openssl icon indicating copy to clipboard operation
openssl copied to clipboard

Published 20 hours ago verified publisher icon ruby

JWK to RSA key translation

Open bellebaum opened this issue 2 years ago • 2 comments

Hey there :)

We were having a bit of trouble generating RSA keys from JSON Web Keys (JWK, RFC 7517). Linking the original issue: https://github.com/jwt/ruby-jwt/issues/523

We had this working fine with earlier versions of OpenSSL, where we were able to use functions like set_key on a new instance of OpenSSL::PKey::RSA. With OpenSSL 3 the API has changed though, so this is no longer an option. We are looking for guidance on how to implement parsing an (especially private) RSA key from the parameters alone.

A temporary solution we had consisted of parsing the key into ASN.1, then have it exported as DER and read by this gem, but the problem we are facing with this solution is that a private RSA JWK may in some cases only include the modulus and both exponents, rather than all CRT values present in the RFC 3447 ASN.1 description of a private key.

I apologize in advance, should I have overlooked some obvious API functionality. If you have some pointers for us, please let us know :)

bellebaum avatar Oct 12 '22 07:10 bellebaum

a private RSA JWK may in some cases only include the modulus and both exponents, rather than all CRT values present in the RFC 3447 ASN.1 description of a private key.

This is a TODO item. We need a wrapper around EVP_PKEY_fromdata() (available in OpenSSL 3.0+ only) for this purpose.

Linking related issues: #498 (for EC) and #369 (OpenSSL 3.0 support in general)

rhenium avatar Oct 17 '22 07:10 rhenium

I like the direction @anakinj is taking in #555 - thank you for working on this!

The API there looks a lot like what we're currently do manually with ASN.1 in in cose-ruby to transform COSE keys (for WebAuthn/passkeys) to OpenSSL PKeys, and I'd love to see a less laborious interface as well for the same reasons as ruby-jwt:

  • https://github.com/cedarcode/cose-ruby/blob/fcde72f1351d3ba964500d91a19ab0e2d84a5878/lib/cose/key/rsa.rb#L90-L120
  • https://github.com/cedarcode/cose-ruby/blob/fcde72f1351d3ba964500d91a19ab0e2d84a5878/lib/cose/key/ec2.rb#L68-L107
  • https://github.com/cedarcode/cose-ruby/blob/fcde72f1351d3ba964500d91a19ab0e2d84a5878/lib/cose/key/okp.rb#L43-L63

bdewater avatar Oct 28 '22 18:10 bdewater