RS256 消息对于 RSA 公钥大小太长 - 错误签名 JWT
我正在使用https://github.com/dgrijalva/jwt-go使用 256 位 PEM 私钥构建 JWT。我SigningMethodRS256用来签署 JWT:
signBytes, _ := ioutil.ReadFile(privKeyPath)
signKey, err := jwt.ParseRSAPrivateKeyFromPEM(signBytes)
token := jwt.NewWithClaims(jwt.SigningMethodRS256, middleware.CognitoAccessTokenClaim{
CustomArray: []string{"testString"},
StandardClaims: jwt.StandardClaims{
ExpiresAt: 1500,
},
})
jwtString, err := token.SignedString(signKey)
在最后一行,签署 jwt: 时出现错误crypto/rsa: message too long for RSA public key size。有谁知道这是什么原因?pem 文件的大小似乎是正确的。
鸿蒙传说浏览 593回答 2
2回答
-
呼啦一阵风
您需要将消息拆分为块func EncryptOAEP(hash hash.Hash, random io.Reader, public *rsa.PublicKey, msg []byte, label []byte) ([]byte, error) { msgLen := len(msg) step := public.Size() - 2*hash.Size() - 2 var encryptedBytes []byte for start := 0; start < msgLen; start += step { finish := start + step if finish > msgLen { finish = msgLen } encryptedBlockBytes, err := rsa.EncryptOAEP(hash, random, public, msg[start:finish], label) if err != nil { return nil, err } encryptedBytes = append(encryptedBytes, encryptedBlockBytes...) } return encryptedBytes, nil}func DecryptOAEP(hash hash.Hash, random io.Reader, private *rsa.PrivateKey, msg []byte, label []byte) ([]byte, error) { msgLen := len(msg) step := private.PublicKey.Size() var decryptedBytes []byte for start := 0; start < msgLen; start += step { finish := start + step if finish > msgLen { finish = msgLen } decryptedBlockBytes, err := rsa.DecryptOAEP(hash, random, private, msg[start:finish], label) if err != nil { return nil, err } decryptedBytes = append(decryptedBytes, decryptedBlockBytes...) } return decryptedBytes, nil} -
波斯汪
也许您生成私钥的方式不正确。我通过参考here解决了同样的问题生成密钥的步骤ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key# Don't add passphraseopenssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pubcat jwtRS256.keycat jwtRS256.key.pub使用 jwt-go 使用它的步骤package mainimport ( "fmt" "github.com/dgrijalva/jwt-go" "io/ioutil" "time")func panicOnError(err error) { if err != nil { panic(err) }}func main() { signBytes, err := ioutil.ReadFile("./jwtRS256.key") panicOnError(err) signKey, err := jwt.ParseRSAPrivateKeyFromPEM(signBytes) panicOnError(err) verifyBytes, err := ioutil.ReadFile("./jwtRS256.key.pub") panicOnError(err) verifyKey, err := jwt.ParseRSAPublicKeyFromPEM(verifyBytes) panicOnError(err) claims := jwt.MapClaims{ "exp": time.Now().Add(time.Minute).Unix(), } fmt.Println(claims) t := jwt.NewWithClaims(jwt.SigningMethodRS256, claims) tokenString, err := t.SignedString(signKey) panicOnError(err) fmt.Println(tokenString) token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { return verifyKey, nil }) panicOnError(err) fmt.Println(token.Claims)}
随时随地看视频慕课网APP
相关分类
Go