[OpenSIPS-Users] Looking for help with Stir Shaken
Saint Michael
venefax at gmail.com
Wed Feb 15 04:44:07 UTC 2023
Dear friends
I need to understand how to verify a token using the public key of the
issuer, using Bash and openssl. I guess liviuchircu knows this subject very
well.
So far I have done this, using a real token:
token=“eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9hei50YXgvMSJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxOTU0NDQ0NzQwOCJdfSwiaWF0IjoxNjc2MjY1NTE0LCJvcmlnIjp7InRuIjoiMTcyNzQ0MzMwMTkifSwib3JpZ2lkIjoiMzU4ZDA0OGItZTAwNy0xMWVhLWFjMzctNDctMjA1LTE3Mi04OSJ9.YD9kpeGaKFa6Gh-TIX7mAJWl9W3EpitTCpHxS7UEmddfT0E3DfRvpwE
IsGqC8ouKxwmuYGKq1hvgucKqLLYFhA”
echo “${token}” > token.txt
echo “-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkCmapE3ygZFy5ZDAjFSGh5rp766W
EZ2+adZvlPeVk5kJzenhDJROfhh7aIKiG/npK8VnYE0WOf2OjyJU6LE9OQ==
-----END PUBLIC KEY-----” > pk.pem
IFS=‘.’ read -r header payload signature <<< “$token”
echo “$signature” > signature.bin
echo “${payload}”|openssl dgst -sha256 -binary > payload_hash.bin
openssl pkeyutl -verify -inkey pk.pem -pubin -sigfile signature.bin -in
payload_hash.bin
But it fails verification. The same token passes verification on
https://jwt.io
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20230214/096179d7/attachment.html>
More information about the Users
mailing list