4

According to the Java 12 security specs here the RSASSA-PSS signature scheme should be supported (actually as of Java 11). However, if I try to use a signature with PS256 algorithm in my JWT using e.g. the nimbus jose+jwt library, then it doesn't work unless I use BouncyCastle.

        val signer = RSASSASigner(signKey)
        val jwsObject = JWSObject(
                JWSHeader.Builder(JWSAlgorithm.PS256)    // PS256 gives error;  RS256 will work
                        .keyID(signKeyId)
                        .build(),
                Payload(json)
        jwsObject.sign(signer)

This gives an error:

java.security.NoSuchAlgorithmException: SHA256withRSAandMGF1 Signature not available

And indeed JCASupport.isSupported(JWSAlgorithm.PS256) is false

If I include BouncyCastle then it does work:

        Security.addProvider(BouncyCastleProviderSingleton.getInstance())
        JCASupport.isSupported(JWSAlgorithm.PS256) == true

I would have thought that BouncyCastle is not necessary anymore in Java 12 (I'm actually using Kotlin 1.3 with Java 12 and Spring Boot 2.2 and com.nimbusds 8.4 to be precise). I would like to be independent from BouncyCastle.

What am I missing?

user1120821
  • 439
  • 7
  • 18
  • For Java 11+ the alogirhtm identifier seems to be `RSASSA-PSS` and not `SHA256withRSAandMGF1`. Also after inspecting the source code of this library it they use `SHA256withRSAandMGF1` identifier so they are bound to BouncyCastle. I am afraid as for this version of your library you have no choice but use BC as provider. – Michał Krzywański Jan 05 '20 at 22:00
  • I have now tried also a different library, namely jsonwebtoken on https://github.com/jwtk/jjwt but I get the same error, even though the documentation in here also states that you JDK11 should also work. – user1120821 Jan 06 '20 at 21:11
  • any luck @user1120821 ? – Samir Apr 20 '21 at 06:25
  • @Samir yes, in JWTT it was solved, see https://github.com/jwtk/jjwt/issues/542 (not sure about nimbus though) – user1120821 Apr 21 '21 at 16:33

0 Answers0