0

I have the following from Google's public certs for verifying JWT ID

-----BEGIN CERTIFICATE-----
MIIDHDCCAgSgAwIBAgIIW4K0b18ff70wDQYJKoZIhvcNAQEFBQAwMTEvMC0GA1UE
AxMmc2VjdXJldG9rZW4uc3lzdGVtLmdzZXJ2aWNlYWNjb3VudC5jb20wHhcNMjEx
MDIzMDkyMDI1WhcNMjExMTA4MjEzNTI1WjAxMS8wLQYDVQQDEyZzZWN1cmV0b2tl
bi5zeXN0ZW0uZ3NlcnZpY2VhY2NvdW50LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKS+ibhJlzF0VtSc6jv0G0fRlk3IFZ9YZ/GjQqangoOwZHe4
P7U2s0huTY8YINQ6tnycJLYDNgMM0PV+y+5nGleZ1Z4dTn3Z2g7i3SRfgIhEe9fi
VAQ+PkZ8RvPFkBVHCyiwfoGrfaW6FthEGhNcwZxuGSfzBcLPqOj/P49uFl6lY4+u
7ZZZRusSfTznIS+hSS28S9H3zGw3j6XCWvgxbickiISZljUg84HqwCzS+9Ox5jMF
DpXzlmJjxG1vc9IODICp7wzZSuAvnwV+td1Poigq7J8ZnUjs/y8Y5mIj10/gsL0W
VZODeH4BIjdEoWdLlQUeBaQR3SHERI2ECK6ZKycCAwEAAaM4MDYwDAYDVR0TAQH/
BAIwADAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwDQYJ
KoZIhvcNAQEFBQADggEBAFju33PuM5XLn5ojsknkw4V6Mx+EySDo+pqysAZBMwcJ
u606o35AoRhJyd6QE4iVif4QoASaDvd2uK7yYRrk0lB5+vRIob3/uksXRwjLnIIk
WtSe5gO4PuxzMtPaxTC/0KzXXO5jRFadVO9mTjOiDdZUd2dgGHnoZY8cuDSNcbDm
4exiZHtxIT+6j6tsQ8WjxTDTpFtiKQDQWfh3k3xaRMLlLwfZt83a1QLzrz6Yf6cb
PLz3RJTTrvzDJFCGGvRw1HphItV0dhP+6eXgVyCoP2r12dKpB08j1Ikk12kA/IWt
6QDE/v/BvLxZljivkCflBskn1q9FtV2sEX9krKNDmgY=
-----END CERTIFICATE-----

Decoding the cert shows the signature and certificate algorithm is `sha1WithRSAEncryption (PKCS #1). Using Charles Engelke's excellent tutorial and code also shows that the cert says it uses '1.2.840.113549.1.1.5', which is SHA-1 in this reference lookup page.

However, when passing the key into crypto.subtle.verify() in JS (MDN reference) to verify a JWT signature, I needed to pass in {name: "RSASSA-PKCS1-v1_5", hash: {name: 'RS256}}, as specified by the JWT's header, instead of SHA-1 as per the public cert.

Why is this? Does the cert's signature algorithm have any relevance to the signature being checked?

David Min
  • 162
  • 6

1 Answers1

1

Does the cert's signature algorithm have any relevance to the signature being checked?

No. The cert's signature algorithm is the algorithm that the issuing certificate authority used when creating the certificate. That doesn't even have to be the same algorithm family as the certificate's public key, so it certainly shouldn't be assumed to be related to how the subject wants to use their key.

bartonjs
  • 1,723
  • 7
  • 9
  • So both the `signature algorithm` and the `certificate signature algorithm` relate solely to the public certificate? Just looking at the fields from that x509 decoding web page. – David Min Oct 27 '21 at 23:19
  • 1
    @DavidMin Correct. One's inside the "to be signed certificate" section saying how the CA intends to sign it, the other's outside that, in the "this is how it got signed". Those two values are always the same. – bartonjs Oct 27 '21 at 23:20