Hi,
We are able to successfully generate signed JWT with
com.apigee.callout.jwtsigned.JwtCreatorCallout using an unencrypted private key
based on example in
https://github.com/apigee/iloveapis2015-jwt-jwe-jws/tree/master/jwt_signed/apiproxy
<Property name="private-key"> -----BEGIN PRIVATE KEY----- EXAMPLEPKEY .... 7ZOF1UXVaoldDs+izZo5biVF/NNIBtg2FkZd4hh/cFlF1PV+M5+5mA== -----END RSA PRIVATE KEY----- </Property> <!-- <Property name="private-key-password">deecee123</Property> -->
but we are not able to generate the JWT using and encrypted private key
<Property name="private-key"> -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,049E6103F40FBE84 EXAMPLEPKEY .... eGVZiG0/oaGbOUI9bgPKXmDsZQ3LHM9JONTOxaBapc06Gxcj0btkkzwB/dZQVRvb .... 7ZOF1UXVaoldDs+izZo5biVF/NNIBtg2FkZd4hh/cFlF1PV+M5+5mA== -----END RSA PRIVATE KEY----- </Property> <Property name="private-key-password">deecee123</Property>
We always receive an error
java.io.IOException: DER length more than 4 bytes
we have even tried to generate a simple private key using
openssl genrsa -des3 -out private.pem 2048 and copy the PEM as text into the
<Property name="private-key"> The content of the private.pem including --- BEGIN and END --- Same as example above </Property>
but that still generates the javaIO exception as above.
Has anyone been able to generate the Signed JWT using an encrypted Private Key?
or do you know any details about the openssl comman to run on the private Key to add the encryption and get the java jar file to be able to successfully parse the encrypted key?
@Dino
Solved! Go to Solution.
Hi Yasser
I'm surprised to learn you're experiencing this problem. I looked at the tests for this jar, and found that they were not testing the use of private keys that were encrypted with 3des. Hmm, so that's concerning! I introduced new tests for that scenario, which did not initially pass. Those tests showed similar deserialization errors. I've since updated the source and now those tests pass. I think that should correct your problem.
Can you please try to "git pull" again? Get v1.0.14 .
Then re-run your scenario.
Create keys like this:
openssl genrsa -des3 -out private-encrypted.pem 2048
Hi Yasser
I'm surprised to learn you're experiencing this problem. I looked at the tests for this jar, and found that they were not testing the use of private keys that were encrypted with 3des. Hmm, so that's concerning! I introduced new tests for that scenario, which did not initially pass. Those tests showed similar deserialization errors. I've since updated the source and now those tests pass. I think that should correct your problem.
Can you please try to "git pull" again? Get v1.0.14 .
Then re-run your scenario.
Create keys like this:
openssl genrsa -des3 -out private-encrypted.pem 2048
yes, v1.0.14 is working with encrypted private keys