ESP32 ECP Keypair JWT header formatting

ecktello
Posts: 8
Joined: Fri May 05, 2023 11:01 pm

ESP32 ECP Keypair JWT header formatting

Postby ecktello » Fri Jun 02, 2023 9:12 pm

Hello all,

I am using an ESP32 to connect to a server and send a JWT. I am using the ES256 algorithm to create a JWT using mbedTLS. I just had a few questions as I am new to cryptography and mbedTLS on the ESP32, and wanted to ask if any users have experience using mbedTLS on ESP32.

For the x and y values determining the points of a curve, do those correspond to mbedtls_ecp_keypair.d and mbedtls_ecp_keypair.Q or mbedtls_ecp_point.private_X and mbedtls_ecp_point.private_Y ?

I am using mbedtls_write_binary on the r and s values obtained from mbedtls_ecdsa_sign. These are returning arrays of mostly 0s followed by 64 or 66 characters. Are these last 64 or 66 characters the hexadecimal octets I should be concatenating to form the JWT signature?

MicroController
Posts: 1136
Joined: Mon Oct 17, 2022 7:38 pm
Location: Europe, Germany

Re: ESP32 ECP Keypair JWT header formatting

Postby MicroController » Sat Jun 03, 2023 2:13 pm


ecktello
Posts: 8
Joined: Fri May 05, 2023 11:01 pm

Re: ESP32 ECP Keypair JWT header formatting

Postby ecktello » Sat Jun 03, 2023 2:31 pm

MicroController wrote:
Sat Jun 03, 2023 2:13 pm
Does https://esp32.com/viewtopic.php?f=13&t=19875 help?
I solved the first question (it should be private_X and private_Y by the documentation).

Not exactly. Their example uses RSA, I *have* to use ECDSA and the issue with this is the conversion of the ECDSA signature into octet sequences to then be base64 safe url encoded. My main issue is related to parsing that appropriately.

MicroController
Posts: 1136
Joined: Mon Oct 17, 2022 7:38 pm
Location: Europe, Germany

Re: ESP32 ECP Keypair JWT header formatting

Postby MicroController » Sat Jun 03, 2023 6:18 pm

Are these last 64 or 66 characters the hexadecimal octets I should be concatenating to form the JWT signature?
They should be. However, each value must be 256 bits, i.e. 32 bytes, i.e. 64 hex digits. Not sure why you're getting 66 (=33 bytes).

ecktello
Posts: 8
Joined: Fri May 05, 2023 11:01 pm

Re: ESP32 ECP Keypair JWT header formatting

Postby ecktello » Sun Jun 04, 2023 5:38 pm

MicroController wrote:
Sat Jun 03, 2023 6:18 pm
Are these last 64 or 66 characters the hexadecimal octets I should be concatenating to form the JWT signature?
They should be. However, each value must be 256 bits, i.e. 32 bytes, i.e. 64 hex digits. Not sure why you're getting 66 (=33 bytes).
Alright, that's what I figured but I wanted someone with more knowledge to confirm. I'll be able to check specifically tomorrow to see the count - I'm not available to reach the machine until then, and the code repository is internal only. :oops:

ecktello
Posts: 8
Joined: Fri May 05, 2023 11:01 pm

Re: ESP32 ECP Keypair JWT header formatting

Postby ecktello » Sun Jun 18, 2023 4:34 am

Sorry for the long time to get back - some things came up.

I went to the lab and found that when I write out the private X and private Y of the ecp keypair using mbedtls_ecp_point_write_binary, the binary strings are in fact 256 bytes long, and the last 32 are always hexadecimal pairs. I was not printing the hexadecimal formatters properly which was giving me strings of different length, explaining the 61~65 character variance.

Now that I have the last 32 hexadecimal characters of X and Y, I should be able to format them into JSON web tokens, correct?

Who is online

Users browsing this forum: Bing [Bot] and 111 guests