FHIR Chat · OpenSSL · smart/health-cards

Has anyone tried to implement the JWS part of the spec using openSSL? I'm using the EVP_DigestVerifyInit | EVP_DigestUpdate | EVP_DigestVerifyFinal methods, and openSSL generates ok, and verifies it's own signatures, but the signatures are different to other ones, and it doesn't verify other signatures.

My take is that openSSL EVP_DigestVerifyFinal doesn't conform to this rule

"The JWS Signature is the value R || S."

from https://datatracker.ietf.org/doc/html/rfc7515#appendix-A.3.1 but all the openSSL implementations I can find and understand use EVP_DigestVerifyFinal and the openSSL mailing list said I was doing something wrong - well, I can't figure out what it could be. the OpenSSL signatures include a nonce and are not reproducible, so I don't see how they can conform to the rule I quoted. And I haven't found a non-openSSL based implementation I can use in an open source win64 application.

Can anyone comment?

Josh Mandel (Sep 12 2021 at 00:12):

I'm assuming you're familiar with the aspects of representation discussed in https://stackoverflow.com/questions/59904522/asn1-encoding-routines-errors-when-verifying-ecdsa-signature-type-with-openssl ?

Grahame Grieve (Sep 12 2021 at 00:17):

well, I wasn't. I found that by accident searching for the openSSL error message a couple of minutes before you posted it. How did you find it so easy?