This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm that you accept these cookies being set.
Logic Machine ForumLogicMachine eco-systemScripting v
Support for RS256 (RSA Signature with SHA-256)

Threaded Mode
Support for RS256 (RSA Signature with SHA-256)
spyder Offline
Junior Member
Posts: 24
Threads: 12
Joined: Dec 2015
Reputation: 0
#1
17.01.2020, 22:08
Hi,

Does encdec support rsa with sha256? I would like to generate a JWT token.

Thanks
Find
Reply
spyder Offline
Junior Member
Posts: 24
Threads: 12
Joined: Dec 2015
Reputation: 0
#2
20.01.2020, 12:45
I found this library https://github.com/spacewander/lua-resty...ty/rsa.lua, which seems to use openssl. I believe this is installed and should work?

Would the usage then be similar as described in this post?
https://forum.logicmachine.net/showthrea...7#pid10237

Do I need to do anything special to use the bitops?
http://bitop.luajit.org/

Thanks
Find
Reply
admin Offline
Administrator
Posts: 7260
Threads: 40
Joined: Jun 2015
Reputation: 416
#3
20.01.2020, 13:09
See this: https://forum.logicmachine.net/showthrea...2#pid15322
Find
Reply
spyder Offline
Junior Member
Posts: 24
Threads: 12
Joined: Dec 2015
Reputation: 0
#4
21.01.2020, 15:53 (This post was last modified: 21.01.2020, 23:26 by spyder.)
(20.01.2020, 13:09)admin Wrote: See this: https://forum.logicmachine.net/showthrea...2#pid15322

Hi, I am not sure if the encdec or AES implementation are the same as the RSA encryption, in the JWT spec https://tools.ietf.org/html/rfc7518#section-3 I read RS256 is equal to RSASSA-PKCS1-v1_5 using SHA-256. Are you suggesting to calculate the signature myself using the hmacsha256 of encdec instead of using the openssl implementation?
Find
Reply
admin Offline
Administrator
Posts: 7260
Threads: 40
Joined: Jun 2015
Reputation: 416
#5
27.01.2020, 07:40
Here are JWT libraries from https://github.com/cdbattags/lua-resty-jwt with some minor changes to work on LM. Create a use library with the same name for each attached file.
Code:
jwt = require "user.jwt"

jwt_token = jwt:sign(
  "my-secrect-key",
  {
    header={typ="JWT", alg="HS256"},
    payload={foo="bar"}
  }
)

log(jwt_token)

Attached Files
.lua   evp.lua (Size: 17.46 KB / Downloads: 12)
.lua   aes.lua (Size: 6.57 KB / Downloads: 15)
.lua   hmac.lua (Size: 3.67 KB / Downloads: 12)
.lua   jwt.lua (Size: 28.69 KB / Downloads: 14)
.lua   jwt-validators.lua (Size: 14.92 KB / Downloads: 11)
Find
Reply
spyder Offline
Junior Member
Posts: 24
Threads: 12
Joined: Dec 2015
Reputation: 0
#6
31.01.2020, 20:54
(27.01.2020, 07:40)admin Wrote: Here are JWT libraries from https://github.com/cdbattags/lua-resty-jwt with some minor changes to work on LM. Create a use library with the same name for each attached file.
Code:
jwt = require "user.jwt"

jwt_token = jwt:sign(
  "my-secrect-key",
  {
    header={typ="JWT", alg="HS256"},
    payload={foo="bar"}
  }
)

log(jwt_token)

I get

Quote:User library hmac:85: Symbol not found: EVP_md5
stack traceback:
[C]: in function '__index'
User library hmac:85: in main chunk
[C]: in function 'require'
Library user-autoload:5: in main chunk

Tried to upgrade to the latest firmware, but that did not resolve the issue. I am using a LM3 Reactor v2.
Find
Reply
admin Offline
Administrator
Posts: 7260
Threads: 40
Joined: Jun 2015
Reputation: 416
#7
01.02.2020, 09:10
You need to disable auto-load for this library. user.aes must be loaded first because it loads ssl library, otherwise you will get this error.
Find
Reply


Forum Jump: