4

I have a pair of keys that I have generated with:

ssh-keygen -t rsa -P "" -b 2048 -m PEM -f jwtRS256.key
ssh-keygen -e -m PEM -f jwtRS256.key > jwtRS256.key.pub

Now I'm trying to parse them with jwt.ParseRSAPrivateKeyFromPEM and jwt.ParseRSAPublicKeyFromPEM It works fine for the private key, but does not work for the Public key.

Error I get is: 2021/04/07 13:34:22 errorPublic: asn1: structure error: tags don't match (16 vs {class:0 tag:2 length:257 isCompound:false}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} tbsCertificate @4

My code:

package main

import (
    "fmt"
    "log"

    "github.com/dgrijalva/jwt-go"
)

var key = `-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAuMVb3lrWKlmGIzTaJqtVJi2rPIy7/BkRKlAZ7Q1u0VlyOhzI
cXq6zAGsh31uWeJBJFKrZdwA6b2LD5vscnuilHi0nfQZA5l+meQT9LJ7STnfJ7f8
1CniBIhj5g6dOva9o/ljrLCmRSE4MjJRl3LkydvrHNokzicOAvieq4BYgHVJ2DC7
r7cSWrHeIiBIEBb1zAghc1OxtkFkxumva2gmywq0zB0VfzsYrtSpWT77qSNA+UEH
H+UCahefkun1uaBcOrEIPUh/j95N3rFTAdIAzFvDqLvLdQbmm/NT78O7izSGvJ1K
4rM2fSiecALSROZqOeJy3pf2v6Caqlp2gdDHUQIDAQABAoIBAEeOBrnhq7bS3KOd
wC3hhCQ442ubhOFoQ8GDK8clwJjKbvYaV3W69cQzkcEWzjl46YlLipzzyla61LPC
ypq7Tob5B9lzwowmUWT/csr8o8oD42vaUMtJPQJMX4OkfTdsfpyV5AfokTuMVdr6
qaZhFEEoLbEKud4sObzk023PUnbMTMyz2weQsmVLT9gm64K9GHzauoEDWGpr3Boz
+mEKo9rhySeK73qXqJFFATl0IB50GpdKondere/XofLQ2kqUB2fFEWIeRXawFd4u
6yE5nxjhIvn9pqMhW48vPAYtwTUhY8OxpCwk9U+awBYMvkCnFlrO4TwCNFqE8j3/
r6YN5VECgYEA2c0GqQVfwbcgB+8pLmd8H7dq+HqHToTA00pgNAsl/LRFUhkIVyY1
YUJkr7nJ3ogzqyjNBz0K4JeaMbMxJRwbxu4SUBgmvc+3h0oa9ibTKtBH4KWAqwCC
3TLQFoMXJCf+YJOL8ZNeqQz4rEpCVvJj86p9F4iTRhl5bd7mYqiEjusCgYEA2S1U
19iAIEiSETtUWEzj/iAKOUZJKl4Kz6PVfUMT1lqodOHsNHexzcQs+W/LW/Z9Jr7u
JtdC0ZZl2UCQ8PBTirsA/gimisnmVhx3mvKXOOO/Cf8RpN1/faTnQJj/Tu+h3aV7
n53Av2wSQPoWnnNB9W515gTYqwiV//CX44lGS7MCgYEAmjSoj4kniB8hBZ0WOi24
2zfg+/a80CH76F1TieWOysHUBtGEbze1OZxpb2WKgQ1MD9Y+e+6DQgr0eFXX6N9i
51DuFFlVLLThy17zge5xOnHnQi3L0Mb24Kg2XooIG2hZmYU94xelQOnXMx0MpUTO
8dl24e+n3kzxBZJ46cdIu2sCgYBzz5yizazlik16Ku07eSVLasKI8FYr5aJWP8Ok
3JRDhmy2h5NyFzIVzDs/eMI09Cig9MgCpl/XbCA7zhZ8pWunWzmYPfyxniDaYqvV
UPAbQjepmP9Lr2JBGiLHa88ZxOfITmqyH2mdqn/BbpuJO2U8//6W/pab/iQfK6mT
iKyXyQKBgGb49CT+zi1VCa4jh0EH78odTwRb/PleAw25CLVSj35MqQCEA2/jU92g
P8iTDU5mDNEaQMvMYN1fKiAPm6hiKp9/5Q02zQWNVzOywgc0L41Yb9K/SqxGwITa
dFwwxhKgBqzgCeIpvKLCGrhMztzPjUL9o4MSdNa92vajcilr8ld6
-----END RSA PRIVATE KEY-----`

var pubkey = `-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAuMVb3lrWKlmGIzTaJqtVJi2rPIy7/BkRKlAZ7Q1u0VlyOhzIcXq6
zAGsh31uWeJBJFKrZdwA6b2LD5vscnuilHi0nfQZA5l+meQT9LJ7STnfJ7f81Cni
BIhj5g6dOva9o/ljrLCmRSE4MjJRl3LkydvrHNokzicOAvieq4BYgHVJ2DC7r7cS
WrHeIiBIEBb1zAghc1OxtkFkxumva2gmywq0zB0VfzsYrtSpWT77qSNA+UEHH+UC
ahefkun1uaBcOrEIPUh/j95N3rFTAdIAzFvDqLvLdQbmm/NT78O7izSGvJ1K4rM2
fSiecALSROZqOeJy3pf2v6Caqlp2gdDHUQIDAQAB
-----END RSA PUBLIC KEY-----
`

func main() {
    _, err := jwt.ParseRSAPrivateKeyFromPEM([]byte(key))
    if err != nil {
        log.Println("errorPrivate:", err)
    }
    _, err = jwt.ParseRSAPublicKeyFromPEM([]byte(pubkey))
    if err != nil {
        log.Println("errorPublic:", err)
    }

    fmt.Println("Done")
}

What am I doing wrong?

Improve this question
2
  • 2
    Try to export the public RSA key in X.509/SPKI format instead of PKCS#1 format (i.e. -e -m -pkcs8 instead of -e -m -pem). Commented Apr 7, 2021 at 11:36
  • @RamaBramantara Of course I can, but I don't know how. Should I just copy the answer and paste it in the 'Answer You Question' form? Commented Apr 7, 2021 at 16:33

1 Answer 1

Reset to default
3

jwt.ParseRSAPublicKeyFromPEM() internally calls the x509.ParsePKIXPublicKey() method which imports a PEM encoded key in X.509/SPKI format.

A PEM encoded key in X.509/SPKI format can be derived from the private key with ssh-keygen using the option -e -m pkcs8. Currently, the option -e -m pem is applied, which generates the public key in PKCS#1 format, which cannot be processed by jwt.ParseRSAPublicKeyFromPEM().

The public key import works if a PEM encoded key in X.509/SPKI format is used:

package main

import (
    "fmt"
    "log"
    "github.com/dgrijalva/jwt-go"
)

var key = `-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAo+fW9kv2Y5Fjky8TQLK3rYtjqCKIEf0Yjm1lXTnkpWVBjO7x
EzB7HYBkHnIA19HEdzjeKLlLcJevOU6G3p+t8/5vVhciPnhKpwU6ZzrR0P3Q2toC
+KgtrnPHXpm8Py/HVwBxHWZ352NNa5J3dHv6a7B1k7IMAaBT053P99l1NQrBCVJf
kXckQAUOnsYk/PKFFufNhlu3nAd+eUl0Iv1IAWsUb5lHKkIOOWxnlreFN5gdCgL6
YxLwXRBV010zu/Y9zF8zdhSZXWoIvD/JpOvkKh9ym1VE0YzYkSW+m0XnTa4VMdZf
mWcQNKhYZdNg0TqwRco893fVeo756JzOHQ0KcQIDAQABAoIBADnxO4zWTcPlIc5m
VegJReWT4ScPDgtN7eBry+mpDatqoEGyNocSHHPRb5NTufiRr2J2OBMtbf3foZIg
sI0C5fvbdoB4rSJoY/unXX4gzQuUrsCvUV2WFpAVXeWTc3ji6xVWkqZSExE5iaT9
oj0Llvt65hXQW243v2qP33U+6rBVC/2NozGzlq9uHvNJURF0/ZztIo47K6q+giZC
ONvycXVGT8h5PIzfQsnnrsaLYCNe+yJ1x9zPT32xStI8+rF/PFBO1T8umna6+kY2
pY5XQfiYH7gfUIqfjA48Ovnxdmyk9ib6DzcgB+vlY+4cgCGX27sbG99pxGKu8nGg
iJjBGAECgYEA1C4N+RweFi2vzCBLnrSCZ2U6XjFJyg9ugL+X01DM4r3ORVlFV5WZ
2ebKS0Efwh3Jg6fuvf/2/6sFPzH4x8GIKb8Wldsh9mAGUQzOJ+lURqaEnbw+5xSs
y77ORNUes/mdr5YmKpyFsKZXNDKasIeQ7/usp5BwcuOtk5F7+56u+80CgYEAxcGG
g3XNpbqW3mmGf59au+eofYbzliWXFKf3S6A1Mp2EAG02Lb7H2sNQKI2GXMABLeAf
ylNLigKnSBgc2n4Ice91ddkjJhz5zk1P6Rpjz4yChMfC0qqqDbrpwrjuzHRKtWNJ
xh+3qPiZzmpgfK87ddNo/4pTXYBj/rtWocWvjTUCgYBie7nqnV1tp+kIExlmYZyB
h1/PJot8aSs+QS+kWsWunLDoSWZBH+QYWuIcie7Gt/K31DOhJvSreOLnkTdK6I5d
6h7+kYazB6EG762kos2GOXYmjKCZu2P08exl0JH+sWa6gDPY5Wu8MYkaZj6cn1/r
s+JQqF85RGplq0pj4SSRJQKBgQCpFX4QutHZqP9ELc/tIPBwh3Nd2Nw+/eb+p1rf
U50IqPtrbfWMCXpSBvtroQ5IEXcwpVgpIy0MVJZ5IvzQqEBKQqcY206dUNsaVKpF
seWzWP1j0HU4sOlzkeQ7NOog8DHMg5dZilb7Z4wCnJvhH+bkKJ23GKuM37Ef5Uf+
S8t9HQKBgD3bw7YZpnpP05fMPVcpLLOdxOmd8h6kEKqzOu33PHreMl9GCK7J8eOF
oWqAK1ub7vYkke6teZlPjYyrqutTVCGBZXn2ctuDc/o4t17Qk8hXbQBn6W0+XggB
sV0tGy1CL+hkyk3EuUUDPapwXmSoA5P5eJqN16XiqSQCv7Cis0zr
-----END RSA PRIVATE KEY-----`

var pubkey = `-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+fW9kv2Y5Fjky8TQLK3
rYtjqCKIEf0Yjm1lXTnkpWVBjO7xEzB7HYBkHnIA19HEdzjeKLlLcJevOU6G3p+t
8/5vVhciPnhKpwU6ZzrR0P3Q2toC+KgtrnPHXpm8Py/HVwBxHWZ352NNa5J3dHv6
a7B1k7IMAaBT053P99l1NQrBCVJfkXckQAUOnsYk/PKFFufNhlu3nAd+eUl0Iv1I
AWsUb5lHKkIOOWxnlreFN5gdCgL6YxLwXRBV010zu/Y9zF8zdhSZXWoIvD/JpOvk
Kh9ym1VE0YzYkSW+m0XnTa4VMdZfmWcQNKhYZdNg0TqwRco893fVeo756JzOHQ0K
cQIDAQAB
-----END PUBLIC KEY-----`

func main() {
    _, err := jwt.ParseRSAPrivateKeyFromPEM([]byte(key))
    if err != nil {
        log.Println("errorPrivate:", err)
    }
    _, err = jwt.ParseRSAPublicKeyFromPEM([]byte(pubkey))
    if err != nil {
        log.Println("errorPublic:", err)
    }

    fmt.Println("Done")
}

Note that dgrijalva/jwt-go does not seem to be maintained, s. #457, and there are a number of open issues.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.