1. connect2id Avatar connect2id
  2. Crypto
  3. Nimbus-JOSE-JWT
  4. Issues

Unable to verify ES384 and ES512 JWS signatures

Issue #30 resolved
Jason Reicheneker created an issue

I'm testing the elliptic signature algorithms by cross-checking them with jose4j. ES256 works, but ES384 and ES512 verification both fail with the nimbus library. This happens whether the signatures were created with jose4j or nimbus.

See the attached unit tests for examples, and change the constants at the top of the file between 256, 384, and 512 to see the issue.

Comments (6)

  1. Vladimir Dzhuvinov

    Thank you Jason for reporting this. We only had EC256 tests using the official JWS EC256 test vectors.

  4. Vladimir Dzhuvinov

    Hi Jason,

    I added a bunch of round-trip tests and traced the problem to the code that was concatenating the R+S ECDSA signature parts. This was affecting ES384 and ES512.

    The buggy code was rewritten and as of commit ae8f4af all round-trip tests pass.

    You if still experience cross test problems with Brian's library, just let me know.

    Cheers,

    Vladimir

  6. Jason Reicheneker reporter

    Vladimir,

    Thank you for your prompt resolution of the bugs I've entered the last few days! I'll be uptaking them in 2.12 when it's released.

    Thanks, Jason

  7. Log in to comment
Assignee
Type
bug
Priority
major
Status
resolved
Component
Milestone
Votes
0
Watchers
2
Jira Software: the preferred issue tracker for Bitbucket. Join the team!