背景

今天集成JWT的时候,选用了PS256算法,在用使用PGP KEY作为私钥JWT进行签名的时候,报了如下错误:

"C:\Program Files\Java\jdk1.8.0_161\bin\java.exe" -ea -Didea.test.cyclic.buffer.size=1048576 "-javaagent:D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\lib\idea_rt.jar=9784:D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\bin" -Dfile.encoding=UTF-8 -classpath "D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\lib\idea_rt.jar;D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\plugins\junit\lib\junit-rt.jar;D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\plugins\junit\lib\junit5-rt.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\charsets.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\deploy.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\access-bridge-64.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\cldrdata.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\dnsns.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\jaccess.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\jfxrt.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\localedata.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\nashorn.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\sunec.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\sunjce_provider.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\sunmscapi.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\sunpkcs11.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\zipfs.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\javaws.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\jce.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\jfr.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\jfxswt.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\jsse.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\management-agent.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\plugin.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\resources.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\rt.jar;D:\Repository\project\eshare-openpgp-examples\target\test-classes;D:\Repository\project\eshare-openpgp-examples\target\classes;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter\2.1.6.RELEASE\spring-boot-starter-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot\2.1.6.RELEASE\spring-boot-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-context\5.1.8.RELEASE\spring-context-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-autoconfigure\2.1.6.RELEASE\spring-boot-autoconfigure-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-logging\2.1.6.RELEASE\spring-boot-starter-logging-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\ch\qos\logback\logback-classic\1.2.3\logback-classic-1.2.3.jar;D:\Users\10856214\.m2\ch\qos\logback\logback-core\1.2.3\logback-core-1.2.3.jar;D:\Users\10856214\.m2\org\apache\logging\log4j\log4j-to-slf4j\2.11.2\log4j-to-slf4j-2.11.2.jar;D:\Users\10856214\.m2\org\apache\logging\log4j\log4j-api\2.11.2\log4j-api-2.11.2.jar;D:\Users\10856214\.m2\org\slf4j\jul-to-slf4j\1.7.26\jul-to-slf4j-1.7.26.jar;D:\Users\10856214\.m2\javax\annotation\javax.annotation-api\1.3.2\javax.annotation-api-1.3.2.jar;D:\Users\10856214\.m2\org\springframework\spring-core\5.1.8.RELEASE\spring-core-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-jcl\5.1.8.RELEASE\spring-jcl-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\yaml\snakeyaml\1.23\snakeyaml-1.23.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-test\2.1.6.RELEASE\spring-boot-starter-test-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-test\2.1.6.RELEASE\spring-boot-test-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-test-autoconfigure\2.1.6.RELEASE\spring-boot-test-autoconfigure-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\com\jayway\jsonpath\json-path\2.4.0\json-path-2.4.0.jar;D:\Users\10856214\.m2\net\minidev\json-smart\2.3\json-smart-2.3.jar;D:\Users\10856214\.m2\net\minidev\accessors-smart\1.2\accessors-smart-1.2.jar;D:\Users\10856214\.m2\org\ow2\asm\asm\5.0.4\asm-5.0.4.jar;D:\Users\10856214\.m2\org\slf4j\slf4j-api\1.7.26\slf4j-api-1.7.26.jar;D:\Users\10856214\.m2\junit\junit\4.12\junit-4.12.jar;D:\Users\10856214\.m2\org\assertj\assertj-core\3.11.1\assertj-core-3.11.1.jar;D:\Users\10856214\.m2\org\mockito\mockito-core\2.23.4\mockito-core-2.23.4.jar;D:\Users\10856214\.m2\net\bytebuddy\byte-buddy\1.9.13\byte-buddy-1.9.13.jar;D:\Users\10856214\.m2\net\bytebuddy\byte-buddy-agent\1.9.13\byte-buddy-agent-1.9.13.jar;D:\Users\10856214\.m2\org\objenesis\objenesis\2.6\objenesis-2.6.jar;D:\Users\10856214\.m2\org\hamcrest\hamcrest-core\1.3\hamcrest-core-1.3.jar;D:\Users\10856214\.m2\org\hamcrest\hamcrest-library\1.3\hamcrest-library-1.3.jar;D:\Users\10856214\.m2\org\skyscreamer\jsonassert\1.5.0\jsonassert-1.5.0.jar;D:\Users\10856214\.m2\com\vaadin\external\google\android-json\0.0.20131108.vaadin1\android-json-0.0.20131108.vaadin1.jar;D:\Users\10856214\.m2\org\springframework\spring-test\5.1.8.RELEASE\spring-test-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\xmlunit\xmlunit-core\2.6.2\xmlunit-core-2.6.2.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-devtools\2.1.6.RELEASE\spring-boot-devtools-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-web\2.1.6.RELEASE\spring-boot-starter-web-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-json\2.1.6.RELEASE\spring-boot-starter-json-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\datatype\jackson-datatype-jdk8\2.9.9\jackson-datatype-jdk8-2.9.9.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\datatype\jackson-datatype-jsr310\2.9.9\jackson-datatype-jsr310-2.9.9.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\module\jackson-module-parameter-names\2.9.9\jackson-module-parameter-names-2.9.9.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-tomcat\2.1.6.RELEASE\spring-boot-starter-tomcat-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\apache\tomcat\embed\tomcat-embed-core\9.0.21\tomcat-embed-core-9.0.21.jar;D:\Users\10856214\.m2\org\apache\tomcat\embed\tomcat-embed-el\9.0.21\tomcat-embed-el-9.0.21.jar;D:\Users\10856214\.m2\org\apache\tomcat\embed\tomcat-embed-websocket\9.0.21\tomcat-embed-websocket-9.0.21.jar;D:\Users\10856214\.m2\org\hibernate\validator\hibernate-validator\6.0.17.Final\hibernate-validator-6.0.17.Final.jar;D:\Users\10856214\.m2\javax\validation\validation-api\2.0.1.Final\validation-api-2.0.1.Final.jar;D:\Users\10856214\.m2\org\jboss\logging\jboss-logging\3.3.2.Final\jboss-logging-3.3.2.Final.jar;D:\Users\10856214\.m2\com\fasterxml\classmate\1.4.0\classmate-1.4.0.jar;D:\Users\10856214\.m2\org\springframework\spring-web\5.1.8.RELEASE\spring-web-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-beans\5.1.8.RELEASE\spring-beans-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-webmvc\5.1.8.RELEASE\spring-webmvc-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-aop\5.1.8.RELEASE\spring-aop-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-expression\5.1.8.RELEASE\spring-expression-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\bouncycastle\bcpg-jdk15on\1.62\bcpg-jdk15on-1.62.jar;D:\Users\10856214\.m2\org\bouncycastle\bcprov-jdk15on\1.62\bcprov-jdk15on-1.62.jar;D:\Users\10856214\.m2\commons-io\commons-io\2.4\commons-io-2.4.jar;D:\Users\10856214\.m2\org\apache\commons\commons-lang3\3.4\commons-lang3-3.4.jar;D:\Users\10856214\.m2\io\jsonwebtoken\jjwt-api\0.10.7\jjwt-api-0.10.7.jar;D:\Users\10856214\.m2\io\jsonwebtoken\jjwt-impl\0.10.7\jjwt-impl-0.10.7.jar;D:\Users\10856214\.m2\io\jsonwebtoken\jjwt-jackson\0.10.7\jjwt-jackson-0.10.7.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\core\jackson-databind\2.9.9\jackson-databind-2.9.9.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\core\jackson-annotations\2.9.0\jackson-annotations-2.9.0.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\core\jackson-core\2.9.9\jackson-core-2.9.9.jar" com.intellij.rt.execution.junit.JUnitStarter -ideVersion5 -junit4 com.eshare.examples.JwtExampleTest,testJWTSigningAndVerify

io.jsonwebtoken.security.WeakKeyException: The signing key's size is 1024 bits which is not secure enough for the PS256 algorithm.  The JWT JWA Specification (RFC 7518, Section 3.5) states that keys used with PS256 MUST have a size >= 2048 bits.  Consider using the io.jsonwebtoken.security.Keys class's 'keyPairFor(SignatureAlgorithm.PS256)' method to create a key pair guaranteed to be secure enough for PS256.  See https://tools.ietf.org/html/rfc7518#section-3.5 for more information.

	at io.jsonwebtoken.SignatureAlgorithm.assertValid(SignatureAlgorithm.java:424)

	at io.jsonwebtoken.SignatureAlgorithm.assertValidSigningKey(SignatureAlgorithm.java:302)

	at io.jsonwebtoken.impl.DefaultJwtBuilder.signWith(DefaultJwtBuilder.java:123)

	at com.eshare.examples.JwtExampleTest.testJWTSigningAndVerify(JwtExampleTest.java:64)

	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

	at java.lang.reflect.Method.invoke(Method.java:498)

	at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)

	at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)

	at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)

	at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)

	at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)

	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)

	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)

	at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)

	at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)

	at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)

	at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)

	at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)

	at org.junit.runners.ParentRunner.run(ParentRunner.java:363)

	at org.junit.runner.JUnitCore.run(JUnitCore.java:137)

	at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68)

	at com.intellij.rt.execution.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:47)

	at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:242)

	at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:70)

Process finished with exit code -1

代码如下:

    //Generate jwt token

    String jwtToken = Jwts.builder()

        .setIssuer("me")

        .setSubject("Bob")

        .setAudience("you").signWith(privateKey,

            SignatureAlgorithm.PS256)

        .setId(UUID.randomUUID().toString()).compact();

    //Verify singing

    Jwts.parser()

        .setSigningKey(publicKey) // <---- publicKey, not privateKey

        .parseClaimsJws(jwtToken);

解决方案

经排查,这问题是因为选用了PS256算法后,对安全要求更高了,原有的RSA算法私钥长度1024已经不符合要求,因此假如要使用该算法进行加密,需要重新更换秘钥长度,在生成RSA密钥对的时候,把keySize改为2048或者更高。

JWT | io.jsonwebtoken.security.WeakKeyException: The signing key's size is 1024 bits which is not se的更多相关文章

  1. JWT和Spring Security集成

    通常情况下,把API直接暴露出去是风险很大的, 我们一般需要对API划分出一定的权限级别,然后做一个用户的鉴权,依据鉴权结果给予用户对应的API (一)JWT是什么,为什么要使用它? 互联网服务离不开 ...

  2. Signing key has not been configured

    Signing key has not been configured.https://dev.openwrt.org/changeset/38284 Add package signing key ...

  3. https://jwt.io/一个可以解析token的神奇网站

    网址:https://jwt.io/ 效果:

  4. hive对于lzo文件处理异常Caused by: java.io.IOException: Compressed length 842086665 exceeds max block size 67108864 (probably corrupt file)

    hive查询lzo数据格式文件的表时,抛 Caused by: java.io.IOException: Compressed length 842086665 exceeds max block s ...

  5. Using JWT with Spring Security OAuth

    http://www.baeldung.com/spring-security-oauth-jwt ************************************************** ...

  6. 使用JWT作为Spring Security OAuth2的token存储

    序 Spring Security OAuth2的demo在前几篇文章中已经讲过了,在那些模式中使用的都是RemoteTokenService调用授权服务器来校验token,返回校验通过的用户信息供上 ...

  7. Internet History, Technology, and Security(week8)——Security: Encrypting and Signing

    Hiding Date from Ohters Security Introduction Alice and Bob是密码学.博弈论.物理学等领域中的通用角色之一.Alice(代表A)和Bob(代表 ...

  8. 将JWT与Spring Security OAuth结合使用

    1.概述 在本教程中,我们将讨论如何使用Spring Security OAuth2实现来使用JSON Web令牌. 我们还将继续构建此OAuth系列的上一篇文章. 2. Maven配置 首先,我们需 ...

  9. laravel 报错 mcrypt_decrypt(): Key of size 11 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported

    修改app/config/app.php文件 将key设置成长度为16,24,32的字符串

随机推荐

  1. jquery简单实现复选框的全选与反选

    <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title> ...

  2. ABP取其精华

    目录 ABP中使用Swagger UI集成接口文档 ABP-AsyncLocal的使用 ABP-多个DbContext实现事物更新 持续更新中.

  3. 通过nginx搭建基于python的web环境

    前言: 在搭建开始前,我们先来梳理下web服务工作流程,先看下图: 1.用户(PC)向web服务器发起http请求 2.web服务器判断用户请求文件是否为静态文件,是则直接读取静态文件并返回给用户,不 ...

  4. Appium环境搭建超详细教程

    前言: 本系列教程会从软件的基本安装开始,最终目的是通过完成几个案例后, 大家实现自由抓取App中想要的资源. 本系列以后会更的: Appium基本使用及控制真机及安卓模拟器 Mitmproxy抓包工 ...

  5. POJ3252 Round Numbers 题解 数位DP

    题目大意: 求区间 \([x,y]\) 范围内有多少数的二进制表示中的'0'的个数 \(\ge\) '1'的个数. 解题思路: 使用 数位DP 解决这个问题. 我们设状态 f[pos][num0][n ...

  6. 更换EMC VNX系列存储故障硬盘的检查步骤

    更换EMC VNX系列存储故障硬盘的检查步骤 VNX1代(VNX5300,VNX5500,VNX5700,VNX7500和VNX2代(VNX5400,5600,5800和VNX7600,8000)有区 ...

  7. Java环境准备

    电脑重装系统了,所以需要重新配置环境变量. 首先必备工具:jak.eclipse.maven.tomcat 首先配置Java运行环境. 在系统环境变量中新建变量JAVA_HOME:jdk所在的路径,P ...

  8. hadoop配置环境变量

    hadoop安装包解压 tar -xvf hadoop-2.7.7.tar.gz 解压成功ll查看文件 配置环境变量 1. vi  /home/wj/hadoop-2.7.7/etc/hadoop/h ...

  9. Linux上的Tomcat地址映射,且404错误解决

    问题:现在想要加一个下载文件功能,但是文件地址不在tomcat的webapps下,需要通过地址映射到tomcat下面再通过链接执行下载文件功能. 解决方法有两种: 方法一: 用方法一的前提是不用启动服 ...

  10. java开源工作流引擎jflow的流程应用类型分类讲解

    关键字: 驰骋工作流程快速开发平台 工作流程管理系统 工作流引擎 asp.net工作流引擎 java工作流引擎. 开发者表单  拖拽式表单 工作流系统CCBPM节点访问规则接收人规则 适配数据库: o ...