This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm that you accept these cookies being set.

Support for RS256 (RSA Signature with SHA-256)
#1
Hi,

Does encdec support rsa with sha256? I would like to generate a JWT token.

Thanks
Reply
#2
I found this library https://github.com/spacewander/lua-resty...ty/rsa.lua, which seems to use openssl. I believe this is installed and should work?

Would the usage then be similar as described in this post?
https://forum.logicmachine.net/showthrea...7#pid10237

Do I need to do anything special to use the bitops?
http://bitop.luajit.org/

Thanks
Reply
#3
See this: https://forum.logicmachine.net/showthrea...2#pid15322
Reply
#4
(20.01.2020, 13:09)admin Wrote: See this: https://forum.logicmachine.net/showthrea...2#pid15322

Hi, I am not sure if the encdec or AES implementation are the same as the RSA encryption, in the JWT spec https://tools.ietf.org/html/rfc7518#section-3 I read RS256 is equal to RSASSA-PKCS1-v1_5 using SHA-256. Are you suggesting to calculate the signature myself using the hmacsha256 of encdec instead of using the openssl implementation?
Reply
#5
Here are JWT libraries from https://github.com/cdbattags/lua-resty-jwt with some minor changes to work on LM. Create a use library with the same name for each attached file.
Code:
jwt = require "user.jwt"

jwt_token = jwt:sign(
  "my-secrect-key",
  {
    header={typ="JWT", alg="HS256"},
    payload={foo="bar"}
  }
)

log(jwt_token)

Attached Files
.lua   evp.lua (Size: 17.46 KB / Downloads: 13)
.lua   aes.lua (Size: 6.57 KB / Downloads: 16)
.lua   hmac.lua (Size: 3.67 KB / Downloads: 13)
.lua   jwt.lua (Size: 28.69 KB / Downloads: 15)
.lua   jwt-validators.lua (Size: 14.92 KB / Downloads: 12)
Reply
#6
(27.01.2020, 07:40)admin Wrote: Here are JWT libraries from https://github.com/cdbattags/lua-resty-jwt with some minor changes to work on LM. Create a use library with the same name for each attached file.
Code:
jwt = require "user.jwt"

jwt_token = jwt:sign(
  "my-secrect-key",
  {
    header={typ="JWT", alg="HS256"},
    payload={foo="bar"}
  }
)

log(jwt_token)

I get

Quote:User library hmac:85: Symbol not found: EVP_md5
stack traceback:
[C]: in function '__index'
User library hmac:85: in main chunk
[C]: in function 'require'
Library user-autoload:5: in main chunk

Tried to upgrade to the latest firmware, but that did not resolve the issue. I am using a LM3 Reactor v2.
Reply
#7
You need to disable auto-load for this library. user.aes must be loaded first because it loads ssl library, otherwise you will get this error.
Reply


Forum Jump: