× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



This is the code I am using - with the keys changed for obvious reasons. Note the declarations of the keys as UTF-8 - the keys are just as given by the API supplier. I do no conversion.

Hope this helps.


Dcl-Proc GetJWTKey;

dcl-pi *N Like(jwt_token_t);
end-pi;

// This is the secret key used to sign the app.
// Value will need to be changed if we ever regen the key in the app store
dcl-s signKey like(jwt_signKey_t) ccsid(*utf8)
inz('abciPFYZjZnUo3pVGxLYG21zmf2qxso89999');

// This is the API key used to identify the issuer (i.e. SiD)
dcl-s apiKey like(jwt_signKey_t) ccsid(*utf8)
inz('-xyz7q4QSaOZESQwPGq15A');

dcl-s payload like(jwt_token_t) ccsid(*utf8);
dcl-s token like(jwt_token_t) ccsid(*utf8);

// The JWT issue time and expiry are specified in unix epoch time
// The routine CvtTSEpoch is used to convert a timestamp to epoch time
dcl-s epochNow int(10);
dcl-s epochExpire int(10);

dcl-c EXPIRE_IN 60; // Life of token in seconds

epochNow = CvtTSEpoch(%Timestamp()); // Time now as unix epoch

epochExpire = epochNow + EXPIRE_IN; // expire token in 1 minute
// - assuming EXPIRE_IN is 60.

// Build the JWT payload
payload = '{ "iss" : "' + apiKey + '", "exp" : ' + %editc(epochExpire : 'X')
+ ', "iat" : ' + %editc(epochNow : 'X') + ' }';

// And generate the JWT using ILEastic's JWT routine/
token = jwt_sign(JWT_HS256 : payload : signKey);

return token;

end-proc;


On Dec 7, 2020, at 10:54 AM, Suren K <suren7437@xxxxxxxxx> wrote:

Hi Jon,

I just saw the ILEastic code.

In the program JWTUT1, the key can assigned as shown below

signKey = '123456789012345678901234567890AB';

I assume the signkey value is the plain text (ASCII format which we are
getting from the client).

Am i right? or do we need to convert the ASCII plain text into another
format?

Regards,
Surender K

On Mon, Dec 7, 2020 at 8:17 PM Jon Paris <jon.paris@xxxxxxxxxxxxxx> wrote:

If you are using JWTs then rather than rolling your own you could try
Mihael's code (part of the ILEastic project) from here:
https://github.com/sitemule/ILEastic/tree/master/plugins/jwt <
https://github.com/sitemule/ILEastic/tree/master/plugins/jwt>

That is what I ended up using for my Zoom work after having spent some
time beating my head against the same barriers you are encountering.

Always nice to use tested code !


Jon

On Dec 7, 2020, at 7:17 AM, Thomas Raddatz <thomas.raddatz@xxxxxx>
wrote:

Did you convert the secret key (KEYD0200) to the ccsid of the target
system? I assume that you need the hmac for a PC and not for an IBM I,
right? Therefore you want to use an Ascii or UTF-8 key instead of an EBCDIC
key, I assume.

In that case the key must be converted to the CCSID of the target
system, before passing it to the Qc3CalculateHMAC() API.

Thomas.

-----Ursprüngliche Nachricht-----
Von: RPG400-L <rpg400-l-bounces@xxxxxxxxxxxxxxxxxx> Im Auftrag von
Suren K
Gesendet: Montag, 7. Dezember 2020 10:15
An: RPG programming on IBM i <rpg400-l@xxxxxxxxxxxxxxxxxx>
Betreff: Reg: HMAC Calculation

Hi All,

How are you?

I am facing the following issue with Qc3CalculateHMAC API.

Currently i am trying to do the JWT token validation in iSeries, to do
that i am planning to generate the HMAC using the header, payload and
signed secret key.

The logic i am using is Passing the input data as
Header(Base64encoded).Payload(Base64encoded).

1) For Base64 decoding - SYSTOOLS.BASE64ENCODE function is used.
2) Algorithm - SHA256.
3) I am passing the Secret Key as plain character text using "KEYD0200"

But the HMAC generated by the API is not correct. Am i doing anything
wrong?

Qc3CalculateHMAC(
%addr(headerPayload) :
%len(%trimr(headerPayload)) :
'DATA0100' :
algd0500 :
'ALGD0500' :
keyparam :
'KEYD0200' :
'0' : // crypto
*blank : // crypto dev
hash :
QUSEC);

Could anyone please help me to figure out the issue?

Regards,
Suren K
--
This is the RPG programming on IBM i (RPG400-L) mailing list To post a
message email: RPG400-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or
change list options,
visit:
https://smex12-5-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2flists.midrange.com%2fmailman%2flistinfo%2frpg400%2dl&umid=610e4461-c6f6-4a7e-b039-66c99e2689e4&auth=e97acd68c6deb7b858f463424a55c9ae42d5359e-b35601ec44c876b516ef29c843b5d6cb9c44d158
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://smex12-5-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2farchive.midrange.com%2frpg400%2dl&umid=610e4461-c6f6-4a7e-b039-66c99e2689e4&auth=e97acd68c6deb7b858f463424a55c9ae42d5359e-b01fb74cc3366396f8ce552b3fb7a7e1d77d948b
.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link:
https://smex12-5-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2famazon.midrange.com&umid=610e4461-c6f6-4a7e-b039-66c99e2689e4&auth=e97acd68c6deb7b858f463424a55c9ae42d5359e-25c69241f01dab5b20ef507ba6ee621ff83bc9a0
--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com

--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com

--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.