仍然有多个类提供围绕“Ed25519 / Curve25519”的 EC 功能
java.security.KeyPair
static KeyPair generateEcKeyPairUsingEd25519() {
KeyPair keyPair;
try {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("Ed25519");
keyPair = keyPairGenerator.generateKeyPair();
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException("JVM does not support Ed25519 algorithm", e);
}
return keyPair;
}
import java.security.interfaces.EdECPrivateKey;
import java.security.interfaces.EdECPublicKey;
KeyPair ecKeyPair = generateEcKeyPairUsingEd25519()
EdECPublicKey edEcPublicKey = (EdECPublicKey) ecKeyPair.getPublic();
EdECPrivateKey edEcPrivateKey = (EdECPrivateKey) ecKeyPair.getPrivate();
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
<version>${spring-boot.version}</version>
</dependency>
据我所知,所使用的com.nimbusds.jose.*
支持JWK、JWE、JWS和JWT以及RSA和EC一般。可以生成如上所示的密钥对,但据我所知,它们不能在下面的示例中使用。
示例
@Bean
public JwtDecoder jwtDecoder() {
KeyPair keyPair = this.getKeyPair();
RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic();
return NimbusJwtDecoder.withPublicKey(rsaPublicKey).build();
}
@Bean
JwtEncoder jwtEncoder() {
KeyPair keyPair = this.getKeyPair();
RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate();
JWK jwk = new RSAKey.Builder(rsaPublicKey)
.privateKey(rsaPrivateKey).build();
JWKSource<SecurityContext> jwks = new ImmutableJWKSet<>(new JWKSet(jwk));
return new NimbusJwtEncoder(jwks);
}
终于Ed25519
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.EdECPublicKey;
import java.security.interfaces.EdECPrivateKey;
import java.security.spec.EdECPublicKeySpec;
import java.security.spec.EdECPrivateKeySpec;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.oauth2.jwt.NimbusJwtEncoder;
import org.springframework.security.oauth2.jwt.JwtEncoder;
import org.springframework.security.oauth2.jwt.JWKSource;
import org.springframework.security.oauth2.jwt.JWKSet;
import org.springframework.security.oauth2.jwt.JWK;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.oauth2.jose.jwk.JWKSource;
import org.springframework.security.oauth2.jose.jwk.JWKSet;
import org.springframework.security.oauth2.jose.jwk.JWK;
import org.springframework.security.core.context.SecurityContext;
import java.security.spec.InvalidKeySpecException;
@Configuration
public class JwtConfig {
@Bean
public JwtDecoder jwtDecoder() {
KeyPair keyPair = Ed25519KeyPairGenerator.generateEcKeyPairUsingEd25519();
EdECPublicKey edEcPublicKey = (EdECPublicKey) keyPair.getPublic();
return NimbusJwtDecoder.withPublicKey(edEcPublicKey).build();
}
@Bean
public JwtEncoder jwtEncoder() {
KeyPair keyPair = Ed25519KeyPairGenerator.generateEcKeyPairUsingEd25519();
EdECPublicKey edEcPublicKey = (EdECPublicKey) keyPair.getPublic();
EdECPrivateKey edEcPrivateKey = (EdECPrivateKey) keyPair.getPrivate();
try {
EdECPublicKeySpec publicKeySpec = new EdECPublicKeySpec(edEcPublicKey.getEncoded());
EdECPrivateKeySpec privateKeySpec = new EdECPrivateKeySpec(edEcPrivateKey.getS(), publicKeySpec);
JWK jwk = new JWK.Builder(publicKeySpec).privateKey(privateKeySpec).build();
JWKSource<SecurityContext> jwks = new ImmutableJWKSet<>(new JWKSet(jwk));
return new NimbusJwtEncoder(jwks);
} catch (InvalidKeySpecException e) {
throw new IllegalStateException("Error while creating EdDSA key spec", e);
}
}
}
并生成KeyPairs
并与bean集成。我记得 NullPointerExceptions 有风险,但我现在找不到资源。
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
public class Ed25519KeyPairGenerator {
public static KeyPair generateEcKeyPairUsingEd25519() {
try {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("Ed25519");
return keyPairGenerator.generateKeyPair();
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException("JVM does not support Ed25519 algorithm", e);
}
}
}