I asked about this last week, and I've gotten a bit farther, but I cannot seem to verify a known valid signature using the Qc3VerifySignature API, which is returning CPF9DEF - The signature verification failed. Has anyone successfully used this API (along with Qc3CalculateHash, Qc3CreateAlgorithmContext, and Qc3CreateKeyContext) to verify a JWT signature? I hate having to call a Java routine to do this. :)
My understanding is the signature is base64urldecoded to a byte string (used in Qc3VerifySignature as the Signature, which is already in ASCII), the Header and Payload are base64urldecoded to strings with all padding characters removed and the two strings joined with a period between them, which are translated to ascii, and used by Qc3CalculateHash (this part is working correctly, I get the correct hash value). Can anyone see anything blatantly wrong with the code below or have suggestions on what I might be missing?
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.