❔ ✅ JWT signatures not working

string jwtMessage = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0";
string publicKey = @"-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1SU1LfVLPHCozMxH2Mo
4lgOEePzNm0tRgeLezV6ffAt0gunVTLw7onLRnrq0/IzW7yWR7QkrmBL7jTKEn5u
+qKhbwKfBstIs+bMY2Zkp18gnTxKLxoS2tFczGkPLPgizskuemMghRniWaoLcyeh
kd3qqGElvW/VDL5AaWTg0nLVkjRo9z+40RQzuVaE8AkAFmxZzow3x+VJYKdjykkJ
0iT9wCS0DRTXu269V264Vf/3jvredZiKRkgwlL9xNAwxXFg0x/XFw005UWVRIkdg
cKWTjpBP2dPwVZ4WWC+9aGVd+Gyn1o0CLelf4rEjGoXbAAEgAqeGUxrcIlbjXfbc
mwIDAQAB
-----END PUBLIC KEY-----";
string privateKey = @"PLACEHOLDER, private key same pem format"; 
string jwtSignature;
using (var rsa = RSA.Create())
{
    rsa.ImportFromPem(privateKey);
    jwtSignature = Base64UrlEncoder.Encode(rsa.SignData(Encoding.UTF8.GetBytes(jwtMessage), HashAlgorithmName.SHA256, RSASignaturePadding.Pss));
}
using (var rsa = RSA.Create())
{    
    rsa.ImportFromPem(publicKey);
    var signatureBytes = Encoding.UTF8.GetBytes(Base64UrlEncoder.Decode(jwtSignature));
    var data = Encoding.UTF8.GetBytes(jwtMessage);

    // Verify the created signature using jwtMessage fails, output is false
    Console.WriteLine(rsa.VerifyData(data, signatureBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pss));
}

string jwtMessage = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0";
string publicKey = @"-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1SU1LfVLPHCozMxH2Mo
4lgOEePzNm0tRgeLezV6ffAt0gunVTLw7onLRnrq0/IzW7yWR7QkrmBL7jTKEn5u
+qKhbwKfBstIs+bMY2Zkp18gnTxKLxoS2tFczGkPLPgizskuemMghRniWaoLcyeh
kd3qqGElvW/VDL5AaWTg0nLVkjRo9z+40RQzuVaE8AkAFmxZzow3x+VJYKdjykkJ
0iT9wCS0DRTXu269V264Vf/3jvredZiKRkgwlL9xNAwxXFg0x/XFw005UWVRIkdg
cKWTjpBP2dPwVZ4WWC+9aGVd+Gyn1o0CLelf4rEjGoXbAAEgAqeGUxrcIlbjXfbc
mwIDAQAB
-----END PUBLIC KEY-----";
string privateKey = @"PLACEHOLDER, private key same pem format"; 
string jwtSignature;
using (var rsa = RSA.Create())
{
    rsa.ImportFromPem(privateKey);
    jwtSignature = Base64UrlEncoder.Encode(rsa.SignData(Encoding.UTF8.GetBytes(jwtMessage), HashAlgorithmName.SHA256, RSASignaturePadding.Pss));
}
using (var rsa = RSA.Create())
{    
    rsa.ImportFromPem(publicKey);
    var signatureBytes = Encoding.UTF8.GetBytes(Base64UrlEncoder.Decode(jwtSignature));
    var data = Encoding.UTF8.GetBytes(jwtMessage);

    // Verify the created signature using jwtMessage fails, output is false
    Console.WriteLine(rsa.VerifyData(data, signatureBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pss));
}

I took the public and private key as well as the jwtMessage from sample data on jwt.io. I created my own siganture for the token using the private key from their, and tried to verify the signature using the matching public key I took from there. What am I doing wrong?

string jwtMessage = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0";
string publicKey = @"-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1SU1LfVLPHCozMxH2Mo
4lgOEePzNm0tRgeLezV6ffAt0gunVTLw7onLRnrq0/IzW7yWR7QkrmBL7jTKEn5u
+qKhbwKfBstIs+bMY2Zkp18gnTxKLxoS2tFczGkPLPgizskuemMghRniWaoLcyeh
kd3qqGElvW/VDL5AaWTg0nLVkjRo9z+40RQzuVaE8AkAFmxZzow3x+VJYKdjykkJ
0iT9wCS0DRTXu269V264Vf/3jvredZiKRkgwlL9xNAwxXFg0x/XFw005UWVRIkdg
cKWTjpBP2dPwVZ4WWC+9aGVd+Gyn1o0CLelf4rEjGoXbAAEgAqeGUxrcIlbjXfbc
mwIDAQAB
-----END PUBLIC KEY-----";
string privateKey = @"PLACEHOLDER, private key same pem format"; 
string jwtSignature;
using (var rsa = RSA.Create())
{
    rsa.ImportFromPem(privateKey);
    jwtSignature = Base64UrlEncoder.Encode(rsa.SignData(Encoding.UTF8.GetBytes(jwtMessage), HashAlgorithmName.SHA256, RSASignaturePadding.Pss));
}
using (var rsa = RSA.Create())
{    
    rsa.ImportFromPem(publicKey);
    var signatureBytes = Encoding.UTF8.GetBytes(Base64UrlEncoder.Decode(jwtSignature));
    var data = Encoding.UTF8.GetBytes(jwtMessage);

    // Verify the created signature using jwtMessage fails, output is false
    Console.WriteLine(rsa.VerifyData(data, signatureBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pss));
}

string jwtMessage = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0";
string publicKey = @"-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1SU1LfVLPHCozMxH2Mo
4lgOEePzNm0tRgeLezV6ffAt0gunVTLw7onLRnrq0/IzW7yWR7QkrmBL7jTKEn5u
+qKhbwKfBstIs+bMY2Zkp18gnTxKLxoS2tFczGkPLPgizskuemMghRniWaoLcyeh
kd3qqGElvW/VDL5AaWTg0nLVkjRo9z+40RQzuVaE8AkAFmxZzow3x+VJYKdjykkJ
0iT9wCS0DRTXu269V264Vf/3jvredZiKRkgwlL9xNAwxXFg0x/XFw005UWVRIkdg
cKWTjpBP2dPwVZ4WWC+9aGVd+Gyn1o0CLelf4rEjGoXbAAEgAqeGUxrcIlbjXfbc
mwIDAQAB
-----END PUBLIC KEY-----";
string privateKey = @"PLACEHOLDER, private key same pem format"; 
string jwtSignature;
using (var rsa = RSA.Create())
{
    rsa.ImportFromPem(privateKey);
    jwtSignature = Base64UrlEncoder.Encode(rsa.SignData(Encoding.UTF8.GetBytes(jwtMessage), HashAlgorithmName.SHA256, RSASignaturePadding.Pss));
}
using (var rsa = RSA.Create())
{    
    rsa.ImportFromPem(publicKey);
    var signatureBytes = Encoding.UTF8.GetBytes(Base64UrlEncoder.Decode(jwtSignature));
    var data = Encoding.UTF8.GetBytes(jwtMessage);

    // Verify the created signature using jwtMessage fails, output is false
    Console.WriteLine(rsa.VerifyData(data, signatureBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pss));
}

❔ ✅ JWT signatures not working

Similar Threads

❔ ✅ JWT signatures not working

Similar Threads

Similar Threads

Similar Threads