caml-list - the Caml user's mailing list
 help / Atom feed
* [Caml-list] Implementing JWT RS256 verification
@ 2019-02-19  5:37 Malcolm Matalka
       [not found] ` <0e233aa3-d549-1391-9594-3dfaf6eead6a@rftp.com>
  2019-02-19  9:41 ` Malcolm Matalka
  0 siblings, 2 replies; 4+ messages in thread
From: Malcolm Matalka @ 2019-02-19  5:37 UTC (permalink / raw)
  To: caml users

Hello,

I'm trying to implement verification of JWT's signed with RS256 and
having some trouble finding the crypto library I should use for this.
Nocrypt and CryptoKit are the obvious choices by searching opam, however
neither of them seem to quite have what I'm looking for.  RS256 is RSA
with SHA256 and something called PKCS1v1.5 for padding.  I see both of
these libraries have RSA options but it doesn't seem possible to specify
the hashing algorithm.  Nocrypto has a PKCS1v1.5 module in the RSA
module but no hash.  When I call [sig_decode] on my message I get back
a message text but it also doesn't seem to match what I'm expecting.

My input is the message, the signed signature, and the public key, and
I'd like to know verify these match correctly.

I really don't know much about crypto and am just trying to implement a
spec.  Anyone have a suggestion for what library I should use?  Am I
just missing something?

Thanks,
/Malcolm

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Caml-list] Implementing JWT RS256 verification
       [not found] ` <0e233aa3-d549-1391-9594-3dfaf6eead6a@rftp.com>
@ 2019-02-19  6:31   ` Malcolm Matalka
  0 siblings, 0 replies; 4+ messages in thread
From: Malcolm Matalka @ 2019-02-19  6:31 UTC (permalink / raw)
  To: Robert Roessler; +Cc: caml-list

[-- Attachment #1: Type: text/plain, Size: 1426 bytes --]

I am hoping something already exists in Ocaml rather than create new
bindings.

Den tis 19 feb. 2019 06:50Robert Roessler <robertr@rftp.com> skrev:

> Malcolm Matalka wrote:
> > Hello,
> >
> > I'm trying to implement verification of JWT's signed with RS256 and
> > having some trouble finding the crypto library I should use for this.
> > Nocrypt and CryptoKit are the obvious choices by searching opam, however
> > neither of them seem to quite have what I'm looking for.  RS256 is RSA
> > with SHA256 and something called PKCS1v1.5 for padding.  I see both of
> > these libraries have RSA options but it doesn't seem possible to specify
> > the hashing algorithm.  Nocrypto has a PKCS1v1.5 module in the RSA
> > module but no hash.  When I call [sig_decode] on my message I get back
> > a message text but it also doesn't seem to match what I'm expecting.
> >
> > My input is the message, the signed signature, and the public key, and
> > I'd like to know verify these match correctly.
> >
> > I really don't know much about crypto and am just trying to implement a
> > spec.  Anyone have a suggestion for what library I should use?  Am I
> > just missing something?
> >
> > Thanks,
> > /Malcolm
>
> Have you looked at Crypto++ (aka CryptoPP)?  It is a fairly complete
> library with "lots" of users.
>
> https://www.cryptopp.com/wiki/Main_Page
>
> Regards,
> --
> Robert Roessler
> robertr@rftp.com
> http://www.rftp.com
>

[-- Attachment #2: Type: text/html, Size: 2149 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Caml-list] Implementing JWT RS256 verification
  2019-02-19  5:37 [Caml-list] Implementing JWT RS256 verification Malcolm Matalka
       [not found] ` <0e233aa3-d549-1391-9594-3dfaf6eead6a@rftp.com>
@ 2019-02-19  9:41 ` Malcolm Matalka
  2019-02-19  9:53   ` Malcolm Matalka
  1 sibling, 1 reply; 4+ messages in thread
From: Malcolm Matalka @ 2019-02-19  9:41 UTC (permalink / raw)
  To: caml users

Looking at the source code to Nocrypto, it looks like there is a verify
function but it is not exposed in the .mli for 0.5.4, anyone aware of
why this is the case?  Just an oversight?

Malcolm Matalka <mmatalka@gmail.com> writes:

> Hello,
>
> I'm trying to implement verification of JWT's signed with RS256 and
> having some trouble finding the crypto library I should use for this.
> Nocrypt and CryptoKit are the obvious choices by searching opam, however
> neither of them seem to quite have what I'm looking for.  RS256 is RSA
> with SHA256 and something called PKCS1v1.5 for padding.  I see both of
> these libraries have RSA options but it doesn't seem possible to specify
> the hashing algorithm.  Nocrypto has a PKCS1v1.5 module in the RSA
> module but no hash.  When I call [sig_decode] on my message I get back
> a message text but it also doesn't seem to match what I'm expecting.
>
> My input is the message, the signed signature, and the public key, and
> I'd like to know verify these match correctly.
>
> I really don't know much about crypto and am just trying to implement a
> spec.  Anyone have a suggestion for what library I should use?  Am I
> just missing something?
>
> Thanks,
> /Malcolm


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Caml-list] Implementing JWT RS256 verification
  2019-02-19  9:41 ` Malcolm Matalka
@ 2019-02-19  9:53   ` Malcolm Matalka
  0 siblings, 0 replies; 4+ messages in thread
From: Malcolm Matalka @ 2019-02-19  9:53 UTC (permalink / raw)
  To: caml users

Whoops, after looking around I see it's in master.  I got confused in
the GitHub UI.

Malcolm Matalka <mmatalka@gmail.com> writes:

> Looking at the source code to Nocrypto, it looks like there is a verify
> function but it is not exposed in the .mli for 0.5.4, anyone aware of
> why this is the case?  Just an oversight?
>
> Malcolm Matalka <mmatalka@gmail.com> writes:
>
>> Hello,
>>
>> I'm trying to implement verification of JWT's signed with RS256 and
>> having some trouble finding the crypto library I should use for this.
>> Nocrypt and CryptoKit are the obvious choices by searching opam, however
>> neither of them seem to quite have what I'm looking for.  RS256 is RSA
>> with SHA256 and something called PKCS1v1.5 for padding.  I see both of
>> these libraries have RSA options but it doesn't seem possible to specify
>> the hashing algorithm.  Nocrypto has a PKCS1v1.5 module in the RSA
>> module but no hash.  When I call [sig_decode] on my message I get back
>> a message text but it also doesn't seem to match what I'm expecting.
>>
>> My input is the message, the signed signature, and the public key, and
>> I'd like to know verify these match correctly.
>>
>> I really don't know much about crypto and am just trying to implement a
>> spec.  Anyone have a suggestion for what library I should use?  Am I
>> just missing something?
>>
>> Thanks,
>> /Malcolm


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, back to index

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-19  5:37 [Caml-list] Implementing JWT RS256 verification Malcolm Matalka
     [not found] ` <0e233aa3-d549-1391-9594-3dfaf6eead6a@rftp.com>
2019-02-19  6:31   ` Malcolm Matalka
2019-02-19  9:41 ` Malcolm Matalka
2019-02-19  9:53   ` Malcolm Matalka

caml-list - the Caml user's mailing list

Archives are clonable: git clone --mirror https://inbox.ocaml.org/caml-list

AGPL code for this site: git clone https://public-inbox.org/ public-inbox