Closed rakesh850gs closed 2 years ago
Can you share the error message of the exception?
Also how you are making the RSA key and signing the token?
Like below
auto token = jwt::create()
.set_issuer("1234567890")
.set_type("JWS")
.set_subject("67890063dfgh")
.set_expires_at(expireTime)
.set_issued_at(std::chrono::system_clock::now())
.set_audience("url")
.set_payload_claim("sample", jwt::claim(std::string("test")))
.sign(jwt::algorithm::rs256("","secret","",""));
You need to pass a valid RSA private key for the signing algorithm,
Check out this example https://github.com/Thalhammer/jwt-cpp/blob/5d25462e030fa20a7d7e35f5ba70c6ebb61cb1b6/example/rsa-create.cpp#L5
It worked , thanks , since and invalid key worked for HS256 , I thought it would work here too , thanks .
It worked , thanks , since and invalid key worked for HS256 , I thought it would work here too , thanks .
There are no invalid keys for HS256 because HS256 works diferent. For RSA you have a public and private key, the public key can only verify a given token is valid, but can not create token on there own. HS is a synchronous scheme, which means the same key is required to verify and create tokens. It is thus only suitable if you control both the creating and verifying side. HS takes the value provided as key and hashes it together with the token to create the final signature. This means everything is a valid key, regardless of length or content. That said (random) keys larger than 24 bytes rarely make sense and you should use not use to short keys (e.g. 4) cause those will be easy to bruteforce. I usually stick to 24 byte random strings.
What happened?
While trying the example in GitHub
The below mentioned error is appearing when trying to sign with RS256 , however same code works with HS 256
How To Reproduce?
execute example code in vs2017 with rs256
Version
0.6.0
What OS are you seeing the problem on?
Windows
What compiler are you seeing the problem on?
MSVC
Relevant log output
Code of Conduct