I have a RS256 JWT, I'd like to find out its public key. Because I know the header, payload and I have the encrypted signature, is there a way to obtain the public key that made the signature from these elements?
Asked
Active
Viewed 3,026 times
1 Answers
2
RS256 is defined as "RSASSA-PKCS1-v1_5 using SHA-256", i.e. an RSA PKCS#1 v1.5 signature. You can therefore find a method of obtaining the modulus here. Note that you'd first have to perform the deterministic PKCS#1 v1.5 encoding on the payload itself to get to the $m$ within the question / answers.
If the public exponent is large & random then you're probably out of luck, but that's not common at all. Instead, the public exponent is usually small, often the value 0x010001 / 65537 - the fifth prime of Fermat, also known as F4. JWT only hints to use F4; it doesn't seem to explicitly require a specific or small exponent to be used.
Maarten Bodewes
- 96,351
- 14
- 169
- 323