user938363
Reputation: 10378
Error: EVP_PKEY_sign_init:operation not supported for this keytype
With jsonwebtoken 8.2.0, the following code signs a payload with RS256:
const jwt = require('jsonwebtoken');
const token = jwt.sign( //<<==sign throw error below
{
uid: this.id, //<<==payload
},
key, //<<==RSA private key of 2048bit
{
expiresIn: (parseInt(process.env.jwt_token_expire_days) * 24).toString() + 'h',
algorithm: 'RS256'
}
);
The sign throws error:
(node:6528) UnhandledPromiseRejectionWarning: Error: error:0608D096:digital envelope routines:EVP_PKEY_sign_init:operation not supported for this keytype
at Sign.sign (internal/crypto/sig.js:110:29)
at Object.sign (C:\d\code\js\xyz\node_modules\jwa\index.js:152:45)
at Object.jwsSign [as sign] (C:\d\code\js\xyz\node_modules\jws\lib\sign-stream.js:32:24)
at Object.module.exports [as sign] (C:\d\code\js\xyz\node_modules\jsonwebtoken\sign.js:204:16)
at Viewer.RSAAuthToken (C:\d\code\js\xyz\models\viewer.js:162:21)
at C:\d\code\js\xyz\routes\viewers.js:184:41
at processTicksAndRejections (internal/process/task_queues.js:93:5)
(Use `node --trace-warnings ...` to show where the warning was created)
(node:6528) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
(node:6528) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
Viewer verification status update failed TypeError: res.setheader is not a function
at C:\d\code\js\xyz\routes\viewers.js:203:17
at processTicksAndRejections (internal/process/task_queues.js:93:5)
The RSA private key (2048bit) looks like below:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAtBwLxqZEirr0uhtMTThmVDu3XKFVgE+qQqQ6oi6P/cvnTBHc
zlnmgqYNpufUbnIgGSZ9RzL29gVq6o/Dc4Sf1C0sEdkU1A5weFEegpeQTfEU1XI9
.....
0q6yoDXSl7JC+y5BWaz75xFX+tb4hKVTD27BvNDYRuvRsFeiKnn7vDmVS1/CoSnd
bv9Y1DrudRU2PkgAUPqbxDzuCNY9VW8IAP/DCw0oJBJP+wzdH9uvhg==
-----END RSA PRIVATE KEY-----
What is wrong here?
Upvotes: 1
Views: 1975
Answers (1)
user9775882
Reputation:
It is probably because your RSA key is actually an RSA-PSS one with restrictions on used padding, usage, algorithms, digests, or any combination of those. You can confirm this hypothesis by executing
const { createPrivateKey } = require('crypto')
const pk = createPrivateKey(pem)
console.log(pk.asymmetricKeyType)
If you get rsa-pss logged, then your key is restricting the operations that can be executed with it.
Upvotes: 1
Related Questions
- jwt Signature exception while decoding
- java.lang.IllegalArgumentException: A signing key must be specified if the specified JWT is digitally signed
- Invalid JWT signature with ES256
- Verify JWT Token error 'secretOrPrivateKey must have a value'
- key is of invalid type
- Token signature invalid error
- Unexpected "InvalidJwtSignatureException: JWT rejected due to invalid signature"
- Key is of Invalid Type when parsing JWT Auth token in jwt-go
- How to generate JWT token always through invalid key type error
- "Invalid algorithm specified" when signing with JwtSecurityTokenHandler.CreateToken