> You can see this by exploding the output from openssl dgst via asn1parse: > pritikin@ubuntu:~/tmp/jwt$ openssl asn1parse -in signature.sign -inform DER > 0:d=0 hl=2 l= 69 cons: SEQUENCE > 2:d=1 hl=2 l= 32 prim: INTEGER > :1EF9060ADA81C288C4FE2E3585BFF6379FF03467EB0D7D848D568604A1C53864 > 36:d=1 hl=2 l= 33 prim: INTEGER > :EAD5AD3F8FB7092D14903C8B08D0D83EE91E898EA8D3A5944F13F8B6652372D1 > > So to do everything in script-land with openssl tools you need to extract > the r and s values and format them correctly as specified in JWA [RFC7518, > section 3.4 step 2 and 3). I’ll have to think about how you could do this > from a shell script.
Your signature.sign file is probably 66 bytes, right? Assuming 'R' and 'S' are in order, I think you can snip 2-bytes off the front of the file and have the signature. > Its interesting to note here that we have almost the simplest example of > ASN1 possible and it still sounds hard to work with. :) Shrug, it isn’t > like the JWA 64-octet sequence is actually that much easier from shell > commands. But all we need to do is compute the encoded signature value BASE64URL(JWS Signature), we can use the script I found before for this part... Kent _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
