Open venantius opened 8 years ago
Perhaps somewhat explicitly, trying to use a key generated either by:
openssl ecparam -name secp521r1 -genkey -noout
or:
ssh-keygen -t ecdsa -b 521
Gets me the following exception:
user=> (clj-jwt.key/private-key "common/resources/security/ec512-key")
java.security.NoSuchAlgorithmException: ECDSA KeyFactory not available
org.bouncycastle.openssl.PEMException: unable to convert key pair: ECDSA KeyFactory not available
user=> (pst)
clojure.core/eval core.clj: 3105
...
user/eval8551 REPL Input
...
clj-jwt.key/private-key key.clj: 84
clj-jwt.key/private-key key.clj: 87
clj-jwt.key/pem->private-key key.clj: 82
clj-jwt.key/eval8129/fn/G key.clj: 12
clj-jwt.key/eval8189/fn key.clj: 44
org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter.getKeyPair
org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter.getKeyFactory
org.bouncycastle.jcajce.util.DefaultJcaJceHelper.createKeyFactory
java.security.KeyFactory.getInstance KeyFactory.java: 172
java.security.KeyFactory.<init> KeyFactory.java: 138
java.security.NoSuchAlgorithmException: ECDSA KeyFactory not available
org.bouncycastle.openssl.PEMException: unable to convert key pair: ECDSA KeyFactory not available
nil```
So, the problem here turns out not to have been an issue with my generation of ECDSA keys, but rather the fact that the BouncyCastle Provider hadn't been configured (refer to JIRA issue on BouncyCastle here: http://www.bouncycastle.org/jira/browse/BJA-625)
To get this working, you just need to add the BouncyCastle Provider to the java.security.Security class as follows:
(. java.security.Security addProvider (org.bouncycastle.jce.provider.BouncyCastleProvider.))
Ah, I just saw e13b665c1b19b8c83cc2effe64183128a323f46f. So really all you need to do is to update the README to make clear that the process for ingesting a ECDSA key is different than how it used to be.
Hi! How do you recommend we generate ES512 keys for usage with clj-jwt? Thanks.