Verify signature of JWT

Pascal_Merkle · August 10, 2021, 1:57pm

Hi,

I’m trying to verify if the signature of a jwt is valid or not (with public key).
I use the mbedtls_pk_verify function.

Example JWT: XXXXheaderXXXX.YYYYpayloadYYYY.ZZZZsignatureZZZZ

    const char headerAndPayload = "XXXXheaderXXXX.YYYYpayloadYYYY";
    const char headerAndPayload = "ZZZZsignatureZZZZ";

	unsigned char shaResult[32];
	const size_t payloadLength = strlen(headerAndPayload);

	mbedtls_md_context_t ctx;
	mbedtls_md_type_t md_type = MBEDTLS_MD_SHA256;
	mbedtls_md_init(&ctx);
	mbedtls_md_setup(&ctx, mbedtls_md_info_from_type(md_type), 0);
	mbedtls_md_starts(&ctx);
	mbedtls_md_update(&ctx, (const unsigned char *) headerAndPayload, payloadLength);
	mbedtls_md_finish(&ctx, shaResult);
	mbedtls_md_free(&ctx);

	for(int i= 0; i< sizeof(shaResult); i++)
	{
		char str[3];
		sprintf(str, "%02x", (int)shaResult[i]);
		printf("%s", str);

	}
    mbedtls_pk_verify(&publicKey, MBEDTLS_MD_SHA256, ,shaResult, sizeof(shaResult),  (const unsigned char *)signatureTmp, sizeof(signatureTmp)

The verify returns always

! mbedtls_pk_verify returned -17280

-17280 (-0x4380): RSA - The PKCS#1 verification failed

Does someone has an idea what’s wrong ?

Topic		Replies	Views
Verify signature using RSA public key Mbed TLS mbed_tls	1	2992	June 29, 2023
RSA Encryption with PRIVATE key (to sign), and RSA Decryption with PUBLIC key (to verify) Mbed TLS	1	1367	March 20, 2023
Verifying signature: want to use public key in certificate, not in keypair. Looking for sample of code Crypto and SSL questions	1	956	February 26, 2022
ECDSA verify problems Crypto and SSL questions mbed_tls	8	3266	October 13, 2022
Mbedtls_pk_verify giving ECP - The signature is not valid as error Crypto and SSL questions mbed_tls	0	797	March 22, 2021

Verify signature of JWT

Related topics