×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
I'd like to be able to natively verify a JWT signature using the Crypto APIs, and after reading the API doc for Qc3VerifySignature, I'm not sure how to implement it. According to the doc, parm 1 is the signature, parm 3, I believe is the Base64URL encoded header and payload of the JWT. I'm at the point of receiving CPF9DDB - The key string or Diffie-Hellman parameter string is not valid.
Could someone familiar verify my understanding of the API doc please? Since the tokens are constructed in ASCII, I'm half thinking it's an encoding issue, but before I make too many assumptions, I wanted get other opinions.
Parms:
Signature - Base64Url decoded bytes of the JWT Signature. (Should be Ascii?)
Length of Signature - Length of the Signature string
Input Data - Base64URL encoded string of the JWT header and Payload (Ascii?/Ebcdic?)
Length of Input data - string length of Input data
Input Data Format - 'DATA0100'
Algorithm Description - DataStructure (ALGD0400)
PK Cipher Alg - 50 (RSA)
PKA Block Fmt - '1' (PKCS #1 Block type 1)
Reserved - x'000000'
Signing Hash - 3 (SHA-256)
Algorithm desc Format - 'ALGD0400'
Key desc - Data Structure (KEYD0200)
Key Type - 50 (RSA public)
Key String Len - Length of KeyString
Key Format - '1' (BER string) - Ascii?/Ebcdic?
Reserved - x'000000'
KeyString - BER encoded x.509 certificate (I think this is the x5c value from the OpenID Connect JWKS info)
Key desc Format - 'KEYD0200'
Crypto Provider '0'
Crypto Device Name - *null
Error Code
Thanks,
Doug
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.