1. Eric Nieva
  2. PowerBuilder
  3. Thursday, 29 October 2020 01:43 AM UTC

I am trying to generate a signature in RS256 algorithm using CrypterObject’s SHA and AsymmetricSign functions, following Scenario 2 on this article:
https://community.appeon.com/index.php/articles-blogs/tutorials-articles/2-powerbuilder/244-rest-enhancements-in-powerbuilder-2019

The private key is a 2048-bit key generated from an external source (openssl) and then converted to PKCS#8 format.

PB is able to generate the signature without any errors but the signature seems to be incorrect.
It could not be verified using the public key that was generated from the private key, and i have compared the PB-generated signature with an online tool and the two are different (the online tool signature can be verified by the public key so I can say it is correct).

Below is my script to generate the signature. Are there any missing/incorrect steps?

String ls_private_key_pkcs8, ls_sign
Blob lblb_private_key, lblb_hash, lblb_sign

CrypterObject lnv_CrypterObject
CoderObject lnv_CoderObject

lnv_CrypterObject = Create CrypterObject
lnv_CoderObject = Create CoderObject

ls_private_key_pkcs8 = 'MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCqEiwSEtzizwHq'
ls_private_key_pkcs8 += 'swCj+Y3DixlEjSvXya2/R9ftZBO5sPaOxDQP/YzZZqBjRpl6h6JyKh1fvtjidFPU'
ls_private_key_pkcs8 += 'zGLv1lQGzbZ3AHlOI09Dh4u2efuCFTcQfi9c8u6LkkQ4Ot0Bwv/mqSKBRthEXlEV'
...   

...

...


lblb_private_key = lnv_CoderObject.Base64Decode(ls_private_key_pkcs8)

lblb_hash = lnv_CrypterObject.SHA(SHA256!, Blob('Key=Value', EncodingUTF8!))

lblb_sign = lnv_CrypterObject.AsymmetricSign(RSA!, lblb_hash, lblb_private_key)

ls_sign = lnv_CoderObject.Base64Encode(lblb_sign) //

Peter Pang @Appeon Accepted Answer Pending Moderation
  1. Monday, 22 May 2023 06:30 AM UTC
  2. PowerBuilder
  3. # 1

Hi Eric,

 

I verified in PB and everything worked fine. After I used the AsymmetricSign function to generate the signature, I used AsymmetricVerifySign to verify the signature successfully.

 

Compared to the website jwt.io, there is a difference, not sure if it’s because of the difference in development language.

BTW, PowerBuilder is a client-side development language, so generating JWT(JSON Web Tokens) on the server side is not a good idea.

 

 

Best Regards,

Peter

 

Comment
There are no comments made yet.
Michel Caron Accepted Answer Pending Moderation
  1. Friday, 12 May 2023 14:51 PM UTC
  2. PowerBuilder
  3. # 2

Hi,

I know this is an old discussion, but I have the exact same problem as the original poster.  Is there a solution to this?  I'm using Powerbuilder 2022.

I'm using the jwt.io website to verify my signature and it is invalid.

Anyone can help me please?

 

Thanks

 

Michel C.

Comment
There are no comments made yet.
Govinda Lopez @Appeon Accepted Answer Pending Moderation
  1. Tuesday, 5 January 2021 22:51 PM UTC
  2. PowerBuilder
  3. # 3

Hi Eric,

 

Can you tell us what version/build of PowerBuilder you're using?

 

 

Regards,

Comment
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.