Showing posts with label pem. Show all posts
Showing posts with label pem. Show all posts

Sunday, July 31, 2022

[FIXED] How to extract public and private key from RSA JWK?

      , , , ,      No comments   

Issue

I'm trying to sign some data with a JWK i've been provided with.

So far i've tried to do this with jwt.io, the header is

{ "alg" : "RS256", "typ" : "JWT" }

and the payload is

{ "iss" : "4@john" }

Now to sign this I need a public and a private key. I've been told to extract these from the JWK provided, but i only seem to be able to extract a public key from this.

I've used jwk-to-pem but when provided with the JWK it only puts out the public key. But to sign with RS256 i need a public and a private key, i thought the private key is embedded into the JWK but i can't seem to extract it.

So my question is, how to extract the public AND private key from the JWK?

The JWK looks like this:

"ServicePrincipalKey": {
    "k": null,
    "kid": "urn:service:john:doe:4",
    "kty": "RSA",
    "use": null,
    "n": "rT-...skQ",
    "e": "A...B",
    "x5t": null,
    "d": "CP9...bsQ",
    "p": "7dG...PDk",
    "q": "un4...oxk",
    "dp": "HdF...m4Xk",
    "dq": "XGN...PMk",
    "qi": "0es...UDI",
    "nbf": "0001-01-01T00:00:00",
    "exp": "0001-01-01T00:00:00"
}

Solution

Found the answer for jwk-to-pem. There is an option to generate a private and public key.

on runkit i executed the following code:

    var jwkToPem = require("jwk-to-pem")

    var jwk = {
    "k": null,
    "kid": "urn:service:john:doe:4",
    "kty": "RSA",
    "use": null,
    "n": "rT-...skQ",
    "e": "A...B",
    "x5t": null,
    "d": "CP9...bsQ",
    "p": "7dG...PDk",
    "q": "un4...oxk",
    "dp": "HdF...m4Xk",
    "dq": "XGN...PMk",
    "qi": "0es...UDI",
    "nbf": "0001-01-01T00:00:00",
    "exp": "0001-01-01T00:00:00"
    }

    var publicPEM = jwkToPem(jwk);
    console.log(publicPEM);

    var options = {"private" : true} //important this will set jwkToPem to output the private key
    var privatePEM = jwkToPem(jwk, options);
    console.log(privatePEM);

This outputs a public and a private key into the console.

Now by filling in these public and private keys into jwt.io i was able to generate a JWT



Answered By - Red-ER
Answer Checked By - Timothy Miller (PHPFixing Admin)

Thursday, January 13, 2022

[FIXED] PHP CURL request for a P12 (PFX) certificate with an export password (Passphrase)

      , , , ,      No comments   

Issue

Based on the PEM certificate and a key file, I'm creating two P12 (Pfx) files, with and without passphrase

  • demo_cert.pem

  • demo_key.pem

  • demo_pfx_withoutPassphrase.p12

  • demo_pfx_withPassphrase.p12

    openssl pkcs12 -export -clcerts -in demo_cert.pem -inkey demo_key.pem -out demo_pfx_withoutPassphrase.p12

Enter Export Password:  (empty)
Verifying - Enter Export Password:  (empty)


openssl pkcs12 -export -clcerts -in demo_cert.pem -inkey demo_key.pem -out demo_pfx_withPassphrase.p12 

Enter Export Password:  12345
Verifying - Enter Export Password: 12345

This file is used to communicate with the server.

<? php
try{
    $curl = curl_init($url);
    curl_setopt($curl, CURLOPT_URL, $url);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_HEADER, 0);
    curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type:  application/json,application/octet-stream"));
    curl_setopt($curl, CURLOPT_SSLCERTTYPE, "P12");
    curl_setopt($curl, CURLOPT_SSLCERT, getcwd() . 'demo_pfx_withPassphrase.p12');
    curl_setopt($curl, CURLOPT_SSLCERTPASSWD, '12345');
    //curl_setopt($curl, CURLOPT_SSLKEYPASSWD, '12345');

    $resp = curl_exec($curl)
    
    if (curl_errno($curl)) {
        $error_msg = curl_error($curl);
        echo 'Curl error: ' . curl_error($curl);
        echo "<br>";
    }
    else{
        echo curl_getinfo($curl);
        echo 'Curl info:  ' . curl_getinfo($curl)[0];
        echo "<br>";
    }

}
catch(Exception $e){
    echo $e;
} 

?>

Im able to successfully establish communication with the server using demo_pfx_withoutPassphrase.p12 (with out passphrase).

However, the same is not possible with the file containing a passphrase, demo_pfx_withPassphrase.p12, despite providing the password in SSLCERTPASSWD option

This is following error is what I get.

-------------------- Error response from the REMOTE SSL SERVER --------------------
58
int(58)
Curl error: could not open PKCS12 file 'demo_pfx_withPassphrase.p12'

How can I establish connection to server using a P12 file containing a passphrase?

Any advice and suggestions will be thoroughly appreciated.


Solution

Finally figured out the solution for the P12 (pfx) certificate not able to establish communication with the server using demo_pfx_withPassphrase.p12 (with passphrase)

The certificate file din't have the read permission

Provide read permission to the certificate file

chomod +r demo_pfx_withPassphrase

This should do it.

Finally, wrt providing passphrase for the associated P12 file, either provide SSLKEYPASSWD or SSLCERTPASSWS. Either one of these will work fine.

// --- Authorized Certificate with passphrase

curl_setopt($curl, CURLOPT_SSLCERT, getcwd() . 'demo_pfx_withPassphrase.p12');
curl_setopt($curl, CURLOPT_SSLKEYPASSWD, '12345');   // either sslkeypsswd 
curl_setopt($curl, CURLOPT_SSLCERTPASSWD, '12345'); // or sslcertpasswd


Answered By - Nishi Bangar

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...