1

Today, I have verified an JWT access token with jwt.io.

The access token is using algorithm RS256 and is digitally signed.

To verify the signature, I have put the certificate including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- in BOX1:

RSASHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  BOX1,
  BOX2
)

After doing this, the status goes from red "Invalid Signature" to blue "Signature Verified" as expected.

I then accidentally deleted a character of the certificate, which left the status in blue "Signature Verified".

This made me curious, so I did some simple experiments:

  • After deleting some characters, it changes to red "Invalid Signature".
  • After deleting some more characters, it changes again to blue "Signature Verified".

This works on the last 7 lines of the certificate (certificate is 18 lines x 64 characters). In the first 11 lines, deleting a character leads to a permanently "Invalid Signature".

Is this behaviour jwt.io specific? Or, is it expected that deleting specific characters out of a certificate leads to a still valid signature?

jps
  • 20,041
  • 15
  • 75
  • 79
maro
  • 13
  • 4

1 Answers1

0

No, this is not jwt.io specific. First of all, the data in certificates themselves are structured using ASN.1, then encoded as binary using DER. You can see the certificate structure if you paste your base 64 into an ASN.1 decoder such as the one found here or by e.g. using openssl asn1parse.

Most of the data found in a certificate is part of the tbsCertificate structure, where TBS stands for "to be signed". Any change to that part of the certificate should result in failure as this is the part of the certificate that has been signed. This of course assumes that the signature of the certificate is indeed verified. That's generally the case unless the certificate is trusted explicitly.

If you change the signature itself then the signature verification will likely fail as well of course. But note that the signature itself is also encoded, and changes in the meta-data of the signature may not introduce a failure. This signature is present at the end of the certificate.

You may need to post the changed certificate. Otherwise we cannot tell if there is an error during verification or that the changes were only superficial.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • I have made some more experiments based on your comment. I can remove 458 trailing characters, jwt.io still shows signature as valid. I have also checked out your link, it does show the tbsCertificate, algorithm and signature. However, it is not able to parse any version from which I remove characters due to the last part not being complete. – maro Mar 08 '22 at 20:34
  • In the case that same altered certificate is accepted then it is not used or parsed. Interesting. – Maarten Bodewes Mar 08 '22 at 22:55