From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) by c5ff346549e7 (Postfix) with ESMTPS id 4D5575D5 for ; Tue, 19 Feb 2019 09:53:43 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.58,387,1544482800"; d="scan'208";a="369982903" Received: from sympa.inria.fr ([193.51.193.213]) by mail2-relais-roc.national.inria.fr with ESMTP; 19 Feb 2019 10:53:42 +0100 Received: by sympa.inria.fr (Postfix, from userid 20132) id 4CB2C825F1; Tue, 19 Feb 2019 10:53:42 +0100 (CET) Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) by sympa.inria.fr (Postfix) with ESMTPS id 23CE57F61F for ; Tue, 19 Feb 2019 10:53:37 +0100 (CET) Authentication-Results: mail3-smtp-sop.national.inria.fr; spf=None smtp.pra=mmatalka@gmail.com; spf=Pass smtp.mailfrom=mmatalka@gmail.com; spf=None smtp.helo=postmaster@mail-lj1-f173.google.com IronPort-PHdr: =?us-ascii?q?9a23=3AeLeegR9r//xUlP9uRHKM819IXTAuvvDOBiVQ1KB4?= =?us-ascii?q?1+wcTK2v8tzYMVDF4r011RmVBdWds6oMotGVmpioYXYH75eFvSJKW713fDhBt/?= =?us-ascii?q?8rmRc9CtWOE0zxIa2iRSU7GMNfSA0tpCnjYgBaF8nkelLdvGC54yIMFRXjLwp1?= =?us-ascii?q?Ifn+FpLPg8it2O2+557ebx9UiDahfLh/MAi4oQLNu8cMnIBsMLwxyhzHontJf+?= =?us-ascii?q?RZ22ZlLk+Nkhj/+8m94odt/zxftPw9+cFAV776f7kjQrxDEDsmKWE169b1uhTF?= =?us-ascii?q?UACC+2ETUmQSkhpPHgjF8BT3VYr/vyfmquZw3jSRMMvrRr42RDui9b9mSBHmhy?= =?us-ascii?q?kHKTA37WPYhMJzgq1UvB2svAB/z5LObY2JKPZzZL/RcNUHTmRBRMZRUClBD5u7?= =?us-ascii?q?YYQVC+oOIeFYr434p1ATqhWxHxWsC/nryj9LnHD9wKo30+EkEQ7cwAwvBdYOsH?= =?us-ascii?q?fOo9juO6cSVPq6zKjMzTnZc/xW3jL95ZHOfxs8ov+MRap9fdTNxUQrDQ/IjVWd?= =?us-ascii?q?pZb7Mz+J1ekBqXWX4uhuWO63lWIrtgN8riKxyssxhYTFnJ8Zx1/A+CljxIs4Jt?= =?us-ascii?q?u1Q1Nhb9G+CptfrSSaOpN2Qsw8R2Fovz43yrgctp66eCgG0ZAnxxzCZ/CefYiE?= =?us-ascii?q?/xDuWeiLLTd3g3Jlf72/hxKs/kS61uL8Ucy03E5LripDjNbMqmgA2wLP5sWDUP?= =?us-ascii?q?dw/Ues1SyR2wzP6exIO104mKjVJpI5x74/jJsTsUDNHi/sn0X2ibebdkAh+uey?= =?us-ascii?q?9+ToeLHmppyGOIJvhQH+N74hms27AegiLgcOWG2b9fym1LL/5U35XKlKjvoun6?= =?us-ascii?q?bFqp/aIMAbqre9Aw9UyYYj9w2yDyym0dQdhXkINkhJeBOBj4jzOlHBOur0Dfml?= =?us-ascii?q?gwfkrDA+zPnDOvX8GZjXNTCXm77kefN56lVA4As119FWoZxOXOIvOvX2D2r4sN?= =?us-ascii?q?ffChpxFgWoyuLkAZ0p04YXRWuLAaaxP6bbsFvO7eUqdbrfLLQJsSrwfqB2r8Xl?= =?us-ascii?q?imU0zAdELPuZmKAPYXX9JcxIZkCQYH7imNAESD5YsQ83Teisg1qHA2cKOySCGp?= =?us-ascii?q?kk7zR+M7qISJ/ZT9n00rOE1Sa/WJZRYzIeUw3eITLTb4yBHsw0RmeSL8tmyGJW?= =?us-ascii?q?ULGgT8ol10jrulalkPxoKe3b/iBevpXmhoB4?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AnAADY0Wtchq3QVdFiHQEBBQEHBQGBU?= =?us-ascii?q?QgBCwGDO1mEaIc4X4sKgg2JPYVJiRWBewsBASyEQAKDZhoHAQQwCQ0BAwEBAgE?= =?us-ascii?q?BAQEBEwEBAQgLCwgpIwyCOiKCbwECAgFAARseAwELBgULFiUPARECEQEFARwGE?= =?us-ascii?q?4MggVoBAw0IBKAlPIwtBQEXgnkFgkaBdAoZJw1fgTcCBgkBCIVohQiBQheBQD+?= =?us-ascii?q?EI4JXiAoCoxYzCY8egzsZik2IN4gDiTqLBgYCCQcPIYElgg4zGggbFWyCO4IcC?= =?us-ascii?q?w8Jg0uKVD4zgQImE4woAQE?= X-IPAS-Result: =?us-ascii?q?A0AnAADY0Wtchq3QVdFiHQEBBQEHBQGBUQgBCwGDO1mEaIc?= =?us-ascii?q?4X4sKgg2JPYVJiRWBewsBASyEQAKDZhoHAQQwCQ0BAwEBAgEBAQEBEwEBAQgLC?= =?us-ascii?q?wgpIwyCOiKCbwECAgFAARseAwELBgULFiUPARECEQEFARwGE4MggVoBAw0IBKA?= =?us-ascii?q?lPIwtBQEXgnkFgkaBdAoZJw1fgTcCBgkBCIVohQiBQheBQD+EI4JXiAoCoxYzC?= =?us-ascii?q?Y8egzsZik2IN4gDiTqLBgYCCQcPIYElgg4zGggbFWyCO4IcCw8Jg0uKVD4zgQI?= =?us-ascii?q?mE4woAQE?= X-IronPort-AV: E=Sophos;i="5.58,387,1544482800"; d="scan'208";a="296628762" Received: from mail-lj1-f173.google.com ([209.85.208.173]) by mail3-smtp-sop.national.inria.fr with ESMTP/TLS/AES128-GCM-SHA256; 19 Feb 2019 10:53:19 +0100 Received: by mail-lj1-f173.google.com with SMTP id z25so9031864ljk.8 for ; Tue, 19 Feb 2019 01:53:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=references:user-agent:from:to:subject:in-reply-to:date:message-id :mime-version; bh=zRRb9QotrysV2uJr5xGjBEnKBlsFCbu1+FE31RkL6+4=; b=MFRyAogXKrxi9evC6SCYMbTvE9elcHdks/BkCgKWFXkha8atruxq/qzXt32fFnVcid bRuukcJcj52RYBproQq6ADXq5wD35wwYjD/4iFAraZ5nlVxGiLfau9x2T/g/XcW2bwug NSr0Yca+/sUmJcnSVVE1T0qmeqiA2N7aruwf/IsIm2ZPedGCcRVRWLMEYJtSSOKWNqky vHaKcxaatpFx/Mp6HBoE+sLpapV/+GiOVrOR9Lb6omxoYNfVMji56BorRkHJp6tC3gr5 5AyJhzJRxHkTGM4hKU52+JBtkK2nhjp7pTAAFohOtUlJSQrhHoZnLUleqHX7aREFfb/o uAAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:references:user-agent:from:to:subject :in-reply-to:date:message-id:mime-version; bh=zRRb9QotrysV2uJr5xGjBEnKBlsFCbu1+FE31RkL6+4=; b=Bcqml5YiqfB5ZeUTD5tf13jidoxKB4uliQ2KjCLrFaWkFKJoo8oGQQB3PA5ZtQs+FH o0S/utDQpJYWigZgOnKleamatwoyG14syEHZiEFLhWavkVyDSzsjeee1Z3OR4NNHFJB6 q0dhCe+tneqSyBezVN5Df8qz6tEqLJ1P+nY7A024nQ8r3DvXe9yIyBhMH5mNAnfBtqdi QVDQxvrV2CQgG3EWcGkUbEbjCRelSQEnOr6tzwFLBbqv8vERTSdDPjrMa8qjAV/ni9Fd xFd2SLLAfVL7igfxqgVqJb5kPMj2fMLIFBEyC/7Md3RJU0ow/PI2NL0DkeyW1s7CrAqj PjiA== X-Gm-Message-State: AHQUAuY2tNQRvG95Vz4clI6bG9r/oSKHQ+jXqSCQ5oh+iNjp7LU/YgCg s6JoUXy4JVZKJ/htrgJtFJVBC4QG X-Google-Smtp-Source: AHgI3IbxdK0kagIF8YPYcAlt3rrrfH1XFabD587yn5fHZtBk7Ftxoo5jcyJhKPrqnYNlTTLSP3x7sA== X-Received: by 2002:a2e:84ca:: with SMTP id q10-v6mr16883462ljh.65.1550569998033; Tue, 19 Feb 2019 01:53:18 -0800 (PST) Received: from localhost (host-217-214-149-98.mobileonline.telia.com. [217.214.149.98]) by smtp.gmail.com with ESMTPSA id d23sm4446531lfc.11.2019.02.19.01.53.16 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 19 Feb 2019 01:53:17 -0800 (PST) References: <867edw49ug.fsf@gmail.com> <865ztg3yl9.fsf@gmail.com> User-agent: mu4e 1.0; emacs 26.1 From: Malcolm Matalka To: caml users In-reply-to: <865ztg3yl9.fsf@gmail.com> Date: Tue, 19 Feb 2019 10:53:16 +0100 Message-ID: <864l903y0j.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain Subject: Re: [Caml-list] Implementing JWT RS256 verification Reply-To: Malcolm Matalka X-Loop: caml-list@inria.fr X-Sequence: 17356 Errors-to: caml-list-owner@inria.fr Precedence: list Precedence: bulk Sender: caml-list-request@inria.fr X-no-archive: yes List-Id: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Whoops, after looking around I see it's in master. I got confused in the GitHub UI. Malcolm Matalka writes: > Looking at the source code to Nocrypto, it looks like there is a verify > function but it is not exposed in the .mli for 0.5.4, anyone aware of > why this is the case? Just an oversight? > > Malcolm Matalka writes: > >> Hello, >> >> I'm trying to implement verification of JWT's signed with RS256 and >> having some trouble finding the crypto library I should use for this. >> Nocrypt and CryptoKit are the obvious choices by searching opam, however >> neither of them seem to quite have what I'm looking for. RS256 is RSA >> with SHA256 and something called PKCS1v1.5 for padding. I see both of >> these libraries have RSA options but it doesn't seem possible to specify >> the hashing algorithm. Nocrypto has a PKCS1v1.5 module in the RSA >> module but no hash. When I call [sig_decode] on my message I get back >> a message text but it also doesn't seem to match what I'm expecting. >> >> My input is the message, the signed signature, and the public key, and >> I'd like to know verify these match correctly. >> >> I really don't know much about crypto and am just trying to implement a >> spec. Anyone have a suggestion for what library I should use? Am I >> just missing something? >> >> Thanks, >> /Malcolm