<?xml version="1.0" encoding="UTF-8" ?>
<?xml-stylesheet type="text/xsl" href="https://devzone.nordicsemi.com/cfs-file/__key/system/syndication/rss.xsl" media="screen"?><rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>JWT decode on nRF52840</title><link>https://devzone.nordicsemi.com/f/nordic-q-a/112864/jwt-decode-on-nrf52840</link><description>Hi. I&amp;#39;m going to decode JWT (ECDSA sign) but I&amp;#39;m stuck. There is simple example to sign payload, but how can I decode JWT which I get from another device via bluetooth? I tried also to use l8w8jwt lib but there is many dependicies to solve and I&amp;#39;ve no</description><dc:language>en-US</dc:language><generator>Telligent Community 13</generator><lastBuildDate>Fri, 26 Jul 2024 06:45:01 GMT</lastBuildDate><atom:link rel="self" type="application/rss+xml" href="https://devzone.nordicsemi.com/f/nordic-q-a/112864/jwt-decode-on-nrf52840" /><item><title>RE: JWT decode on nRF52840</title><link>https://devzone.nordicsemi.com/thread/495736?ContentTypeID=1</link><pubDate>Fri, 26 Jul 2024 06:45:01 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:9813304d-9ffc-4c5b-8ac9-6f9fed049c8b</guid><dc:creator>PW</dc:creator><description>&lt;p&gt;Problem was solved. I forget convert base64url to base64. Converter &lt;a id="" href="https://lapo.it"&gt;https://lapo.it&lt;/a&gt;&amp;nbsp;works fine and I can use data directly after convertion. There is no need to swap bytes, etc..&lt;/p&gt;
&lt;p&gt;Best regards&lt;/p&gt;
&lt;p&gt;PW&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: JWT decode on nRF52840</title><link>https://devzone.nordicsemi.com/thread/495236?ContentTypeID=1</link><pubDate>Tue, 23 Jul 2024 13:31:38 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:092e42d5-c389-4313-a49c-f7fdf1c8162a</guid><dc:creator>PW</dc:creator><description>&lt;p&gt;Hi &lt;a href="https://devzone.nordicsemi.com/members/amanda"&gt;Amanda Hsieh&lt;/a&gt;&amp;nbsp;Could you help me with key format? I stuck on this part. I tried to use&lt;/p&gt;
&lt;p&gt;this converter result:&lt;/p&gt;
&lt;p&gt;&lt;img style="max-height:240px;max-width:320px;" src="https://devzone.nordicsemi.com/resized-image/__size/640x480/__key/communityserver-discussions-components-files/4/pastedimage1721741184401v1.png" alt=" " /&gt;&lt;/p&gt;
&lt;p&gt;&lt;pre class="ui-code" data-mode="c_cpp"&gt;	static const char public_key[65]={0x04, 0x39, 0xE4, 0x43, 0xEC, 0xD2, 0xA4, 0x2D, 0x56, 0xAD, 0xBB, 0xA4, 0xC8, 0x0D, 0xA1, 0x09, 
									  0x5C, 0xF7, 0x63, 0x7F, 0x00, 0x1C, 0xF5, 0x2A, 0x20, 0x7B, 0x96, 0x3F, 0xC8, 0xCF, 0x89, 0x99, 
									  0xB7, 0x9E, 0xB3, 0x90, 0xD6, 0xFC, 0x3B, 0x30, 0xF7, 0xC1, 0x46, 0x36, 0x62, 0xC0, 0x2D, 0xE8, 
									  0xA9, 0x90, 0xA1, 0xC0, 0x1C, 0x3A, 0x73, 0xC4, 0x9A, 0x69, 0xBA, 0x74, 0xF6, 0x09, 0x39, 0x4F, 
									  0xCE};
									  
    psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
	psa_set_key_usage_flags(&amp;amp;key_attributes, PSA_KEY_USAGE_VERIFY_HASH);
	psa_set_key_lifetime(&amp;amp;key_attributes, PSA_KEY_LIFETIME_VOLATILE);
	psa_set_key_algorithm(&amp;amp;key_attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256));
	psa_set_key_type(&amp;amp;key_attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));
	psa_set_key_bits(&amp;amp;key_attributes, 256);

	LOG_HEXDUMP_INF(public_key,65,&amp;quot;PUBLIC KEY:&amp;quot;);

	status = psa_import_key(&amp;amp;key_attributes, public_key, sizeof(public_key), &amp;amp;pub_key_handle);
	if (status != PSA_SUCCESS) 
	{
		LOG_INF(&amp;quot;psa_import_key failed! (Error: %d)&amp;quot;, status);
	}

	status = psa_verify_hash(pub_key_handle, PSA_ALG_ECDSA(PSA_ALG_SHA_256), sha_digest, output_len, signature, signature_length);
	if (status != PSA_SUCCESS) 
	{
		LOG_INF(&amp;quot;PSA_verify_hash failed! (Error: %d)&amp;quot;, status);
	}
	else
	{
		LOG_INF(&amp;quot;Verify OK&amp;quot;);
	}									  &lt;/pre&gt;&lt;/p&gt;
&lt;p&gt;but I always get:&lt;/p&gt;
&lt;p&gt;PSA_verify_hash failed! (Error: -149)&lt;/p&gt;
&lt;p&gt;Converter:&amp;nbsp;&lt;a id="" href="https://lapo.it/asn1js/"&gt;https://lapo.it/asn1js/&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;How to convert pem key to correct table?&lt;/p&gt;
&lt;p&gt;Best regards&lt;/p&gt;
&lt;p&gt;PW&lt;/p&gt;
&lt;p&gt;&lt;/p&gt;
&lt;p&gt;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: JWT decode on nRF52840</title><link>https://devzone.nordicsemi.com/thread/494786?ContentTypeID=1</link><pubDate>Fri, 19 Jul 2024 11:48:48 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:778eb91f-de92-4421-ad41-8e68c62a9618</guid><dc:creator>PW</dc:creator><description>&lt;p&gt;OK. Is it possible to verify JWT signature using my own key? I&amp;#39;m not sure, but I think I have to psa_import_key from e.g. const uint8_t table and then psa_verify_hash. Am I right?&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: JWT decode on nRF52840</title><link>https://devzone.nordicsemi.com/thread/494589?ContentTypeID=1</link><pubDate>Thu, 18 Jul 2024 13:09:59 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:9cc93d31-9d19-4a8f-bbf2-fc34db68ad10</guid><dc:creator>Amanda Hsieh</dc:creator><description>&lt;p&gt;&lt;span&gt;PSA is the recommended API going forward.&amp;nbsp;&lt;/span&gt;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: JWT decode on nRF52840</title><link>https://devzone.nordicsemi.com/thread/494572?ContentTypeID=1</link><pubDate>Thu, 18 Jul 2024 12:27:52 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:a4712413-7660-4cca-9ee8-1c8b8c9d0b87</guid><dc:creator>PW</dc:creator><description>&lt;p&gt;I have another problem. Is tinycrypt still supported on Zephyr? Maybe the better way will be use psa crypto api?&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: JWT decode on nRF52840</title><link>https://devzone.nordicsemi.com/thread/493400?ContentTypeID=1</link><pubDate>Thu, 11 Jul 2024 11:59:44 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:e8984f42-6727-46ca-b34a-acc16bed1522</guid><dc:creator>PW</dc:creator><description>&lt;p&gt;Thanks. It&amp;#39;s clear now.&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: JWT decode on nRF52840</title><link>https://devzone.nordicsemi.com/thread/493030?ContentTypeID=1</link><pubDate>Tue, 09 Jul 2024 17:07:09 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:569da3d2-9914-48c9-8204-26935a90dfd4</guid><dc:creator>Amanda Hsieh</dc:creator><description>&lt;p&gt;Hi,&amp;nbsp;&lt;/p&gt;
&lt;p&gt;Our expert said&lt;/p&gt;
&lt;p&gt;if you just want to decode the JWT, you can use the Zephyr function &lt;code&gt;base64_decode&lt;/code&gt;.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;if you want to verify the JWT&amp;#39;s signature, you can use &lt;code&gt;uECC_verify&lt;/code&gt; from the tinycrypt library.&lt;/p&gt;
&lt;p&gt;Regards,&lt;br /&gt;Amanda H.&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item></channel></rss>