This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Error while using Generate JWT policy in Apigee by using RS256 algorithm

Posted on 10-12-2018 09:18 AM
ApigeeUser777
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hello ,

@Dino-at-Google

I am trying to generate a JWT token using Apigee Generate JWT policy with RSA256 algorithm and getting the following error

jwt.Generate-JWT-1.error cannot instantiate private key

I am able to generate and verify a JWT using HS256. I saw in the community that people faced the same issue and no one has generated a JWT with RS256. Is this issue solved or I am I missing something?

FYI we are on private cloud version 4.18.1, is the fix applied to this version?

Please let me know, if I am missing something.

Thanks in advance for your time.

Solved Solved
0 5 2,526
Topic Labels
Jump to Solution
0 Likes
2 ACCEPTED SOLUTIONS

Posted on --/--/---- --:-- AM
ApigeeUser777
Bronze 3
Bronze 3
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

@Dino Sorry for late response, we found why it is failing.

we were generating the private key using following command,

"openssl genrsa -out private-encrypted-rsa-des.pem 2048" -This doesn't show the algorithm in private key.

pic.1

7812-doesnt-show-alg.png

But when we use the following command,

"openssl genrsa -des3 -out private-encrypted-rsa-des3.pem 2048" -This show's the algorithm in private key.

pic.2

7813-shows-private-key-alg.png

By using the private key(in pic.2) we were able to successfully generate & validate the JWT token.

View solution in original post

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to ApigeeUser777
Reply posted on --/--/---- --:-- AM

Yes, thanks for the reply. I'm glad it's working for you.

We're working on making this more tolerant of the various PEM formats. Improvements are coming so that you will be able to use the old RSA format, encrypted keys, unencrypted keys, and new formats for both. Much more flexible.

View solution in original post

Jump to Solution
5 REPLIES 5