小贝子编程

RS256 消息对于 RSA 公钥大小来说太长 - 签名 JWT 时出错



我正在使用 https://github.com/dgrijalva/jwt-go 使用256位私有PEM密钥构建JWT。我正在使用SigningMethodRS256来签署 JWT:

signBytes, _ := ioutil.ReadFile(privKeyPath)
signKey, err := jwt.ParseRSAPrivateKeyFromPEM(signBytes)
token := jwt.NewWithClaims(jwt.SigningMethodRS256, middleware.CognitoAccessTokenClaim{
CustomArray:  []string{"testString"},
StandardClaims: jwt.StandardClaims{
ExpiresAt: 1500,
},
})
jwtString, err := token.SignedString(signKey)

在最后一行,我在签署 jwt 时收到错误:crypto/rsa: message too long for RSA public key size.有谁知道是什么原因造成的?pem 文件的大小似乎正确。

您需要将消息拆分为块

func EncryptOAEP(hash hash.Hash, random io.Reader, public *rsa.PublicKey, msg []byte, label []byte) ([]byte, error) {
msgLen := len(msg)
step := public.Size() - 2*hash.Size() - 2
var encryptedBytes []byte
for start := 0; start < msgLen; start += step {
finish := start + step
if finish > msgLen {
finish = msgLen
}
encryptedBlockBytes, err := rsa.EncryptOAEP(hash, random, public, msg[start:finish], label)
if err != nil {
return nil, err
}
encryptedBytes = append(encryptedBytes, encryptedBlockBytes...)
}
return encryptedBytes, nil
}
func DecryptOAEP(hash hash.Hash, random io.Reader, private *rsa.PrivateKey, msg []byte, label []byte) ([]byte, error) {
msgLen := len(msg)
step := private.PublicKey.Size()
var decryptedBytes []byte
for start := 0; start < msgLen; start += step {
finish := start + step
if finish > msgLen {
finish = msgLen
}
decryptedBlockBytes, err := rsa.DecryptOAEP(hash, random, private, msg[start:finish], label)
if err != nil {
return nil, err
}
decryptedBytes = append(decryptedBytes, decryptedBlockBytes...)
}
return decryptedBytes, nil
}

也许您生成私钥的方式不正确。我通过从这里参考解决了同样的问题

生成密钥的步骤

ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
# Don't add passphrase
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
cat jwtRS256.key
cat jwtRS256.key.pub

使用 jwt-go 使用它的步骤

package main
import (
"fmt"
"github.com/dgrijalva/jwt-go"
"io/ioutil"
"time"
)
func panicOnError(err error) {
if err != nil {
panic(err)
}
}
func main() {
signBytes, err := ioutil.ReadFile("./jwtRS256.key")
panicOnError(err)
signKey, err := jwt.ParseRSAPrivateKeyFromPEM(signBytes)
panicOnError(err)
verifyBytes, err := ioutil.ReadFile("./jwtRS256.key.pub")
panicOnError(err)
verifyKey, err := jwt.ParseRSAPublicKeyFromPEM(verifyBytes)
panicOnError(err)
claims := jwt.MapClaims{
"exp": time.Now().Add(time.Minute).Unix(),
}
fmt.Println(claims)
t := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
tokenString, err := t.SignedString(signKey)
panicOnError(err)
fmt.Println(tokenString)
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
return verifyKey, nil
})
panicOnError(err)
fmt.Println(token.Claims)
}

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium