[mitreid-connect] RS256 signature and keys

Luiz Omori luiz.omori at duke.edu
Mon Jul 6 13:25:28 EDT 2015


Hi,

I've been using http://jwt.io to debug JWT tokens but couldn't verify the signature. Anybody else having problems with that? I've also played a bit with Jose4j and Nimbus in Java but failed also.

Also, I may be wrong but apparently the RS256 minimum key size is 2048 so MitreId may want to update its default key (I know, I know, we should replace it anyway...but just to give a good example). And while at that, had an interesting error while trying to sign (using Nimbus) a message with a locally generated key: "javax.crypto.BadPaddingException: Message is larger than modulus".  In that particular instance there was a bug in my code however while researching the error found out that there is a limitation on the size of the encrypted text which is quite short (117 for 1024 bits key - TBC). So, is the JWT broken in chunks if above that size? How should I pad?

Regards,
Luiz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150706/1e370068/attachment.htm


More information about the mitreid-connect mailing list