i'm currently programming a small acme-client in c++ and trying to create a new account with the following content (email is placeholder!):
The final request:
But i get the following response:
"detail": "Parse error reading JWS",
I write the Client based on the ACME
What am I doing wrong?
The best way to handle this is to write a unit test that will read and decode whatever you write. I also hope you are testing this against Pebble and not the staging environment.
I don't see anything wrong with this from a quick glance. It's not really possible for anyone to debug this unless you share the key (which you shouldn't do) or code for a minimal reproduction (e.g. a SSCCE).
Looking at the
url parameter, OP is testing this against the production API...........
No, i used the staging url all the time.
I just tested it with the active url last time and just forgot to "reset" in code before post.
Hm, i have to try it...
But that's not primarily the problem.
Ok, the parse error was because my x and y-coordinates were wrong.
In my for-loop where i convert the uncompressed hex-code of my public key to bytes (octet-string) a few were "skipped".
I checked it with JWK to PEM converter and he gives me the correct key.
But now i get a "JWS verification error".
On the EC sign/verify generator with my key pair, base64url-signature and the message (base64url(protected_header) + "." + base64url(payload)) i get "error decoding signature bytes".
I also tested with openssl:
openssl dgst -sha384 -verify public_key.pem -signature sig.sign sig_part.txt
It gives me "Verified ok"
But in "sig.sign" the signature is raw (not base64url encoded)
It looks like i have an mistake somewhere when converting the signature to base64url...
Mh... the following
openssl base64 -in sig.sign -out signature.sha384
gives me the same base64 string (only "+" instead "-")...
OK, i get it.
I thought i can use the created signature from openssl directly like Base64Url(Signature).
But the openssl output is ASN.1 DER encoded.
The JWS Signature however must be the concatenation of EC points R and S.
After extracting R and S from the output signature and use their concatenation with base64url it works.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.