I am trying to learn how to use RSA
public-private key pair to sign JWT.
I generated key pair using openssl
.
openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
openssl rsa -pubout -in private_key.pem -out public_key.pem
I am setting environment varibles as below
export PRIVATE_KEY_DEMO=`cat private_key.pem`
export PUBLIC_KEY_DEMO=`cat public_key.pem`
I have following functions that create PrivateKey
and PublicKey
public PrivateKey getPrivateKey() throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, URISyntaxException {
String key = env.getProperty("PRIVATE_KEY_DEMO");
key = key.replace("-----BEGIN PRIVATE KEY-----", "")
.replace("-----END PRIVATE KEY-----", "")
.replace("\n", "");
byte[] keyBytes = Base64.getMimeDecoder().decode(key);
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory kf = KeyFactory.getInstance("RSA");
return kf.generatePrivate(spec);
}
private PublicKey getPublicKey() throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, URISyntaxException {
String key = env.getProperty("PUBLIC_KEY_DEMO");
key = key.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLICKEY-----", "").replace("\n", "");
byte[] keyBytes = Base64.getMimeDecoder().decode(key);
X509EncodedKeySpec spec = new X509EncodedKeySpec((keyBytes));
KeyFactory kf = KeyFactory.getInstance("RSA");
return kf.generatePublic(spec);
}
I am able to get JWT
token, however, I am not able to generate PublicKey
Below is ExceptionStack:
java.security.SignatureException: Signature length not correct: got 255 but was expecting 256
at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:189) ~[na:1.8.0_191]
at java.security.Signature$Delegate.engineVerify(Signature.java:1222) ~[na:1.8.0_191]
at java.security.Signature.verify(Signature.java:655) ~[na:1.8.0_191]
at io.jsonwebtoken.impl.crypto.RsaSignatureValidator.doVerify(RsaSignatureValidator.java:63) ~[jjwt-0.9.1.jar:0.9.1]
at io.jsonwebtoken.impl.crypto.RsaSignatureValidator.isValid(RsaSignatureValidator.java:47) ~[jjwt-0.9.1.jar:0.9.1]
at io.jsonwebtoken.impl.crypto.DefaultJwtSignatureValidator.isValid(DefaultJwtSignatureValidator.java:47) ~[jjwt-0.9.1.jar:0.9.1]
at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:351) ~[jjwt-0.9.1.jar:0.9.1]
Please let me know what am I doing wrong and if it can be implemented in better way.
Edit
Below are the methods I am using to generate/validate JWT.
public String generateToken()
throws NoSuchAlgorithmException, InvalidKeySpecException, IOException, URISyntaxException {
PrivateKey privateKey = this.getPrivateKey();
Date date = new Date();
date.setTime(date.getTime() + 60 * 60 * 1000);
String jws;
jws = Jwts.builder()
.setAudience("jws-consumers")
.setIssuer("jws-issuer")
.setHeaderParam("typ", "JWT")
.setHeaderParam("alg", "RS256")
.setExpiration(date)
.setIssuedAt(new Date())
.setSubject("nish")
.signWith(SignatureAlgorithm.RS256, privateKey)
.compact();
return jws;
}
public Object validateToken(String token) throws ExpiredJwtException, MalformedJwtException, SignatureException,
IllegalArgumentException, NoSuchAlgorithmException, InvalidKeySpecException, IOException, URISyntaxException {
return Jwts.parser()
.setSigningKey(getPublicKey())
.parse(token)
.getBody();
}
Here is a sample of generated JWT
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJqd3MtY29uc3VtZXJzIiwiaXNzIjoiandzLWlzc3VlciIsImV4cCI6MTU1MDE2NDc0NCwiaWF0IjoxNTUwMTYxMTQ0LCJzdWIiOiJuaXNoIn0.EbNzMIUc4HE6CwIDyURdYF-tE4z7rzM9_GbHpB-TlRror9HRO5bmGgXR7x9HOazmL3cTUPMd46s7QJ9cU_HIJYQu9pYIQzu3V2WZf0zpFevtFxBbGDU_UCM1fbdsgSrd8APSKt_mXbJGdzIA8L7O6gBnpvNowgEuNHYgMiRwL89GrT17c31WwIWSRfRubn-bYU62pd5wm5pMArvGBYi6f6EAoIdYsK-nlhKjOIsxjGigjYAohoooV_xv36_q5_8Iaxppl2yroxCeYCy6Jp9po3bjoLVu3k9vkD_-yUGoXr9e-LCktSS4Ndxq4KCVRI_Cf5Ix_ImcZrqFZLdb4UWGmA
In case anyone is having same problem, I solved this by following example .
I generated my public
/ private
keys using commands shown here .
and changed following lines (use PRIVATE instead of PUBLIC for PRIVATE
key)
key = key.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLICKEY-----", "").replace("\n", "");
to
key = key.replaceAll("\\n", "").replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "");
It did the magic and works perfectly fine.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.