0

I'm creating a JWT within Mirth and sending the constructed message out to an oauth2 server but it keeps erroring. When I put the JWT into jwt.io I get valid header and payload information but my signature is coming back as invalid and I can't figure out why.

I created the signature with openssl using the following:

openssl req -new -x509 -key /path_to_key/privatekey.pem -out /path_to_key/publickey509.pem

In Mirth, I encode the privatekey.pem file

encoded = Packages.org.apache.commons.codec.binary.Base64.decodeBase64('privatekey.pem contents minus header');
keySpec = new Packages.java.security.spec.PKCS8EncodedKeySpec(encoded);
privateKey = keyFac.generatePrivate(keySpec);

When I check the contents sent out and paste the encoded JWT into jwt.io I get invalid signature. I'm not sure where or what I'm doing wrong.

JWT.io signature error:

Public Key in SPKI, PKCS #1, X.509 Certificate, or JWK string format.

Private Key in PKCS #8, PKCS #1, or JWK string format.  The key never leaves your browser.
jc84
  • 11
  • 1
  • 1
    The JWT.io output doesn't look like an error to me. – tobifasc Oct 22 '21 at 09:41
  • 1
    you have to paste your public key into the public key field. Without knowing the public key, the signature can't be verified. – jps Jul 21 '22 at 08:04

0 Answers0