Currently there is an issue with the method macKeyAlgorithm(SecretKey macKey).
If the HMAC algorithm is used and if the size of the mac key is greater than the size of hash output it throws the IllegalArgumentException "Bad key size:".
But in ACME protocol, arbitrary key lengths are allowed and they just need to be longer than the minimum. A key of the same size as the hash output (for instance, 256 bits for "HS256") or larger MUST be used with this algorithm.
shred
commented
1 year ago
Currently there is an issue with the method macKeyAlgorithm(SecretKey macKey).
If the HMAC algorithm is used and if the size of the mac key is greater than the size of hash output it throws the IllegalArgumentException "Bad key size:".
But in ACME protocol, arbitrary key lengths are allowed and they just need to be longer than the minimum. A key of the same size as the hash output (for instance, 256 bits for "HS256") or larger MUST be used with this algorithm.