From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) by c5ff346549e7 (Postfix) with ESMTP id D7D6C5D5 for ; Tue, 19 Feb 2019 06:31:45 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.58,387,1544482800"; d="scan'208,217";a="369947354" Received: from sympa.inria.fr ([193.51.193.213]) by mail2-relais-roc.national.inria.fr with ESMTP; 19 Feb 2019 07:31:44 +0100 Received: by sympa.inria.fr (Postfix, from userid 20132) id E3113825B2; Tue, 19 Feb 2019 07:31:44 +0100 (CET) Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) by sympa.inria.fr (Postfix) with ESMTPS id 9E4807F61F for ; Tue, 19 Feb 2019 07:31:38 +0100 (CET) Authentication-Results: mail2-smtp-roc.national.inria.fr; spf=None smtp.pra=mmatalka@gmail.com; spf=Pass smtp.mailfrom=mmatalka@gmail.com; spf=None smtp.helo=postmaster@mail-wr1-f43.google.com IronPort-PHdr: =?us-ascii?q?9a23=3ALSrgBxT2VILkK0QT6ldGInvCvdpsv+yvbD5Q0YIu?= =?us-ascii?q?jvd0So/mwa6yZRaN2/xhgRfzUJnB7Loc0qyK6/CmATRIyK3CmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+?= =?us-ascii?q?KPjrFY7OlcS30P2594HObwlSizexfbB/IA+qoQnNq8IbnZZsJqEtxxXTv3BGYf?= =?us-ascii?q?5WxWRmJVKSmxbz+MK994N9/ipTpvws6ddOXb31cKokQ7NYCi8mM30u683wqRbD?= =?us-ascii?q?VwqP6WACXWgQjxFFHhLK7BD+Xpf2ryv6qu9w0zSUMMHqUbw5Xymp4rx1QxH0li?= =?us-ascii?q?gIKz858HnWisNuiqJbvAmhrAF7z4LNfY2ZKOZycqbbcNgHR2ROQ9xRWjRODYOy?= =?us-ascii?q?bYQBD+QPM+VFoYfju1QDtgGxCRW2Ce711jNEmn370Ksn2OohCwHG2wkgEsoJvn?= =?us-ascii?q?vOqNX6KKASUeSwzKLVyjvMde9W1i356IjLaB8qvPaBXbd1ccXL1UkgDQfFjlaK?= =?us-ascii?q?poH+MDOV0/4Cs2mf7+Z6Se2vjGsnphh3rzOyyMksjYzJiZgUylDC7Sh52og1Jc?= =?us-ascii?q?GgSEJhfdGkF55QuzmGOItsQsIiW31ouCEiyr0eo5K0YC8KyJEhyhXCaPKHa5CF?= =?us-ascii?q?7gz/WOuVOzt1h3JodKihixqs7ESs0OLxW8ey3V1XtCRKiMPMuWoI1xHL6siIVP?= =?us-ascii?q?99/kC51DaKzQ/T6+VELVk6lKrBNpIt27Awm5UdvEjZES/2n0L2jKCSdko64OSn?= =?us-ascii?q?9+PnYrD+qp+dMY97lB3+P7wwlsCjBek0KAsDUmiB9eiiyrHv4Ff1TbpEg/Eul6?= =?us-ascii?q?nWqpHaJcAVpq6jBA9V154u6xO6Dzi8zNQXh30HLFFfdx+cgIjpPkvBIPH8Dful?= =?us-ascii?q?n1uslzJry+jcPrL9GpXNMmTDkLD5cLlh8UFczQ4zwclb55JVEbEBPOn+WlTxtd?= =?us-ascii?q?zdFh82KRa4w+fhCNVn14MRQ3iDAqGDMPCajVjd3OUlLvOQLLUStS3mL/U/r6r0?= =?us-ascii?q?inU0g0MHVbOnwYNRY3e9SKdIOUKcNF/lhtwGFWJCmwMiRejpgRXWVDtae3+2XK?= =?us-ascii?q?sU6TQyCYbgBoDGENP+yIed1Tu2S8UFLltNDUqBRDKxL93dCqU8LRmKK8okqQQq?= =?us-ascii?q?EL2oSosvzxar7VaoxL9uL+6S8Sod58u6iIpFotbLnBR3zgRaStyH2jjUHW5xl2?= =?us-ascii?q?IMATQx2fIn+BEv+hK4yaF9xsdgO5lT6vdOCFpoMJfdy6llEYm3VF6aONiOT1mi?= =?us-ascii?q?T5OtBjRjFt8=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0COAAC5oWtchivdVdFjGwEBAQEDAQEBB?= =?us-ascii?q?wMBAQGBZYJrgQMnhAaBHYJekAaCDYouh3yHbA0fhE0Cg3IaBwEENBIBAwEBAgE?= =?us-ascii?q?BAQEBEwEBAQgLCwgbDiMMgjopAYJmAQEBAQIBIx0BGx0BAwELBgUEBw0qAgIiA?= =?us-ascii?q?REBBQEcBhODIAGBWQEDDQgPoA08ixuBEgUBF4J5BYQ7ChknDV+BNwIGEoVohQi?= =?us-ascii?q?BQheBQD+EI4MSghyCXIJXAqNGCZJXGZMCiAKUVw8hgTyBdzMaCBsVOzGCOwmCE?= =?us-ascii?q?wsPCYNLilRBMI1nAQE?= X-IPAS-Result: =?us-ascii?q?A0COAAC5oWtchivdVdFjGwEBAQEDAQEBBwMBAQGBZYJrgQM?= =?us-ascii?q?nhAaBHYJekAaCDYouh3yHbA0fhE0Cg3IaBwEENBIBAwEBAgEBAQEBEwEBAQgLC?= =?us-ascii?q?wgbDiMMgjopAYJmAQEBAQIBIx0BGx0BAwELBgUEBw0qAgIiAREBBQEcBhODIAG?= =?us-ascii?q?BWQEDDQgPoA08ixuBEgUBF4J5BYQ7ChknDV+BNwIGEoVohQiBQheBQD+EI4MSg?= =?us-ascii?q?hyCXIJXAqNGCZJXGZMCiAKUVw8hgTyBdzMaCBsVOzGCOwmCEwsPCYNLilRBMI1?= =?us-ascii?q?nAQE?= X-IronPort-AV: E=Sophos;i="5.58,387,1544482800"; d="scan'208,217";a="369947322" Received: from mail-wr1-f43.google.com ([209.85.221.43]) by mail2-smtp-roc.national.inria.fr with ESMTP/TLS/AES128-GCM-SHA256; 19 Feb 2019 07:31:37 +0100 Received: by mail-wr1-f43.google.com with SMTP id i16so12593223wrs.13 for ; Mon, 18 Feb 2019 22:31:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0Hy7jJ/bVe1M7vha8fom+C1q9Kns0GsdlcniX8md18g=; b=uDa7LLNXThR6dzpctOJ/oAOIFlxB7f90YTdeMmy4pYTGdSSO4QVD/A2gEfAHdJAqbr SZ2fCWLP/9IKGrwipW6YYqI/OAUyj23GxmdiPsi2ctFM4ac6t8joRLULCnw2MFIBcrQs sBFUXbeKB5vq3/c+OPl7gCK9i9PcqgzUD4aXEjnJfZ4V9aHLiAVk/ucse1Msfdomi4EU jZLelBKJDA5Nt2c2oY2JHZjpP0+FpYZuC8Ue3p0QddUukDo5tLFXlU6Q9Y2qApvyN0vL VYLuRI3/kjbMi0eX9euqHs9fECGkLdR8rtvjhUZsBwo2e12iLRVTrgLup1wX7KjrPz3j 7A2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0Hy7jJ/bVe1M7vha8fom+C1q9Kns0GsdlcniX8md18g=; b=WG+bpVhnWEHJtbJzsksCvdamJn1FA2Ml5V8WgrU28Hfv47tTro+NNZ9hXwJFmH1SgW OIZ/6RDZPLZB6ECoMKH01jO/e+9LbZm/MzRVr7FIT3P59vRBk0J8XbWmkMg/sN31GyBU hgmKSpQdmx/JVRw+oYfKyTDLtGEGNvubkd9F8zOhXYAApye637TkY4pKAj4usiRxYsp+ 6bTcsxRug2LTLd42u46YIM/J9g3+Y2sIfcA29wyHakXK7NNkGfl7MHkwYT2XROQWoG63 aU5t7VWY9fyA29jqs4nGwRTa1yBj6B6OCcgNlPggL28T9FWT8XiwbDuebXmTYBuY6GtQ EWug== X-Gm-Message-State: AHQUAuYRd+ryqrO3IRAmctzZa5P40sDeBUdfo+UEE/5xaFRRW212j41q Mjkm3VjVz4gFQJPU1848J5ACvFeTE5rfj5vnIi/hCg== X-Google-Smtp-Source: AHgI3IZ3zDye4FLFE8pR93N5q3m7f1deUpPWOezrIAkQNwQiJdGGPY6jldS5x1SqN3uzbTe+dMSphvmEd6n/FYNjWKE= X-Received: by 2002:adf:f244:: with SMTP id b4mr11241577wrp.289.1550557896524; Mon, 18 Feb 2019 22:31:36 -0800 (PST) MIME-Version: 1.0 References: <867edw49ug.fsf@gmail.com> <0e233aa3-d549-1391-9594-3dfaf6eead6a@rftp.com> In-Reply-To: <0e233aa3-d549-1391-9594-3dfaf6eead6a@rftp.com> From: Malcolm Matalka Date: Tue, 19 Feb 2019 07:31:23 +0100 Message-ID: To: Robert Roessler Cc: caml-list Content-Type: multipart/alternative; boundary="000000000000a046330582396425" Subject: Re: [Caml-list] Implementing JWT RS256 verification Reply-To: Malcolm Matalka X-Loop: caml-list@inria.fr X-Sequence: 17354 Errors-to: caml-list-owner@inria.fr Precedence: list Precedence: bulk Sender: caml-list-request@inria.fr X-no-archive: yes List-Id: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --000000000000a046330582396425 Content-Type: text/plain; charset="UTF-8" I am hoping something already exists in Ocaml rather than create new bindings. Den tis 19 feb. 2019 06:50Robert Roessler skrev: > Malcolm Matalka wrote: > > Hello, > > > > I'm trying to implement verification of JWT's signed with RS256 and > > having some trouble finding the crypto library I should use for this. > > Nocrypt and CryptoKit are the obvious choices by searching opam, however > > neither of them seem to quite have what I'm looking for. RS256 is RSA > > with SHA256 and something called PKCS1v1.5 for padding. I see both of > > these libraries have RSA options but it doesn't seem possible to specify > > the hashing algorithm. Nocrypto has a PKCS1v1.5 module in the RSA > > module but no hash. When I call [sig_decode] on my message I get back > > a message text but it also doesn't seem to match what I'm expecting. > > > > My input is the message, the signed signature, and the public key, and > > I'd like to know verify these match correctly. > > > > I really don't know much about crypto and am just trying to implement a > > spec. Anyone have a suggestion for what library I should use? Am I > > just missing something? > > > > Thanks, > > /Malcolm > > Have you looked at Crypto++ (aka CryptoPP)? It is a fairly complete > library with "lots" of users. > > https://www.cryptopp.com/wiki/Main_Page > > Regards, > -- > Robert Roessler > robertr@rftp.com > http://www.rftp.com > --000000000000a046330582396425 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I am hoping something already exists in Ocaml rather than= create new bindings.

Den tis 19 feb. 2019 06:50Robert Roessler <robertr@rftp.com> skrev:
Malcolm Matalka wrote:
> Hello,
>
> I'm trying to implement verification of JWT's signed with RS25= 6 and
> having some trouble finding the crypto library I should use for this.<= br> > Nocrypt and CryptoKit are the obvious choices by searching opam, howev= er
> neither of them seem to quite have what I'm looking for.=C2=A0 RS2= 56 is RSA
> with SHA256 and something called PKCS1v1.5 for padding.=C2=A0 I see bo= th of
> these libraries have RSA options but it doesn't seem possible to s= pecify
> the hashing algorithm.=C2=A0 Nocrypto has a PKCS1v1.5 module in the RS= A
> module but no hash.=C2=A0 When I call [sig_decode] on my message I get= back
> a message text but it also doesn't seem to match what I'm expe= cting.
>
> My input is the message, the signed signature, and the public key, and=
> I'd like to know verify these match correctly.
>
> I really don't know much about crypto and am just trying to implem= ent a
> spec.=C2=A0 Anyone have a suggestion for what library I should use?=C2= =A0 Am I
> just missing something?
>
> Thanks,
> /Malcolm

Have you looked at Crypto++ (aka CryptoPP)?=C2=A0 It is a fairly complete <= br> library with "lots" of users.

https://www.cryptopp.com/wiki/Main_Page

Regards,
--
Robert Roessler
ro= bertr@rftp.com
http://www.rftp.com
--000000000000a046330582396425--