[JBoss JIRA] (WFWIP-288) JWT signed by 1024 bit long key is rejected

Tuesday, 17 December 2019

    [
https://issues.redhat.com/browse/WFWIP-288?page=com.atlassian.jira.plugin...
] 

Darran Lofthouse commented on WFWIP-288:
----------------------------------------

Going to test this one next but just to confirm I agree with the Blocker priority for now
- the specification does not make many demands on key sizes but 1024 bit keys is one of
the few requirements listed.

...
 JWT signed by 1024 bit long key is rejected
 -------------------------------------------

                 Key: WFWIP-288
                 URL: https://issues.redhat.com/browse/WFWIP-288
             Project: WildFly WIP
          Issue Type: Bug
          Components: MP JWT
            Reporter: Jan Kasik
            Assignee: Darran Lofthouse
            Priority: Blocker

 According to MP-JWT 1.1 specification, 1024 and 2048 bit key sizes must be supported.
Though when there is JWT signed by 1024 bit long key presented to the server, it is
rejected and client receives "Unauthorized" (code 401) message.
 See chapter 9.2. Supported Public Key Formats:
 {quote}
 Support for RSA Public Keys of 1024 or 2048 bits in length is required. Other key sizes
are allowed, but should be considered vendor-specific.
 {quote} 

--
This message was sent by Atlassian Jira
(v7.13.8#713008)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006