1-从命令行生成私钥:
openssl genrsa -aes256 -out private.key 2048
来自
java
,阅读它:String privateKey = IOUtils.toString(TestJwtSecurityUtil.class.getResourceAsStream("/private.key")); privateKey = privateKey.replace("-----BEGIN RSA PRIVATE KEY-----", ""); privateKey = privateKey.replace("-----END RSA PRIVATE KEY-----", ""); privateKey = privateKey.replaceAll("\\s+",""); byte[] encodedKey = DatatypeConverter.parseBase64Binary( privateKey ); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedKey); KeyFactory kf = KeyFactory.getInstance("RSA"); PrivateKey pKey = kf.generatePrivate(keySpec); // fails
遇到异常:
Exception in thread "main" java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DerInputStream.getLength(): lengthTag=58, too big.
我尝试转换为 base64:
byte[] encodedKey = DatatypeConverter.parseBase64Binary( encodedString );
PrivateKey pKey = kf.generatePrivate(keySpec); // fails
得到:
Exception in thread "main" java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: invalid key format
at java.base/sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:251)
问:如何通过这个?为了让私钥被读取,最终我可以使用 JWT token :
final JwtBuilder builder = Jwts.builder().setId("id1")
....
.signWith(signatureAlgorithm, pKey);
最佳答案
是的,它是重复的。但因为我花了 1 个多小时在 SO 网站上寻找它。基于此 reply 和 bouncycastle 的 PEMParser。谢谢,@dave_thompson_085
创建私钥-公钥:
- openssl genrsa -out private.key 4096
- openssl rsa -pubout -in private.key -out public.key
然后来自
java
--
final PrivateKey pKey = getPrivateKey();
final SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.RS256; // private key to sign / public to confrim a sign
final JwtBuilder builder = Jwts.builder().setId("id1")
.setIssuedAt(now)
.setSubject(subject)
.setIssuer(issuer)
.setAudience("api")
.addClaims(Map.of(
"user_name", "test user",
"authorities", List.of("ROLE_USER"),
"scope", List.of("read", "write"),
"client_id", "test-client"
)
) .signWith(signatureAlgorithm, pKey);
<小时/>
String jwt = builder.compact();
地点:
private static PrivateKey getPrivateKey() throws Exception {
val path = TestUtils.class.getResource("/").getPath();
final PEMParser pemParser = new PEMParser(new FileReader(path + "/private.key"));
final JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
final PEMKeyPair object = (PEMKeyPair) pemParser.readObject();
final KeyPair kp = converter.getKeyPair(object);
final PrivateKey pKey = kp.getPrivate();
return pKey;
}
然后要检查,请将生成的 jwt
粘贴到 https://jwt.io/(或任何其他工具)以查看/检查内容。
将 public.key 内容放在那里以检查签名。看到一切都是绿色的。
关于java - 生成并读取 Base64 私钥以从 java 签署 JWT token ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56412273/