com.apigee.callout.jwtsigned.JwtCreatorCallout Generate with Encrypted Private Key

yassertaeima
Participant III

Hi,

We are able to successfully generate signed JWT with

com.apigee.callout.jwtsigned.JwtCreatorCallout using an unencrypted private key

based on example in

https://github.com/apigee/iloveapis2015-jwt-jwe-jws/tree/master/jwt_signed/apiproxy

<Property name="private-key">
-----BEGIN PRIVATE KEY-----
EXAMPLEPKEY    ....
7ZOF1UXVaoldDs+izZo5biVF/NNIBtg2FkZd4hh/cFlF1PV+M5+5mA==
-----END RSA PRIVATE KEY-----
    </Property>
<!--    <Property name="private-key-password">deecee123</Property> -->

but we are not able to generate the JWT using and encrypted private key

<Property name="private-key">
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,049E6103F40FBE84

EXAMPLEPKEY    ....
eGVZiG0/oaGbOUI9bgPKXmDsZQ3LHM9JONTOxaBapc06Gxcj0btkkzwB/dZQVRvb
....
7ZOF1UXVaoldDs+izZo5biVF/NNIBtg2FkZd4hh/cFlF1PV+M5+5mA==
-----END RSA PRIVATE KEY-----
</Property>
    <Property name="private-key-password">deecee123</Property>

We always receive an error

java.io.IOException: DER length more than 4 bytes


we have even tried to generate a simple private key using

openssl genrsa -des3 -out private.pem 2048 and copy the PEM as text into the

<Property name="private-key">
The content of the private.pem including --- BEGIN and END ---
Same as example above
</Property>

but that still generates the javaIO exception as above.

Has anyone been able to generate the Signed JWT using an encrypted Private Key?

or do you know any details about the openssl comman to run on the private Key to add the encryption and get the java jar file to be able to successfully parse the encrypted key?

@Dino

Solved Solved
1 2 231
1 ACCEPTED SOLUTION

Hi Yasser

I'm surprised to learn you're experiencing this problem. I looked at the tests for this jar, and found that they were not testing the use of private keys that were encrypted with 3des. Hmm, so that's concerning! I introduced new tests for that scenario, which did not initially pass. Those tests showed similar deserialization errors. I've since updated the source and now those tests pass. I think that should correct your problem.

Can you please try to "git pull" again? Get v1.0.14 .

Then re-run your scenario.

Create keys like this:

openssl genrsa -des3 -out private-encrypted.pem 2048

View solution in original post

2 REPLIES 2

Hi Yasser

I'm surprised to learn you're experiencing this problem. I looked at the tests for this jar, and found that they were not testing the use of private keys that were encrypted with 3des. Hmm, so that's concerning! I introduced new tests for that scenario, which did not initially pass. Those tests showed similar deserialization errors. I've since updated the source and now those tests pass. I think that should correct your problem.

Can you please try to "git pull" again? Get v1.0.14 .

Then re-run your scenario.

Create keys like this:

openssl genrsa -des3 -out private-encrypted.pem 2048

yes, v1.0.14 is working with encrypted private keys