背景

今天集成JWT的时候,选用了PS256算法,在用使用PGP KEY作为私钥JWT进行签名的时候,报了如下错误:

"C:\Program Files\Java\jdk1.8.0_161\bin\java.exe" -ea -Didea.test.cyclic.buffer.size=1048576 "-javaagent:D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\lib\idea_rt.jar=9784:D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\bin" -Dfile.encoding=UTF-8 -classpath "D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\lib\idea_rt.jar;D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\plugins\junit\lib\junit-rt.jar;D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\plugins\junit\lib\junit5-rt.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\charsets.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\deploy.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\access-bridge-64.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\cldrdata.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\dnsns.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\jaccess.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\jfxrt.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\localedata.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\nashorn.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\sunec.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\sunjce_provider.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\sunmscapi.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\sunpkcs11.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\zipfs.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\javaws.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\jce.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\jfr.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\jfxswt.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\jsse.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\management-agent.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\plugin.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\resources.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\rt.jar;D:\Repository\project\eshare-openpgp-examples\target\test-classes;D:\Repository\project\eshare-openpgp-examples\target\classes;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter\2.1.6.RELEASE\spring-boot-starter-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot\2.1.6.RELEASE\spring-boot-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-context\5.1.8.RELEASE\spring-context-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-autoconfigure\2.1.6.RELEASE\spring-boot-autoconfigure-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-logging\2.1.6.RELEASE\spring-boot-starter-logging-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\ch\qos\logback\logback-classic\1.2.3\logback-classic-1.2.3.jar;D:\Users\10856214\.m2\ch\qos\logback\logback-core\1.2.3\logback-core-1.2.3.jar;D:\Users\10856214\.m2\org\apache\logging\log4j\log4j-to-slf4j\2.11.2\log4j-to-slf4j-2.11.2.jar;D:\Users\10856214\.m2\org\apache\logging\log4j\log4j-api\2.11.2\log4j-api-2.11.2.jar;D:\Users\10856214\.m2\org\slf4j\jul-to-slf4j\1.7.26\jul-to-slf4j-1.7.26.jar;D:\Users\10856214\.m2\javax\annotation\javax.annotation-api\1.3.2\javax.annotation-api-1.3.2.jar;D:\Users\10856214\.m2\org\springframework\spring-core\5.1.8.RELEASE\spring-core-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-jcl\5.1.8.RELEASE\spring-jcl-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\yaml\snakeyaml\1.23\snakeyaml-1.23.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-test\2.1.6.RELEASE\spring-boot-starter-test-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-test\2.1.6.RELEASE\spring-boot-test-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-test-autoconfigure\2.1.6.RELEASE\spring-boot-test-autoconfigure-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\com\jayway\jsonpath\json-path\2.4.0\json-path-2.4.0.jar;D:\Users\10856214\.m2\net\minidev\json-smart\2.3\json-smart-2.3.jar;D:\Users\10856214\.m2\net\minidev\accessors-smart\1.2\accessors-smart-1.2.jar;D:\Users\10856214\.m2\org\ow2\asm\asm\5.0.4\asm-5.0.4.jar;D:\Users\10856214\.m2\org\slf4j\slf4j-api\1.7.26\slf4j-api-1.7.26.jar;D:\Users\10856214\.m2\junit\junit\4.12\junit-4.12.jar;D:\Users\10856214\.m2\org\assertj\assertj-core\3.11.1\assertj-core-3.11.1.jar;D:\Users\10856214\.m2\org\mockito\mockito-core\2.23.4\mockito-core-2.23.4.jar;D:\Users\10856214\.m2\net\bytebuddy\byte-buddy\1.9.13\byte-buddy-1.9.13.jar;D:\Users\10856214\.m2\net\bytebuddy\byte-buddy-agent\1.9.13\byte-buddy-agent-1.9.13.jar;D:\Users\10856214\.m2\org\objenesis\objenesis\2.6\objenesis-2.6.jar;D:\Users\10856214\.m2\org\hamcrest\hamcrest-core\1.3\hamcrest-core-1.3.jar;D:\Users\10856214\.m2\org\hamcrest\hamcrest-library\1.3\hamcrest-library-1.3.jar;D:\Users\10856214\.m2\org\skyscreamer\jsonassert\1.5.0\jsonassert-1.5.0.jar;D:\Users\10856214\.m2\com\vaadin\external\google\android-json\0.0.20131108.vaadin1\android-json-0.0.20131108.vaadin1.jar;D:\Users\10856214\.m2\org\springframework\spring-test\5.1.8.RELEASE\spring-test-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\xmlunit\xmlunit-core\2.6.2\xmlunit-core-2.6.2.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-devtools\2.1.6.RELEASE\spring-boot-devtools-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-web\2.1.6.RELEASE\spring-boot-starter-web-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-json\2.1.6.RELEASE\spring-boot-starter-json-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\datatype\jackson-datatype-jdk8\2.9.9\jackson-datatype-jdk8-2.9.9.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\datatype\jackson-datatype-jsr310\2.9.9\jackson-datatype-jsr310-2.9.9.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\module\jackson-module-parameter-names\2.9.9\jackson-module-parameter-names-2.9.9.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-tomcat\2.1.6.RELEASE\spring-boot-starter-tomcat-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\apache\tomcat\embed\tomcat-embed-core\9.0.21\tomcat-embed-core-9.0.21.jar;D:\Users\10856214\.m2\org\apache\tomcat\embed\tomcat-embed-el\9.0.21\tomcat-embed-el-9.0.21.jar;D:\Users\10856214\.m2\org\apache\tomcat\embed\tomcat-embed-websocket\9.0.21\tomcat-embed-websocket-9.0.21.jar;D:\Users\10856214\.m2\org\hibernate\validator\hibernate-validator\6.0.17.Final\hibernate-validator-6.0.17.Final.jar;D:\Users\10856214\.m2\javax\validation\validation-api\2.0.1.Final\validation-api-2.0.1.Final.jar;D:\Users\10856214\.m2\org\jboss\logging\jboss-logging\3.3.2.Final\jboss-logging-3.3.2.Final.jar;D:\Users\10856214\.m2\com\fasterxml\classmate\1.4.0\classmate-1.4.0.jar;D:\Users\10856214\.m2\org\springframework\spring-web\5.1.8.RELEASE\spring-web-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-beans\5.1.8.RELEASE\spring-beans-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-webmvc\5.1.8.RELEASE\spring-webmvc-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-aop\5.1.8.RELEASE\spring-aop-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-expression\5.1.8.RELEASE\spring-expression-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\bouncycastle\bcpg-jdk15on\1.62\bcpg-jdk15on-1.62.jar;D:\Users\10856214\.m2\org\bouncycastle\bcprov-jdk15on\1.62\bcprov-jdk15on-1.62.jar;D:\Users\10856214\.m2\commons-io\commons-io\2.4\commons-io-2.4.jar;D:\Users\10856214\.m2\org\apache\commons\commons-lang3\3.4\commons-lang3-3.4.jar;D:\Users\10856214\.m2\io\jsonwebtoken\jjwt-api\0.10.7\jjwt-api-0.10.7.jar;D:\Users\10856214\.m2\io\jsonwebtoken\jjwt-impl\0.10.7\jjwt-impl-0.10.7.jar;D:\Users\10856214\.m2\io\jsonwebtoken\jjwt-jackson\0.10.7\jjwt-jackson-0.10.7.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\core\jackson-databind\2.9.9\jackson-databind-2.9.9.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\core\jackson-annotations\2.9.0\jackson-annotations-2.9.0.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\core\jackson-core\2.9.9\jackson-core-2.9.9.jar" com.intellij.rt.execution.junit.JUnitStarter -ideVersion5 -junit4 com.eshare.examples.JwtExampleTest,testJWTSigningAndVerify

io.jsonwebtoken.security.WeakKeyException: The signing key's size is 1024 bits which is not secure enough for the PS256 algorithm.  The JWT JWA Specification (RFC 7518, Section 3.5) states that keys used with PS256 MUST have a size >= 2048 bits.  Consider using the io.jsonwebtoken.security.Keys class's 'keyPairFor(SignatureAlgorithm.PS256)' method to create a key pair guaranteed to be secure enough for PS256.  See https://tools.ietf.org/html/rfc7518#section-3.5 for more information.

	at io.jsonwebtoken.SignatureAlgorithm.assertValid(SignatureAlgorithm.java:424)

	at io.jsonwebtoken.SignatureAlgorithm.assertValidSigningKey(SignatureAlgorithm.java:302)

	at io.jsonwebtoken.impl.DefaultJwtBuilder.signWith(DefaultJwtBuilder.java:123)

	at com.eshare.examples.JwtExampleTest.testJWTSigningAndVerify(JwtExampleTest.java:64)

	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

	at java.lang.reflect.Method.invoke(Method.java:498)

	at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)

	at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)

	at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)

	at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)

	at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)

	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)

	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)

	at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)

	at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)

	at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)

	at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)

	at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)

	at org.junit.runners.ParentRunner.run(ParentRunner.java:363)

	at org.junit.runner.JUnitCore.run(JUnitCore.java:137)

	at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68)

	at com.intellij.rt.execution.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:47)

	at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:242)

	at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:70)

Process finished with exit code -1

代码如下:

    //Generate jwt token

    String jwtToken = Jwts.builder()

        .setIssuer("me")

        .setSubject("Bob")

        .setAudience("you").signWith(privateKey,

            SignatureAlgorithm.PS256)

        .setId(UUID.randomUUID().toString()).compact();

    //Verify singing

    Jwts.parser()

        .setSigningKey(publicKey) // <---- publicKey, not privateKey

        .parseClaimsJws(jwtToken);

解决方案

经排查,这问题是因为选用了PS256算法后,对安全要求更高了,原有的RSA算法私钥长度1024已经不符合要求,因此假如要使用该算法进行加密,需要重新更换秘钥长度,在生成RSA密钥对的时候,把keySize改为2048或者更高。

最新文章

  1. Android注解使用之通过annotationProcessor注解生成代码实现自己的ButterKnife框架
  2. Android中实现双击事件
  3. Swift2.1 语法指南——错误处理
  4. 《JavaScript Ninja》之闭包
  5. Supervisor行为分析和实践
  6. IPython notebook 使用介绍
  7. 3种SQL语句分页写法
  8. 二、VueJs 填坑日记之基础项目构建
  9. java表单重复提交常用解决办法
  10. Java经典编程题50道之四十四
  11. Oracle数据库启动出现ORA-27101错误之ORA-19815处理方式及数据备份
  12. java8新特性学习笔记链接
  13. multi函数
  14. ubuntu下的“用vim打开中文乱码,用cat打开正常显示”的解决方法
  15. PHP中一些常用知识点
  16. git从远程分支clone项目到本地,切换分支命令,其他常用命令
  17. Python赋值与深浅拷贝
  18. RocketMQ最佳实战
  19. 使用CSS 3创建不规则图形
  20. MdelForm 和formset

热门文章

  1. javaweb项目启动时自动启动rmi服务器实例
  2. jitamin基于lnmp环境搭建
  3. FPGA之IO信号类型深入理解
  4. TensorFlow之tf.less()
  5. 从两个角度理解为什么 JS 中没有函数重载
  6. 「SP122」STEVE - Voracious Steve 解题报告
  7. MinGW-W64下载与安装
  8. Linux之nohup命令
  9. 大量SQL的解决方案——sdmap
  10. C++ | C++ 基础知识 | 结构、联合与枚举