大家好! 我正在尝试使用 auth0 ECDSA256 算法使用 ES256 对 JWT 信息和 JWT 数据进行签名。
ECPublicKey publicKeyRs = getPublicKey();
ECPrivateKey privateKeyRs = getPrivateKey();
Algorithm algorithmRs = Algorithm.ECDSA256(publicKeyRs, privateKeyRs);
signedToken = JWT.create()
.withExpiresAt(new Date())
.withSubject(jwtData.getSub()).
withAudience(jwtData.getAud()).sign(algorithmRs);
但是当我运行签名函数来创建 JWT 时,我遇到此错误:
Exception in thread "main" com.auth0.jwt.exceptions.SignatureGenerationException: The Token's Signature couldn't be generated when signing using the Algorithm: SHA256withECDSA
at com.auth0.jwt.algorithms.ECDSAAlgorithm.sign(ECDSAAlgorithm.java:65)
at com.auth0.jwt.JWTCreator.sign(JWTCreator.java:441)
at com.auth0.jwt.JWTCreator.access$100(JWTCreator.java:26)
at com.auth0.jwt.JWTCreator$Builder.sign(JWTCreator.java:419)
其原因是:
Caused by: java.security.SignatureException: Invalid DER signature format.
at com.auth0.jwt.algorithms.ECDSAAlgorithm.DERToJOSE(ECDSAAlgorithm.java:118)
at com.auth0.jwt.algorithms.ECDSAAlgorithm.sign(ECDSAAlgorithm.java:63)
... 6 more
您能帮忙解决这些错误并告诉我哪里出了问题吗?
最佳答案
这里是一个简单的示例,说明如何使用 ES256 获取签名的 JWT token 以及如何验证它:
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.Keys;
import java.security.KeyPair;
import java.time.LocalDate;
public class Jwt {
public static void main(String[] args) {
KeyPair keyPair = Keys.keyPairFor(SignatureAlgorithm.ES256);
//generate signed JWT token
String signedToken = Jwts.builder()
.setExpiration(java.sql.Date.valueOf(LocalDate.now().plusWeeks(2)))
.setSubject("your subject")
.setAudience("your audience")
.signWith(keyPair.getPrivate())
.compact();
//verify signed JWT token (no exceptions means check is OK)
Jws<Claims> claimsJws = Jwts.parser()
.setSigningKey(keyPair.getPublic())
.parseClaimsJws(signedToken);
}
}
关于java - Auth0:使用算法签名时无法生成 token 的签名:SHA256withECDSA,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61979665/