how to pass a ES256K key to JWT.decode?

[mackuba]

Hi,

I'm trying to figure out how to pass an existing public key to JWT.decode for verification. I have the key as a binary string, decoded from a multibase string like this zQ3shMcFGXMMsEX5nxmV8QfBZQc1Uw6mSWADuKSgsvieu5ezC, which passed through Base58 decoder gives me \xE7\x01 and then the actual key.

Now, how do I pass it to JWT.decode… if I pass it as a string that I have (@param key [String] in the comment for JWT.decode suggests that this should work), I get an error undefined method 'group' for an instance of String. So I'm assuming I need to construct some OpenSSL object, but I don't think any example or spec shows this.

[anakinj]

Hi, to decode and verify a token with ECDSA key you need to represent the key as an instance of OpenSSL::PKey::EC. How to achieve this in your case depends on what the encoded string represents.

For example if you would happen to have the key represented as a JWK you could use the built-in JWK object to parse the data. If the key is represented as a PEM formatted string you could use the import functionalities provided by the openssl gem.

 jwk = JWT::JWK.new(my_ecdsa_key_parameters_as_a_hash)
decoded_token = JWT.decode(token, jwk.verify_key, true, { algorithm: 'ES256' })

[anakinj]

Think we should add a check to that algorithm to check that the given type is what it expect before trying to access anything from the given key. The errors emitted are not that helpful.

[mackuba]

It's something like this:

> require 'open-uri'
> require 'json'
> require 'base58'
=> true

> did_doc = JSON.parse(URI.open('https://plc.directory/did:plc:oio4hkxaop4ao4wz2pp3f4cr').read)
=> 
{"@context" => ["https://www.w3.org/ns/did/v1", "https://w3id.org/security/multikey/v1", "https://w3id.org/security/suites/secp256k1-2019/v1"],
...

> key_multibase = did_doc['verificationMethod'][0]['publicKeyMultibase']
=> "zQ3shMcFGXMMsEX5nxmV8QfBZQc1Uw6mSWADuKSgsvieu5ezC"

> key_decoded = Base58.base58_to_binary(key_multibase[1..], :bitcoin)
=> "\xE7\x01\x02\x02\xEF]\xA9Q:\xB1\x8Ev\xB9\x85w\x17\\\vWi^\xC9H\x1D\x03\xDDM\e\x8Fo\xA2\x8C\xCD\x8B\xE9"

> actual_key = key_decoded[2..]
=> "\x02\x02\xEF]\xA9Q:\xB1\x8Ev\xB9\x85w\x17\\\vWi^\xC9H\x1D\x03\xDDM\e\x8Fo\xA2\x8C\xCD\x8B\xE9"

As far as I understand, it's a "secp256k1 / ES256K public key (compressed)".

[anakinj]

This is a bit tricky and very related to elliptic curve acrobatics. There could be some tooling to handle this but did not spend time searching.

# continues the snippet above
actual_key = key_decoded[2..]

# Key is compressed (only the X coordinate is given) so need to decompress (calculate the Y on the curve) it, this can be done manually but here we use OpenSSL capabilities. Also could have been the other way around with the coords.

group = OpenSSL::PKey::EC::Group.new('secp256k1')
point = OpenSSL::PKey::EC::Point.new(group, actual_key)
uncompressed_point = point.to_bn(:uncompressed).to_s(2)

# Get the coordinates from the point
x_octets, y_octets = uncompressed_point.unpack('xa32a32')

# Generate a JWK with the extracted coordinates
jwk = {
  kty: "EC",
  crv: "P-256K",
  x: ::Base64.urlsafe_encode64(x_octets, padding: false),
  y: ::Base64.urlsafe_encode64(y_octets, padding: false),
}

# Import the JWK
key = ::JWT::JWK.import(jwk).public_key

[mackuba]

Ok thanks, that seems to be working. ChatGPT suggested something like this, which is also working (both are passing the token validation), although the keys don't seem to be the exact same values…

def spki_from_compressed_secp256k1(comp)
  alg_id = OpenSSL::ASN1::Sequence([
    OpenSSL::ASN1::ObjectId('id-ecPublicKey'),
    OpenSSL::ASN1::ObjectId('secp256k1')
  ])
  OpenSSL::ASN1::Sequence([alg_id, OpenSSL::ASN1::BitString(comp)]).to_der
end

OpenSSL::PKey.read(spki_from_compressed_secp256k1(comp))

I'll try to dig into this a bit more, I'd like to understand fully what I'm doing :) I was hoping that maybe I missed something obvious and simple.

[anakinj]

Closing this as it's not really related to the gem. Would love to continue the discussion and outcome of this :)