JWT | io.jsonwebtoken.security.WeakKeyException: The signing key's size is 1024 bits which is not se
2024-08-24 06:07:45
背景
今天集成JWT的时候,选用了PS256算法,在用使用PGP KEY作为私钥JWT进行签名的时候,报了如下错误:
"C:\Program Files\Java\jdk1.8.0_161\bin\java.exe" -ea -Didea.test.cyclic.buffer.size=1048576 "-javaagent:D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\lib\idea_rt.jar=9784:D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\bin" -Dfile.encoding=UTF-8 -classpath "D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\lib\idea_rt.jar;D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\plugins\junit\lib\junit-rt.jar;D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\plugins\junit\lib\junit5-rt.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\charsets.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\deploy.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\access-bridge-64.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\cldrdata.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\dnsns.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\jaccess.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\jfxrt.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\localedata.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\nashorn.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\sunec.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\sunjce_provider.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\sunmscapi.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\sunpkcs11.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\zipfs.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\javaws.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\jce.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\jfr.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\jfxswt.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\jsse.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\management-agent.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\plugin.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\resources.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\rt.jar;D:\Repository\project\eshare-openpgp-examples\target\test-classes;D:\Repository\project\eshare-openpgp-examples\target\classes;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter\2.1.6.RELEASE\spring-boot-starter-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot\2.1.6.RELEASE\spring-boot-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-context\5.1.8.RELEASE\spring-context-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-autoconfigure\2.1.6.RELEASE\spring-boot-autoconfigure-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-logging\2.1.6.RELEASE\spring-boot-starter-logging-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\ch\qos\logback\logback-classic\1.2.3\logback-classic-1.2.3.jar;D:\Users\10856214\.m2\ch\qos\logback\logback-core\1.2.3\logback-core-1.2.3.jar;D:\Users\10856214\.m2\org\apache\logging\log4j\log4j-to-slf4j\2.11.2\log4j-to-slf4j-2.11.2.jar;D:\Users\10856214\.m2\org\apache\logging\log4j\log4j-api\2.11.2\log4j-api-2.11.2.jar;D:\Users\10856214\.m2\org\slf4j\jul-to-slf4j\1.7.26\jul-to-slf4j-1.7.26.jar;D:\Users\10856214\.m2\javax\annotation\javax.annotation-api\1.3.2\javax.annotation-api-1.3.2.jar;D:\Users\10856214\.m2\org\springframework\spring-core\5.1.8.RELEASE\spring-core-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-jcl\5.1.8.RELEASE\spring-jcl-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\yaml\snakeyaml\1.23\snakeyaml-1.23.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-test\2.1.6.RELEASE\spring-boot-starter-test-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-test\2.1.6.RELEASE\spring-boot-test-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-test-autoconfigure\2.1.6.RELEASE\spring-boot-test-autoconfigure-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\com\jayway\jsonpath\json-path\2.4.0\json-path-2.4.0.jar;D:\Users\10856214\.m2\net\minidev\json-smart\2.3\json-smart-2.3.jar;D:\Users\10856214\.m2\net\minidev\accessors-smart\1.2\accessors-smart-1.2.jar;D:\Users\10856214\.m2\org\ow2\asm\asm\5.0.4\asm-5.0.4.jar;D:\Users\10856214\.m2\org\slf4j\slf4j-api\1.7.26\slf4j-api-1.7.26.jar;D:\Users\10856214\.m2\junit\junit\4.12\junit-4.12.jar;D:\Users\10856214\.m2\org\assertj\assertj-core\3.11.1\assertj-core-3.11.1.jar;D:\Users\10856214\.m2\org\mockito\mockito-core\2.23.4\mockito-core-2.23.4.jar;D:\Users\10856214\.m2\net\bytebuddy\byte-buddy\1.9.13\byte-buddy-1.9.13.jar;D:\Users\10856214\.m2\net\bytebuddy\byte-buddy-agent\1.9.13\byte-buddy-agent-1.9.13.jar;D:\Users\10856214\.m2\org\objenesis\objenesis\2.6\objenesis-2.6.jar;D:\Users\10856214\.m2\org\hamcrest\hamcrest-core\1.3\hamcrest-core-1.3.jar;D:\Users\10856214\.m2\org\hamcrest\hamcrest-library\1.3\hamcrest-library-1.3.jar;D:\Users\10856214\.m2\org\skyscreamer\jsonassert\1.5.0\jsonassert-1.5.0.jar;D:\Users\10856214\.m2\com\vaadin\external\google\android-json\0.0.20131108.vaadin1\android-json-0.0.20131108.vaadin1.jar;D:\Users\10856214\.m2\org\springframework\spring-test\5.1.8.RELEASE\spring-test-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\xmlunit\xmlunit-core\2.6.2\xmlunit-core-2.6.2.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-devtools\2.1.6.RELEASE\spring-boot-devtools-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-web\2.1.6.RELEASE\spring-boot-starter-web-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-json\2.1.6.RELEASE\spring-boot-starter-json-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\datatype\jackson-datatype-jdk8\2.9.9\jackson-datatype-jdk8-2.9.9.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\datatype\jackson-datatype-jsr310\2.9.9\jackson-datatype-jsr310-2.9.9.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\module\jackson-module-parameter-names\2.9.9\jackson-module-parameter-names-2.9.9.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-tomcat\2.1.6.RELEASE\spring-boot-starter-tomcat-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\apache\tomcat\embed\tomcat-embed-core\9.0.21\tomcat-embed-core-9.0.21.jar;D:\Users\10856214\.m2\org\apache\tomcat\embed\tomcat-embed-el\9.0.21\tomcat-embed-el-9.0.21.jar;D:\Users\10856214\.m2\org\apache\tomcat\embed\tomcat-embed-websocket\9.0.21\tomcat-embed-websocket-9.0.21.jar;D:\Users\10856214\.m2\org\hibernate\validator\hibernate-validator\6.0.17.Final\hibernate-validator-6.0.17.Final.jar;D:\Users\10856214\.m2\javax\validation\validation-api\2.0.1.Final\validation-api-2.0.1.Final.jar;D:\Users\10856214\.m2\org\jboss\logging\jboss-logging\3.3.2.Final\jboss-logging-3.3.2.Final.jar;D:\Users\10856214\.m2\com\fasterxml\classmate\1.4.0\classmate-1.4.0.jar;D:\Users\10856214\.m2\org\springframework\spring-web\5.1.8.RELEASE\spring-web-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-beans\5.1.8.RELEASE\spring-beans-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-webmvc\5.1.8.RELEASE\spring-webmvc-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-aop\5.1.8.RELEASE\spring-aop-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-expression\5.1.8.RELEASE\spring-expression-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\bouncycastle\bcpg-jdk15on\1.62\bcpg-jdk15on-1.62.jar;D:\Users\10856214\.m2\org\bouncycastle\bcprov-jdk15on\1.62\bcprov-jdk15on-1.62.jar;D:\Users\10856214\.m2\commons-io\commons-io\2.4\commons-io-2.4.jar;D:\Users\10856214\.m2\org\apache\commons\commons-lang3\3.4\commons-lang3-3.4.jar;D:\Users\10856214\.m2\io\jsonwebtoken\jjwt-api\0.10.7\jjwt-api-0.10.7.jar;D:\Users\10856214\.m2\io\jsonwebtoken\jjwt-impl\0.10.7\jjwt-impl-0.10.7.jar;D:\Users\10856214\.m2\io\jsonwebtoken\jjwt-jackson\0.10.7\jjwt-jackson-0.10.7.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\core\jackson-databind\2.9.9\jackson-databind-2.9.9.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\core\jackson-annotations\2.9.0\jackson-annotations-2.9.0.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\core\jackson-core\2.9.9\jackson-core-2.9.9.jar" com.intellij.rt.execution.junit.JUnitStarter -ideVersion5 -junit4 com.eshare.examples.JwtExampleTest,testJWTSigningAndVerify
io.jsonwebtoken.security.WeakKeyException: The signing key's size is 1024 bits which is not secure enough for the PS256 algorithm. The JWT JWA Specification (RFC 7518, Section 3.5) states that keys used with PS256 MUST have a size >= 2048 bits. Consider using the io.jsonwebtoken.security.Keys class's 'keyPairFor(SignatureAlgorithm.PS256)' method to create a key pair guaranteed to be secure enough for PS256. See https://tools.ietf.org/html/rfc7518#section-3.5 for more information.
at io.jsonwebtoken.SignatureAlgorithm.assertValid(SignatureAlgorithm.java:424)
at io.jsonwebtoken.SignatureAlgorithm.assertValidSigningKey(SignatureAlgorithm.java:302)
at io.jsonwebtoken.impl.DefaultJwtBuilder.signWith(DefaultJwtBuilder.java:123)
at com.eshare.examples.JwtExampleTest.testJWTSigningAndVerify(JwtExampleTest.java:64)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68)
at com.intellij.rt.execution.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:47)
at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:242)
at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:70)
Process finished with exit code -1
代码如下:
//Generate jwt token
String jwtToken = Jwts.builder()
.setIssuer("me")
.setSubject("Bob")
.setAudience("you").signWith(privateKey,
SignatureAlgorithm.PS256)
.setId(UUID.randomUUID().toString()).compact();
//Verify singing
Jwts.parser()
.setSigningKey(publicKey) // <---- publicKey, not privateKey
.parseClaimsJws(jwtToken);
解决方案
经排查,这问题是因为选用了PS256算法后,对安全要求更高了,原有的RSA算法私钥长度1024已经不符合要求,因此假如要使用该算法进行加密,需要重新更换秘钥长度,在生成RSA密钥对的时候,把keySize改为2048或者更高。
最新文章
- Android注解使用之通过annotationProcessor注解生成代码实现自己的ButterKnife框架
- Android中实现双击事件
- Swift2.1 语法指南——错误处理
- 《JavaScript Ninja》之闭包
- Supervisor行为分析和实践
- IPython notebook 使用介绍
- 3种SQL语句分页写法
- 二、VueJs 填坑日记之基础项目构建
- java表单重复提交常用解决办法
- Java经典编程题50道之四十四
- Oracle数据库启动出现ORA-27101错误之ORA-19815处理方式及数据备份
- java8新特性学习笔记链接
- multi函数
- ubuntu下的“用vim打开中文乱码,用cat打开正常显示”的解决方法
- PHP中一些常用知识点
- git从远程分支clone项目到本地,切换分支命令,其他常用命令
- Python赋值与深浅拷贝
- RocketMQ最佳实战
- 使用CSS 3创建不规则图形
- MdelForm 和formset