1

I am using this library, node-jwks-rsa, to fetch JWT keys from my auth0 jwks.json file in order to verify that the id_token my application retrieves after authentication is actually coming from my auth provider.

Under the hood it uses this method to build a public key PEM 

export function certToPEM(cert) {
  cert = cert.match(/.{1,64}/g).join('\n');
  cert = `-----BEGIN CERTIFICATE-----\n${cert}\n-----END CERTIFICATE-----\n`;
  return cert;
}

(Using the x50c as argument from the .jwks file).

which I then use in combination with jsonwebtoken to verify that the JWT(id_token) is valid.

How is this method of verification different from generating a private key(RSA) from the modulus and exponent of the jwks.json file and using it for verification instead? (as example see this library)

Additionally here is function as demonstration that generates a PEM from a mod and exponent (taken from http://stackoverflow.com/questions/18835132/xml-to-pem-in-node-js)

export function rsaPublicKeyToPEM(modulusB64, exponentB64) {
    const modulus = new Buffer(modulusB64, 'base64');
    const exponent = new Buffer(exponentB64, 'base64');
    const modulusHex = prepadSigned(modulus.toString('hex'));
    const exponentHex = prepadSigned(exponent.toString('hex'));
    const modlen = modulusHex.length / 2;
    const explen = exponentHex.length / 2;

    const encodedModlen = encodeLengthHex(modlen);
    const encodedExplen = encodeLengthHex(explen);
    const encodedPubkey = '30' +
      encodeLengthHex(modlen + explen + encodedModlen.length / 2 + encodedExplen.length / 2 + 2) +
      '02' + encodedModlen + modulusHex +
      '02' + encodedExplen + exponentHex;

    const der = new Buffer(encodedPubkey, 'hex')
      .toString('base64');

    let pem = `-----BEGIN RSA PUBLIC KEY-----\n`;
    pem += `${der.match(/.{1,64}/g).join('\n')}`;
    pem += `\n-----END RSA PUBLIC KEY-----\n`;

    return pem;
  };

The aforementioned jsonwebtoken library can verify a JWT using either -- but why? If both of these verification methods can validate a JWT signature why do they both exist? What are the tradeoffs between them? Is one more secure than the other? Which should I use to verify most fully?

pedrofb
  • 37,271
  • 5
  • 94
  • 142
TheFastCat
  • 3,134
  • 4
  • 22
  • 32
  • only public key (configured) is used for signature verification. under the hood both libraries need to compute a hash and validate the hash signature. until the validation is done properly there is no reason one would be more secure than another. – gusto2 Oct 29 '17 at 12:06
  • @gusto2 - I am still confused. why does the interactive debugger at https://jwt.io/ allow for JWT signature validation using both of the methods that I describe above, public and private if only public key is used? – TheFastCat Oct 29 '17 at 13:35
  • You cannot verify a digital signature with a private key. Unclear what you're asking. – user207421 Oct 30 '17 at 09:13

1 Answers1

2

Using a RSA assymetric key pair, the JWT is signed with the private key and verified with the public. You can not verify a digital signature with the private key

Modulus and exponent are the components of the public key and you can use it to build the public key in PEM format, which is a base64 representation of the public key (modulus and exponent) encoded in DER binary format. You can use PEM, DER or modulus and exponent because the contain the same information

But anybody can't build the private key with modulus and exponent. He would need the private RSA elements, which must be kept secret so that no one can sign for you.

pedrofb
  • 37,271
  • 5
  • 94
  • 142
  • Thank you Pedro. Do you have any links to information on how all of the different fields of a jwk/s relate to this from the standpoint of OpenId flow? Namely where the x50c comes from. I'd like to extend my knowledge and understanding. – TheFastCat Oct 30 '17 at 10:54
  • 1
    OpenIdConnect or Oauth2 are not related with JWK (JsonWebKey). JWK is a format to represent cryptographic key defined in this RFC https://tools.ietf.org/html/rfc7517. Seems [JKWS](https://auth0.com/docs/jwks) is a Auth0's concept _A JSON object that represents a set of JWKs_. The `x5c` attribute is the X509Certificate containing the public key – pedrofb Oct 30 '17 at 11:08