Skip to content

AWS CloudHSM JCE provider & JJWT #934

Closed Answered by lhazlewood
mnylen asked this question in Q&A
Discussion options

You must be logged in to vote

Hi @mnylen!

I was out over the weekend and yesterday was as super busy day, so we haven't been able to review these comments in detail until now. Please see below:

I've been exploring the use of AWS CloudHSM for signing and verifying JWTs. This works pretty easily with RS256 and ES256 algorithms, but HS256 is proving to be a bit difficult, because the SecretKey instance returned from HSM just has GenericSecret as algorithm, which JJWT rejects:

io.jsonwebtoken.security.SignatureException: Unable to compute HS256 signature. Cause: The signing key's algorithm 'GenericSecret' does not equal a valid HmacSHA* algorithm name or PKCS12 OID and cannot be used with HS256.

The same key however wor…

Replies: 3 comments 12 replies

Comment options

You must be logged in to vote
2 replies
@mnylen
Comment options

@mnylen
Comment options

Comment options

You must be logged in to vote
9 replies
@mnylen
Comment options

@lhazlewood
Comment options

@lhazlewood
Comment options

@mnylen
Comment options

@mnylen
Comment options

Comment options

You must be logged in to vote
1 reply
@mnylen
Comment options

Answer selected by mnylen
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants