct 30, 2022

Conversation

anakinj
Copy link
Member

@anakinj anakinj commented Oct 12, 2022

This PR is addressing a parts of #523 and adding test coverage on a few scenarios.

Moved the methods around a little for easier testing and added parameter validation with the rule:

  • If one of the optimisation params are given ALL needs to be given

As you @bellebaum pointed out the DER generation has some issues when parameters are missing. Did not dig that deep but I have a feeling that there is no way to present a private key in the DER format without these parameters.

Im a little unsure what do, not really eager into starting to calculate the primes etc. I guess it's doable but feels sketchy.

So I guess the question is:

Is there a way to generate a usable RSA object with OpenSSL 3.0 with only the modulus and exponents (n,e,d)? as the JWK spec allows private keys to be presented with only these values.

@anakinj anakinj marked this pull request as draft October 12, 2022 06:05
@bellebaum
Copy link
Contributor

I have asked about this over at the Ruby OpenSSL gem: ruby/openssl#551
Seems like this is a TODO for them, so we should eventually see a way.

@anakinj
Copy link
Member Author

anakinj commented Oct 17, 2022

Thanks @bellebaum for raising the question. Im going to return to this one to have it working with the adjustments from #520 at some point.

@anakinj anakinj force-pushed the validate-rsa-jwk-parameters branch from 30d0a65 to 8191784 Compare October 24, 2022 14:57
@anakinj anakinj force-pushed the validate-rsa-jwk-parameters branch 4 times, most recently from c5e78dd to cdb24c8 Compare October 29, 2022 17:41
@anakinj anakinj force-pushed the validate-rsa-jwk-parameters branch from cdb24c8 to e39b411 Compare October 29, 2022 17:44
@anakinj anakinj marked this pull request as ready for review October 29, 2022 17:46
@anakinj
Copy link
Member Author

anakinj commented Oct 29, 2022

This is the best we can to with the interfaces provided by the OpenSSL gem. The behaviour is going to be different depending on the version of openssl that is in use.

@anakinj
Copy link
Member Author

anakinj commented Oct 30, 2022

Im going to merge this soonish.

Working on ruby/openssl#555 to move all this heavy lifting into the openssl gem. Hopefully it will be great some day :)

@anakinj anakinj merged commit 38b75dc into jwt:main Oct 30, 2022
@anakinj anakinj deleted the validate-rsa-jwk-parameters branch October 30, 2022 14:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants