New client: JWS verification error: malformed

epicfile · March 18, 2020, 7:58pm

Hi everyone,

I’m developing a new acme client, and so far I’m struggling with new account registration. My generated payload passes JWS validation, so I think it might be something to do with the nonce, but can’t figure out what’s wrong exactly. Here is the request I’m sending:

POST request to the "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
with the following headers set:
"user-agent": "certifika 0.1/reqwest 0.10"
"content-type": "application/jose+json"

{"payload":"eyJjb250YWN0IjpbIm1haWx0bzp2enIwMDZAZ21haWwuY29tIl0sInRlcm1zT2ZTZXJ2aWNlQWdyZWVkIjp0cnVlfQ","signature":"MEUCIQDfp0j2tooqXmhQCj9gO1meJ1gM8qBtS9Zof9x_kvsMVwIgbn8YWQMOPMVvwzLEI8y4MIFgGkb2EYJvsTD1gmiGrNI","protected":"eyJqd2siOnsiY3J2IjoiUC0yNTYiLCJrdHkiOiJFQyIsIngiOiJ0WUpWZlpVdDZiMTVUVGd1VjRzeGdwYm5mMnZ2OWFyR1VLcXE3bUZ5WHY0IiwieSI6IlFHZUMwdWpGX2I3MVlURmg3dzdzcGp0QkpQLXpyTWg0aWtBZUlsMTRhNjgifSwibm9uY2UiOiIwMDAxenlWcWlGMVVBdWlrbjA5eGpYb0xjcUJNdGNoaDU5SmdTS1UwLW9MQ2dzNCIsImFsZyI6IkVTMjU2IiwidXJsIjoiaHR0cDovLzEyNy4wLjAuMTo4OCJ9"}

Any advice on what’s wrong with my JWS/nonce is highly appreciated.

JuergenAuer · March 18, 2020, 8:43pm

Hi @epicfile

not really?

{"jwk":{"crv":"P-256","kty":"EC","x":"tYJVfZUt6b15TTguV4sxgpbnf2vv9arGUKqq7mFyXv4","y":"QGeC0ujF_b71YTFh7w7spjtBJP-zrMh4ikAeIl14a68"},"nonce":"0001zyVqiF1UAuikn09xjXoLcqBMtchh59JgSKU0-oLCgs4","alg":"ES256","url":"http://127.0.0.1:88"}

Your url is wrong. Must be something like

https://acme-v02.api.letsencrypt.org/acme/new-acct

or the staging url, if you use that.

_az · March 18, 2020, 8:47pm

Your signature is 71 bytes, which I think is probably the ASN.1 padded version:

$ dumpasn1 -t -l sig.der
  0  69: SEQUENCE {
  2  33:   INTEGER
      :     00 DF A7 48 F6 B6 8A 2A    ...H...*
      :     5E 68 50 0A 3F 60 3B 59    ^hP.?`;Y
      :     9E 27 58 0C F2 A0 6D 4B    .'X...mK
      :     D6 68 7F DC 7F 92 FB 0C    .h......
      :     57                         W
37  32:   INTEGER
      :     6E 7F 18 59 03 0E 3C C5    n..Y..<.
      :     6F C3 32 C4 23 CC B8 30    o.2.#..0
      :     81 60 1A 46 F6 11 82 6F    .`.F...o
      :     B1 30 F5 82 68 86 AC D2
      :   }

0 warnings, 0 errors.

For JWS ES256, a fixed 64-byte signature is expected. So you would take the two integer values (R, S) from inside the ASN.1 encoding, pad them to 32 bytes each as necessary, and mash them together into a 64 byte array.

Are you generating the signature with OpenSSL or something?

(I think you have other problems in your JWS as well, but this is the first problem to overcome).

epicfile · March 18, 2020, 9:04pm

well, I posted a wrong example, I used that one to debug what’s going on. Here is another one with the correct url:

{“protected”:“eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LWFjY3QiLCJub25jZSI6IjAwMDFMcXJDYXBWdWdqWXlLZmRaUTVrUEFBdVFIVHFTUkVWaEdwN2pvSFpnSEpzIiwiandrIjp7ImNydiI6IlAtMjU2Iiwia3R5IjoiRUMiLCJ4Ijoid09uV3lDd1B0eGlyUVh1WEZxbEQyZ0hDRGk2d25tcEJpWVNObkZ2QkpucyIsInkiOiJuV3cxbVVGZldpWE5QYm5RNjZwSVNvRUtMeExpbHRKTDAwY1lpMENoeDkwIn19”,“signature”:“MEUCIAwfWyDIw42OgVXvZwMf_a2owrJnyVEY0xKL1Xhw_cQjAiEAhy1UoTua84Xthd-_F5pOvqkirJXCw4QwZqRi3elrNqI”,“payload”:“eyJjb250YWN0IjpbIm1haWx0bzp2enIwMDZAZ21haWwuY29tIl0sInRlcm1zT2ZTZXJ2aWNlQWdyZWVkIjp0cnVlfQ”}"

I don’t think url is the problem here…

epicfile · March 18, 2020, 9:06pm

Wow, thanks, I did not know about that…That’s must be it…I’m not using openssl, I’m writing the client in rust, and using this crate to sign the message: https://briansmith.org/rustdoc/ring/signature
Will have to dig a lil bit deeper into it. Thanks for the hint!

epicfile · March 18, 2020, 9:11pm

@_az Jesus Christ, you were absolutely right, I’ve tuned the signing algorithm parameters, and now it works! Thanks again!

system · April 17, 2020, 9:11pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.