HS encryption algorithm problem
xxxit opened this issue · 1 comments
pom
<!-- jwt --> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>0.9.1</version> </dependency>
question
Use the HS series to add an encryption algorithm to generate token. When decrypted, the SIGNINGKEY value is not the same as the encryption, which can be successfully decrypted. The same problem will have the same problem when trying the HS256/HS384/HS512, but the problem of trying the RS series algorithm will not have this problem. I don’t know if it is bug.
my code
Hi there.
You're not using the API correctly. See https://stackoverflow.com/questions/40252903/static-secret-as-byte-key-or-string for more information.
Also please upgrade to the latest stable version which is currently 0.11.5
. Correct dependency references for 0.11.5
are shown here: https://github.com/jwtk/jjwt#install
If you need to use Base64 strings as encoded keys, please ensure you understand how Base64 works before creating test cases with it:
https://github.com/jwtk/jjwt#base64-security
especially:
https://github.com/jwtk/jjwt#base64-changing-characters
All of this is covered in the documentation.
Finally, we use GitHub issues only for actionable work needed to change the JJWT codebase. If you need to ask questions, please see https://github.com/jwtk/jjwt#help-questions.
Thanks!