我已经开始使用JJWT来处理我的服务器应用程序上的JWT。
我的JWT密码将存储在resources文件夹中,我将使用Properties类加载密码。
JJWT提供了三种签署JWT的方法,一种使用byte[],另一种使用String,另一种使用Key:
JwtBuilder signWith(SignatureAlgorithm var1, byte[] var2);
JwtBuilder signWith(SignatureAlgorithm var1, String var2);
JwtBuilder signWith(SignatureAlgorithm var1, Key var2);
问题:关于安全性,字符集和其他问题,我应该使用哪些建议?
有一段时间,我支持String,因为Properties会返回String。
答案 0 :(得分:13)
由于原始字符串与Base64编码字符串之间存在混淆,因此JJWT> = 0.10.0,signWith(SignatureAlgorithm var1, String var2)已被弃用:
/**
* Signs the constructed JWT using the specified algorithm with the specified key, producing a JWS.
*
* <p>This is a convenience method: the string argument is first BASE64-decoded to a byte array and this resulting
* byte array is used to invoke {@link #signWith(SignatureAlgorithm, byte[])}.</p>
*
* <h4>Deprecation Notice: Deprecated as of 0.10.0, will be removed in the 1.0 release.</h4>
*
* <p>This method has been deprecated because the {@code key} argument for this method can be confusing: keys for
* cryptographic operations are always binary (byte arrays), and many people were confused as to how bytes were
* obtained from the String argument.</p>
*
* <p>This method always expected a String argument that was effectively the same as the result of the following
* (pseudocode):</p>
*
* <p>{@code String base64EncodedSecretKey = base64Encode(secretKeyBytes);}</p>
*
* <p>However, a non-trivial number of JJWT users were confused by the method signature and attempted to
* use raw password strings as the key argument - for example {@code signWith(HS256, myPassword)} - which is
* almost always incorrect for cryptographic hashes and can produce erroneous or insecure results.</p>
*
* <p>See this
* <a href="https://stackoverflow.com/questions/40252903/static-secret-as-byte-key-or-string/40274325#40274325">
* StackOverflow answer</a> explaining why raw (non-base64-encoded) strings are almost always incorrect for
* signature operations.</p>
*
* <p>To perform the correct logic with base64EncodedSecretKey strings with JJWT >= 0.10.0, you may do this:
* <pre><code>
* byte[] keyBytes = {@link Decoders Decoders}.{@link Decoders#BASE64 BASE64}.{@link Decoder#decode(Object) decode(base64EncodedSecretKey)};
* Key key = {@link Keys Keys}.{@link Keys#hmacShaKeyFor(byte[]) hmacShaKeyFor(keyBytes)};
* jwtBuilder.signWith(key); //or {@link #signWith(Key, SignatureAlgorithm)}
* </code></pre>
* </p>
*
* <p>This method will be removed in the 1.0 release.</p>
*
* @param alg the JWS algorithm to use to digitally sign the JWT, thereby producing a JWS.
* @param base64EncodedSecretKey the BASE64-encoded algorithm-specific signing key to use to digitally sign the
* JWT.
* @return the builder for method chaining.
* @throws InvalidKeyException if the Key is insufficient or explicitly disallowed by the JWT specification as
* described by {@link SignatureAlgorithm#forSigningKey(Key)}.
* @deprecated as of 0.10.0: use {@link #signWith(Key)} or {@link #signWith(Key, SignatureAlgorithm)} instead. This
* method will be removed in the 1.0 release.
*/
JwtBuilder signWith(SignatureAlgorithm alg, String base64EncodedSecretKey);
此方法要求字符串参数为Base64编码的密钥字节数组。它不假设一般字符串,例如用户密码,作为签名密钥。 JJWT采用Base64编码,因为如果您指定不 Base64编码的字符串密码,您可能使用格式不良或弱密钥。
JWT JWA规范REQUIRES,HMAC签名密钥的长度等于或大于签名字节数组长度。
这意味着:
| If you're signing with: | your key (byte array) length MUST be: |
| ----------------------- | ------------------------------------- |
| HMAC SHA 256 | >= 256 bits (32 bytes) |
| HMAC SHA 384 | >= 384 bits (48 bytes) |
| HMAC SHA 512 | >= 512 bits (64 bytes) |
许多在线JWT网站和工具只是弄错了 - 它们允许您认为您可以输入或使用任何旧字符串并且您很好。有些人甚至用密钥secret预先填充密钥(显然是一个坏主意,甚至不符合规范,因为它太短了!)。
为了帮助您简化操作,JJWT提供了一个实用程序,可帮助您通过io.jsonwebtoken.security.Keys类secretKeyFor方法生成适合符合规范的签名的足够安全随机密钥。例如:
//creates a spec-compliant secure-random key:
SecretKey key = Keys.secretKeyFor(SignatureAlgorithm.HS256); //or HS384 or HS512
如果您想将生成的密钥存储为字符串,您可能会对其进行Base64编码:
String base64Key = Encoders.BASE64.encode(key.getEncoded());
但请注意:生成的base64Key字符串不被认为是安全的,无法向任何人展示。 Base64编码不是加密 - 值仍然需要保密。你如何做到这一点取决于你(加密等)。
现在,当创建JWS时,可以传递base64Key值,JJWT知道base64首先解码它以获取实际字节,然后是用于计算签名:
Jwts.builder()
//...
.signWith(SignatureAlgorithm.HS512, base64Key)
.compact();
虽然您可以这样做,但由于原始字符串和base64编码字符串之间存在歧义,因此不建议根据JavaDoc中的上述弃用通知。
因此,建议使用JWT构建器的signWith(Key)或signWith(Key, SignatureAlgorithm)方法来保证类型安全的Key参数。例如:
Jwts.builder()
//...
.signWith(key) // or signWith(key, preferredSignatureAlgorithm)
.compact();
signWith(Key)让JJWT根据您提供的密钥的强度找出最强的算法。 signWith(Key,SignatureAlgorithm)允许您指定所需的算法,如果您不想要最强的算法。
这两种方法都会拒绝任何不符合最低RFC要求的Key。