New client: JWS verification error: malformed

Hi everyone,

I’m developing a new acme client, and so far I’m struggling with new account registration. My generated payload passes JWS validation, so I think it might be something to do with the nonce, but can’t figure out what’s wrong exactly. Here is the request I’m sending:

POST request to the "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
with the following headers set:
"user-agent": "certifika 0.1/reqwest 0.10"
"content-type": "application/jose+json"

{"payload":"eyJjb250YWN0IjpbIm1haWx0bzp2enIwMDZAZ21haWwuY29tIl0sInRlcm1zT2ZTZXJ2aWNlQWdyZWVkIjp0cnVlfQ","signature":"MEUCIQDfp0j2tooqXmhQCj9gO1meJ1gM8qBtS9Zof9x_kvsMVwIgbn8YWQMOPMVvwzLEI8y4MIFgGkb2EYJvsTD1gmiGrNI","protected":"eyJqd2siOnsiY3J2IjoiUC0yNTYiLCJrdHkiOiJFQyIsIngiOiJ0WUpWZlpVdDZiMTVUVGd1VjRzeGdwYm5mMnZ2OWFyR1VLcXE3bUZ5WHY0IiwieSI6IlFHZUMwdWpGX2I3MVlURmg3dzdzcGp0QkpQLXpyTWg0aWtBZUlsMTRhNjgifSwibm9uY2UiOiIwMDAxenlWcWlGMVVBdWlrbjA5eGpYb0xjcUJNdGNoaDU5SmdTS1UwLW9MQ2dzNCIsImFsZyI6IkVTMjU2IiwidXJsIjoiaHR0cDovLzEyNy4wLjAuMTo4OCJ9"}

Any advice on what’s wrong with my JWS/nonce is highly appreciated.

Hi @epicfile

not really?

{"jwk":{"crv":"P-256","kty":"EC","x":"tYJVfZUt6b15TTguV4sxgpbnf2vv9arGUKqq7mFyXv4","y":"QGeC0ujF_b71YTFh7w7spjtBJP-zrMh4ikAeIl14a68"},"nonce":"0001zyVqiF1UAuikn09xjXoLcqBMtchh59JgSKU0-oLCgs4","alg":"ES256","url":"http://127.0.0.1:88"}

Your url is wrong. Must be something like

https://acme-v02.api.letsencrypt.org/acme/new-acct

or the staging url, if you use that.

Your signature is 71 bytes, which I think is probably the ASN.1 padded version:

$ dumpasn1 -t -l sig.der
  0  69: SEQUENCE {
  2  33:   INTEGER
      :     00 DF A7 48 F6 B6 8A 2A    ...H...*
      :     5E 68 50 0A 3F 60 3B 59    ^hP.?`;Y
      :     9E 27 58 0C F2 A0 6D 4B    .'X...mK
      :     D6 68 7F DC 7F 92 FB 0C    .h......
      :     57                         W
37  32:   INTEGER
      :     6E 7F 18 59 03 0E 3C C5    n..Y..<.
      :     6F C3 32 C4 23 CC B8 30    o.2.#..0
      :     81 60 1A 46 F6 11 82 6F    .`.F...o
      :     B1 30 F5 82 68 86 AC D2
      :   }

0 warnings, 0 errors.

For JWS ES256, a fixed 64-byte signature is expected. So you would take the two integer values (R, S) from inside the ASN.1 encoding, pad them to 32 bytes each as necessary, and mash them together into a 64 byte array.

Are you generating the signature with OpenSSL or something?

(I think you have other problems in your JWS as well, but this is the first problem to overcome).

1 Like

well, I posted a wrong example, I used that one to debug what’s going on. Here is another one with the correct url:

{“protected”:“eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LWFjY3QiLCJub25jZSI6IjAwMDFMcXJDYXBWdWdqWXlLZmRaUTVrUEFBdVFIVHFTUkVWaEdwN2pvSFpnSEpzIiwiandrIjp7ImNydiI6IlAtMjU2Iiwia3R5IjoiRUMiLCJ4Ijoid09uV3lDd1B0eGlyUVh1WEZxbEQyZ0hDRGk2d25tcEJpWVNObkZ2QkpucyIsInkiOiJuV3cxbVVGZldpWE5QYm5RNjZwSVNvRUtMeExpbHRKTDAwY1lpMENoeDkwIn19”,“signature”:“MEUCIAwfWyDIw42OgVXvZwMf_a2owrJnyVEY0xKL1Xhw_cQjAiEAhy1UoTua84Xthd-_F5pOvqkirJXCw4QwZqRi3elrNqI”,“payload”:“eyJjb250YWN0IjpbIm1haWx0bzp2enIwMDZAZ21haWwuY29tIl0sInRlcm1zT2ZTZXJ2aWNlQWdyZWVkIjp0cnVlfQ”}"

I don’t think url is the problem here…

Wow, thanks, I did not know about that…That’s must be it…I’m not using openssl, I’m writing the client in rust, and using this crate to sign the message: https://briansmith.org/rustdoc/ring/signature
Will have to dig a lil bit deeper into it. Thanks for the hint!

@_az Jesus Christ, you were absolutely right, I’ve tuned the signing algorithm parameters, and now it works! Thanks again!

1 Like