Pure Lua RSA w/ SHA-256 Signing Algorithm


I am currently trying to make use of services offered on Google’s Cloud Platform, such as Cloud Datastore. This requires an authentication token, obtained using a JWT(JSON Web Table), signed using the RS-256 algorithm(RSASSA-PKCS1-V1_5-SIGN). I’ve spent a good amount of time searching for Lua implementations of this algorithm as well as any possible pseudocode. Having not been able to find anything, I currently make a request to Google Apps Script, which has access to signing functions, to create a signed JWT and return an authentication token. Although this works well, I would like to implement the signing algorithm in pure Lua. If anyone has some form of help they could offer, whether it be pseudocode, pure Lua modules, or some guidance, I’d greatly appreciate it.




The problem is the limitations of Lua as you would need some form of “bigint” object to hold these very large numbers requiored to do RSA on a seccure level. I did manage to get very small primes to work in Lua but small numbers can be easily factored.

A previous module I looked at is https://github.com/libtom/lcrypt

The hash is possible to create in Lua and I used the code from http://lua-users.org/wiki/SecureHashAlgorithm

It takes a lot of work and people to make sure these algorithm work correctly on the platform. I do not recommend that you try and replicate these types of modules but instead look at other ways of completing this task.


Just make a secondary passthrough webserver of your own that takes in a roblox request, converts it to a signed JWT, and then sends it to google.

Generally speaking, writing your own implementation of cryptographic functions is not a good idea. cause it is slow and possibly insecure.

1 Like

Alright thanks. I’m just going to stick with the passthrough thing I have right now.