Exit
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0

How can I use CreateSignedJWT with a string rather than keystore key

New Here ,
Feb 22, 2024 Feb 22, 2024
 

I'm trying to do the following:

secret_key = "sometihng";
web_token = CreateSignedJWT(payload_string, secret_key, hash_params );

And I receive error: signOptions type not supported, it has to be of type Key or KeyPair or Struct

Coldfusion's jwt documentation states the secret_key parameter should be a struct, which I understand. However, I'm unclear on how to use the secret key as a string without using the keystore, because if I use

key_options = {
        key = secret_key
    }

web_token = CreateSignedJWT(payload_string, key_options, hash_params );

then I receive error Either the keystore path is invalid or corrupt or the keystore password is wrong.

The key itself is stored in an encrypted database column, so I want to pass a string version of it. How can I do this without the keystore?

TOPICS
Documentation , Security
203
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 23, 2024 Feb 23, 2024
LATEST

In the second definition of web_token , the argument key_options is a struct. I think that that is the correct type, rather than string.

 

However, the struct should have, not one key, but three. Namely,

  • Key
  • KeyPair - private Key 
  • Keystore file, keystore password, keystore alias

 

The documentation on CreateSignedJWT gives you the following example:

<cfset k=getKeyPairfromkeystore({  
        "keystore" : "test_jws1.keystore",
        "keystorePassword": "****",  
        "keypairPassword": "****",  
        "keystoreAlias": "contentKey"
    }) >

<cfset key_options=k.getPrivate()>
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources