Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-5426

JwkSetHandler : EC private key with keyUsage SIGN and invalid 'd' parameter

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 7.1.0
    • 7.1.0, 7.1.1
    • None
    • None
    • OS : Linux
      jdk : OpenJDK 11.0.6
      IGStandalone: 7.1.0-SNAPSHOT e8525bc0747

    Description

      Using this route (pem file attached)

      {
        "condition": "${matches(request.uri.path, '/pem_key$')}",
        "handler": {
          "config": {
            "purposes": [
              {
                "keyUsage": "SIGN",
                "secretId": "6.pem.key.EC.private.SIGN"
              }
            ],
            "secretsProvider": "FileSystemSecretStore-3"
          },
          "type": "JwkSetHandler"
        },
        "heap": [
          {
            "config": {
              "directory": "&{ig.instance.dir}/config/secrets_store/",
              "format": "PLAIN",
              "mappings": [
                {
                  "format": "pemPropertyFormat",
                  "secretId": "6.pem.key.EC.private.SIGN"
                }
              ],
              "suffix": ".pem"
            },
            "name": "FileSystemSecretStore-3",
            "type": "FileSystemSecretStore"
          },
          {
            "name": "pemPropertyFormat",
            "type": "PemPropertyFormat"
          }
        ]
      }
      
      

      It happens ALTHOUGH NOT SYSTEMATIC, that the JwkSetHandler returns a different `d` value than a python library (jwcrypto).

      Example of returned different values (computed from attached pem file) :

      • Generated JWK from IG:
        {"keys":[{"kty":"EC","kid":"6.pem.key.EC.private.SIGN","use":"sig","x":"8Y85rEHj0-XGxqapxLuf3sTX71YYVgtUi2AbWka4Ql4","y":"9J3N3-_nrS7mnc6HyDiMGe0NxSIiiHSrk6kFkGEUTaI","crv":"P-256","d":"I-nYLK6kg2o8s3cEVYgI5Pu1MvEx1y3p7_d3mopfhfw"}]}
        

        where 'd' == 'I-nYLK6kg2o8s3cEVYgI5Pu1MvEx1y3p7_d3mopfhfw'

      • Generated JWK from IG:
         ?
        

        where 'd' =='3BYn01FbfJXDTIj7qnf3GwRKzQ7OKNIWEAiIZXWgegQ'

      Attachments

        Issue Links

          Activity

            People

              violette Violette Roche Montane
              jcdevil Jean-Charles Deville
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: