Create Signature in Openssl for a JWT for the AS400iSeriesIBM i - Stack Overflow

admin管理员组

文章数量:1302329

I am struggeling to make a working signature of a certificate which will be used later in a JWT in an RPG-program.

We use this version of openssl: "OpenSSL 3.0.10 1 Aug 2023 (Library: OpenSSL 3.0.10 1 Aug 2023)"

First I create a cert.pem and a key.pem which is also the private key with this openssl command:

openssl req -newkey rsa-pss -new -nodes -x509 -days 3650 -pkeyopt rsa_keygen_bits:4096 -sigopt rsa_pss_saltlen:32 -keyout key.pem -out cert.pem

This is how the certificate has to be created. Then I enter the infomation on screen (Country, State,Name, Email,etc.).

Now I create the Signature with this commands:

cd /test && printf "%s" "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJDdXN0b21lSUQiLCJzdWIiOiJDdXN0b21lcklEIiwiYXVkIjoiaHR0cHM6Ly90ZXN0LmNvbSIsImlhdCI6MTczOTI2NjIyOSwiZXhwIjoxNzM5MjY2NTI5LCJuYmYiOjE3MzkyNTYxNjksImp0aSI6IjEyMzQ1NiJ9" 

| openssl dgst -sha256 -binary -sign "key.pem" -out "signature.bin" && openssl enc -base64 -A -in "signature.bin" 

| tr -d '\n=' | tr '+/' '-_' > "signature.bin"

in the printf command there is the JWT-Header and the JWT-Payload. Those are example informations and are correct according to jwt.io. On the website I copied also the private key and the public key and it says, Valid Signature.

But if I use the "cat signature.bin" command and copy the string to jwt.io: I get the "Invalid Signature" error and the message: Seems Your JWT-Signature was not encoded correctly. Same with token.dev Debugger: "Signature verification failed".

What am I missing?

I used this tutorial:

Web Concepts For The RPG Developer, Part 3

Web Concepts For The RPG Developer, Part 4

I am struggeling to make a working signature of a certificate which will be used later in a JWT in an RPG-program.

We use this version of openssl: "OpenSSL 3.0.10 1 Aug 2023 (Library: OpenSSL 3.0.10 1 Aug 2023)"

First I create a cert.pem and a key.pem which is also the private key with this openssl command:

openssl req -newkey rsa-pss -new -nodes -x509 -days 3650 -pkeyopt rsa_keygen_bits:4096 -sigopt rsa_pss_saltlen:32 -keyout key.pem -out cert.pem

This is how the certificate has to be created. Then I enter the infomation on screen (Country, State,Name, Email,etc.).

Now I create the Signature with this commands:

cd /test && printf "%s" "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJDdXN0b21lSUQiLCJzdWIiOiJDdXN0b21lcklEIiwiYXVkIjoiaHR0cHM6Ly90ZXN0LmNvbSIsImlhdCI6MTczOTI2NjIyOSwiZXhwIjoxNzM5MjY2NTI5LCJuYmYiOjE3MzkyNTYxNjksImp0aSI6IjEyMzQ1NiJ9" 

| openssl dgst -sha256 -binary -sign "key.pem" -out "signature.bin" && openssl enc -base64 -A -in "signature.bin" 

| tr -d '\n=' | tr '+/' '-_' > "signature.bin"

in the printf command there is the JWT-Header and the JWT-Payload. Those are example informations and are correct according to jwt.io. On the website I copied also the private key and the public key and it says, Valid Signature.

But if I use the "cat signature.bin" command and copy the string to jwt.io: I get the "Invalid Signature" error and the message: Seems Your JWT-Signature was not encoded correctly. Same with token.dev Debugger: "Signature verification failed".

What am I missing?

I used this tutorial:

Web Concepts For The RPG Developer, Part 3

Web Concepts For The RPG Developer, Part 4

• jwt
• openssl
• certificate
• sh
• ibm-midrange

Share Follow edited Feb 11 at 10:10 baphomet asked Feb 11 at 9:20 baphometbaphomet 11188 bronze badges

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

Someone on r/IBMi was able to figure out, what was wrong. In short, the RSA-PSS in generating the cert.pem was the issue. In the documentation for the API it explicitly shows this command and explicitly says multiple times use the RSA256.

Therefore, I selected the RS256 option on jwt.io and ofc that has the wrong format. And that was it. Here the Thread of the reddit to figure out what was wrong: r/IBMi

本文标签： Create Signature in Openssl for a JWT for the AS400iSeriesIBM iStack Overflow