Hello all,
I am using an ESP32 to connect to a server and send a JWT. I am using the ES256 algorithm to create a JWT using mbedTLS. I just had a few questions as I am new to cryptography and mbedTLS on the ESP32, and wanted to ask if any users have experience using mbedTLS on ESP32.
For the x and y values determining the points of a curve, do those correspond to mbedtls_ecp_keypair.d and mbedtls_ecp_keypair.Q or mbedtls_ecp_point.private_X and mbedtls_ecp_point.private_Y ?
I am using mbedtls_write_binary on the r and s values obtained from mbedtls_ecdsa_sign. These are returning arrays of mostly 0s followed by 64 or 66 characters. Are these last 64 or 66 characters the hexadecimal octets I should be concatenating to form the JWT signature?
ESP32 ECP Keypair JWT header formatting
-
MicroController
- Posts: 1688
- Joined: Mon Oct 17, 2022 7:38 pm
- Location: Europe, Germany
Re: ESP32 ECP Keypair JWT header formatting
I solved the first question (it should be private_X and private_Y by the documentation).MicroController wrote: ↑Sat Jun 03, 2023 2:13 pmDoes https://esp32.com/viewtopic.php?f=13&t=19875 help?
Not exactly. Their example uses RSA, I *have* to use ECDSA and the issue with this is the conversion of the ECDSA signature into octet sequences to then be base64 safe url encoded. My main issue is related to parsing that appropriately.
-
MicroController
- Posts: 1688
- Joined: Mon Oct 17, 2022 7:38 pm
- Location: Europe, Germany
Re: ESP32 ECP Keypair JWT header formatting
They should be. However, each value must be 256 bits, i.e. 32 bytes, i.e. 64 hex digits. Not sure why you're getting 66 (=33 bytes).Are these last 64 or 66 characters the hexadecimal octets I should be concatenating to form the JWT signature?
Re: ESP32 ECP Keypair JWT header formatting
Alright, that's what I figured but I wanted someone with more knowledge to confirm. I'll be able to check specifically tomorrow to see the count - I'm not available to reach the machine until then, and the code repository is internal only.MicroController wrote: ↑Sat Jun 03, 2023 6:18 pmThey should be. However, each value must be 256 bits, i.e. 32 bytes, i.e. 64 hex digits. Not sure why you're getting 66 (=33 bytes).Are these last 64 or 66 characters the hexadecimal octets I should be concatenating to form the JWT signature?
Re: ESP32 ECP Keypair JWT header formatting
Sorry for the long time to get back - some things came up.
I went to the lab and found that when I write out the private X and private Y of the ecp keypair using mbedtls_ecp_point_write_binary, the binary strings are in fact 256 bytes long, and the last 32 are always hexadecimal pairs. I was not printing the hexadecimal formatters properly which was giving me strings of different length, explaining the 61~65 character variance.
Now that I have the last 32 hexadecimal characters of X and Y, I should be able to format them into JSON web tokens, correct?
I went to the lab and found that when I write out the private X and private Y of the ecp keypair using mbedtls_ecp_point_write_binary, the binary strings are in fact 256 bytes long, and the last 32 are always hexadecimal pairs. I was not printing the hexadecimal formatters properly which was giving me strings of different length, explaining the 61~65 character variance.
Now that I have the last 32 hexadecimal characters of X and Y, I should be able to format them into JSON web tokens, correct?
Who is online
Users browsing this forum: No registered users and 64 guests