3

I'm writing an nginx module in LUA and I'm finding very sparse documentation on a specific topic. I need to convert an RSA public key stored in JWK format to PEM. I need to do this almost entirely manually in LUA code (for many reasons). That means no ASN.1 library.

I'm having trouble finding even a high level/pseudo code example of the algorithm to convert them. I understand the basics (JWK is base64url encoded modulus and exponent, PEM is is the same values DER-encoded and put into an ASN.1 sequence and then base64 encoded w/ -----BEGIN PUBLIC KEY---- prefix/etc). I'm having trouble actually implementing it, though, because ASN.1 documentation is... dense.

Can someone provide me with a high-level overview of the actual bit-string packing that needs to happen to produce a proper PEM representation of a public key... assuming I can unpack/base64url decode the numbers and store them in a binary string already.

I'm attaching a sample key in JWK format for reference:

    {
          "alg": "RS256",
          "e": "AQAB",
          "n": "iKqiD4cr7FZKm6f05K4r-GQOvjRqjOeFmOho9V7SAXYwCyJluaGBLVvDWO1XlduPLOrsG_Wgs67SOG5qeLPR8T1zDK4bfJAo1Tvbw
        YeTwVSfd_0mzRq8WaVc_2JtEK7J-4Z0MdVm_dJmcMHVfDziCRohSZthN__WM2NwGnbewWnla0wpEsU3QMZ05_OxvbBdQZaDUsNSx4
        6is29eCdYwhkAfFd_cFRq3DixLEYUsRwmOqwABwwDjBTNvgZOomrtD8BRFWSTlwsbrNZtJMYU33wuLO9ynFkZnY6qRKVHr3YToIrq
        NBXw0RWCheTouQ-snfAB6wcE2WDN3N5z760ejqQ",
      "kid": "U5R8cHbGw445Qbq8zVO1PcCpXL8yG6IcovVa3laCoxM",
      "kty": "RSA",
      "use": "sig"
    }
10dot
  • 111
  • 6
  • Possible duplicate of [How to convert a public key from a JWK into PEM for OpenSSL?](http://stackoverflow.com/a/41265293/70465) – Andy Jan 28 '17 at 00:17
  • I've already seen the PHP sample there; the problem is it uses a pre-baked ASN library so it's not a great overview of how to manually produce the same in another language :\ – 10dot Jan 28 '17 at 00:19
  • I am unaware of an existing Lua implementation of ASN.1 parsing. Your options are likely 1) find an existing implementation in a different language which you can port, 2) use an existing implementation in C which you can depend on, or 3) write your own implementation from the spec. I understand none are ideal. I'd go with 1 using an implementation in a different language you know -- [JS](https://github.com/PeculiarVentures/ASN1.js/blob/master/src/asn1.js), [Java](http://grepcode.com/file/repo1.maven.org/maven2/org.bouncycastle/bcprov-jdk14/1.46/org/bouncycastle/asn1/util/ASN1Dump.java), etc. – Andy Jan 28 '17 at 00:24
  • As it is stands the question is way too broad. Most aspects of DER encoding are straightforward, and examples of DER-encoded X.509 certificates are everywhere. If there is something specific you are having trouble with then narrow your question to that. – President James K. Polk Jan 28 '17 at 13:36
  • 1
    http://stackoverflow.com/a/41835706/6535399, but in the other direction. – bartonjs Jan 28 '17 at 16:41
  • @10dot Can you post your lua code? I am also looking to implement similar functionality in lua. But I am not good at using lua. – Venkatesh Marepalli Jun 27 '17 at 22:02

0 Answers0