Receiving error "wrong key type" while JWS encoding

Jared

I am trying to JWS encode a request to the google endpoint for service accounts.

I have the JWS encode function most of the way but am not sure what to put for a key or ttl value. Can someone shed some light on this? Would love to buy you a coffee!

When I run this with any value for the key i get an error "Wrong key type"
[Screen Shot 2022-04-19 at 7.39.53 PM.png][Screen Shot 2022-04-19 at 7.40.00 PM.png]

Michael Udinski

You will need to create a secret key for the key parameter, like in this example: https://youtu.be/ydOlrknsMnw

TTL stands for time to live. It's how long, in seconds, the JWS has until it expires

Jared

Hey  ,

Any chance you can expand on this? Google provides a secret key in the service account file. 

Using your method, I was able to get a response from Google when i paste the key in but not when used as an environmental variable

That said, I only receive an error that says my JWT is signed incorrectly indicating a wrong key was used for signing. 

Ray Deck

At least one problem here is the format of the RSA secret key. Google gives it as a PEM (short for "Private Email" - a string starting with --BEGIN PRIVATE KEY--) and the function requires* JSON Web Key (JWK). 

The solution I hit on was to make a lambda to convert the key:
“const start = $env.google_pem; 
const key = crypto.createPrivateKey(start);
const output = key.export({type:'pkcs8', format:'jwk'});
return JSON.stringify(output);”

 (The above assumes the google private key is stored as an environment variable called "google_pem").

Cryptography is hard and unforgiving any day of the week - that's part of what makes it secure! 

*This requirement is undocumented - I had to run multiple tests from the outside to figure out this limitation. It might support other formats too, but the PEM definitely was breaking it, and the JWK definitely works.