生成并读取base64私钥以从java对JWT令牌进行签名
1-从命令行生成私钥:
openssl genrsa -aes256 -out private.key 2048
从
java
读它:String privateKey = IOUtils.toString(TestJwtSecurityUtil.class.getResourceAsStream("/private.key")); privateKey = privateKey.replace("-----BEGIN RSA PRIVATE KEY-----", ""); privateKey = privateKey.replace("-----END RSA PRIVATE KEY-----", ""); privateKey = privateKey.replaceAll("\\s+",""); byte[] encodedKey = DatatypeConverter.parseBase64Binary( privateKey ); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedKey); KeyFactory kf = KeyFactory.getInstance("RSA"); PrivateKey pKey = kf.generatePrivate(keySpec); // fails
出现异常:
Exception in thread "main" java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DerInputStream.getLength(): lengthTag=58, too big.
我尝试转换为base64:
byte[] encodedKey = DatatypeConverter.parseBase64Binary( encodedString );
PrivateKey pKey = kf.generatePrivate(keySpec); // fails
得到:
Exception in thread "main" java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: invalid key format
at java.base/sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:251)
问:如何通过考试?为了让私钥被读取,最后我可以唱JWT令牌:
final JwtBuilder builder = Jwts.builder().setId("id1")
....
.signWith(signatureAlgorithm, pKey);
# 1 楼答案
是的,它是重复的。但因为我花了1个多小时在SO网站上寻找它。基于这个reply和bouncycastle的语法分析器。谢谢,@dave_thompson_085
要创建专用公钥,请执行以下操作:
然后从
java
其中:
然后要检查,请将:generated
jwt
粘贴到https://jwt.io/(或任何其他工具)以查看/检查内容公开发表意见。检查签名的关键内容。看到一切都是绿色的