在bash中创建RS256 JWT [英] Create RS256 JWT in bash
问题描述
我正在尝试仅使用bash和openSSL构造一个RS256 JWT令牌(我只能使用有限的开发工具).
I'm trying to construct an RS256 JWT token using only bash and openSSL (I have limited development tools at my disposal).
我设计了一个脚本,该脚本从txt文件中提取标头和有效载荷(去除换行符等),base-64URL对它们进行编码,并将它们与."连接在一起.分隔符.
I've devised a script which takes the header and payload from txt files (stripping out newlines etc), base-64URL encodes them and concatenates them together with a '.' separator.
然后,我尝试对输出进行签名,我也对base-64URL进行了编码,并将其附加到末尾(使用另一个."分隔符).我相信这可以准确反映JWT模型.
I'm then attempting to sign the output, which I also base-64URL encode and append to the end (with another '.' separator). I believe this accurately reflects the JWT model.
我的私钥和证书是使用openSSL生成的:
My private key and certificate were generated using openSSL:
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout ./privateKey2.key -out ./certificate2.crt
我的公钥是使用以下方法从私钥生成的:
My public key was generated from the private key using:
openssl rsa -pubout -in ./privateKey2.key > ./publicKey2.key
然后我有以下bash脚本来处理作业:
I then have the following bash script that process the job:
cat header.txt | tr -d '\n' | tr -d '\r' | openssl base64 | tr +/ -_ | tr -d '=' > header.b64
cat payload.txt | tr -d '\n' | tr -d '\r' | openssl base64 | tr +/ -_ |tr -d '=' > payload.b64
printf "%s" "$(<header.b64)" "." "$(<payload.b64)" > unsigned.b64
rm header.b64
rm payload.b64
openssl rsautl -sign -inkey privateKey2.key -in unsigned.b64 -out sig.txt
cat sig.txt | openssl base64 | tr +/ -_ | tr -d '=' > sig.b64
printf "%s" "$(<unsigned.b64)" "." "$(<sig.b64)" > jwt.txt
rm unsigned.b64
rm sig.b64
rm sig.txt
我相信脚本本身可以正常工作,但是每当我将最终输出上传到jwt.io的测试工具中时,它就会告诉我签名无效(它可以读取内容,并且标头和有效载荷是正确的).
I believe the script itself is working, but whenever I upload the final output into jwt.io's testing tool, it tells me the signature is invalid (it can read the content and header and payload are correct).
我对openssl rsautl的使用不正确吗?
Is my use of openssl rsautl incorrect?
很高兴在需要的时候提供键/样本数据
Happy to include keys / sample data if they'd help
示例输出:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2
MjM5MDIyfQ.fE-btiyskyDrO1mQXcICP0udbCkdV9D_50CYNbpRVgod6EPjKmbOJK-EA7vn7s5l
TtkvKw0m1r45poGApBT4SA_ChmEgsPzhGwxd2xpInesRon-mWTzsUqqz0C1CcegT
n9Z19JzGJ7wUjomg7viKI1OP7Ei6TptINE8hPqEBPPpeO2PfT5IevMb1XytaCuTO
R1JMurgwsIa0Kq3LaFoAk1stUnTtJRI8-NHzWqmUiQpq-K1eteBtT9ZvKXJ_6ReY
_AetoeqmEDVQO_UV2ae_dKd4QHSV8D-ryJFc-OEYWzgwGeqXSBMNVMzsXKSUIR8C
sfvZ2hvwbQI2f0J6gZQw0w
对应的公钥
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1YbvZ3CPPr3X47J/pqCD
ciE0AhRbiBrybu4T3GbbHfGYROaPSKx2LfXCwAlayln5zNaZ14cvlDHEpCIQviPk
Qv5Ux16R2QouhF0ZugyMHLQkusVXG6Va14eFVKkcO2g1c25bOMAk4V3vSsVnMMQS
fTPunpGVrBUBo2We5P+cKldBNXKBlXEAIRGc4/fTcTB4F8opP+x5ACIZ04SWKafJ
MSvujIfpBxs476bvxA5xlPQiOhbOIo/bhPMJI6AlaDTJ03pGTOYjR5jZlB03j4YD
EF/2hhidvvFnLHdPkewzDsn0aZi+fqBNvQhS0hutnvp6F8hGL9e5hh8G7a2AXy9F
2QIDAQAB
-----END PUBLIC KEY-----
推荐答案
成功解决了该问题.这是由几个问题引起的:
Successfully resolved this. It was caused by a couple of issues:
- openssl base64插入回车符默认情况下每70个字符返回一次.我相信您可以覆盖此设置,但只需使用
base64命令即可解决该问题. -
我的签名步骤错误.我将
rsautl替换为dgst,如下所示:
- openssl base64 inserts carriage returns every 70-odd characters by default. I believe you can override this, but just using the
base64command instead solved that. My signing step was wrong. I replaced
rsautlwithdgstas follows:
openssl dgst -sha256-签名private.key -out sig.txt unsigned.b64
openssl dgst -sha256 -sign private.key -out sig.txt unsigned.b64
RS256签名现在在jwt.io中通过验证
RS256 signatures now pass validation in jwt.io
完整的工作代码(后代):
Complete working code (for posterity):
cat header.txt | tr -d '\n' | tr -d '\r' | base64 | tr +/ -_ | tr -d '=' > header.b64
cat payload.txt | tr -d '\n' | tr -d '\r' | base64 | tr +/ -_ |tr -d '=' > payload.b64
printf "%s" "$(<header.b64)" "." "$(<payload.b64)" > unsigned.b64
rm header.b64
rm payload.b64
openssl dgst -sha256 -sign -privateKey2.key -out sig.txt unsigned.b64
cat sig.txt | base64 | tr +/ -_ | tr -d '=' > sig.b64
printf "%s" "$(<unsigned.b64)" "." "$(<sig.b64)" > jwt.txt
rm unsigned.b64
rm sig.b64
rm sig.txt
这篇关于在bash中创建RS256 JWT的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
