Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-6996

"n" in JWK for RSA should be unsigned, but is signed in JwkUtils.prepareRSAJwk

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 3.1.7
    • 3.1.8, 3.2.0
    • JAX-RS Security
    • None
    • Unknown

    Description

      The length of the "n" value is 257 bytes for a 2048 bits key length.
      If "n" is handled as an unsigned int, it should be at most 256 bytes.
      The added null byte is caused by BigInteger.toByteArray() which always handles the integer as a signed integer.

      A fix is just to remove all the first 0-bytes in the encodedModulus, see JwkUtils.prepareRSAJwk.

      This fix will surely break clients which just decodes the "n" as an unsigned value using new BigInteger(byte[]) . These clients must be changed to either always insert a leading "0-byte" before using the new BigInteger(byte[]) contstructor, or they should use the BigInteger(signum, magnitude) constructor.

      The extra "sign byte" is mentioned in:
      https://tools.ietf.org/html/rfc7518#page-30

      Attachments

        Activity

          People

            sergey_beryozkin Sergey Beryozkin
            svein.otto.solem@kantega.no Svein Otto Solem
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: