io.jsonwebtoken.security.InvalidKeyException: The specified key is of type sun.security.pkcs11.P11Key$P11PrivateKey on RHEL 8

Question

I am attempting to sign a JWT token and am receiving the following error

io.jsonwebtoken.security.InvalidKeyException: JWT standard signing algorithms require either 1) a SecretKey for HMAC-SHA algorithms or 2) a private RSAKey for RSA algorithms or 3) a private ECKey for Elliptic Curve algorithms.  The specified key is of type sun.security.pkcs11.P11Key$P11PrivateKey

The code where this error occurs

    public static String createJwtToken(Key privKey, String iss, String[] roles) {
        long nowMs = System.currentTimeMillis();
        long ttl = 60*60*1000; // 1 hour
        Date now = new Date(nowMs);
        Date exp = new Date(nowMs+ttl);
        return "Bearer " + Jwts.builder()
                .setHeaderParam("typ", "JWT")
                .claim("roles", roles)
                .setIssuer(iss).setAudience("DRF")
                .setIssuedAt(now)
                .setExpiration(exp)
                .signWith(privKey)
                .compact();
    }

My private key is an ECDSA key. The bytes are read from a file and then used to create a PrivateKey object with this code

     KeyFactory kf = KeyFactory.getInstance("EC");
     EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
     PrivateKey privateKey = kf.generatePrivate(keySpec);

There was no issue on RHEL 7 using Java 8. I have upgraded to RHEL 8 (with no other changes) and now see the problem. I've tried using Java 11 as well with no change. I'm using openjdk.

Answer 1

Still not sure what is causing this, but it seems isolated to the builds of Java in the RHEL 8 repositories. Using other openjdk builds works as expected.