Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

生成并读取base64私钥以从java对JWT令牌进行签名

1 周,4 日 Questions & Answers

1-从命令行生成私钥:

openssl genrsa -aes256 -out private.key 2048

  1. java读它:

    String privateKey = IOUtils.toString(TestJwtSecurityUtil.class.getResourceAsStream("/private.key"));
privateKey = privateKey.replace("-----BEGIN RSA PRIVATE KEY-----", "");
privateKey = privateKey.replace("-----END RSA PRIVATE KEY-----", "");
privateKey = privateKey.replaceAll("\\s+","");

byte[] encodedKey = DatatypeConverter.parseBase64Binary( privateKey );


PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedKey);

KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey pKey = kf.generatePrivate(keySpec); // fails

出现异常:

Exception in thread "main" java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DerInputStream.getLength(): lengthTag=58, too big.

我尝试转换为base64:

byte[] encodedKey = DatatypeConverter.parseBase64Binary( encodedString );
 PrivateKey pKey = kf.generatePrivate(keySpec); // fails

得到:

Exception in thread "main" java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: invalid key format
    at java.base/sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:251)

问:如何通过考试?为了让私钥被读取,最后我可以唱JWT令牌:

final JwtBuilder builder = Jwts.builder().setId("id1")
                ....
                .signWith(signatureAlgorithm, pKey);

共 (1) 个答案

  1. # 1 楼答案

    是的,它是重复的。但因为我花了1个多小时在SO网站上寻找它。基于这个replybouncycastle的语法分析器。谢谢,@dave_thompson_085

    1. 要创建专用公钥,请执行以下操作:

      • openssl genrsa-out私有。钥匙4096
      • openssl rsa-pubout-以私有方式。钥匙公开。钥匙

    2. 然后从java

             final PrivateKey pKey = getPrivateKey();

         final SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.RS256; // private key to sign / public to confrim a sign
     final JwtBuilder builder = Jwts.builder().setId("id1")
                    .setIssuedAt(now)
                    .setSubject(subject)
                    .setIssuer(issuer)
                    .setAudience("api")
                    .addClaims(Map.of(
                            "user_name", "test user",
                            "authorities", List.of("ROLE_USER"),
                            "scope", List.of("read", "write"),
                            "client_id", "test-client"
                            )
                    )                     .signWith(signatureAlgorithm, pKey);

    String jwt = builder.compact();

    其中:

    private static PrivateKey getPrivateKey() throws Exception {

        val path = TestUtils.class.getResource("/").getPath();

        final PEMParser pemParser = new PEMParser(new FileReader(path + "/private.key"));
        final JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
        final PEMKeyPair object = (PEMKeyPair) pemParser.readObject();
        final KeyPair kp = converter.getKeyPair(object);
        final PrivateKey pKey = kp.getPrivate();

        return pKey;
    }

    然后要检查,请将:generatedjwt粘贴到https://jwt.io/(或任何其他工具)以查看/检查内容

    公开发表意见。检查签名的关键内容。看到一切都是绿色的