如何使用公共RSA密钥验证JSON Web令牌? [英] How do I verify a JSON Web Token using a Public RSA key?

问题描述

新问题可以使问题具体化并指向重点.

New question to keep this question specific and to the point.

我有一个来自Azure的JWT，现在我需要在应用程序中验证签名.

I have a JWT from Azure and now I need verify the signature in my application.

可以在这里找到Microsoft的公共密钥:

The public keys from Microsoft can be found here:

https://login.windows.net/common/discovery/keys

如何使用这些密钥来验证签名?我可以说这些是我需要的公钥，因为JWT中的X5T标头与此公钥列表中的公钥匹配.

How do I use these keys to verify a signature? I can tell these these are the public keys I need as the X5T header in the JWT matches those on this public key list.

我正在使用JWT PHP库，但是我输入的所有公用密钥似乎都失败了.

I am using the JWT PHP library but everything I enter as the public key seems to fail.

supplied key param cannot be coerced into a public key

因此，使用上面的链接，可以从那里进入PHP openssl_verify函数用作参数三(在下面的示例中为$ key)?

So using the link above, that goes from there into the PHP openssl_verify function as parameter three ($key in the example below)?

$success = openssl_verify($msg, $signature, $key, 'SHA256')

我输入的所有内容都会以一种或另一种方式导致错误.

Everything I enter causes an error in one way or another.

谢谢

推荐答案

问题已解决.

事实证明，JSON数组的X5C部分是证书而不是公钥，因此JSON解码 https://login. windows.net/common/discovery/keys 并获取X5C元素，并使用openssl导出公钥作品:

Turns out that the X5C part of the JSON array is the certificate not public key so JSON decoding https://login.windows.net/common/discovery/keys and grabbing the X5C element and using openssl to derive the public key works:

$cert_object = openssl_x509_read($cert);

$pkey_object = openssl_pkey_get_public(cert_object);

$pkey_array = openssl_pkey_get_details($pkey_object);

$publicKey = $pkey_array ['key'];

在此示例中，$ cert是X5C值.但是，仅凭其未编码为X509本身还不够.所以我要做的是在Windows中创建一个名为certificate.cer的新文件，在记事本中打开并将X5C值放在其中.然后，通过双击Windows中的.cer，导航到详细信息选项卡，然后单击复制到文件"，这将打开证书导出向导.

In this example $cert is the X5C value. However this on its own is not enough as its not encoded to X509. So what I did is create a new file in windows called certificate.cer, open in notepad and put the X5C value in there. Then by double clicking on ther .cer in windows, navigating to the details tab and clicking "copy to file" this opens the certificate export wizard.

导出为X509并上传到服务器.

Export as X509 and upload to the server.

$cert = file_get_contents('Certificates/Public/public.cer');

行！可能有一种更简单的方法，但这可行.

Works! There is probably a simpler way but this works.

这篇关于如何使用公共RSA密钥验证JSON Web令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！