Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

SecretKey algorithm did not equal one of the three required JCA

See original GitHub issue

Hi there,

We have struggled for over 2 hours to get this library to work (for a such a simple task (JWT) as to generate a simple JWT). Not a good start!

We end up figuring out the final problem to be this exception:

SecretKey algorithm did not equal one of the three required JCA algorithm names of HmacSHA256, HmacSHA384, or HmacSHA512.

The collection PREFERRED_HMAC_ALGS has jcaNames internally as HmacSHA256 etc. using camelcase. However when we generate a key using the library:

val key = Keys.secretKeyFor(SignatureAlgorithm.HS256)

The internal jcaName generated in the key is HMACSHA256, all uppercase. The method SignatureAlgorithm() throws an exception [here] https://github.com/jwtk/jjwt/blob/1839ebf5e8004336b018c9923bd09ee7deebdf39/api/src/main/java/io/jsonwebtoken/SignatureAlgorithm.java#L560

Are we doing something wrong? It can’t be this library has such a stupid string comparison bug and nobody else has notice it?!

We are using the version 0.9.0 from master.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:33 (22 by maintainers)

github_iconTop GitHub Comments

1reaction
lhazlewoodcommented, Aug 14, 2018

Released in 0.10.4. Please allow 30 minutes to propagate to Maven Central.

1reaction
lhazlewoodcommented, Aug 13, 2018

P.S. I’m cutting a 0.10.3 release tonight so you shouldn’t see this issue (since the assertion will be on key lengths only). Your engineer should be able to try tomorrow with the new 0.10.3 release and have it work out. If not, don’t worry - I’m happy to help and we’ll get you guys up and running asap. 😃

Read more comments on GitHub >

github_iconTop Results From Across the Web

Java Cryptography Architecture (JCA) Reference Guide
The Java Cryptography Architecture (JCA) is a major piece of the platform, and contains a "provider" architecture and a set of APIs for...
Read more >
SignatureAlgorithm (JJWT :: API 0.10.0 API) - javadoc.io
This is not a JDK standard algorithm and requires that a JCA provider like ... SecretKey instances must have an algorithm name equal...
Read more >
Guide to the Cipher Class - Baeldung
Learn how to use the Cipher class to perform cryptographic data encryption and decryption in Java.
Read more >
How to Implement a Provider - JavaSearch
Programmers that only need to use the Java Security API to access existing cryptography algorithms and other services do not need to read...
Read more >
RFC 7518: JSON Web Algorithms (JWA)
61 A.3. Content Encryption Algorithm Identifier Cross-Reference . ... (This requirement is based on Section 5.3.4 (Security Effect of the HMAC Key) of...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

JwtBuilder compact() performance

Next page

Deterministic Base64 support