JWT | io.jsonwebtoken.security.WeakKeyException: The signing key's size is 1024 bits which is not se

背景

今天集成JWT的时候,选用了PS256算法,在用使用PGP KEY作为私钥JWT进行签名的时候,报了如下错误:

"C:\Program Files\Java\jdk1.8.0_161\bin\java.exe" -ea -Didea.test.cyclic.buffer.size=1048576 "-javaagent:D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\lib\idea_rt.jar=9784:D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\bin" -Dfile.encoding=UTF-8 -classpath "D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\lib\idea_rt.jar;D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\plugins\junit\lib\junit-rt.jar;D:\Program Files\JetBrains\IntelliJ IDEA 2019.1.3\plugins\junit\lib\junit5-rt.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\charsets.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\deploy.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\access-bridge-64.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\cldrdata.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\dnsns.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\jaccess.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\jfxrt.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\localedata.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\nashorn.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\sunec.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\sunjce_provider.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\sunmscapi.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\sunpkcs11.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\ext\zipfs.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\javaws.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\jce.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\jfr.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\jfxswt.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\jsse.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\management-agent.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\plugin.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\resources.jar;C:\Program Files\Java\jdk1.8.0_161\jre\lib\rt.jar;D:\Repository\project\eshare-openpgp-examples\target\test-classes;D:\Repository\project\eshare-openpgp-examples\target\classes;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter\2.1.6.RELEASE\spring-boot-starter-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot\2.1.6.RELEASE\spring-boot-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-context\5.1.8.RELEASE\spring-context-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-autoconfigure\2.1.6.RELEASE\spring-boot-autoconfigure-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-logging\2.1.6.RELEASE\spring-boot-starter-logging-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\ch\qos\logback\logback-classic\1.2.3\logback-classic-1.2.3.jar;D:\Users\10856214\.m2\ch\qos\logback\logback-core\1.2.3\logback-core-1.2.3.jar;D:\Users\10856214\.m2\org\apache\logging\log4j\log4j-to-slf4j\2.11.2\log4j-to-slf4j-2.11.2.jar;D:\Users\10856214\.m2\org\apache\logging\log4j\log4j-api\2.11.2\log4j-api-2.11.2.jar;D:\Users\10856214\.m2\org\slf4j\jul-to-slf4j\1.7.26\jul-to-slf4j-1.7.26.jar;D:\Users\10856214\.m2\javax\annotation\javax.annotation-api\1.3.2\javax.annotation-api-1.3.2.jar;D:\Users\10856214\.m2\org\springframework\spring-core\5.1.8.RELEASE\spring-core-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-jcl\5.1.8.RELEASE\spring-jcl-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\yaml\snakeyaml\1.23\snakeyaml-1.23.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-test\2.1.6.RELEASE\spring-boot-starter-test-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-test\2.1.6.RELEASE\spring-boot-test-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-test-autoconfigure\2.1.6.RELEASE\spring-boot-test-autoconfigure-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\com\jayway\jsonpath\json-path\2.4.0\json-path-2.4.0.jar;D:\Users\10856214\.m2\net\minidev\json-smart\2.3\json-smart-2.3.jar;D:\Users\10856214\.m2\net\minidev\accessors-smart\1.2\accessors-smart-1.2.jar;D:\Users\10856214\.m2\org\ow2\asm\asm\5.0.4\asm-5.0.4.jar;D:\Users\10856214\.m2\org\slf4j\slf4j-api\1.7.26\slf4j-api-1.7.26.jar;D:\Users\10856214\.m2\junit\junit\4.12\junit-4.12.jar;D:\Users\10856214\.m2\org\assertj\assertj-core\3.11.1\assertj-core-3.11.1.jar;D:\Users\10856214\.m2\org\mockito\mockito-core\2.23.4\mockito-core-2.23.4.jar;D:\Users\10856214\.m2\net\bytebuddy\byte-buddy\1.9.13\byte-buddy-1.9.13.jar;D:\Users\10856214\.m2\net\bytebuddy\byte-buddy-agent\1.9.13\byte-buddy-agent-1.9.13.jar;D:\Users\10856214\.m2\org\objenesis\objenesis\2.6\objenesis-2.6.jar;D:\Users\10856214\.m2\org\hamcrest\hamcrest-core\1.3\hamcrest-core-1.3.jar;D:\Users\10856214\.m2\org\hamcrest\hamcrest-library\1.3\hamcrest-library-1.3.jar;D:\Users\10856214\.m2\org\skyscreamer\jsonassert\1.5.0\jsonassert-1.5.0.jar;D:\Users\10856214\.m2\com\vaadin\external\google\android-json\0.0.20131108.vaadin1\android-json-0.0.20131108.vaadin1.jar;D:\Users\10856214\.m2\org\springframework\spring-test\5.1.8.RELEASE\spring-test-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\xmlunit\xmlunit-core\2.6.2\xmlunit-core-2.6.2.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-devtools\2.1.6.RELEASE\spring-boot-devtools-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-web\2.1.6.RELEASE\spring-boot-starter-web-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-json\2.1.6.RELEASE\spring-boot-starter-json-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\datatype\jackson-datatype-jdk8\2.9.9\jackson-datatype-jdk8-2.9.9.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\datatype\jackson-datatype-jsr310\2.9.9\jackson-datatype-jsr310-2.9.9.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\module\jackson-module-parameter-names\2.9.9\jackson-module-parameter-names-2.9.9.jar;D:\Users\10856214\.m2\org\springframework\boot\spring-boot-starter-tomcat\2.1.6.RELEASE\spring-boot-starter-tomcat-2.1.6.RELEASE.jar;D:\Users\10856214\.m2\org\apache\tomcat\embed\tomcat-embed-core\9.0.21\tomcat-embed-core-9.0.21.jar;D:\Users\10856214\.m2\org\apache\tomcat\embed\tomcat-embed-el\9.0.21\tomcat-embed-el-9.0.21.jar;D:\Users\10856214\.m2\org\apache\tomcat\embed\tomcat-embed-websocket\9.0.21\tomcat-embed-websocket-9.0.21.jar;D:\Users\10856214\.m2\org\hibernate\validator\hibernate-validator\6.0.17.Final\hibernate-validator-6.0.17.Final.jar;D:\Users\10856214\.m2\javax\validation\validation-api\2.0.1.Final\validation-api-2.0.1.Final.jar;D:\Users\10856214\.m2\org\jboss\logging\jboss-logging\3.3.2.Final\jboss-logging-3.3.2.Final.jar;D:\Users\10856214\.m2\com\fasterxml\classmate\1.4.0\classmate-1.4.0.jar;D:\Users\10856214\.m2\org\springframework\spring-web\5.1.8.RELEASE\spring-web-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-beans\5.1.8.RELEASE\spring-beans-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-webmvc\5.1.8.RELEASE\spring-webmvc-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-aop\5.1.8.RELEASE\spring-aop-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\springframework\spring-expression\5.1.8.RELEASE\spring-expression-5.1.8.RELEASE.jar;D:\Users\10856214\.m2\org\bouncycastle\bcpg-jdk15on\1.62\bcpg-jdk15on-1.62.jar;D:\Users\10856214\.m2\org\bouncycastle\bcprov-jdk15on\1.62\bcprov-jdk15on-1.62.jar;D:\Users\10856214\.m2\commons-io\commons-io\2.4\commons-io-2.4.jar;D:\Users\10856214\.m2\org\apache\commons\commons-lang3\3.4\commons-lang3-3.4.jar;D:\Users\10856214\.m2\io\jsonwebtoken\jjwt-api\0.10.7\jjwt-api-0.10.7.jar;D:\Users\10856214\.m2\io\jsonwebtoken\jjwt-impl\0.10.7\jjwt-impl-0.10.7.jar;D:\Users\10856214\.m2\io\jsonwebtoken\jjwt-jackson\0.10.7\jjwt-jackson-0.10.7.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\core\jackson-databind\2.9.9\jackson-databind-2.9.9.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\core\jackson-annotations\2.9.0\jackson-annotations-2.9.0.jar;D:\Users\10856214\.m2\com\fasterxml\jackson\core\jackson-core\2.9.9\jackson-core-2.9.9.jar" com.intellij.rt.execution.junit.JUnitStarter -ideVersion5 -junit4 com.eshare.examples.JwtExampleTest,testJWTSigningAndVerify

io.jsonwebtoken.security.WeakKeyException: The signing key's size is 1024 bits which is not secure enough for the PS256 algorithm.  The JWT JWA Specification (RFC 7518, Section 3.5) states that keys used with PS256 MUST have a size >= 2048 bits.  Consider using the io.jsonwebtoken.security.Keys class's 'keyPairFor(SignatureAlgorithm.PS256)' method to create a key pair guaranteed to be secure enough for PS256.  See https://tools.ietf.org/html/rfc7518#section-3.5 for more information.

	at io.jsonwebtoken.SignatureAlgorithm.assertValid(SignatureAlgorithm.java:424)
	at io.jsonwebtoken.SignatureAlgorithm.assertValidSigningKey(SignatureAlgorithm.java:302)
	at io.jsonwebtoken.impl.DefaultJwtBuilder.signWith(DefaultJwtBuilder.java:123)
	at com.eshare.examples.JwtExampleTest.testJWTSigningAndVerify(JwtExampleTest.java:64)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
	at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
	at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
	at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
	at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
	at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
	at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
	at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
	at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
	at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
	at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
	at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
	at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68)
	at com.intellij.rt.execution.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:47)
	at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:242)
	at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:70)


Process finished with exit code -1

代码如下:

    //Generate jwt token
    String jwtToken = Jwts.builder()
        .setIssuer("me")
        .setSubject("Bob")
        .setAudience("you").signWith(privateKey,
            SignatureAlgorithm.PS256)
        .setId(UUID.randomUUID().toString()).compact();
    //Verify singing
    Jwts.parser()
        .setSigningKey(publicKey) // <---- publicKey, not privateKey
        .parseClaimsJws(jwtToken);

解决方案

经排查,这问题是因为选用了PS256算法后,对安全要求更高了,原有的RSA算法私钥长度1024已经不符合要求,因此假如要使用该算法进行加密,需要重新更换秘钥长度,在生成RSA密钥对的时候,把keySize改为2048或者更高。
在这里插入图片描述

posted @ 2019-08-04 17:04  EvanLeung  阅读(2710)  评论(0编辑  收藏  举报