Unable to compute HS512 signature with JCA algorithm 'HmacSHA512' using key {class: javax.crypto.spec.SecretKeySpec, algorithm: HmacSHA512, format: RAW}: Mac callback execution failed: No installed provider supports this key: javax.crypto.spec.SecretKeySpec #931
-
|
spring version:3.2.2 It worked 3days ago. but It deosn't work now... private final SecretKey key;
public JwtService(@Value("${jwt.secret-key}") String secret,
@Value("${jwt.access-header}") String accessHeader,
@Value("${jwt.refresh-header}") String refreshHeader,
UserRepository userRepository) {
this.accessHeader = accessHeader;
this.refreshHeader = refreshHeader;
this.key = Keys.hmacShaKeyFor(secret.getBytes(StandardCharsets.UTF_8));
this.userRepository = userRepository;
} |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 3 replies
-
|
It's difficult to what the problem is here because the example above is not reproducible (the problematic values are defined in your spring config). That said my guess is your secret is not defined correctly, see the related section of the README: More specifically, number 3 in this post: Five Anti-Patterns with Secrets in Java Note This post was based on a presentation JWTs for CSRF & Microservices from @dogeared, which is also embedded in the post. If those resources don't help, create an example that uses hard-coded values (don't use real keys), and we can point you in the right direction. |
Beta Was this translation helpful? Give feedback.
-
|
With Linux Command I stored it in spring application.yml. It created token well, but it didn't parse token and catch io.jsonwebtoken.security.SecurityException, show me "error: Unable to compute HS512 signature with JCA algorithm 'HmacSHA512' using key {class: javax.crypto.spec.SecretKeySpec, algorithm: HmacSHA512, format: RAW}: Mac callback execution failed: No installed provider supports this key: javax.crypto.spec.SecretKeySpec" log. Although I'm using the same code in other projects, but failed in this project and succeed in other projects private final SecretKey key;
private final UserRepository userRepository;
public JwtService(@Value("${jwt.secret-key}") String secret,
@Value("${jwt.access-header}") String accessHeader,
@Value("${jwt.refresh-header}") String refreshHeader,
UserRepository userRepository) {
this.accessHeader = accessHeader;
this.refreshHeader = refreshHeader;
byte[] keyBytes = Base64.getDecoder().decode(secret.getBytes(UTF_8));
this.key = new SecretKeySpec(keyBytes, "HmacSHA512");
this.userRepository = userRepository;
}
public String generateAccessToken(String socialId) {
long now = (new Date()).getTime();
Date accessTokenExpiresIn = new Date(now + ACCESS_TOKEN_EXPIRE_TIME);
return Jwts.builder()
.setSubject(ACCESS_TOKEN_SUBJECT)
.claim(SOCIAL_ID, socialId)
.setExpiration(accessTokenExpiresIn)
.signWith(key)
.compact();
}
public TokenStatus isTokenValid(String token) {
try {
Jwts.parser()
.verifyWith(key)
.build()
.parseSignedClaims(token);
return TokenStatus.SUCCESS;
} catch (io.jsonwebtoken.security.SecurityException | MalformedJwtException e) {
log.info("error:{}",e.getMessage());
return TokenStatus.WRONG_SIGNATURE;
} catch (ExpiredJwtException e) {
return TokenStatus.EXPIRED;
} catch (UnsupportedJwtException e) {
return TokenStatus.UNSUPPORTED;
} catch (IllegalArgumentException e) {
return TokenStatus.ILLEGAL_TOKEN;
}
} |
Beta Was this translation helpful? Give feedback.
-
|
It looks like you changed the code from your original post: - this.key = Keys.hmacShaKeyFor(secret.getBytes(StandardCharsets.UTF_8));
+ byte[] keyBytes = Base64.getDecoder().decode(secret.getBytes(UTF_8));
+ this.key = new SecretKeySpec(keyBytes, "HmacSHA512");Did you try something like this: SecretKey key = Keys.hmacShaKeyFor(Decoders.BASE64.decode(secret));Can you include your full stacktrace? |
Beta Was this translation helpful? Give feedback.
-
|
For what it's worth, this line in the sample code is incorrect:
Base64 does not use the UTF-8 charset, it uses ISO-8859-1. Changing your code to the following is more correct/accurate: byte[] keyBytes = Base64.getDecoder().decode(secret);Also, if you want the extra length/strength assertions to guarantee that the Base64 key's decoded bytes are valid for a JWA HMAC algorithm, I would change this line: this.key = new SecretKeySpec(keyBytes, "HmacSHA512");to this: this.key = Keys.hmacShaKeyFor(keyBytes);In summary, the total changes to the class constructor would be: byte[] keyBytes = Base64.getDecoder().decode(secret);
this.key = Keys.hmacShaKeyFor(keyBytes); |
Beta Was this translation helpful? Give feedback.
-
|
@ehddbs4521 any update on this based on our feedback? |
Beta Was this translation helpful? Give feedback.
-
|
Closing due to inactivity, feel free to request to re-open if you're still having issues! |
Beta Was this translation helpful? Give feedback.
For what it's worth, this line in the sample code is incorrect:
Base64 does not use the UTF-8 charset, it uses ISO-8859-1. Changing your code to the following is more correct/accurate:
Also, if you want the extra length/strength assertions to guarantee that the Base64 key's decoded bytes are valid for a JWA HMAC algorithm, I would change this line:
to this:
In summary, the total changes to the class constructor would be: