JWK is not verified in debugger

Help
, ,
1

Hi, I am quite new in this topic, so I just might miss a main thing that is easy to solve.
I generated a JWT, private_key.pem, public_key.pem and a JWKS.
I used the debugger on jwt.io to verify my components.

When I use Encoded JWT with private_key.pem and public_key.pem, signature is verified.
When I use Encoded JWT with private_key.pem and JWK, signature is NOT verified

My JWK contains the public_key.pem as x5c value. This might be the problem, but I am not sure about this. Here are the components I used in the debugger:

Encoded JWT:

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJteV9qd3RfaWQiLCJpYXQiOjE2NjY3NzEyNDZ9.w31MBueBSGxkemCU5_lnPwvD-SFY-h0TW664hWvjN7Doho2fAK5Fs8QtjaPDvnNVosttT401G4ZRbbC9ReLJmDulIpp-b0oFj7TQAkU3O6YZyADJL0rW7FuFv3ZXkGwI1FRpH1rhi9TS1qO1wpoeIZeVxYEqrDHRt5AWKrQhrn6wcy__ZVr5HPjZDsdbA5QDXuZnBhNX4SzvSUFuM9qRFjS97WOs-9gfgS56b09EsWoX89Krq1FhN2HUOrB85i__K2QEAylJshEjzYaNyJb8wqMQPA3J9kaqsLLCnydIxhocgJcBYhr-CJQIoTggZdZNyJWIRcsruz5w8xb43FItDg

private_key.pem

-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD1IwqVvaO59bOK
x0OzVIZoeUN03kFVbsaOngHwb7l7frG0zNKfaTVFcinx02tHL41YCrVXNCNBZsw2
Gg4TVTLgULSV996/mAp66uCq7DgO73VfEEtcyXShVDWiPk1lK4LvFFzHiFXNUIwR
Fb9UPBvGL5R4KvddcCMA5P1bENDbj7IfOvKsFZ2r2yF2fFmd7U2Ft8Cgj/3lLTuH
fo3n2uOywBJCkyfIu2YJ2BW6eA5ajM8Qv45GTlIINumr1TlO7Ts4bXWS/Y8sTp50
o2uwAyzVJ3vr6HoCbXrhCg/UOpXrIkQ4gEM8TaAber1ddIs6hDo5bWondeTXUwDG
wPCtJkxPAgMBAAECggEANViY1xlb5f4YQl022HHOhjHNgkNTyHnA8Axms6I8pSlf
Fs90DojgtOoxQpUVxXoNslkyOXX5LiRm0Gc/JOnnlnU5t2Ensl4t+a3fkpKxaF6o
FjX/kIOuw+UFfvc79IZRiiHORwXeVj3vHVC0QGqMSMbV8oi3KDhdBbbPg9/W89CW
k/wx3iOu+GJxf6JA5+Zj1WhDGdLPyFb3ob8h9bbzz8hNLSqS9f779NtsdLYTpXjo
PS7A0//7HHSLuKHpw4cyEFlLJrLEqPcdCH5hU43TQ7IGGH/okKLi7y63hCEsreqZ
8zUcvCgSlL2o2Y1FCs8VBcNDxGrDPVH907+dV1RkcQKBgQD8DNsJx8T8JMPHHC7A
RQI8+NI+4CORBfZBT+cSd+6VG9cIFjXmVzDBU/rMPoDR6MxhVZhf7QzOEeKY3m8v
sqV2FiLrG5SJg3/IjYZlkaGbE3KuPbGnc9yPjLlvNIT8yvxmO0Re2S28MLfjNfJx
L1i80XHIQyiRrEkKomcSX82RcwKBgQD4+nOfClc3cXRMkN/85OdDmm3O+FtO6Tef
xfSuy1fMgxd6ApTl0UlqKTiOX4YS/Qg7pkcPSDBoRptkxvqnnVcSEzBhCdicDC6d
nojw+ZlqGKHHyJmrvVplPj4yyrRmIOorJA7pNfv6O2MmtNe/XB8JJewrCLHZkyAp
qZ7P2oIytQKBgBUmEv74Fyw8/Xxoffe+EpkBG8sQzYsun+INDUt8arVyN5HDI1Sn
fjzKiiG3IOH8EaIdJ4LtBgUIdSX0jAnJiJ6m7tkhYE5FjWRLk7pUBOZZNGcwYAa3
7wrQeQK+umXntlPxpyP6Px8qS1OyRByBJ4X4YP63u+C1Pw+4XsOo7DvHAoGBALd/
dql3aJI/NtSbTcnINr23WkjY+AqvjcRelBgjW8EpuKq+rli2p6HrYXhk5J6oCGJW
CTc1ICAqMarTj7brGloC9HwAUrmnrM+UIR9hBfWQ0+M3cDKH6tCFUDgE93HxvkQv
XiH5HI3vKQNE82FglqsaXPXWgaV2bpTmI1rTk3OlAoGBAIjJt9yUou53LcEuLUkr
s+OeskK2EZbHC7r32GNKrUhcbcQkUJAeLhMfyMV8DdA1xntzle+eTEJ58ZovMMvG
3FYxTnM8idXWMHyFBAMNTj07eC+JHJl17XdEN4XvBiXgGSfY4pNL+LIWiyLepVbU
OFqSNolJg1PkiR3hulkeYMRV
-----END PRIVATE KEY-----

public_key.pem

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9SMKlb2jufWzisdDs1SG
aHlDdN5BVW7Gjp4B8G+5e36xtMzSn2k1RXIp8dNrRy+NWAq1VzQjQWbMNhoOE1Uy
4FC0lffev5gKeurgquw4Du91XxBLXMl0oVQ1oj5NZSuC7xRcx4hVzVCMERW/VDwb
xi+UeCr3XXAjAOT9WxDQ24+yHzryrBWdq9shdnxZne1NhbfAoI/95S07h36N59rj
ssASQpMnyLtmCdgVungOWozPEL+ORk5SCDbpq9U5Tu07OG11kv2PLE6edKNrsAMs
1Sd76+h6Am164QoP1DqV6yJEOIBDPE2gG3q9XXSLOoQ6OW1qJ3Xk11MAxsDwrSZM
TwIDAQAB
-----END PUBLIC KEY-----

JWK String:

    {
      "kty": "RSA",
      "use": "sig",
      "kid": "my_jwt_id",
      "x5c": [ 
       "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9SMKlb2jufWzisdDs1SGaHlDdN5BVW7Gjp4B8G+5e36xtMzSn2k1RXIp8dNrRy+NWAq1VzQjQWbMNhoOE1Uy4FC0lffev5gKeurgquw4Du91XxBLXMl0oVQ1oj5NZSuC7xRcx4hVzVCMERW/VDwbxi+UeCr3XXAjAOT9WxDQ24+yHzryrBWdq9shdnxZne1NhbfAoI/95S07h36N59rjssASQpMnyLtmCdgVungOWozPEL+ORk5SCDbpq9U5Tu07OG11kv2PLE6edKNrsAMs1Sd76+h6Am164QoP1DqV6yJEOIBDPE2gG3q9XXSLOoQ6OW1qJ3Xk11MAxsDwrSZMTwIDAQAB"
      ]
    }

I think I might be missing something between the relationship between private_key.pem and x5c

2

Hi @jlaudenbach,

Have you seen this FAQ on the subject?

A very important note at the bottom that might help clarify:

You’ll notice the x5c claim in the first key in the JWKS matches the body of the PEM certificate!

3

Hi @dan.woda,

thank you for your reply.
Yes i know the post you mentioned. Actually this was my blueprint for my own JWK.
And as in your post, I chose x5c exactly the same as the public_key.pem string.
I am still not sure, why it is not working, but I use now onlyn and e parameter for my JWK and this works fine.

4

Can you post an example of the public key you are trying to use?

5

You will find all above at the beginning of the Post: JWT, private.pem, public.pem and JWK String.
Maybe you have an idea, why public.pem is working but not JWK String.

6

Are you adding the header and footer to the x5c?

7

You mean -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- string?
No I haven’t add this to the x5c.

8

Yep, try adding those and see if it works correctly.

9

I tried

    {
      "kty": "RSA",
      "use": "sig",
      "kid": "my_jwt_id",
      "x5c": [ 
       "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9SMKlb2jufWzisdDs1SG
aHlDdN5BVW7Gjp4B8G+5e36xtMzSn2k1RXIp8dNrRy+NWAq1VzQjQWbMNhoOE1Uy
4FC0lffev5gKeurgquw4Du91XxBLXMl0oVQ1oj5NZSuC7xRcx4hVzVCMERW/VDwb
xi+UeCr3XXAjAOT9WxDQ24+yHzryrBWdq9shdnxZne1NhbfAoI/95S07h36N59rj
ssASQpMnyLtmCdgVungOWozPEL+ORk5SCDbpq9U5Tu07OG11kv2PLE6edKNrsAMs
1Sd76+h6Am164QoP1DqV6yJEOIBDPE2gG3q9XXSLOoQ6OW1qJ3Xk11MAxsDwrSZM
TwIDAQAB
-----END PUBLIC KEY-----"
      ]
    }

with no success.
This looks version looks quite strange for me

10

Try this:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9SMKlb2jufWzisdDs1SG
aHlDdN5BVW7Gjp4B8G+5e36xtMzSn2k1RXIp8dNrRy+NWAq1VzQjQWbMNhoOE1Uy
4FC0lffev5gKeurgquw4Du91XxBLXMl0oVQ1oj5NZSuC7xRcx4hVzVCMERW/VDwb
xi+UeCr3XXAjAOT9WxDQ24+yHzryrBWdq9shdnxZne1NhbfAoI/95S07h36N59rj
ssASQpMnyLtmCdgVungOWozPEL+ORk5SCDbpq9U5Tu07OG11kv2PLE6edKNrsAMs
1Sd76+h6Am164QoP1DqV6yJEOIBDPE2gG3q9XXSLOoQ6OW1qJ3Xk11MAxsDwrSZM
TwIDAQAB
-----END PUBLIC KEY-----