Generate token with RS256 and Jwts.builder().signWith() produces invalid signature

Question

Using the JWT Java library and producing a token with the RS256 algorithm, I always get an invalid signature with the jwt.io debugger. Here is my example code, I tried to make it as simple as possible to start with my current project:

    // Create a legitimate RSA public and private key pair:
    KeyPair kp = RsaProvider.generateKeyPair();
    PublicKey publicKey = kp.getPublic();
    PrivateKey privateKey = kp.getPrivate();

    String jwt = Jwts.builder().setSubject("Joe").signWith(SignatureAlgorithm.RS256, privateKey).compact();

This code is inspired from the test class here.

Any idea what I could be missing?

score 2 · Accepted Answer · answered Nov 07 '16 at 11:27

2

The jwt.io debugger expects that you provide the public key associated with the private key used to sign the token encoded in the Public Key file (PKCS#8) format.

Ensure that you specify it using exactly that format, an example follows:

-----BEGIN PUBLIC KEY-----
BASE64 DATA
-----END PUBLIC KEY-----

answered Nov 07 '16 at 11:27

João Angelo

56,552
12
145
147

True indeed, providing the public key alongside it gives a valid signature. – Tíbó Nov 07 '16 at 13:34

Generate token with RS256 and Jwts.builder().signWith() produces invalid signature

1 Answers1

Linked

Related