jwt-framework Can't load pkcs8 key with ECKey: 4 children are expected, but 3 are present

Version(s) affected: 2.2.11

Description

I'm trying to load a PEM+PKCS8 encoded secp384r1 key but the decode fails with Unable to load the key.

This code assumes there are always 4 children after decoding pkcs8, but with the key I'm using it's 3:

https://github.com/web-token/jwt-framework/blob/68fda8c391e75c4d2fb07476292a6114c2fb2fb6/src/Component/KeyManagement/KeyConverter/ECKey.php#L70-L72

How to reproduce

Generate a key like this:

openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:secp384r1 -outform pem -out foo.key

Try to load the key:

$key = ECKey::createFromPEM(file_get_contents('foo.key'));

Here's an example key I generated that should load correctly but doesn't:

May 27 '22 17:05 kpcyrd

Hi,

The key is correctly identified as a PKCS#8 key by https://github.com/web-token/jwt-framework/blob/68fda8c391e75c4d2fb07476292a6114c2fb2fb6/src/Component/KeyManagement/KeyConverter/ECKey.php#L66-L68

But I missed something when dealing with the extracted data. I will patch this

May 30 '22 12:05 Spomky

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

Jul 30 '22 19:07 stale[bot]

Hi there! Is there any status on this issue? I'm having the same problem on v3.0.6 using curve prime256v1. If I can help to solve this in any way, please let me know ;)

Aug 04 '22 14:08 remipelhate

Hui,

This will be available in 3.1.0

Aug 22 '22 19:08 Spomky

Awesome! Thanks for the support @Spomky 🙏🏻

Aug 23 '22 12:08 remipelhate

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

Feb 25 '24 04:02 github-actions[bot]