Skip to content

Instantly share code, notes, and snippets.

@badri

badri/sign.lua

Created November 4, 2022 15:48
Show Gist options
  • Save badri/39294fa31f34d8cad29ead9559facbb0 to your computer and use it in GitHub Desktop.
Save badri/39294fa31f34d8cad29ead9559facbb0 to your computer and use it in GitHub Desktop.
Download ZIP
Sign a payload using keypair and verify signature
Raw
sign.lua
local resty_rsa = require "resty.rsa"
local b64 = require("ngx.base64")
-- local rsa_public_key, rsa_priv_key, err = resty_rsa:generate_rsa_keys(2048)
-- if not rsa_public_key then
-- ngx.say('generate rsa keys err: ', err)
-- end
local algorithm = "SHA256"
local key = "MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOz0YTcc5qsRSyNYUBPD/6H/vcbFqtTb+IcW45PAZ5lMIMj4DLdNF+/4ZlVSVKU9QfC5lio/X76sZhwG2u+7vwOBi1awuwQ91xVroeR4ozpRqs31DYDl7uCfbMZhbG2m4wIDAQAB"
local rsa_public_key = "-----BEGIN PUBLIC KEY-----\n" .. key .. "\n-----END PUBLIC KEY-----"
-- local rsa_public_key = [[
-- -----BEGIN RSA PUBLIC KEY-----
-- MGgCYQC3NO8gxV4ob4BntFh3wKdPvT8uuxhK9vlHHodY14VhgX294ut+FmNNVfJ7
-- dLEeqtISwWaJxC0+wr7CLD1TFYSlw36Hz/XRb7m28+7DnVFlDTpud8RrHgUckwqt
-- MAFMUGUCAwEAAQ==
-- -----END RSA PUBLIC KEY-----
-- ]]
local rsa_priv_key = [[
-----BEGIN RSA PRIVATE KEY-----
MIIBzAIBAAJhAOz0YTcc5qsRSyNYUBPD/6H/vcbFqtTb+IcW45PAZ5lMIMj4DLdN
F+/4ZlVSVKU9QfC5lio/X76sZhwG2u+7vwOBi1awuwQ91xVroeR4ozpRqs31DYDl
7uCfbMZhbG2m4wIDAQABAmEA4IyuW+Ydilu3EuWr7S8+X6zVkTrdKx7SJGLCg9A/
3PxRzWGT21lJp/WENLLy2Cx1L+HOSQ1XVaCUD4KKOY6YpDpPMa6OYBRq+7JhasIc
QtNJk67LQdLsye/XNAWFUB7xAjEA+vPa92brCLMFGQDbZ1GUQe/pfw6eoFWCg9TC
lfaKdDvqd2ygYupMmNxWrSlt11elAjEA8bhzE6sarsTunj0JOBk8MmzGmirP6qTK
lsLMwMehZbCpf4uOGURCwP7K7jkzan3nAjEA98NKrHgwFKaqocT22Urx1SfIoGkO
s7243e9xLh37FEcTdlUJBJ/OgB0KdmwwxisBAjA4R6TrkGwvAwU37Kgn2qBMcU0w
egVc8a+FuKdpv1FR1vcwDjMwqNcODoT7QHA7PEMCMQDvv3k5nFwQ2+wnDGQs00vg
X77tghZPvWmYfMNWKFNCNPz2gJ4YL7jCU3aotyzEDYQ=
-----END RSA PRIVATE KEY-----
]]
local pub, err = resty_rsa:new({ public_key = rsa_public_key, key_type = resty_rsa.KEY_TYPE.PKCS8, algorithm = algorithm })
if not pub then
ngx.say("new rsa err: ", err)
return
end
local priv, err = resty_rsa:new({ private_key = rsa_priv_key, algorithm = algorithm })
if not priv then
ngx.say("new rsa pk err: ", err)
return
end
local str = '_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d72014-07-17T01:01:18Z2024-01-18T06:21:48Z'
local sig, err = priv:sign(str)
if not sig then
ngx.say("failed to sign:", err)
return
end
ngx.say("sig length: ", #sig)
ngx.say(ngx.encode_base64(sig))
local verify, err = pub:verify(str, sig)
if not verify then
ngx.say("verify err: ", err)
return
end
ngx.say(verify)
Raw
verify.lua
local resty_rsa = require "resty.rsa"
local function verify_saml2_signature(payload, signature, public_key)
local rsa_public_key = "-----BEGIN PUBLIC KEY-----\n" .. public_key .. "\n-----END PUBLIC KEY-----"
local pub, err = resty_rsa:new({ public_key = rsa_public_key, key_type = resty_rsa.KEY_TYPE.PKCS8, algorithm = "SHA256" })
if not pub then
ngx.say('unable to extract public key')
return nil
end
local decoded_signature, err = ngx.decode_base64(signature)
if not decoded_signature then
ngx.say("unable to base64 decode signature")
return nil
end
local verify, err = pub:verify(payload, decoded_signature)
if not verify then
ngx.say("unable to verify token")
return nil
end
return verify
end
local payload = "_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d72014-07-17T01:01:18Z2024-01-18T06:21:48Z"
local signature = "blYo5Msn1VjXHJPVusrslqz6Yx67Ik5KbXqYRWg6jU9pRyb2X+/3ogkK7sZ3Ec4HBBeBkQ/14PUImgmGXwnjTIwcP5wDbJQUY+RBZR5XC9IyLZLp2gmeXvNVtX+EgFhc"
local public_key = "MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOz0YTcc5qsRSyNYUBPD/6H/vcbFqtTb+IcW45PAZ5lMIMj4DLdNF+/4ZlVSVKU9QfC5lio/X76sZhwG2u+7vwOBi1awuwQ91xVroeR4ozpRqs31DYDl7uCfbMZhbG2m4wIDAQAB"
local verify = verify_saml2_signature(payload, signature, public_key)
ngx.say(verify)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment