Unable to verify RSA signature using configured PublicKey. Signature length not correct: got 255 but was expecting 256

Question

I am trying to learn how to use RSA public-private key pair to sign JWT.

I generated key pair using openssl .

openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048

openssl rsa -pubout -in private_key.pem -out public_key.pem

I am setting environment varibles as below

export PRIVATE_KEY_DEMO=`cat private_key.pem`

export PUBLIC_KEY_DEMO=`cat public_key.pem`

I have following functions that create PrivateKey and PublicKey

public PrivateKey getPrivateKey() throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, URISyntaxException {
    String key = env.getProperty("PRIVATE_KEY_DEMO");
    key = key.replace("-----BEGIN PRIVATE KEY-----", "")
         .replace("-----END PRIVATE KEY-----", "")
         .replace("\n", "");

    byte[] keyBytes = Base64.getMimeDecoder().decode(key);

    PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes);
    KeyFactory kf = KeyFactory.getInstance("RSA");
    return kf.generatePrivate(spec);
}

private PublicKey getPublicKey() throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, URISyntaxException {

    String key = env.getProperty("PUBLIC_KEY_DEMO");
    key = key.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLICKEY-----", "").replace("\n", "");
    byte[] keyBytes = Base64.getMimeDecoder().decode(key);

    X509EncodedKeySpec spec = new X509EncodedKeySpec((keyBytes));
    KeyFactory kf = KeyFactory.getInstance("RSA");
    return kf.generatePublic(spec);
}

I am able to get JWT token, however, I am not able to generate PublicKey Below is ExceptionStack:

java.security.SignatureException: Signature length not correct: got 255 but was expecting 256
    at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:189) ~[na:1.8.0_191]
    at java.security.Signature$Delegate.engineVerify(Signature.java:1222) ~[na:1.8.0_191]
    at java.security.Signature.verify(Signature.java:655) ~[na:1.8.0_191]
    at io.jsonwebtoken.impl.crypto.RsaSignatureValidator.doVerify(RsaSignatureValidator.java:63) ~[jjwt-0.9.1.jar:0.9.1]
    at io.jsonwebtoken.impl.crypto.RsaSignatureValidator.isValid(RsaSignatureValidator.java:47) ~[jjwt-0.9.1.jar:0.9.1]
    at io.jsonwebtoken.impl.crypto.DefaultJwtSignatureValidator.isValid(DefaultJwtSignatureValidator.java:47) ~[jjwt-0.9.1.jar:0.9.1]
    at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:351) ~[jjwt-0.9.1.jar:0.9.1]

Please let me know what am I doing wrong and if it can be implemented in better way.

Edit

Below are the methods I am using to generate/validate JWT.

public String generateToken()
        throws NoSuchAlgorithmException, InvalidKeySpecException, IOException, URISyntaxException {

    PrivateKey privateKey = this.getPrivateKey();

    Date date = new Date();
    date.setTime(date.getTime() + 60 * 60 * 1000);
    String jws;

    jws = Jwts.builder()
                .setAudience("jws-consumers")
                .setIssuer("jws-issuer")
                .setHeaderParam("typ", "JWT")
                .setHeaderParam("alg", "RS256")
                .setExpiration(date)
                .setIssuedAt(new Date())
                .setSubject("nish")
                .signWith(SignatureAlgorithm.RS256, privateKey)
                .compact();
    return jws;
}

public Object validateToken(String token) throws ExpiredJwtException, MalformedJwtException, SignatureException,
        IllegalArgumentException, NoSuchAlgorithmException, InvalidKeySpecException, IOException, URISyntaxException {
    return Jwts.parser()
            .setSigningKey(getPublicKey())
            .parse(token)
            .getBody();
}

Here is a sample of generated JWT

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJqd3MtY29uc3VtZXJzIiwiaXNzIjoiandzLWlzc3VlciIsImV4cCI6MTU1MDE2NDc0NCwiaWF0IjoxNTUwMTYxMTQ0LCJzdWIiOiJuaXNoIn0.EbNzMIUc4HE6CwIDyURdYF-tE4z7rzM9_GbHpB-TlRror9HRO5bmGgXR7x9HOazmL3cTUPMd46s7QJ9cU_HIJYQu9pYIQzu3V2WZf0zpFevtFxBbGDU_UCM1fbdsgSrd8APSKt_mXbJGdzIA8L7O6gBnpvNowgEuNHYgMiRwL89GrT17c31WwIWSRfRubn-bYU62pd5wm5pMArvGBYi6f6EAoIdYsK-nlhKjOIsxjGigjYAohoooV_xv36_q5_8Iaxppl2yroxCeYCy6Jp9po3bjoLVu3k9vkD_-yUGoXr9e-LCktSS4Ndxq4KCVRI_Cf5Ix_ImcZrqFZLdb4UWGmA

GitHub

Answer 1

In case anyone is having same problem, I solved this by following example .

I generated my public / private keys using commands shown here .

and changed following lines (use PRIVATE instead of PUBLIC for PRIVATE key)

key = key.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLICKEY-----", "").replace("\n", "");

to

key = key.replaceAll("\\n", "").replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "");

It did the magic and works perfectly fine.

Unable to verify RSA signature using configured PublicKey. Signature length not correct: got 255 but was expecting 256

Question

1 answers

solution1
0 ACCPTED 2019-02-20 13:48:45

Unable to verify RSA signature using configured PublicKey. Signature length not correct: got 255 but was expecting 256

Question

1 answers

solution1 0 ACCPTED 2019-02-20 13:48:45

solution1
0 ACCPTED 2019-02-20 13:48:45