❔ ✅ JWT signatures not working
string jwtMessage = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0";
string publicKey = @"-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1SU1LfVLPHCozMxH2Mo
4lgOEePzNm0tRgeLezV6ffAt0gunVTLw7onLRnrq0/IzW7yWR7QkrmBL7jTKEn5u
+qKhbwKfBstIs+bMY2Zkp18gnTxKLxoS2tFczGkPLPgizskuemMghRniWaoLcyeh
kd3qqGElvW/VDL5AaWTg0nLVkjRo9z+40RQzuVaE8AkAFmxZzow3x+VJYKdjykkJ
0iT9wCS0DRTXu269V264Vf/3jvredZiKRkgwlL9xNAwxXFg0x/XFw005UWVRIkdg
cKWTjpBP2dPwVZ4WWC+9aGVd+Gyn1o0CLelf4rEjGoXbAAEgAqeGUxrcIlbjXfbc
mwIDAQAB
-----END PUBLIC KEY-----";
string privateKey = @"PLACEHOLDER, private key same pem format";
string jwtSignature;
using (var rsa = RSA.Create())
{
rsa.ImportFromPem(privateKey);
jwtSignature = Base64UrlEncoder.Encode(rsa.SignData(Encoding.UTF8.GetBytes(jwtMessage), HashAlgorithmName.SHA256, RSASignaturePadding.Pss));
}
using (var rsa = RSA.Create())
{
rsa.ImportFromPem(publicKey);
var signatureBytes = Encoding.UTF8.GetBytes(Base64UrlEncoder.Decode(jwtSignature));
var data = Encoding.UTF8.GetBytes(jwtMessage);
// Verify the created signature using jwtMessage fails, output is false
Console.WriteLine(rsa.VerifyData(data, signatureBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pss));
}string jwtMessage = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0";
string publicKey = @"-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1SU1LfVLPHCozMxH2Mo
4lgOEePzNm0tRgeLezV6ffAt0gunVTLw7onLRnrq0/IzW7yWR7QkrmBL7jTKEn5u
+qKhbwKfBstIs+bMY2Zkp18gnTxKLxoS2tFczGkPLPgizskuemMghRniWaoLcyeh
kd3qqGElvW/VDL5AaWTg0nLVkjRo9z+40RQzuVaE8AkAFmxZzow3x+VJYKdjykkJ
0iT9wCS0DRTXu269V264Vf/3jvredZiKRkgwlL9xNAwxXFg0x/XFw005UWVRIkdg
cKWTjpBP2dPwVZ4WWC+9aGVd+Gyn1o0CLelf4rEjGoXbAAEgAqeGUxrcIlbjXfbc
mwIDAQAB
-----END PUBLIC KEY-----";
string privateKey = @"PLACEHOLDER, private key same pem format";
string jwtSignature;
using (var rsa = RSA.Create())
{
rsa.ImportFromPem(privateKey);
jwtSignature = Base64UrlEncoder.Encode(rsa.SignData(Encoding.UTF8.GetBytes(jwtMessage), HashAlgorithmName.SHA256, RSASignaturePadding.Pss));
}
using (var rsa = RSA.Create())
{
rsa.ImportFromPem(publicKey);
var signatureBytes = Encoding.UTF8.GetBytes(Base64UrlEncoder.Decode(jwtSignature));
var data = Encoding.UTF8.GetBytes(jwtMessage);
// Verify the created signature using jwtMessage fails, output is false
Console.WriteLine(rsa.VerifyData(data, signatureBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pss));
}I took the public and private key as well as the jwtMessage from sample data on jwt.io. I created my own siganture for the token using the private key from their, and tried to verify the signature using the matching public key I took from there. What am I doing wrong?
