• State Not Answered
  • Replies 6 replies
  • Subscribers 65 subscribers
  • Views 134 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 329758
Options

JWT decode on nRF52840

PW

Hi. I'm going to decode JWT (ECDSA sign) but I'm stuck. There is simple example to sign payload, but how can I decode JWT which I get from another device via bluetooth? I tried also to use l8w8jwt lib but there is many dependicies to solve and I've no idea is it right way? Is anybody can help? :)

Best regards

PW

Parents
  • 0

    Hi, 

    Our expert said

    if you just want to decode the JWT, you can use the Zephyr function base64_decode

    if you want to verify the JWT's signature, you can use uECC_verify from the tinycrypt library.

    Regards,
    Amanda H.

  • 0 in reply to Amanda Hsieh

    I have another problem. Is tinycrypt still supported on Zephyr? Maybe the better way will be use psa crypto api?

  • 0 in reply to PW

    PSA is the recommended API going forward. 

  • 0 in reply to Amanda Hsieh

    OK. Is it possible to verify JWT signature using my own key? I'm not sure, but I think I have to psa_import_key from e.g. const uint8_t table and then psa_verify_hash. Am I right?

  • 0 in reply to PW

    Hi  Could you help me with key format? I stuck on this part. I tried to use

    this converter result:

    	static const char public_key[65]={0x04, 0x39, 0xE4, 0x43, 0xEC, 0xD2, 0xA4, 0x2D, 0x56, 0xAD, 0xBB, 0xA4, 0xC8, 0x0D, 0xA1, 0x09, 
									  0x5C, 0xF7, 0x63, 0x7F, 0x00, 0x1C, 0xF5, 0x2A, 0x20, 0x7B, 0x96, 0x3F, 0xC8, 0xCF, 0x89, 0x99, 
									  0xB7, 0x9E, 0xB3, 0x90, 0xD6, 0xFC, 0x3B, 0x30, 0xF7, 0xC1, 0x46, 0x36, 0x62, 0xC0, 0x2D, 0xE8, 
									  0xA9, 0x90, 0xA1, 0xC0, 0x1C, 0x3A, 0x73, 0xC4, 0x9A, 0x69, 0xBA, 0x74, 0xF6, 0x09, 0x39, 0x4F, 
									  0xCE};
									  
    psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
	psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_VERIFY_HASH);
	psa_set_key_lifetime(&key_attributes, PSA_KEY_LIFETIME_VOLATILE);
	psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256));
	psa_set_key_type(&key_attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));
	psa_set_key_bits(&key_attributes, 256);

	LOG_HEXDUMP_INF(public_key,65,"PUBLIC KEY:");

	status = psa_import_key(&key_attributes, public_key, sizeof(public_key), &pub_key_handle);
	if (status != PSA_SUCCESS) 
	{
		LOG_INF("psa_import_key failed! (Error: %d)", status);
	}

	status = psa_verify_hash(pub_key_handle, PSA_ALG_ECDSA(PSA_ALG_SHA_256), sha_digest, output_len, signature, signature_length);
	if (status != PSA_SUCCESS) 
	{
		LOG_INF("PSA_verify_hash failed! (Error: %d)", status);
	}
	else
	{
		LOG_INF("Verify OK");
	}

    but I always get:

    PSA_verify_hash failed! (Error: -149)

    Converter: https://lapo.it/asn1js/

    How to convert pem key to correct table?

    Best regards

    PW

Reply
  • 0 in reply to PW

    Hi  Could you help me with key format? I stuck on this part. I tried to use

    this converter result:

    	static const char public_key[65]={0x04, 0x39, 0xE4, 0x43, 0xEC, 0xD2, 0xA4, 0x2D, 0x56, 0xAD, 0xBB, 0xA4, 0xC8, 0x0D, 0xA1, 0x09, 
									  0x5C, 0xF7, 0x63, 0x7F, 0x00, 0x1C, 0xF5, 0x2A, 0x20, 0x7B, 0x96, 0x3F, 0xC8, 0xCF, 0x89, 0x99, 
									  0xB7, 0x9E, 0xB3, 0x90, 0xD6, 0xFC, 0x3B, 0x30, 0xF7, 0xC1, 0x46, 0x36, 0x62, 0xC0, 0x2D, 0xE8, 
									  0xA9, 0x90, 0xA1, 0xC0, 0x1C, 0x3A, 0x73, 0xC4, 0x9A, 0x69, 0xBA, 0x74, 0xF6, 0x09, 0x39, 0x4F, 
									  0xCE};
									  
    psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
	psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_VERIFY_HASH);
	psa_set_key_lifetime(&key_attributes, PSA_KEY_LIFETIME_VOLATILE);
	psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256));
	psa_set_key_type(&key_attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));
	psa_set_key_bits(&key_attributes, 256);

	LOG_HEXDUMP_INF(public_key,65,"PUBLIC KEY:");

	status = psa_import_key(&key_attributes, public_key, sizeof(public_key), &pub_key_handle);
	if (status != PSA_SUCCESS) 
	{
		LOG_INF("psa_import_key failed! (Error: %d)", status);
	}

	status = psa_verify_hash(pub_key_handle, PSA_ALG_ECDSA(PSA_ALG_SHA_256), sha_digest, output_len, signature, signature_length);
	if (status != PSA_SUCCESS) 
	{
		LOG_INF("PSA_verify_hash failed! (Error: %d)", status);
	}
	else
	{
		LOG_INF("Verify OK");
	}

    but I always get:

    PSA_verify_hash failed! (Error: -149)

    Converter: https://lapo.it/asn1js/

    How to convert pem key to correct table?

    Best regards

    PW

Children
No Data
Related