How to verify JWT token with ES384 algorithm with Nodejs tools signed with JwtSecurityTokenHandler using CNG keys

Question

I'm trying to verify JWT token with Node.js tools signed with JwtSecurityTokenHandler using CNG generated keys

I tried many Nood.js tools e.g. jsonwebtoken

jwt.verify(token, publickey,{ algorithms: ['ES384'], ...

But get wrong tag errors every time

["error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error"],"library":"asn1 encoding routines","function":"asn1_check_tlen","reason":"wrong tag","code":"ERR_OSSL_ASN1_WRONG_TAG"

The public and private keys generated with CNG

 var key = CngKey.Create(CngAlgorithm.ECDsaP384, "keyName",
                new CngKeyCreationParameters
                {
                    KeyCreationOptions = CngKeyCreationOptions.OverwriteExistingKey,
                    KeyUsage = CngKeyUsages.AllUsages,
                    ExportPolicy = CngExportPolicies.AllowPlaintextExport,
                });

            txtPrivateKey = Convert.ToBase64String(key.Export(CngKeyBlobFormat.EccPrivateBlob));
            txtPublicKey = Convert.ToBase64String(key.Export(CngKeyBlobFormat.EccPublicBlob));

I tried with converting the keys, but still getting the same exception. How can I generate a valid public key for Node.js tools using CNG and ES384 algorithm?

score 0 · Answer 1 · answered Aug 03 '21 at 06:37

It seems I found the solution:

export private key in pkcs8 format

Convert.ToBase64String(key.Export(CngKeyBlobFormat.Pkcs8PrivateBlob));

save into pem and add BEGIN/END PRIVATE KEY
generate public key with openssl

openssl ec -in pkcs8.pem -pubout -out pkcs8genpubkey.pem

How to verify JWT token with ES384 algorithm with Nodejs tools signed with JwtSecurityTokenHandler using CNG keys

1 Answers1