Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

encode() raises an RSA lib error when using a small RSA PSS key #635

Open
BramSrna opened this issue Oct 21, 2024 · 3 comments
Open

encode() raises an RSA lib error when using a small RSA PSS key #635

BramSrna opened this issue Oct 21, 2024 · 3 comments

Comments

@BramSrna
Copy link

When calling JWT.encode() using an RSA PSS key of length 1024, exponent of 3, and digest of 512, the following error is raised:

/Users/bsrna/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/gems/jwt-2.9.3/lib/jwt/jwa/ps.rb:18:in "sign_pss": RSA lib (OpenSSL::PKey::RSAError)
from /Users/bsrna/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/gems/jwt-2.9.3/lib/jwt/jwa/ps.rb:18:in "sign"
from /Users/bsrna/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/gems/jwt-2.9.3/lib/jwt/encode.rb:48:in "signature"
from /Users/bsrna/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/gems/jwt-2.9.3/lib/jwt/encode.rb:58:in "encode_signature"
from /Users/bsrna/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/gems/jwt-2.9.3/lib/jwt/encode.rb:32:in "encoded_signature"
from /Users/bsrna/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/gems/jwt-2.9.3/lib/jwt/encode.rb:18:in "segments"
from /Users/bsrna/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0/gems/jwt-2.9.3/lib/jwt.rb:30:in "encode"

This is the code block used for testing it:

require 'openssl'
require 'jwt'

key = OpenSSL::PKey::RSA.new(1024, 3)
key.sign_pss("SHA-512", "test", salt_length: 62, mgf1_hash: "SHA-512")
JWT.encode("test", key, 'PS512')

It was able to run key.sign_pss successfully, but JWT.encode hit the error.

The installed versions are jwt 2.9.3 and openssl 3.2.
@BramSrna
Copy link
Author

When using :digest for the salt_length, this error occurs with digest 512 on smaller keys. I think :digest sets the salt length to 64 but the actual acceptable maximum from sign_pss is 62.

@BramSrna
Copy link
Author

It looks like the issue is the key size. Using a key size of 2048 fixes the issue. Changing the exponent used for the key results in the same error if the key length stays as is.

@anakinj
Copy link
Member

anakinj commented Dec 7, 2024
edited
Loading

Think your observations are correct.

Smaller keys will not work. The JWA RFC actually states that key length of minimum 2048 MUST be used -> ref

Think we could add a validation to the keys to give a more user-friendly message, but think the constraint needs to go into 3.0 because shorter keys could have worked before.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@anakinj @BramSrna