HS encryption algorithm problem

Question

HS encryption algorithm problem

xxxit opened this issue 2 years ago · 1 comments

pom

 <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>0.9.1</version> </dependency>

question

Use the HS series to add an encryption algorithm to generate token. When decrypted, the SIGNINGKEY value is not the same as the encryption, which can be successfully decrypted. The same problem will have the same problem when trying the HS256/HS384/HS512, but the problem of trying the RS series algorithm will not have this problem. I don’t know if it is bug.

my code

Answer 1 · 2022-08-02T19:54:23.000Z

Hi there.

You're not using the API correctly. See https://stackoverflow.com/questions/40252903/static-secret-as-byte-key-or-string for more information.

Also please upgrade to the latest stable version which is currently 0.11.5. Correct dependency references for 0.11.5 are shown here: https://github.com/jwtk/jjwt#install

If you need to use Base64 strings as encoded keys, please ensure you understand how Base64 works before creating test cases with it:

https://github.com/jwtk/jjwt#base64-security

especially:

https://github.com/jwtk/jjwt#base64-changing-characters

All of this is covered in the documentation.

Finally, we use GitHub issues only for actionable work needed to change the JJWT codebase. If you need to ask questions, please see https://github.com/jwtk/jjwt#help-questions.

Thanks!