Search code examples
sshcryptographyjwtrsapublic-key

Get modulus of ssh-rsa public key?

I'm trying to verify a JWT on client side with Auth0's library idtoken-verifier and am getting thrown an error when checking modulus and exponent of my public key (https://github.com/auth0/idtoken-verifier/blob/master/src/helpers/rsa-verifier.js#L25)

Public key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmg9TCgeL+aTFrr6MiZ/FXcuh846XlQLHgDMIHDX74x1zwPPlx+voqx7sO4YH4wzmUjoA6XURj9tZSwFnWBkSntcvEMQLoN3ydKpSv0m8K8CQnOimZoRH5zEdGnkG2rIswcobuaqXUYHqLmQV1+vxY+ScX46/0+dVmLdhY9SjdgkTsO3N3GGlGXZIL92nmBVzD1gRKbMT9Lx0ZqHwTUGTxUcA4OxNojIRYX6B0xbyCBOlOn2p4lhOXJE8UypvHz6vhmP9FkCqrAVW/ii0S2hQnhR8aYQALsyQOig+ItR92VzGi/KyULx3fiNdeYe/rlxRffpNTWrun9xuM6aZwBLRp

I couldn't find any information on how to grab modulus and exp from a key generated with ssh-keygen so I tried to manually extract it with some help from this post to get:

exp: AQAB --> 65537

modulus: AQDmg9TCgeL+aTFrr6MiZ/FXcuh846XlQLHgDMIHDX74x1zwPPlx+voqx7sO4YH4wzmUjoA6XURj9tZSwFnWBkSntcvEMQLoN3ydKpSv0m8K8CQnOimZoRH5zEdGnkG2rIswcobuaqXUYHqLmQV1+vxY+ScX46/0+dVmLdhY9SjdgkTsO3N3GGlGXZIL92nmBVzD1gRKbMT9Lx0ZqHwTUGTxUcA4OxNojIRYX6B0xbyCBOlOn2p4lhOXJE8UypvHz6vhmP9FkCqrAVW/ii0S2hQnhR8aYQALsyQOig+ItR92VzGi/KyULx3fiNdeYe/rlxRffpNTWrun9xuM6aZwBLRp

Here's the function from the library 

function RSAVerifier(modulus, exp) {
  this.n = null;
  this.e = 0;

  if (modulus != null && exp != null && modulus.length > 0 && exp.length > 0) {
    this.n = new BigInteger(modulus, 16);
    this.e = parseInt(exp, 16);
  } else {
    throw new Error('Invalid key data');
  }
}

Verifier

const verifier = new IdTokenVerifier({
  issuer: 'https://somevalidurl.com',
  audience: 'access',
  expectedAlg: 'RS256',
  jwksCache: new DummyCache(),
});

DummyCache()

class DummyCache {
  get() {
    let keyInfo = {
      'modulus': ??????,
      'exp': 65537,
    }
    return keyInfo;
  }
  has() {
    return true;
  }
  set() {
    return null;
  }
}

I think I'm getting confused on what the modulus parameter is expecting, I tried converting the above modulus to a couple different forms (hex, put it through https://lapo.it/asn1js/, etc.) to no luck.

Solution

  • The public key is in the ssh-rsa key format. It should be converted to PEM first:

    ssh-keygen -f key.pub -e -m pem

    With the key you provided, the result will be:

    -----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA5oPUwoHi/mkxa6+jImfxV3LofOOl5UCx4AzCBw1++Mdc8Dz5cfr6
Kse7DuGB+MM5lI6AOl1EY/bWUsBZ1gZEp7XLxDEC6Dd8nSqUr9JvCvAkJzopmaER
+cxHRp5BtqyLMHKG7mql1GB6i5kFdfr8WPknF+Ov9PnVZi3YWPUo3YJE7Dtzdxhp
Rl2SC/dp5gVcw9YESmzE/S8dGah8E1Bk8VHAODsTaIyEWF+gdMW8ggTpTp9qeJYT
lyRPFMqbx8+r4Zj/RZAqqwFVv4otEtoUJ4UfGmEAC7MkDooPiLUfdlcxovyslC8d
34jXXmHv65cUX36TU1q7p/cbjOmmcAS0aQIDAQAB
-----END RSA PUBLIC KEY-----

    See lapo.it/asn1js for a decoded version of this key.