I’m encountering an issue in my Node.js (20.5.1) application related to JSON Web Token (JWT) verification using RSA key pairs. The error message is as follows:
[16:39:56.959] FATAL (26460): invalid signature
err: {
"type": "JsonWebTokenError",
"message": "invalid signature",
"stack":
JsonWebTokenError: invalid signature
at U:CodingMCShop-APInode_modulesjsonwebtokenverify.js:171:19
at getSecret (U:CodingMCShop-APInode_modulesjsonwebtokenverify.js:97:14)
at module.exports (U:CodingMCShop-APInode_modulesjsonwebtokenverify.js:101:10)
at verifyJWTToken (U:CodingMCShop-APIsrccrypto.ts:28:37)
at U:CodingMCShop-APIsrcapp.ts:39:45
at Layer.handle [as handle_request] (U:CodingMCShop-APInode_modulesexpresslibrouterlayer.js:95:5)
at trim_prefix (U:CodingMCShop-APInode_modulesexpresslibrouterindex.js:328:13)
at U:CodingMCShop-APInode_modulesexpresslibrouterindex.js:286:9
at Function.process_params (U:CodingMCShop-APInode_modulesexpresslibrouterindex.js:346:12)
at next (U:CodingMCShop-APInode_modulesexpresslibrouterindex.js:280:10)
"name": "JsonWebTokenError"
}
I have also attached the crypto.ts file that handles the JSON Web Tokens for my application.
import crypto from 'crypto';
import { readFileSync } from 'fs';
import { JwtPayload, sign, verify } from 'jsonwebtoken';
import { logger } from './app';
export function generateRSAKeyPair() {
const { privateKey, publicKey } = crypto.generateKeyPairSync('rsa', {
modulusLength: 512,
publicKeyEncoding: { type: 'pkcs1', format: 'pem' },
privateKeyEncoding: { type: 'pkcs1', format: 'pem' }
});
return { privateKey, publicKey };
}
export function generateJWTToken(admin: boolean, username: string) {
const key = readFileSync('private.key', { encoding: 'utf-8', flag: 'r' });
return sign({
admin,
username
}, key, { algorithm: 'RS256' });
}
export function verifyJWTToken(token: string) {
try {
const key = readFileSync('public.key', { encoding: 'utf-8', flag: 'r' });
const verifiedToken = verify(token, key, { algorithms: ['RS256'] }) as JwtPayload;
if (!verifiedToken) return false;
return verifiedToken
} catch (error) {
logger.fatal(error);
return false;
}
}
I have confirmed the following:
- The key variable is not undefined and is fetching the contents of the file.
- readFileSync does not use caching.
- The values that get passed into the function are valid.
- The attempted JWT is indeed valid confirmed by JWT.io
I suspect there might be an error in how I’m handling the keys or in the JWT library version.
Can someone help me identify the root cause of the "invalid signature" error and suggest potential solutions? Any insights or advice would be greatly appreciated.
2
Answers
I ran your code and it was fine. I had to change the
modulusLength, which is the key size in bits. For RS256 you would therefore set it to256 * 8 = 2048. You should be able to copy the 3 below files into a folder, then run these commands:index.ts
package.json
tsconfig.json
I remember I faced the same issue last year, and filed an issue in github. I was testing using Postman and the token was overridden by a parent collection and there was no issue in the package. You might ensure the valid tokens are not overridden by non-valid tokens.