Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

secretOrPrivateKey has a minimum key size of 2048 bits for RS256 after upgrade to nest/jwt 10.0.2 #1230

Closed
2 of 4 tasks
conioX opened this issue Mar 6, 2023 · 1 comment
Closed
2 of 4 tasks

secretOrPrivateKey has a minimum key size of 2048 bits for RS256 after upgrade to nest/jwt 10.0.2 #1230

conioX opened this issue Mar 6, 2023 · 1 comment
Labels
bug Something isn't working needs triage

Comments

@conioX
Copy link

conioX commented Mar 6, 2023
edited

Is there an existing issue for this?

  • I have searched the existing issues

Current behavior

failed to generate token and throw exception secretOrPrivateKey has a minimum key size of 2048 bits for RS256. this issue only happen when running inside docker alpine (FROM node:18.14-alpine3.17) normal run on my local

Minimum reproduction code

Sorry repo in my company git

Steps to reproduce

  1. upgrade package.json like below :

    "@nestjs/jwt": "10.0.2"
    "passport-jwt": "^4.0.1",
    "@types/passport-jwt": "^3.0.8",

Expected behavior

normal like "@nestjs/jwt": "9.0.0",

Package version

10.0.2

NestJS version

9.3.9

Node.js version

18.14

In which operating systems have you tested?

  • macOS
  • Windows
  • Linux

Other

No response
@conioX conioX added bug Something isn't working needs triage labels Mar 6, 2023
@conioX conioX changed the title secretOrPrivateKey has a minimum key size of 2048 bits for RS256 after upgrade to nest/jwt 10.0.2 secretOrPrivateKey must be an asymmetric key when using RS256 after upgrade to nest/jwt 10.0.2 Mar 6, 2023
@conioX conioX changed the title secretOrPrivateKey must be an asymmetric key when using RS256 after upgrade to nest/jwt 10.0.2 secretOrPrivateKey has a minimum key size of 2048 bits for RS256 after upgrade to nest/jwt 10.0.2 Mar 6, 2023
@conioX
Copy link
Author

conioX commented Mar 7, 2023
edited

this issue come from auth0/node-jsonwebtoken#888


if (!options.allowInsecureKeySizes &&
  !header.alg.startsWith('ES') &&
  secretOrPrivateKey.asymmetricKeyDetails !== undefined && //KeyObject.asymmetricKeyDetails is supported in Node 15+
  secretOrPrivateKey.asymmetricKeyDetails.modulusLength < 2048) {
  return failure(new Error(`secretOrPrivateKey has a minimum key size of 2048 bits for ${header.alg}`));
}

i think we need increae the key size or we can change to another algorithm like es256

@conioX conioX closed this as completed Mar 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working needs triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@conioX