在OpenID Connect提供程序的发现部分工作时,我对如何正确返回 public 键感到困惑。我的问题特别针对modulus (n)和exponent (e)值。
两者的初始值均为:
n = 124692971944797177402996703053303877641609106436730124136075828918287037758927191447826707233876916396730936365584704201525802806009892366608834910101419219957891196104538322266555160652329444921468362525907130134965311064068870381940624996449410632960760491317833379253431879193412822078872504618021680609253
e = 65537
所以,我理解阅读here,只需要对两者进行base64url编码。
(Python中的示例)
n = urlsafe_b64encode(str(n))
e = urlsafe_b64encode(str(e))
n = "MTI0NjkyOTcxOTQ0Nzk3MTc3NDAyOTk2NzAzMDUzMzAzODc3NjQxNjA5MTA2NDM2NzMwMTI0MTM2MDc1ODI4OTE4Mjg3MDM3NzU4OTI3MTkxNDQ3ODI2NzA3MjMzODc2OTE2Mzk2NzMwOTM2MzY1NTg0NzA0MjAxNTI1ODAyODA2MDA5ODkyMzY2NjA4ODM0OTEwMTAxNDE5MjE5OTU3ODkxMTk2MTA0NTM4MzIyMjY2NTU1MTYwNjUyMzI5NDQ0OTIxNDY4MzYyNTI1OTA3MTMwMTM0OTY1MzExMDY0MDY4ODcwMzgxOTQwNjI0OTk2NDQ5NDEwNjMyOTYwNzYwNDkxMzE3ODMzMzc5MjUzNDMxODc5MTkzNDEyODIyMDc4ODcyNTA0NjE4MDIxNjgwNjA5MjUz"
e = "NjU1Mzc="
我错了什么?例如,因为google keys具有不同的编码。
(Google键值)
n = "rl1iVsRbhod-gDJj2SDs94lk5iY0QYXV5HIPtjcx4KmIlmq-cdmfLteTeIHFsO5c6hKUt8R3uZzaQNgF3fKt700fT4m6tU23qK4EoLlx9Z_uSajtpMajdmX_FOdyHyQgcn0tj3YqPeYCOTBhRVNoLIenf9vy0hfFy71lcPhylnE",
e = "AQAB"
我错过了什么吗?谢谢你的时间。
答案 0 :(得分:0)
你是base64url编码值的十进制表示,但你应该对octet值进行base64url编码,即这里定义的big-endian字节序列:https://tools.ietf.org/html/rfc7518#section-6.3.1.1和https://tools.ietf.org/html/rfc7518#section-2
Base64urlUInt
表示正整数或零整数值 base64url编码的值为unsigned big-endian 表示为八位字节序列。八位组序列必须 利用表示所需的最小八位字节数 值。零表示为BASE64URL(单个零值 八位字节),即“AA”。
答案 1 :(得分:0)
def get_bytes_length(n):
"""ref: https://docs.python.org/3/library/stdtypes.html#int.to_bytes"""
return ((n).bit_length() + 7) // 8
def b64_enc(n, l):
n = n.to_bytes(l, 'big')
return base64.b64encode(n)
>>> b64_enc(65537, get_bytes_length(65537))
>>> b'AQAB'