Arm Mbed OS support forum

Verify signature of JWT


I’m trying to verify if the signature of a jwt is valid or not (with public key).
I use the mbedtls_pk_verify function.

Example JWT: XXXXheaderXXXX.YYYYpayloadYYYY.ZZZZsignatureZZZZ

    const char headerAndPayload = "XXXXheaderXXXX.YYYYpayloadYYYY";
    const char headerAndPayload = "ZZZZsignatureZZZZ";

	unsigned char shaResult[32];
	const size_t payloadLength = strlen(headerAndPayload);

	mbedtls_md_context_t ctx;
	mbedtls_md_type_t md_type = MBEDTLS_MD_SHA256;
	mbedtls_md_setup(&ctx, mbedtls_md_info_from_type(md_type), 0);
	mbedtls_md_update(&ctx, (const unsigned char *) headerAndPayload, payloadLength);
	mbedtls_md_finish(&ctx, shaResult);

	for(int i= 0; i< sizeof(shaResult); i++)
		char str[3];
		sprintf(str, "%02x", (int)shaResult[i]);
		printf("%s", str);

    mbedtls_pk_verify(&publicKey, MBEDTLS_MD_SHA256, ,shaResult, sizeof(shaResult),  (const unsigned char *)signatureTmp, sizeof(signatureTmp)

The verify returns always

! mbedtls_pk_verify returned -17280

-17280 (-0x4380): RSA - The PKCS#1 verification failed

Does someone has an idea what’s wrong ?