com.nimbusds.jose.JOSEException: Curve not supported: secp256k1 (1.3.132.0.10)
Issue #458
resolved
If I use ECKeyGenerator with JWSAlgorithm.ES256K, I get the exception in the title.
I think secp256k1 was deprecated in the JRE. See release notes for Java 11.0.9 and 11.0.10.
- October 20, 2020: Java 11.0.9 disabled secp256k1 by default (see jdk.disabled.namedCurves)
- January 19, 2021: Java 11.0.10 disabled secp256k1 by default (see jdk.tls.namedGroups)
- September 14, 2021: Java 17 inherited those changes
Here is a JUnit test to reproduce the exception with Java 17.0.1+12 and nimbus-jose-jwt-9.8.1.jar.
public void testCheckIfJavaDisabledES256K1() {
final Set<Curve> ecCurves = Curve.forJWSAlgorithm(JWSAlgorithm.ES256K); // EC KeyPair generation fails for secp256k1
final Curve ecCurve = ecCurves.iterator().next(); // first curve
final ECKeyGenerator ecKeyGenerator = new ECKeyGenerator(ecCurve);
final Exception expectedException = expectThrows(
JOSEException.class, () -> {
ecKeyGenerator.generate(); // com.nimbusds.jose.JOSEException: Curve not supported: secp256k1 (1.3.132.0.10)
}
);
assertThat(expectedException.getMessage(), is(equalTo("Curve not supported: secp256k1 (1.3.132.0.10)")));
}
Comments (2)
-
Account Deactivated -
- changed status to resolved
What to do if you need the curve and the default JCE provider in your JRE doesn't have it:
https://connect2id.com/products/nimbus-jose-jwt/examples/jwk-generation#secp256k1
https://connect2id.com/products/nimbus-jose-jwt/examples/jwt-with-es256k-signature
- Log in to comment
Clarification: