Create JWT Token based on Public – Private Key Certificate On Spring Security
Previously im always creating JWT token using a simple 20digit random character string, despite it works well but somehow it feels like there is something wrong. It feels like it is less secure.
Therefore, after spending some time researching, im changing below code where im using a 20 digits random String character
String signingKey = "V5iwaQYUyqyi71ij3OtP"; @Bean public JwtAccessTokenConverter accessTokenConverter() { JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); converter.setSigningKey(signingKey); return converter; }
To signing and veryfing using a simple public and private key, first we need to create a simple public key file, public.txt
-----BEGIN PUBLIC KEY----- MIICITANBgkqhkiG9w0BAQEFAAOCAg4AMIICCQKCAgBoDqqgVQd0VX0RFBxquFPI 7o0WabMhCV+BplU3MX+RVq8djCVvkb0FwZSuqZT8d3mvxLtEdHxHXI2vRL9qhOvD pBgyXw6z+IrzSwYM1LrRj+vM61jCD9lhD5y5kbvzonNbTEGNX2//oJHKC0uwCXWP ZNx6WdQkWrCD3FDtQyuDkPuGWeuXMqBwuLLrhMg1c4B3CF2DUyVxRLT21WfguRKE 8gkNBI6f9PsG/DAFyTbXJNRHjyqam4Uanc/kuiw/kUUCCdiNC7jUD64pPixJy0pC 8gXKH/iZZ4omSygFBCDHkcTJvCYdVOz36Smzzus8V38i2vx0gP5ri+eYgVdCsPG8 WkaL/8QwUB0zJIM6o7ELb4OyDDX8M99nOTovAsgSMvMu2dCAjsPAwwaJKb6Rnn84 zu3xWuDZNOTox/l4+YqV91p3+nvsizPbme3qiYNM6GJJX6mGUXCX7yaC7t4UEcQS oLBvo/zXa1SOHrIMZVFhbT9PPpspBXC3YX+zS5/4XR1+m3PWvGiXBOpD47r1+Oz1 MWpZXqq5TT53AsbXOhGIGO54TLKq/m7lPJd1Y8KeKMdR5j+a1gmPy6kv68YBHPOx npvlrpEvNFujNeBftfNrBoeHtiYCUKZjSTHLquCbuq2/w3FF8kRQNUc04btysTJ8 LdulnXqPagx9egAGjjG4QwIDAQAB -----END PUBLIC KEY-----
and private key, private.txt. And put both of them under resources folder so accessible by our app
-----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgBoDqqgVQd0VX0RFBxquFPI7o0WabMhCV+BplU3MX+RVq8djCVv kb0FwZSuqZT8d3mvxLtEdHxHXI2vRL9qhOvDpBgyXw6z+IrzSwYM1LrRj+vM61jC D9lhD5y5kbvzonNbTEGNX2//oJHKC0uwCXWPZNx6WdQkWrCD3FDtQyuDkPuGWeuX MqBwuLLrhMg1c4B3CF2DUyVxRLT21WfguRKE8gkNBI6f9PsG/DAFyTbXJNRHjyqa m4Uanc/kuiw/kUUCCdiNC7jUD64pPixJy0pC8gXKH/iZZ4omSygFBCDHkcTJvCYd VOz36Smzzus8V38i2vx0gP5ri+eYgVdCsPG8WkaL/8QwUB0zJIM6o7ELb4OyDDX8 M99nOTovAsgSMvMu2dCAjsPAwwaJKb6Rnn84zu3xWuDZNOTox/l4+YqV91p3+nvs izPbme3qiYNM6GJJX6mGUXCX7yaC7t4UEcQSoLBvo/zXa1SOHrIMZVFhbT9PPpsp BXC3YX+zS5/4XR1+m3PWvGiXBOpD47r1+Oz1MWpZXqq5TT53AsbXOhGIGO54TLKq /m7lPJd1Y8KeKMdR5j+a1gmPy6kv68YBHPOxnpvlrpEvNFujNeBftfNrBoeHtiYC UKZjSTHLquCbuq2/w3FF8kRQNUc04btysTJ8LdulnXqPagx9egAGjjG4QwIDAQAB AoICAAsnb1DKbIci1soq3rTt10VVlNgPMn1bFNq/6qiE7Mi2gwTmzeh8tcdVLcvf L7I0WF3n967p0ZyQpjtgYihX4THSeCmGGPxfqv1TUG21q+TkyYDoxVXf/wwxcTpP Ddea1US3EtvFnCrJmncO6OkQyoI5bIzM7jmLYxpvVllodtSeiOeo4eEOMzaCBePL Eu7v15hq1CNMmVnf5IoE7CKhlAOeMiwsDeHFj9b612b3X6KGNx8IkKeL/iORQQSi lDWoK76BMa5E0GYi3Cddm7+5Q9eTO92jubEv8RYTvlFzVNQvoumA+pDwVopoeujk SEDqnB0vXhpa7Wq3z3aAfssOTosgAueWo8lCe0lfr+3FHJpqcEalNVrFi25PEqq8 SZMDzwZ9nt5l+yh7Az+tI3KSGmUlZ0QDochbOzUmUis2HBSddtqEqrm03EL1wIfL udkqKbqhzLutsePhGL/vZEnBka6uoUoClPP7+jr8pt3KBbyWF1LNAEuc3L664BzG M4kOzAD6JiZQGcrfPPjBEaGWNkuYurHjd1KbJxj3nj4uJGDwR//UrWLkhG50g9CG GiMyPPvv7FVTzY3WHt3TAeItsT9MwOGeVBJp99AYRwVbIj6U40jNcFmrxxw3yEKG Usy4nNM2e3T3kkas7DavZ+ozpE5hlLktNTzepcHFO6YFdyqRAoIBAQCxCr5T9w8X tBKlfTxQE46dW1cE9GPkJ+CVPxsOvjgnlkWooZPdpgrB3DzblGIOJkH+TwCUWi85 rwj+d2uvMe/o62eSzCk4ZI2fCqM4eWWBhZUPwlnPWy3iIzCPrnABwJDkWbJBJLRJ 0CP250ZYwO3LSxC8PivRv0KHySryYpIjNwyWWAVtr1OBbK6MdXO4T79G+zET4BLX srqbj+gszzf+y7qtzmXTN/AQx6JqS9Y2Z1UQ5Rplq1py+Lli5u+cnoyTN8wvlt53 YhUuZ268tMVBixk7CKvgLcc5TdTIJzmVdRrQeGtvOavF14fYl0aCaB/3i8Fp8YFS UxFWOGijIuspAoIBAQCWdxuitrjXv5t8iM0OePRGIAHpaSvBqVG1noYpczqZjisp 6xtORFu7t8+W0v4OeNdWRcDlN4zmkGq37oSpcogw7Tl0k/HWb9XCfso9oOJWB7Zo DN+HT3sRw4xhlUUstqSZPzY65+6fH11Cb54vtgAeu3j8VCXdWcsoP+3TfTLU9KEY tZ6SdtUPGlFNtblbecKdWavENM0R0R2jjb6Iz6EWRnL22l+zmkLdrAA80d+VXsdX SxPywly3ApqLEYhjYfjqARM4cFJXE6T74T/mWKP6oew2osgYU+CAsf4BwqNJkdvk MF+q05tj/2oktJqLCpGjodH7sTXkBxmZwugbxeGLAoIBAQCstBlEmV6Mten2q7t5 NgrKL/8sYydKuyfXD49ai28GFw5u2OgAsWgPAsQPQ6l/ugxogzLChVNKRxhT+7T9 W454PaN0zVpsm5KXke31Ol8twVzO2b14jK6uybsmfnjfDLWLPICqEZ8Z3kQnKCc0 j0epJ9n0eAWQ/61r/m65sjRyy9Gom8b3369rMtT3SeAP7SNfn8yZYd2fssdc1z4a 8C3kjWLXB9/G8utpwwUKAl6+BYEzEPr2MPjz7PQTqcoWk4f4WNcDmX39IZ4d/WJG DWXbcVC0iNn5v0539RfcBH+k726v7LiI8M5DGeR4AeITdnWwqxGLQr7vyv6/iBlz Aq45AoIBABt2B5Qt1xSBQuZ6rTob9zEpPFAWQscomOIV2ZSNFD/cQ6J151jkfv2G sZtsTLPleB+lwWvUNKIL7348SPgIEDUlxpuxOK0TYicKLu0KhOSAqdjZqJ4wclyu nNtee+6KMwZJFCOyGsnt1n5+kpdQlzsEqjMbRIHeloZ1DHnR2solD5XL5/IBQCdu fTI6nWbFlTBUolW/8UF0Mf2crA6aHmNLXkYRWvATkmqUrsJq52yCjM0wxaZDtNot 3njNLWA+DEjhA1oEnfKIgk76MEhhGyRuEwdxtCVEga/bTGmT1Wti9If0EDHERxL8 Fao3UBFaT3RW31UZZaWFajW27dfLyLsCggEBAKJ38cPxdEL1nwqmcrNUqUDjMrc6 9Qai/L5RkpkD6VALzfF4p9OsHF1z8Ye1rVx+HyTYvWo7crDdb8e5CyamyhsciJSr U9rjd6TyEOCrNER81zsBMX4wtl7SRls/kkSAI5jvLXCvCllQP3Zgw0dDcu6SBmUU zzUmy3UTS2k+RHs2sx/krXSZSQsvqxv2HzbTvVXPTDJ2p5B6kdATGSaVu7G2jUVR q6O9MJKICSVO1pL6B7EsQHCpVizjK6gtrLhfUDc2UXObM0g47ghUFiEazvCKJJiP Ld9/Nf1pP0BU2Ci10ph2oCJzIXAKiSvQw8KTCvDWYn8axmC/2hpLDyBMSRU= -----END RSA PRIVATE KEY-----
And change our code to below,
@Bean public JwtAccessTokenConverter accessTokenConverter() { JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); Resource resource = new ClassPathResource("public.txt"); Resource privateResource = new ClassPathResource("private.txt"); String publicKey = null; String privateKey = null; try { publicKey = IOUtils.toString(resource.getInputStream()); privateKey = IOUtils.toString(privateResource.getInputStream()); } catch (final IOException e) { throw new RuntimeException(e); } converter.setVerifierKey(publicKey); converter.setSigningKey(privateKey); return converter; }
The downside of this new signing is it almost doubled the size of my JWT token, but hopefully makes it more secure.
No Comments