Hi!
Trying to verify with a RS256 public key like this:
mytoken = token(URL-CALL)
key = "PUBLIC KEY"
mytoken |> with_signer(rs256(%{k: key})) |> verify
And always failing. Plainly I am misunderstanding something (and/or just stupid! grin!)
Thoughts?
Quentin
HI @czrpb! Joken co-maintainer here.
RSXXX algorithms are based on asymmetric cryptography (a pair of public and private keys). The parameters needed for the keys are different than simply {k: "KEY"}. As an example, look into Joken’s tests. Here is one fixture we use in the test base:
def rsa_key do
%{"d" => "A2gHIUmJOzRGvklIA2S8wWayCXnF8NYAhOhu7woSwjioO3HRzvd3ptegSKDpPfABJuzhy7y08ug5ZcyFbN1hJBVY8NwNzpLSUK9wmXekrbTG9MT76NAiQTxV6fYK5DXPF4Cp0qghBt-tq0kQNKx4q9QEzLb9XonmXE2a10U8EWJIs972SFGhxKzf6aq6Ri7UDK607ngQyEhVmGxr3gDJLAGQ5wOap5NYIL2ufI5FYqH-Sby_Qk7299b-w4B0fl6u8isR8OlpwMLVnD-oqOBPH-65tE82hxPV0QbSmyzmg9hlVVinJ82YRBkbcu-XG9XXOhUqJJ7kafQrYkQx6BiFKQ",
"dp" => "Useg361ca8Aem1TToW8AfjOLAAEqkkR48UPMSS2Le9D4YFtAb_ud5CK2IevYl0R-4afXUzIoeiNRg4bOTAWmTwKKlmAp4B5GzlbPzAPhwQRCxzs5MiW0K-Nw30blBLWlJYDAnVEr3T3rqtgzXFLMhR5AHqM4VhWQK7QaxgaW7TE",
"dq" => "yueW-DmyJULJlJckFXfkivSO_X1sjQurDwDfyFLAnrvgy2EqJ-iq0gBVySMGw2CgeSQegTmuKinF4anL0wy85BK8tgxDULVOpjls4ej8ZQnJ2RVEjdxZLjKh-2yw-v6mbn7goko98nkRCBYMdDUBHNVcaY9bA8kdBWi-K6DgW2E",
"e" => "AQAB",
"kty" => "RSA",
"n" => "xnAUUvtW3ftv25jCB-hePVCnhROqH2PACVGoCybdtMYTl8qVABAR0d6T-BRzVhJzz0-UvBNFUQyVvKAFxtbQUZN2JgAm08UJrDQszqz5tTzodWexODdPuoCaWaWge_MZGhz5PwWd7Jc4bPAu0QzSVFpBP3CovSjv48Z2Eq0_LHXVjjX_Az-WaUh94mXFyAxFI_oCygtT-il1-japS3cXJJh0WddT3VKEBRYHmxDJd_LYE-KXQt3aTDhq0vI9sG2ivtFj0dc3w_YBdr4hlcr42ujSP3wLTPpTjituwHQhYP4j-zqu7J3FYaIxU4lkK9Y_DP27RxffFI9YDPJdwFkNJw",
"p" => "5cMQg_4MrOnHI44xEs6Jyt_22DCvw3K-GY046Ls50vIf2KlRALHI65SPKfVFo5hUuHkBuWnQV46tHJU0dlmfg4svPMm_581r59yXeI8W6G4FlsSiVyhFO3P5Q5ubVs7MNaqhvaqqPqR14cVvHSqjwX5jGuGAVuLhnOhZGbtb7_U",
"q" => "3RlGNrCRU-yV7TTikKJVJCIpe8vgLBkHQ61iuICd8AyHa4sXICgf2YBFgW8CAJOHKIp8g_Nl94VYpqWvN1YVDB7sFUlRpJL2yXvTKxDzUwtM5pf_D1O6lGEMQBRY-buhZHmPf5qG93LnsSqm5YOZGpZ6t6gHtYM9A6JOIgwsYys",
"qi" => "kG5Stetls18_1fvQx8rxhX2Ais0Xg0gLDUjpE_9TYcb-utq79HVKOQ_2PJGz09hQ_teqnhXhgGMubqaktl6UOSJr6B4JgcAY7yU-34EuSxp8uKLix9BVsF2cpiC4ADhjLKP9c7IQ7X7zfs336_Reb8fh9G_zRdwEfmqFy7m28Lg"}
end
Probably what you have is a couple PEM files that encodes all this information (jwt.io shows the content of such files for testing). You can parse this file using the embedded public_key erlang application or use one of the facilities of JOSE (that we depend on) like JOSE.JWK.from_pem_file/1.
Awesome reply! I still trying to work it through. In my case, all I have is the public key with which to verify (no file, accessible via an endpoint).
Hopefully I will figure it out and wont have to bug you again! 
Quentin
No worries! There are other utilities for reading the PEM content from binaries on the same module. Maybe they can help you better.
Regards,
Looks like I finally got it!
# Get our's system's token
token = URL.token(host)
# Get our's system's public key
public_key = URL.public_key(host)
# Make it a Joken token
token = Joken.token(token)
# Verify token with public key
with_signer = token |> Joken.with_signer(Joken.rs256(JOSE.JWK.from_pem(public_key)))
{:ok, claims} = with_signer |> Joken.verify!
IO.puts("#{inspect claims}")
Thx for the pointers!! If there is some user oriented docs I missed reading, would love to read them!
Thx for the tool! 
Quentin
Nice to hear it worked for you!
I’ve talked a bit wiht Bryan Joseph about refactoring some things but still haven’t got the time to do it. Will probably add a section about asymmetric cryptography there though!
Cheers
Hi community,
I am struggling to find the latest example about Joken.es256/1 (as it is deprecated) out there. Is anybody still on this right now or I will create a new discussion?
Best wishes,
Jing Hui P.
© Copyright Elixir Forum | Terms | Privacy & Cookies
