I use psa-token v0.0.1 and the master branch of iat-verifier. The token created by compile_token can not be verified by psatoken and got an error message "Error fetching alg";
I checked the code of psatoken.Verify, it first extracts alg of the token. But the token created by compile_token has a null header.
func (p *PSAToken) Verify(pk crypto.PublicKey) error {
if p.message == nil {
return errors.New("token does not appear to be signed")
}
alg, err := cose.GetAlg(p.message.Headers)
if err != nil {
return err
}
verifier := cose.Verifier{
Alg: alg,
PublicKey: pk,
}
err = p.message.Verify([]byte(""), verifier)
if err != nil {
return err
}
return nil
}
I use psa-token v0.0.1 and the master branch of iat-verifier. The token created by compile_token can not be verified by psatoken and got an error message "Error fetching alg";
I checked the code of psatoken.Verify, it first extracts alg of the token. But the token created by compile_token has a null header.