I have this code with was written by someone else:
@key "f266HhqytuyaIIaqfAgh5893425[and so on]"
def pubkey(), do: @key
@rsakey @key
|> Base.decode64!()
|> :erlang.binary_to_list()
|> Enum.slice(26..-1)
|> :erlang.list_to_binary()
|> (&(:public_key.der_decode(:RSAPrivateKey, &1))).()
And then a jwt token is signed with it:
def sign(input) do
signature = :public_key.sign(input, :sha256, @rsakey)
Base.url_encode64(signature, padding: false)
end
Fact - from a private key a public one can be generated.
But in this code it’s not the case - from a public key a private one is indeed generated.
The code works properly.
How can that be?
Or may be the code is meant to do something else? Meaning, @rsakey
isn’t trully a private key but some derivative used only to sing a jwt in a simple manner that’s good enough for the task?