From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) by c5ff346549e7 (Postfix) with ESMTP id CE49F5D5 for ; Tue, 19 Feb 2019 05:37:58 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.58,387,1544482800"; d="scan'208";a="369944329" Received: from sympa.inria.fr ([193.51.193.213]) by mail2-relais-roc.national.inria.fr with ESMTP; 19 Feb 2019 06:37:57 +0100 Received: by sympa.inria.fr (Postfix, from userid 20132) id A1B05825C0; Tue, 19 Feb 2019 06:37:57 +0100 (CET) Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) by sympa.inria.fr (Postfix) with ESMTPS id 160BF7F61F for ; Tue, 19 Feb 2019 06:37:47 +0100 (CET) Authentication-Results: mail2-smtp-roc.national.inria.fr; spf=None smtp.pra=mmatalka@gmail.com; spf=Pass smtp.mailfrom=mmatalka@gmail.com; spf=None smtp.helo=postmaster@mail-lj1-f173.google.com IronPort-PHdr: =?us-ascii?q?9a23=3A+GlejxxGDHQHwtvXCy+O+j09IxM/srCxBDY+r6Qd?= =?us-ascii?q?1O4UIJqq85mqBkHD//Il1AaPAd2Lraocw8Pt8InYEVQa5piAtH1QOLdtbDQizf?= =?us-ascii?q?ssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1?= =?us-ascii?q?JuPoEYLOksi7ze+/94HQbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeu?= =?us-ascii?q?BWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbO?= =?us-ascii?q?SxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDwULs6Wymt771zRRDmiC?= =?us-ascii?q?kJKSM3/m/UhMN/kK1Wuw6hqwBlzoLIfI2YLuZyc6XAdt0aX2pBWcNRWjRGDIym?= =?us-ascii?q?a4sAE+0BPeJdr4LgoFUBtwe+ChOoBOPs0DBDm3j73ag/0+s7DQHJxgggH9EUv3?= =?us-ascii?q?nPo9X1Mb0dUeGxzKXS0TrDaPZW1C775YPVcR4huemBUaxsfcfV00UiFAPIgk+O?= =?us-ascii?q?pYD5PD6ZzPkBvmqV4uZ4SO6jl2oqpxtvrjWhxcogkJTFi4wUx1ze9Ch0z4A4Ls?= =?us-ascii?q?CiRkFhe96rCp5QujmaN4RoRsMiRHlluCMgxb0HvZ63ZSwKyJY6yxLGZfyLboqF?= =?us-ascii?q?7xz5WOaeJjd4g31leLahiBqo7Uegzej8WtG10FZMsCVFjsHBum4R2xHX8MSKSf?= =?us-ascii?q?tw8l2/1TqT1A3f8PxILEI6mKbDLp4u2L8wlp4dsUTZGS/2nV37jKqTdko+5uin?= =?us-ascii?q?8eDnYrb8qZKHOI90jxvxMqUqmsClHes4NQ0OU3CB+eugzL3j4VH5QLJSg/IqiK?= =?us-ascii?q?bZtZTaKd0fpq64GA9Vzp0u6w2/DjejyNQXh2MLLFNDeBKdjojmIUvCIP7iDaT3?= =?us-ascii?q?v1P5mz5uw7jbJbD7Gd2ZJXHGlPLlfK1hw09a0gs6i95FscF6ELYEddf6XkT2sN?= =?us-ascii?q?mQKxYlOgi3yq6zDdB0yooaWmunDaqQMaeUuliNsLF8a9KQbZMY7W6uY8Mu4OTj?= =?us-ascii?q?2CdgyA0tOJKx1J5SU0iWW/FvIkGXe33p245THmIDvw54R+vv2gTbDWxjIk2qVq?= =?us-ascii?q?d53QkVTZq8BN6aFI+oib2Fmiy8G88OPz0UOhW3CX7tMr68dbIMZSaVeJEzlzUF?= =?us-ascii?q?Uf2lSdZk20jx70n1zL1oKueS8Sod58ru?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AiAAColGtchq3QVdFjHgEGBwaBUQkLA?= =?us-ascii?q?YM7WYx/iwiLSnGEWIkVgXsLAQEFJ4gzGgcBBDAJDQEDAQECAQEBAQETAQEBCAs?= =?us-ascii?q?LCCkjDII6IoM1ARseAxIQFjQBExEBBQEigzOBWgEDFQSgJDyMLQUBF4J5BYJGg?= =?us-ascii?q?XUKGScNX4E3AgYJAQiFaIUIgUIXgUA/jwQCihSZMgmGd4tgGYpNiDWIApQ/BgI?= =?us-ascii?q?JBw8hgSWCDjMaCBsVbII7ghwLDwmDS4pUPjOBAiYTjCwBAQ?= X-IPAS-Result: =?us-ascii?q?A0AiAAColGtchq3QVdFjHgEGBwaBUQkLAYM7WYx/iwiLSnG?= =?us-ascii?q?EWIkVgXsLAQEFJ4gzGgcBBDAJDQEDAQECAQEBAQETAQEBCAsLCCkjDII6IoM1A?= =?us-ascii?q?RseAxIQFjQBExEBBQEigzOBWgEDFQSgJDyMLQUBF4J5BYJGgXUKGScNX4E3AgY?= =?us-ascii?q?JAQiFaIUIgUIXgUA/jwQCihSZMgmGd4tgGYpNiDWIApQ/BgIJBw8hgSWCDjMaC?= =?us-ascii?q?BsVbII7ghwLDwmDS4pUPjOBAiYTjCwBAQ?= X-IronPort-AV: E=Sophos;i="5.58,387,1544482800"; d="scan'208";a="369944287" Received: from mail-lj1-f173.google.com ([209.85.208.173]) by mail2-smtp-roc.national.inria.fr with ESMTP/TLS/AES128-GCM-SHA256; 19 Feb 2019 06:37:45 +0100 Received: by mail-lj1-f173.google.com with SMTP id z25so8496652ljk.8 for ; Mon, 18 Feb 2019 21:37:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=user-agent:from:to:subject:date:message-id:mime-version; bh=14juMsR0+prjttRAEt9rbQlQgWL964IiRAZ7w67uZDQ=; b=dCrJ7M7q3bnc6XQtIEZrVf4oT+HuozpnQupzChP07saJSDLqCvCiLoxD8TJdQgy47e N3tuM4nP5b11jUi/PmjyMAuYvfDrpVHrEAVH7Zh0tneatIVgtT/nnqpT8nupJffbeDN7 MlMljp+cBbwNlDfs6AmlovIprbMO4p0vqhP36CYOaLsyjO7eKKROuVEatiSAvufrO5+h VfxRAM/YMr3ID87QsEXZFCPuHDgSsWy506EZT2nDyblSPXClGLJHL3cjZ4u9WGU68xH9 u2yyOQvEfqEaTWdlGUjDAlZLkPrT10KirEuCGvbnXlmsnRJtlEC+XZLJ4OMcwybHSxMj klDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:from:to:subject:date:message-id :mime-version; bh=14juMsR0+prjttRAEt9rbQlQgWL964IiRAZ7w67uZDQ=; b=WNVeE4qXL7iXRQq6y3eAMEPeNETgvW5uMjaywEbNrDJoIfyjPVVC7aeq0V23NbgEfR JkmbgT5z9N6nAZKKPgqkKKZbjC1ViecUUpc1yHaFzgkoK3Kq06nRUWHvObfvjQj0CvCT RfaIEC14uyrVbiW4S68fPO7MQFNY+DF4M4SOXPqAXMUzPcFga43tuOhvYQuMydjbhU7A QXn7ZnbuSqWsucABssQ/Nl1Sa/G9MoICCRcW9YS/C5w6tUMD5LbfEYxPBoNWx6LEOzO4 W1ri+2J2IWhRrvHNByB6lfCeMod9Bu8Wov4FTbJEi9/IFoyG9VVhM2zKORKK9qTs76SA 3ubQ== X-Gm-Message-State: AHQUAubCWr+kFUlvsdYSlvg5oSuqMj2OrewjxM5GgK+FLs5sZqmg2jy9 t64XDBzrH2OJFTm9NpnuA7HH+XP+ X-Google-Smtp-Source: AHgI3IZYooPxuOkZJsLjy+VKcHUeyFrKP3NoK5nLRDOFc+6nHDXwHYCBBF1o2XpNU+Ch7sYo/edbyg== X-Received: by 2002:a2e:94ce:: with SMTP id r14-v6mr16186637ljh.34.1550554664523; Mon, 18 Feb 2019 21:37:44 -0800 (PST) Received: from localhost (customer-109-238-136-64.stosn.net. [109.238.136.64]) by smtp.gmail.com with ESMTPSA id p7sm219091lfh.87.2019.02.18.21.37.43 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 18 Feb 2019 21:37:43 -0800 (PST) User-agent: mu4e 1.0; emacs 26.1 From: Malcolm Matalka To: caml users Date: Tue, 19 Feb 2019 06:37:43 +0100 Message-ID: <867edw49ug.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain Subject: [Caml-list] Implementing JWT RS256 verification Reply-To: Malcolm Matalka X-Loop: caml-list@inria.fr X-Sequence: 17353 Errors-to: caml-list-owner@inria.fr Precedence: list Precedence: bulk Sender: caml-list-request@inria.fr X-no-archive: yes List-Id: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Hello, I'm trying to implement verification of JWT's signed with RS256 and having some trouble finding the crypto library I should use for this. Nocrypt and CryptoKit are the obvious choices by searching opam, however neither of them seem to quite have what I'm looking for. RS256 is RSA with SHA256 and something called PKCS1v1.5 for padding. I see both of these libraries have RSA options but it doesn't seem possible to specify the hashing algorithm. Nocrypto has a PKCS1v1.5 module in the RSA module but no hash. When I call [sig_decode] on my message I get back a message text but it also doesn't seem to match what I'm expecting. My input is the message, the signed signature, and the public key, and I'd like to know verify these match correctly. I really don't know much about crypto and am just trying to implement a spec. Anyone have a suggestion for what library I should use? Am I just missing something? Thanks, /Malcolm