You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some of the signed JWTs for ES512 generated with jsrsasign v11.1.0 in the context of JWS have signatures that are shorter than 132 bytes (e.g. 130 bytes). Such signatures and thus the associated signed JWTs are invalid and are verified as invalid by other JWS-compliant libraries.
With the 130 bytes signatures (at least the ones I have analyzed), r and s are only 65 bytes in size and the padding with a leading 0x00 on 66 bytes is missing for both values. So presumably the issue is a flawed implementation of the P1363 format.
In addition, there are also sporadic exceptions (unknown ECDSA sig s length error) during signing (with a frequency of approximately 1:1000).
Here is a script that demonstrates both issues:
// code takes a few minutes to execute!varprivateKey=`-----BEGIN PRIVATE KEY-----MIH3AgEAMBAGByqGSM49AgEGBSuBBAAjBIHfMIHcAgEBBEIBt9JkMzOnDTkWGeWrhq5a73ByFKDazPsiKSAyS7QrD9p7LY2fxpuJ33eccF4BlKcdUpH3JdBfQWLAhifAt5vTRW6gBwYFK4EEACOhgYkDgYYABAGHGt/TynDUfNy8TII8lJOaRHezUbRooLM7lCtkIejai/dZLbq9GUAeSG3dXujrx7lrElqbnFytJQgZ71OMOabmjAHEkJejYdC6sGxsFCROu3oLZdNk8ZSY5pGIQj4CqLGthpgglVlfDQlQw2P3Ib0MP9r3TYaB6g8icx/Qwp4dqrtYug==-----END PRIVATE KEY-----`;// code for demonstrating different signature lengthsfor(vari=0;i<16;i++){varheader=JSON.stringify({"alg": "ES512"});varpayload=JSON.stringify({"sub": "1234567890","name": "John Doe"});varjwt=KJUR.jws.JWS.sign("ES512",header,payload,privateKey);varsignatureHex=b64utohex(jwt.split('.')[2]);varsignatureLen=signatureHex.length/2;if(signatureLen!=132)console.log(signatureLen);}console.log("demo 1: done\n");// code for demonstrating the exception "unknown ECDSA sig s length error"for(vari=0;i<1024;i++){varheader=JSON.stringify({"alg": "ES512"});varpayload=JSON.stringify({"sub": "1234567890","name": "John Doe"});try{varjwt=KJUR.jws.JWS.sign("ES512",header,payload,privateKey);}catch(ex){console.log(ex.message);}}console.log("demo 2: done");
Sample output:
130
130
130
130
demo 1: done
unknown ECDSA sig s length error
demo 2: done
The text was updated successfully, but these errors were encountered:
Some of the signed JWTs for ES512 generated with jsrsasign v11.1.0 in the context of JWS have signatures that are shorter than 132 bytes (e.g. 130 bytes). Such signatures and thus the associated signed JWTs are invalid and are verified as invalid by other JWS-compliant libraries.
With the 130 bytes signatures (at least the ones I have analyzed), r and s are only 65 bytes in size and the padding with a leading 0x00 on 66 bytes is missing for both values. So presumably the issue is a flawed implementation of the P1363 format.
In addition, there are also sporadic exceptions (unknown ECDSA sig s length error) during signing (with a frequency of approximately 1:1000).
Here is a script that demonstrates both issues:
Sample output:
The text was updated successfully, but these errors were encountered: