Failed to parse token using the decoder key ECDSA with Sha384

[andrei-dascalu]

When parsing a token signed with a private key using ECDSA with Sha384 via the corresponding public key, the following error is logged:

It was not possible to parse your key, reason:\n* error:1E08010C:DECODER routines::unsupported

I am not quite sure where to look for the actual cause.

The keys were generated as such:

openssl ecparam -name secp384r1 -genkey -noout -out jwt-private.pem
openssl ec -in jwt-private.pem -pubout > jwt-public.pem

and configuration setup as

        $conf = Configuration::forAsymmetricSigner(
            new Sha384(),
            InMemory::file('/jwtkeys/jwt-private.pem'),
            InMemory::file('/jwtkeys/jwt-public.pem'),
        );

        $conf->setValidationConstraints(
            new SignedWith($conf->signer(), $conf->signingKey()),
            new StrictValidAt(SystemClock::fromUTC()),
            new IssuedBy("issuer.com")
        );

[lcobucci]

Can you generate a private key and share it here?

[Ssionn]

The same goes for Sha256

[lcobucci]

The same goes for Sha256

We need a bit more to able to say anything.

[lcobucci]

This lib simply uses OpenSSL to handle the operation, what might be happening is that the capabilities of your remote environment differ from your local one.

You may use the following to compare the available curves on both systems:

$ openssl ecparam -list_curves

Additionally, you may try to sign something arbitrary from the terminal (using the private key you generated):

$ echo 'hello there' > testing
$ openssl dgst -sha1 -sign jwt-private.pem testing | base64

I hope that helps. I'll close this for now but feel free to comment.