Malcolm Matalka wrote:
> Hello,
>
> I'm trying to implement verification of JWT's signed with RS256 and
> having some trouble finding the crypto library I should use for this.
> Nocrypt and CryptoKit are the obvious choices by searching opam, however
> neither of them seem to quite have what I'm looking for.  RS256 is RSA
> with SHA256 and something called PKCS1v1.5 for padding.  I see both of
> these libraries have RSA options but it doesn't seem possible to specify
> the hashing algorithm.  Nocrypto has a PKCS1v1.5 module in the RSA
> module but no hash.  When I call [sig_decode] on my message I get back
> a message text but it also doesn't seem to match what I'm expecting.
>
> My input is the message, the signed signature, and the public key, and
> I'd like to know verify these match correctly.
>
> I really don't know much about crypto and am just trying to implement a
> spec.  Anyone have a suggestion for what library I should use?  Am I
> just missing something?
>
> Thanks,
> /Malcolm

Have you looked at Crypto++ (aka CryptoPP)?  It is a fairly complete
library with "lots" of users.

https://www.cryptopp.com/wiki/Main_Page

Regards,
--
Robert Roessler
robertr@rftp.com
http://www.rftp.com