Parse error reading JWS

Gov · January 23, 2020, 7:12pm

I tried to create an account and received a message:
“Parse error reading JWS”

I sent:
{“protected”:“eyJhbGciOiJFUzI1NiIsImp3ayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6Ik1GWXdFQVlIS29aSXpqMENBUVlGSzRFRUFBb0RRZ0FFYmY2SUVOeWJLbXRBRGxWSVBXbEdrWi83OFVpNjg4Z3oiLCJ5Ijoia3d2Q3N4YXNGNzdrcG9xMldxWWhwWmIxa2pTWWdUVjJ5aGVld3JyZklVRlJMdHBrYVIrM2J3PT0ifSwibm9uY2UiOiIwMDAyd2hhR09SeGVDR19LeHJZemVra1U4NlJTYUhYaE9GbldUdGl0WFZUV21OdyIsInVybCI6Imh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LWFjY3QifQ”,“payload”:“eyJjb250YWN0IjpbIm1haWx0bzpleGFtcGxlQG1haWwuYWJjIl19”,“signature”:“IjMwNDYwMjIxMDBlOTFlMjI5YzdmYzVhNDczOWU3YWY3ZjU0ZTZmNWJkYjI1NGU3ZjVhYzc4YWYwNDc5NDU5ODE0NjQxYTlmYWRkMDIyMTAwZTBkZThhNjQ4NjVlMDZjYjgyNWE0Zjg4ZTE3NjEwOTM5NDJjNGJjYTY2NDRlOTgyNTRmNzkzMjI2YmQwZjVjNiI”}

Private key only for test:
-----BEGIN PRIVATE KEY-----
MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQg0++Jn7JPTZlL0Pk71qrK
NSrwYI7/70o/T83oTY3h9TChRANCAARt/ogQ3Jsqa0AOVUg9aUaRn/vxSLrzyDOT
C8KzFqwXvuSmirZapiGllvWSNJiBNXbKF57Cut8hQVEu2mRpH7dv
-----END PRIVATE KEY-----

cpu · January 23, 2020, 7:31pm

Hi @Gov,

Is this a custom developed ACME client? Did you send the payload exactly as you shared it in this thread? I ask because I notice it has smart quotes in the JSON data (e.g. “protected” vs "protected").

Gov · January 23, 2020, 7:39pm

Yes. This is a custom client
Try this:
{“protected”:“eyJhbGciOiJFUzI1NiIsImp3ayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6Ik1GWXdFQVlIS29aSXpqMENBUVlGSzRFRUFBb0RRZ0FFYmY2SUVOeWJLbXRBRGxWSVBXbEdrWi83OFVpNjg4Z3oiLCJ5Ijoia3d2Q3N4YXNGNzdrcG9xMldxWWhwWmIxa2pTWWdUVjJ5aGVld3JyZklVRlJMdHBrYVIrM2J3PT0ifSwibm9uY2UiOiIwMDAyd2hhR09SeGVDR19LeHJZemVra1U4NlJTYUhYaE9GbldUdGl0WFZUV21OdyIsInVybCI6Imh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LWFjY3QifQ”,“payload”:“eyJjb250YWN0IjpbIm1haWx0bzpleGFtcGxlQG1haWwuYWJjIl19”,“signature”:“IjMwNDYwMjIxMDBlOTFlMjI5YzdmYzVhNDczOWU3YWY3ZjU0ZTZmNWJkYjI1NGU3ZjVhYzc4YWYwNDc5NDU5ODE0NjQxYTlmYWRkMDIyMTAwZTBkZThhNjQ4NjVlMDZjYjgyNWE0Zjg4ZTE3NjEwOTM5NDJjNGJjYTY2NDRlOTgyNTRmNzkzMjI2YmQwZjVjNiI”}

bruncsak · January 23, 2020, 7:52pm

You have to url encode the inner base64 values too.

_az · January 23, 2020, 7:55pm

Agreed, e.g. your jwk.x is encoded as MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEbf6IENybKmtADlVIPWlGkZ/78Ui688gz, but should be MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEbf6IENybKmtADlVIPWlGkZ_78Ui688gz.

JuergenAuer · January 23, 2020, 7:56pm

That

{"alg":"ES256","jwk":{"kty":"EC","crv":"P-256","x":"MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEbf6IENybKmtADlVIPWlGkZ/78Ui688gz","y":"kwvCsxasF77kpoq2WqYhpZb1kjSYgTV2yheewrrfIUFRLtpkaR+3bw=="},"nonce":"0002whaGORxeCG_KxrYzekkU86RSaHXhOFnWTtitXVTWmNw","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-acct"}

looks buggy.

x and y have different lengths.

Rechecked with an own P-256 key: Length 49, both x and y, not 70 or 62.

PS: Sorry, the own sample is a P-256 key, not a P-384.

Gov · January 25, 2020, 7:54pm

I accepted your advice given above, but the error comes again:
{“type”:“urn:ietf:params:acme:error:malformed”,“detail”:“Parse error reading JWS”,“status”:400}

_az · January 25, 2020, 8:59pm

Can you post a new sample JWS?

Gov · January 25, 2020, 9:13pm

{“protected”:“eyJhbGciOiJFUzI1NiIsImp3ayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6IkhuejQyekNVMDM2LXphR1d1cF9XeGdkYzFTVjdtRWxscDB1RWZmVnlUSU0iLCJ5IjoiS01Kai1Wc3Z5NHVPRDdvUU1LZEsyRWxBREVqSktnWTRQVnZ2Z1NMYVNZRSJ9LCJub25jZSI6IjAwMDJnT2xxbk9fTGVWX1BrQ0Q0RjVtM0hGS3lQS3RZRUxXUjM5dVJvQVBRX3FvIiwidXJsIjoiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCJ9”,“payload”:“e30”,“signature”:“CgDT2TQflZ7oQbVHLv6wlpK9CEywyC1KTAf2bVMBV_UAm6bvvTvYGBKuB4oL2coOPWCuwaOXzKVymZq6N1gE5A”}

stewe · January 25, 2020, 9:38pm

I think secp256k1 is not supported, try prime256v1 instead.

Supported Key Algorithms:

P-256  (prime256v1)
P-384  (secp384r1)

JuergenAuer · January 25, 2020, 9:41pm

That's

{"alg":"ES256","jwk":{"kty":"EC","crv":"P-256","x":"Hnz42zCU036-zaGWup_Wxgdc1SV7mEllp0uEffVyTIM","y":"KMJj-Vsvy4uOD7oQMKdK2ElADEjJKgY4PVvvgSLaSYE"},"nonce":"0002gOlqnO_LeV_PkCD4F5m3HFKyPKtYELWR39uRoAPQ_qo","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-acct"}

Rechecked with an own sample - there is a different order.

"crv":"P-256","kty":"EC"

And the payload - empty? The termsOfServiceAgreed may be required.

felixf · January 25, 2020, 9:44pm

Just wanted to write that too. You beat me by 5 minutes

_az · January 25, 2020, 9:45pm

Me three. The error from Boulder is:

failed to unmarshal JWK: square/go-jose: invalid EC key, X/Y are not on declared curve: "{"kty":"EC","crv":"P-256","x":"Hnz42zCU036-zaGWup_Wxgdc1SV7mEllp0uEffVyTIM","y":"KMJj-Vsvy4uOD7oQMKdK2ElADEjJKgY4PVvvgSLaSYE"}"

Gov · January 25, 2020, 10:55pm

Thank you all for your help. It works

system · February 24, 2020, 10:55pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.