背景

今天集成JWT的时候，选用了PS256算法，在用使用PGP KEY作为私钥JWT进行签名的时候，报了如下错误：

"C:\Program Files\Java\jdk1.8.0_161\bin\java.exe" -ea -Didea.test.cyclic.buffer.size=1048576 "-javaagent:D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\lib\idea_rt.jar=9784:D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\bin" -Dfile.encoding=UTF-8 -classpath "D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\lib\idea_rt.jar;D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\plugins\junit\lib\junit-rt.jar;D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\plugins\junit\lib\junit5-rt.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\charsets.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\deploy.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\access-bridge-64.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\cldrdata.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\dnsns.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\jaccess.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\jfxrt.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\localedata.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\nashorn.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\sunec.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\sunjce_provider.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\sunmscapi.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\sunpkcs11.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\zipfs.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\javaws.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\jce.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\jfr.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\jfxswt.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\jsse.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\management-agent.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\plugin.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\resources.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\rt.jar;D:\Repository\project\eshare-openpgp-examples\target\test-classes;D:\Repository\project\eshare-openpgp-examples\target\classes;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter\2.1.6.RELEASE\spring-boot-starter-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot\2.1.6.RELEASE\spring-boot-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-context\5.1.8.RELEASE\spring-context-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-autoconfigure\2.1.6.RELEASE\spring-boot-autoconfigure-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-logging\2.1.6.RELEASE\spring-boot-starter-logging-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\ch\qos\logback\logback-classic\1.2.3\logback-classic-1.2.3.jar;D:\Users\10856214\.m2\ch\qos\logback\logback-core\1.2.3\logback-core-1.2.3.jar;D:\Users\10856214\.m2\org\apache\logging\log4j\log4j-to-slf4j\2.11.2\log4j-to-slf4j-2.11.2.jar;D:\Users\10856214\.m2\org\apache\logging\log4j\log4j-api\2.11.2\log4j-api-2.11.2.jar;D:\Users\10856214\.m2\org\slf4j\jul-to-slf4j\1.7.26\jul-to-slf4j-1.7.26.jar;D:\Users\10856214\.m2\javax\annotation\javax.annotation-api\1.3.2\javax.annotation-api-1.3.2.jar;D:\Users\10856214\.m2\org\springframework\spring-core\5.1.8.RELEASE\spring-core-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-jcl\5.1.8.RELEASE\spring-jcl-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\yaml\snakeyaml\1.23\snakeyaml-1.23.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-test\2.1.6.RELEASE\spring-boot-starter-test-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-test\2.1.6.RELEASE\spring-boot-test-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-test-autoconfigure\2.1.6.RELEASE\spring-boot-test-autoconfigure-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\com\jayway\jsonpath\json-path\2.4.0\json-path-2.4.0.jar;D:\Users\10856214\.m2\net\minidev\json-smart\2.3\json-smart-2.3.jar;D:\Users\10856214\.m2\net\minidev\accessors-smart\1.2\accessors-smart-1.2.jar;D:\Users\10856214\.m2\org\ow2\asm\asm\5.0.4\asm-5.0.4.jar;D:\Users\10856214\.m2\org\slf4j\slf4j-api\1.7.26\slf4j-api-1.7.26.jar;D:\Users\10856214\.m2\junit\junit\4.12\junit-4.12.jar;D:\Users\10856214\.m2\org\assertj\assertj-core\3.11.1\assertj-core-3.11.1.jar;D:\Users\10856214\.m2\org\mockito\mockito-core\2.23.4\mockito-core-2.23.4.jar;D:\Users\10856214\.m2\net\bytebuddy\byte-buddy\1.9.13\byte-buddy-1.9.13.jar;D:\Users\10856214\.m2\net\bytebuddy\byte-buddy-agent\1.9.13\byte-buddy-agent-1.9.13.jar;D:\Users\10856214\.m2\org\objenesis\objenesis\2.6\objenesis-2.6.jar;D:\Users\10856214\.m2\org\hamcrest\hamcrest-core\1.3\hamcrest-core-1.3.jar;D:\Users\10856214\.m2\org\hamcrest\hamcrest-library\1.3\hamcrest-library-1.3.jar;D:\Users\10856214\.m2\org\skyscreamer\jsonassert\1.5.0\jsonassert-1.5.0.jar;D:\Users\10856214\.m2\com\vaadin\external\google\android-json\0.0.20131108.vaadin1\android-json-0.0.20131108.vaadin1.jar;D:\Users\10856214\.m2\org\springframework\spring-test\5.1.8.RELEASE\spring-test-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\xmlunit\xmlunit-core\2.6.2\xmlunit-core-2.6.2.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-devtools\2.1.6.RELEASE\spring-boot-devtools-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-web\2.1.6.RELEASE\spring-boot-starter-web-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-json\2.1.6.RELEASE\spring-boot-starter-json-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\datatype\jackson-datatype-jdk8\2.9.9\jackson-datatype-jdk8-2.9.9.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\datatype\jackson-datatype-jsr310\2.9.9\jackson-datatype-jsr310-2.9.9.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\module\jackson-module-parameter-names\2.9.9\jackson-module-parameter-names-2.9.9.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-tomcat\2.1.6.RELEASE\spring-boot-starter-tomcat-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\apache\tomcat\embed\tomcat-embed-core\9.0.21\tomcat-embed-core-9.0.21.jar;D:\Users\10856214\.m2\org\apache\tomcat\embed\tomcat-embed-el\9.0.21\tomcat-embed-el-9.0.21.jar;D:\Users\10856214\.m2\org\apache\tomcat\embed\tomcat-embed-websocket\9.0.21\tomcat-embed-websocket-9.0.21.jar;D:\Users\10856214\.m2\org\hibernate\validator\hibernate-validator\6.0.17.Final\hibernate-validator-6.0.17.Final.jar;D:\Users\10856214\.m2\javax\validation\validation-api\2.0.1.Final\validation-api-2.0.1.Final.jar;D:\Users\10856214\.m2\org\jboss\logging\jboss-logging\3.3.2.Final\jboss-logging-3.3.2.Final.jar;D:\Users\10856214\.m2\com\fasterxml\classmate\1.4.0\classmate-1.4.0.jar;D:\Users\10856214\.m2\org\springframework\spring-web\5.1.8.RELEASE\spring-web-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-beans\5.1.8.RELEASE\spring-beans-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-webmvc\5.1.8.RELEASE\spring-webmvc-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-aop\5.1.8.RELEASE\spring-aop-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-expression\5.1.8.RELEASE\spring-expression-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\bouncycastle\bcpg-jdk15on\1.62\bcpg-jdk15on-1.62.jar;D:\Users\10856214\.m2\org\bouncycastle\bcprov-jdk15on\1.62\bcprov-jdk15on-1.62.jar;D:\Users\10856214\.m2\commons-io\commons-io\2.4\commons-io-2.4.jar;D:\Users\10856214\.m2\org\apache\commons\commons-lang3\3.4\commons-lang3-3.4.jar;D:\Users\10856214\.m2\io\jsonwebtoken\jjwt-api\0.10.7\jjwt-api-0.10.7.jar;D:\Users\10856214\.m2\io\jsonwebtoken\jjwt-impl\0.10.7\jjwt-impl-0.10.7.jar;D:\Users\10856214\.m2\io\jsonwebtoken\jjwt-jackson\0.10.7\jjwt-jackson-0.10.7.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\core\jackson-databind\2.9.9\jackson-databind-2.9.9.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\core\jackson-annotations\2.9.0\jackson-annotations-2.9.0.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\core\jackson-core\2.9.9\jackson-core-2.9.9.jar" com.intellij.rt.execution.junit.JUnitStarter -ideVersion5 -junit4 com.eshare.examples.JwtExampleTest,testJWTSigningAndVerify

io.jsonwebtoken.security.WeakKeyException: The signing key's size is 1024 bits which is not secure enough for the PS256 algorithm.  The JWT JWA Specification (RFC 7518, Section 3.5) states that keys used with PS256 MUST have a size >= 2048 bits.  Consider using the io.jsonwebtoken.security.Keys class's 'keyPairFor(SignatureAlgorithm.PS256)' method to create a key pair guaranteed to be secure enough for PS256.  See https://tools.ietf.org/html/rfc7518#section-3.5 for more information.

	at io.jsonwebtoken.SignatureAlgorithm.assertValid(SignatureAlgorithm.java:424)

	at io.jsonwebtoken.SignatureAlgorithm.assertValidSigningKey(SignatureAlgorithm.java:302)

	at io.jsonwebtoken.impl.DefaultJwtBuilder.signWith(DefaultJwtBuilder.java:123)

	at com.eshare.examples.JwtExampleTest.testJWTSigningAndVerify(JwtExampleTest.java:64)

	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

	at java.lang.reflect.Method.invoke(Method.java:498)

	at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)

	at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)

	at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)

	at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)

	at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)

	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)

	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)

	at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)

	at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)

	at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)

	at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)

	at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)

	at org.junit.runners.ParentRunner.run(ParentRunner.java:363)

	at org.junit.runner.JUnitCore.run(JUnitCore.java:137)

	at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68)

	at com.intellij.rt.execution.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:47)

	at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:242)

	at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:70)

Process finished with exit code -1

代码如下:

    //Generate jwt token

    String jwtToken = Jwts.builder()

        .setIssuer("me")

        .setSubject("Bob")

        .setAudience("you").signWith(privateKey,

            SignatureAlgorithm.PS256)

        .setId(UUID.randomUUID().toString()).compact();

    //Verify singing

    Jwts.parser()

        .setSigningKey(publicKey) // <---- publicKey, not privateKey

        .parseClaimsJws(jwtToken);

解决方案

经排查，这问题是因为选用了PS256算法后，对安全要求更高了，原有的RSA算法私钥长度1024已经不符合要求，因此假如要使用该算法进行加密，需要重新更换秘钥长度，在生成RSA密钥对的时候，把keySize改为2048或者更高。

JWT | io.jsonwebtoken.security.WeakKeyException: The signing key's size is 1024 bits which is not se的更多相关文章

JWT和Spring Security集成
通常情况下,把API直接暴露出去是风险很大的, 我们一般需要对API划分出一定的权限级别,然后做一个用户的鉴权,依据鉴权结果给予用户对应的API (一)JWT是什么,为什么要使用它? 互联网服务离不开 ...
Signing key has not been configured
Signing key has not been configured.https://dev.openwrt.org/changeset/38284 Add package signing key ...
https://jwt.io/一个可以解析token的神奇网站
网址:https://jwt.io/ 效果:
hive对于lzo文件处理异常Caused by: java.io.IOException: Compressed length 842086665 exceeds max block size 67108864 (probably corrupt file)
hive查询lzo数据格式文件的表时,抛 Caused by: java.io.IOException: Compressed length 842086665 exceeds max block s ...
Using JWT with Spring Security OAuth
http://www.baeldung.com/spring-security-oauth-jwt ************************************************** ...
使用JWT作为Spring Security OAuth2的token存储
序 Spring Security OAuth2的demo在前几篇文章中已经讲过了,在那些模式中使用的都是RemoteTokenService调用授权服务器来校验token,返回校验通过的用户信息供上 ...
Internet History, Technology, and Security（week8）——Security: Encrypting and Signing
Hiding Date from Ohters Security Introduction Alice and Bob是密码学.博弈论.物理学等领域中的通用角色之一.Alice(代表A)和Bob(代表 ...
将JWT与Spring Security OAuth结合使用
1.概述在本教程中,我们将讨论如何使用Spring Security OAuth2实现来使用JSON Web令牌. 我们还将继续构建此OAuth系列的上一篇文章. 2. Maven配置首先,我们需 ...
laravel 报错 mcrypt_decrypt(): Key of size 11 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported
修改app/config/app.php文件将key设置成长度为16,24,32的字符串

随机推荐

.NET Core开发的iNeuOS工业互联平台，升级四大特性：配置数据接口、图元绑定数据、预警配置和自定义菜单
目录 1. 概述... 2 2. 演示信息... 2 3. iNeuView(Web组态)配置数据接口... 2 4. iNeuView(Web组 ...
navicat创建存储过程时报错1064
1.这是创建的存储过程 2.一保存就会出错 3.后来上网查了一下是存储过程的参数没有设定长度导致的,我们在Navicat中创建存储过程时参数的长度需要自己动手去添加的否则就会包这种错误. 添加上参数的 ...
vue学习笔记(四)事件处理器
前言在上一章vue学习笔记(三)class和style绑定的内容中,我们学习了如何在vue中绑定class和style,介绍了常用的绑定方法,class的数组绑定和对象绑定以及style的数组绑定和 ...
promethues安装
prometheus 1. 下载安装下载安装:https://github.com/prometheus/prometheus/releases/tag/v2.9.2 wget https://gi ...
IHostingEnvironment VS IHostEnvironment - .NET Core 3.0中的废弃类型
原文: https://andrewlock.net/ihostingenvironment-vs-ihost-environment-obsolete-types-in-net-core-3/ 作者 ...
07Shell数组
Shell 数组变量普通数组:只能使用整数作为数组索引关联数组:可以使用字符串作为数组索引普通数组定义数组方法1: 一次赋一个值数组名[索引]=变量值示例 # array1[0]=pea ...
MySQL 持久化保障机制-redo 日志
我们在聊一聊 MySQL 中的事务及其实现原理中提到了 redo 日志,redo 日志是用来保证 MySQL 持久化功能的,需要注意的是 redo 日志是 InnoDB 引擎特有的功能. 为什么 ...
POJ 1458 Common Subsequence （动态规划）
题目传送门 POJ 1458 Description A subsequence of a given sequence is the given sequence with some element ...
C++ | C++ 概览基础知识 | 01
一.基本概念 1.1 类型.变量和算术运算 1.2 常量 1.3 检验和循环 1.4 指针,数组和循环二.用户自定义类型 2.1 结构 2.2 类 2.3 枚举三.模块化 3.1 分离编译 3.2 ...
String字符串，输入一串字符判断其中数字，字母，其他的字符的个数
public class StringClassTest { public static void main(String[] args) { //遍历字符串 String str = "H ...

JWT | io.jsonwebtoken.security.WeakKeyException: The signing key's size is 1024 bits which is not se

背景

解决方案

JWT | io.jsonwebtoken.security.WeakKeyException: The signing key's size is 1024 bits which is not se的更多相关文章

随机推荐

热门专题