![[JWT] The specified key byte array is 232 bits which is not secure enough for any JWT HMAC-SHA algorithm...](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdna%2FbCZe0a%2Fbtr2xSTifhh%2FAAAAAAAAAAAAAAAAAAAAAHZWGg3ba_5mHMbhn0PQAN0W8ZkCyDBm67WVDRZRh5Je%2Fimg.png%3Fcredential%3DyqXZFxpELC7KVnFOS48ylbz2pIh7yKj8%26expires%3D1772290799%26allow_ip%3D%26allow_referer%3D%26signature%3Dn9bl7xWZ5DCz1S4ZOVJvmqDRF1s%253D)
728x90
에러코드
The specified key byte array is 232 bits which is not secure enough for any JWT HMAC-SHA algorithm. The JWT JWA Specification (RFC 7518, Section 3.2) states that keys used with HMAC-SHA algorithms MUST have a size >= 256 bits (the key size must be greater than or equal to the hash output size). Consider using the io.jsonwebtoken.security.Keys#secretKeyFor(SignatureAlgorithm) method to create a key guaranteed to be secure enough for your preferred HMAC-SHA algorithm. See https://tools.ietf.org/html/rfc7518#section-3.2 for more information.
io.jsonwebtoken.security.WeakKeyException: The specified key byte array is 232 bits which is not secure enough for any JWT HMAC-SHA algorithm. The JWT JWA Specification (RFC 7518, Section 3.2) states that keys used with HMAC-SHA algorithms MUST have a size >= 256 bits (the key size must be greater than or equal to the hash output size). Consider using the io.jsonwebtoken.security.Keys#secretKeyFor(SignatureAlgorithm) method to create a key guaranteed to be secure enough for your preferred HMAC-SHA algorithm. See https://tools.ietf.org/html/rfc7518#section-3.2 for more information.문제
JWT 생성 클래스에 대한 Test케이스 작성 후, 실행시 발생
원인
사실상 오류코드에 다 나와있다.
JWT 생성시 사용하는 비밀키 인코딩 방식이 WT HMAC-SHA 알고리즘을 사용중이기 때문에,
Security 기준에 부합하도록 최소 256bits의 사이즈를 가진 비밀키값이 주어져야한다.
...The specified key byte array is 232 bits which is not secure enough for any JWT HMAC-SHA algorithm....
...HMAC-SHA algorithms MUST have a size >= 256 bits...해결방법
Stub 데이터로 생성한 비밀키 값을 256bits 이상으로 늘려주면 해결된다.
(영문/숫자 기준 32자리 이상이어야 한다)
728x90