我已经开始与JJWT合作,在我的服务器应用程序上处理JWT。
我的JWT密钥将存储在文件夹中,我将使用类加载密钥。resourcesProperties
JJWT提供了三种方法来签署JWT,一种用途,其他用途和其他用途:byte[]StringKey
JwtBuilder signWith(SignatureAlgorithm var1, byte[] var2);
JwtBuilder signWith(SignatureAlgorithm var1, String var2);
JwtBuilder signWith(SignatureAlgorithm var1, Key var2);
问题:关于安全性,字符集和其他事项,有什么建议我应该使用哪一个?
有一段时间,我站在 ,因为返回一个 .StringPropertiesString
使用 JJWT >= 0.10.0,由于原始字符串和 Base64 编码字符串之间的混淆,已被弃用:signWith(SignatureAlgorithm var1, String var2)
/**
* Signs the constructed JWT using the specified algorithm with the specified key, producing a JWS.
*
* <p>This is a convenience method: the string argument is first BASE64-decoded to a byte array and this resulting
* byte array is used to invoke {@link #signWith(SignatureAlgorithm, byte[])}.</p>
*
* <h4>Deprecation Notice: Deprecated as of 0.10.0, will be removed in the 1.0 release.</h4>
*
* <p>This method has been deprecated because the {@code key} argument for this method can be confusing: keys for
* cryptographic operations are always binary (byte arrays), and many people were confused as to how bytes were
* obtained from the String argument.</p>
*
* <p>This method always expected a String argument that was effectively the same as the result of the following
* (pseudocode):</p>
*
* <p>{@code String base64EncodedSecretKey = base64Encode(secretKeyBytes);}</p>
*
* <p>However, a non-trivial number of JJWT users were confused by the method signature and attempted to
* use raw password strings as the key argument - for example {@code signWith(HS256, myPassword)} - which is
* almost always incorrect for cryptographic hashes and can produce erroneous or insecure results.</p>
*
* <p>See this
* <a href="https://stackoverflow.com/questions/40252903/static-secret-as-byte-key-or-string/40274325#40274325">
* StackOverflow answer</a> explaining why raw (non-base64-encoded) strings are almost always incorrect for
* signature operations.</p>
*
* <p>To perform the correct logic with base64EncodedSecretKey strings with JJWT >= 0.10.0, you may do this:
* <pre><code>
* byte[] keyBytes = {@link Decoders Decoders}.{@link Decoders#BASE64 BASE64}.{@link Decoder#decode(Object) decode(base64EncodedSecretKey)};
* Key key = {@link Keys Keys}.{@link Keys#hmacShaKeyFor(byte[]) hmacShaKeyFor(keyBytes)};
* jwtBuilder.signWith(key); //or {@link #signWith(Key, SignatureAlgorithm)}
* </code></pre>
* </p>
*
* <p>This method will be removed in the 1.0 release.</p>
*
* @param alg the JWS algorithm to use to digitally sign the JWT, thereby producing a JWS.
* @param base64EncodedSecretKey the BASE64-encoded algorithm-specific signing key to use to digitally sign the
* JWT.
* @return the builder for method chaining.
* @throws InvalidKeyException if the Key is insufficient or explicitly disallowed by the JWT specification as
* described by {@link SignatureAlgorithm#forSigningKey(Key)}.
* @deprecated as of 0.10.0: use {@link #signWith(Key)} or {@link #signWith(Key, SignatureAlgorithm)} instead. This
* method will be removed in the 1.0 release.
*/
JwtBuilder signWith(SignatureAlgorithm alg, String base64EncodedSecretKey);
此方法应将字符串参数设置为 Base64 编码的密钥字节数组。它不假定常规字符串(例如用户密码)作为签名密钥。JJWT 假定使用 Base64 编码,因为如果您指定的字符串密码不是 Base64 编码的,则可能使用的是格式不正确或较弱的密钥。
JWT JWA 规范要求 HMAC 签名密钥的长度等于或大于签名字节数组长度。
这意味着:
| If you're signing with: | your key (byte array) length MUST be: |
| ----------------------- | ------------------------------------- |
| HMAC SHA 256 | >= 256 bits (32 bytes) |
| HMAC SHA 384 | >= 384 bits (48 bytes) |
| HMAC SHA 512 | >= 512 bits (64 bytes) |
许多在线JWT网站和工具只是犯了这个明显的错误 - 它们允许你认为你可以输入或使用任何旧字符串,你很好。有些人甚至用这个词预先填充了密钥(显然是一个坏主意,甚至不符合规范,因为它太短了!secret
为了帮助您简化操作,JJWT 提供了一个实用程序,可帮助您通过类的方法生成足够的安全随机密钥,这些密钥适合于符合规范的签名。例如:io.jsonwebtoken.security.KeyssecretKeyFor
//creates a spec-compliant secure-random key:
SecretKey key = Keys.secretKeyFor(SignatureAlgorithm.HS256); //or HS384 or HS512
如果要将生成的密钥存储为字符串,则可以使用 Base64 对其进行编码:
String base64Key = Encoders.BASE64.encode(key.getEncoded());
但请注意:生成的字符串不被视为可以安全地向任何人显示。Base64 编码不是加密 - 该值仍需要保密。如何执行此操作取决于您(加密等)。base64Key
现在,当需要创建 JWS 时,您可以传入该值,JJWT 知道首先对其进行 base64 解码以获取实际字节,然后用于计算签名:base64Key
Jwts.builder()
//...
.signWith(SignatureAlgorithm.HS512, base64Key)
.compact();
虽然您可以执行此操作,但由于原始字符串和 base64 编码字符串之间的歧义,不建议在 JavaDoc 中使用上述弃用通知。
因此,建议使用 JWT 生成器或方法来保证类型安全的参数。例如:signWith(Key)signWith(Key, SignatureAlgorithm)Key
Jwts.builder()
//...
.signWith(key) // or signWith(key, preferredSignatureAlgorithm)
.compact();
signWith(Key)建议让 JJWT 根据您提供的密钥的强度找出最强的算法。 允许您指定所需的算法,如果您不想要最强的算法。signWith(Key,SignatureAlgorithm)
这两种方法都将拒绝任何不符合最低 RFC 要求的方法。Key
