Comments (8)
Hi,
I ran in exactly the same issue.
My (probably too quick-and-dirty) solution looks like this: pgaubatz/browserify-sign@0dd151d
I'm not quite sure if it makes sense to submit a PR...
@shea256 What do you think?
Cheers,
Patrick
from node-jwa.
@pgaubatz I don't think this actually fixes the problem.
I just ended up writing my own JWT library: https://github.com/blockstack/jwt-js
Maybe it'll be helpful for you. It only currently supports the curve SECP256k1, but it is designed in a way that anyone can easily write a client for ES256, RS256, etc.
from node-jwa.
Yeah, so at the time the module was written, while openssl supported EC, there wasn't an algorithm available to call it with. So specifying RSA here gets it into openssl, and aftet it parses the PEM, it does the right thing.
I would be happy to accept a pull request which used the correct name (I looked when this issue first opened - it appears it might exist in openssl now) - perhaps deciding based off if the openssl or node.js version.
from node-jwa.
@shea256 ES256 is secp256r1, not k1
from node-jwa.
@omsmith yes, I'm aware.
I mentioned that my library only currently supports SECP256k1 (which I abbreviate as ES256k) and while my library currently doesn't support the widely accepted ES256 and RS256 standards, those could easily be added in. I might actually add in an ES256 client soon, which will use SECP256r1 (according to the standards).
from node-jwa.
There is an open PR on browserify-sign (what browserify uses to get node crypto to work) which addresses this. When that PR goes through, a change to this library to not masquerade as rsa and just use 'sha' + bits should work. Tried it out by monkeypatching locally.
from node-jwa.
Alright they merged that PR over in Browserify. @omsmith what were the limitations of a PR over here? I have a patch I wrote that's very dumb that basically just switches from RSA-SHA
to sha
prefixing for all ECDSA and works with Browserify as soon as that PR lands in a release. Unfortunately, I don't know too much about how this works with regards to Node or other versioning caveats. All I know is that Browserifying with these fixes works.
from node-jwa.
@samuelhorwitz feel free to submit your changes as a PR and we'll see what happens with the test suite (which will run it against older versions of node as well).
from node-jwa.
Related Issues (20)
- Not enough JB Van references. HOT 2
- base64url versus base64-url HOT 1
- Signature is generated differently on Node v4 and Node v6 HOT 4
- Wrong curve used in Makefile HOT 1
- Error: PEM_read_bio_PUBKEY failed HOT 1
- Using RS512 algorithm with EC512 key-pair works HOT 5
- build error while using jsonwebtokens in Angular6 HOT 4
- build error while using jsonwebtokens in Angular6 HOT 1
- Insecure dependency base64url < 3.0.0 HOT 4
- It seems that this does not work for ECDSA
- Can't resolve 'crypto' HOT 1
- module ignores b64 in the header HOT 1
- Feat Request: Ed25519 Support HOT 3
- error:0409806E:rsa routines:RSA_padding_add_PKCS1_PSS_mgf1:data too large for key size HOT 1
- Deprecating jwa and jws packages HOT 2
- move from `buffer-equal-constant-time` to `timingSafeEqual` HOT 2
- Enhancement/ tech debt: use Node's built-in toString(base64url)
- Handle RSA passphrase HOT 2
- Strange algorithms are accepted HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-jwa.