如何解决 RSA 签名时的 BadPadding 异常?
我正在尝试创建一个签名的 JWT ,但是当我尝试签署 JWT 时,我收到以下异常,
Caused by: javax.crypto.BadPaddingException: RSA private key operation failed
at sun.security.rsa.RSACore.crtCrypt(RSACore.java:201)
at sun.security.rsa.RSACore.rsa(RSACore.java:122)
at sun.security.rsa.RSASignature.engineSign(RSASignature.java:192)
... 74 more
我有两个 JWK,它们使用 RS256 alg 来签署 JWT。两者的位大小都是 2048,但我可以使用其中一个成功签署 JWT,但不能使用另一个。(无法共享 JWK)
我已经比较了 JWK,并且 JWK JSON 中所有必需的密钥都是相同的但只有它们的模数和指数不同。
我无法理解是什么导致了这个问题。
您可以使用以下代码复制该问题:
KeyPairGenerator gen= KeyPairGenerator.getInstance("RSA");
gen.initialize(2048);
JWK sigJWK = new RSAKey.Builder((RSAPublicKey)gen.generateKeyPair().getPublic())
.privateKey((RSAPrivateKey)gen.generateKeyPair().getPrivate())
.keyUse(KeyUse.SIGNATURE)
.keyID("s1")
.algorithm(JWSAlgorithm.RS256)
.build();
Map<String, Object> jwkParamMap = JsonUtil.parseJson(sigJWK.toString());
PrivateKey sigKey= new RsaJsonWebKey(jwkParamMap).getRsaPrivateKey();
String tokenEndpoint = request.getAttribute("scheme") + "://" + request.getAttribute("ip") +
request.getAttribute("tokenurl");
Random randomInt=new Random();
JWTClaimsSet claims = new JWTClaimsSet.Builder()
.issuer(clientID)
.subject(clientID)
.audience(tokenEndpoint)
.jwtID("ItsmejwtID"+randomInt.nextInt())
.expirationTime(new Date(new Date().getTime()+ 120* 1000))
.build();
JWSSigner signer = new RSASSASigner(sigKey);
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claims);
signedJWT.sign(signer);
return signedJWT.serialize();
I am trying to create a signed JWT , but when I try to sign he JWT I am getting the following exception,
Caused by: javax.crypto.BadPaddingException: RSA private key operation failed
at sun.security.rsa.RSACore.crtCrypt(RSACore.java:201)
at sun.security.rsa.RSACore.rsa(RSACore.java:122)
at sun.security.rsa.RSASignature.engineSign(RSASignature.java:192)
... 74 more
I have a two JWK which use RS256 alg to sign the JWT. Both are of bit size 2048, but I am able to sign the JWT successfully using one among them, but not with the other.(Cant share the JWK)
I have compared both the JWK and all the required key in the JWK JSON are same but only their modulus and exponent differ.
I am unable to understand what is causing the issue.
You can replicate the issue using the fiollowing code:
KeyPairGenerator gen= KeyPairGenerator.getInstance("RSA");
gen.initialize(2048);
JWK sigJWK = new RSAKey.Builder((RSAPublicKey)gen.generateKeyPair().getPublic())
.privateKey((RSAPrivateKey)gen.generateKeyPair().getPrivate())
.keyUse(KeyUse.SIGNATURE)
.keyID("s1")
.algorithm(JWSAlgorithm.RS256)
.build();
Map<String, Object> jwkParamMap = JsonUtil.parseJson(sigJWK.toString());
PrivateKey sigKey= new RsaJsonWebKey(jwkParamMap).getRsaPrivateKey();
String tokenEndpoint = request.getAttribute("scheme") + "://" + request.getAttribute("ip") +
request.getAttribute("tokenurl");
Random randomInt=new Random();
JWTClaimsSet claims = new JWTClaimsSet.Builder()
.issuer(clientID)
.subject(clientID)
.audience(tokenEndpoint)
.jwtID("ItsmejwtID"+randomInt.nextInt())
.expirationTime(new Date(new Date().getTime()+ 120* 1000))
.build();
JWSSigner signer = new RSASSASigner(sigKey);
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claims);
signedJWT.sign(signer);
return signedJWT.serialize();
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论