Open
Description
Seen also #55
Description:
Using OpenSSL 3.4.0 on MacOS, EncodingKey::from_rsa_der fails to parse standard RSA DER keys.
Steps to Reproduce:
Minimal repro here: der_broken
jsonwebtoken = "9.3.1"
Shell script to generate the key:
#!/bin/zsh
if [ -z "$1" ]; then
num_bits=3072
else
num_bits=$1
fi
# Generate 3072-bit RSA private key directly in PEM
openssl genrsa -out private.pem $num_bits
openssl rsa -outform DER -in private.pem -out private.der
openssl rsa -RSAPublicKey_out -outform DER -in private.pem -out public.der
# Base64 encode the DER files (without newlines)
base64 < private.der | tr -d '\n' > private.der.b64
base64 < public.der | tr -d '\n' > public.der.b64
# Write to .env cleanly without extra newlines
{
printf "JWT_PRIVATE=%s\n" "$(cat private.der.b64)"
printf "JWT_PUBLIC=%s\n" "$(cat public.der.b64)"
} > .env
Notes:
- The DER produced is valid (can be parsed by OpenSSL and other libraries).
- Likely regression related to stricter ASN.1 parsing.
- Happens on both 2048 and 3072-bit keys.
- PEM-based loading (from_rsa_pem) still works fine.
Metadata
Metadata
Assignees
Labels
No labels