Skip to content

MacOS RSA DER / OpenSSL 3.4.0 RSA256 EncodingKey::from_rsa_der broken #426

Open
@ben-kaye

Description

@ben-kaye

Seen also #55

Description:
Using OpenSSL 3.4.0 on MacOS, EncodingKey::from_rsa_der fails to parse standard RSA DER keys.

Steps to Reproduce:
Minimal repro here: der_broken
jsonwebtoken = "9.3.1"

Shell script to generate the key:

#!/bin/zsh

if [ -z "$1" ]; then
    num_bits=3072
else
    num_bits=$1
fi

# Generate 3072-bit RSA private key directly in PEM
openssl genrsa -out private.pem $num_bits

openssl rsa -outform DER -in private.pem -out private.der
openssl rsa -RSAPublicKey_out -outform DER -in private.pem -out public.der

# Base64 encode the DER files (without newlines)
base64 < private.der | tr -d '\n' > private.der.b64
base64 < public.der | tr -d '\n' > public.der.b64

# Write to .env cleanly without extra newlines
{
  printf "JWT_PRIVATE=%s\n" "$(cat private.der.b64)"
  printf "JWT_PUBLIC=%s\n" "$(cat public.der.b64)"
} > .env

Notes:

  • The DER produced is valid (can be parsed by OpenSSL and other libraries).
  • Likely regression related to stricter ASN.1 parsing.
  • Happens on both 2048 and 3072-bit keys.
  • PEM-based loading (from_rsa_pem) still works fine.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions