× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. RPG400-L
  3. August 2018

Re: Attempting to use Crypto APIs to verify JWT signature

It would help us see what might be wrong if you show us your proto and data definitions Doug.


Jon Paris

www.partner400.com
www.SystemiDeveloper.com

On Aug 3, 2018, at 11:29 AM, Bak, Doug (LMF) <Doug.Bak@xxxxxxxxxxxxxx> wrote:

I'd like to be able to natively verify a JWT signature using the Crypto APIs, and after reading the API doc for Qc3VerifySignature, I'm not sure how to implement it. According to the doc, parm 1 is the signature, parm 3, I believe is the Base64URL encoded header and payload of the JWT. I'm at the point of receiving CPF9DDB - The key string or Diffie-Hellman parameter string is not valid.

Could someone familiar verify my understanding of the API doc please? Since the tokens are constructed in ASCII, I'm half thinking it's an encoding issue, but before I make too many assumptions, I wanted get other opinions.

Parms:
Signature - Base64Url decoded bytes of the JWT Signature. (Should be Ascii?)
Length of Signature - Length of the Signature string
Input Data - Base64URL encoded string of the JWT header and Payload (Ascii?/Ebcdic?)
Length of Input data - string length of Input data
Input Data Format - 'DATA0100'
Algorithm Description - DataStructure (ALGD0400)
PK Cipher Alg - 50 (RSA)
PKA Block Fmt - '1' (PKCS #1 Block type 1)
Reserved - x'000000'
Signing Hash - 3 (SHA-256)
Algorithm desc Format - 'ALGD0400'
Key desc - Data Structure (KEYD0200)
Key Type - 50 (RSA public)
Key String Len - Length of KeyString
Key Format - '1' (BER string) - Ascii?/Ebcdic?
Reserved - x'000000'
KeyString - BER encoded x.509 certificate (I think this is the x5c value from the OpenID Connect JWKS info)
Key desc Format - 'KEYD0200'
Crypto Provider '0'
Crypto Device Name - *null
Error Code

Thanks,
Doug
--
This is the RPG programming on the IBM i (AS/400 and iSeries) (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: http://amzn.to/2dEadiD


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.