The signing key‘s size is 1024 bits which is not secure enough for the RS256 algorithm.

/** * @since 0.10.0 */ private void assertValid(Key key, boolean signing, int keyLength) throws InvalidKeyException { // 如果用户有传key的长度，则使用用户的，否则使用默认 【修改的地方】 keyLength = keyLength == 0 ? this.minKeyLength : keyLength; if (this == NONE) { String msg = "The 'NONE' signature algorithm does not support cryptographic keys."; throw new InvalidKeyException(msg); } else if (isHmac()) { if (!(key instanceof SecretKey)) { String msg = this.familyName + " " + keyType(signing) + " keys must be SecretKey instances."; throw new InvalidKeyException(msg); } SecretKey secretKey = (SecretKey) key; byte[] encoded = secretKey.getEncoded(); if (encoded == null) { throw new InvalidKeyException("The " + keyType(signing) + " key's encoded bytes cannot be null."); } String alg = secretKey.getAlgorithm(); if (alg == null) { throw new InvalidKeyException("The " + keyType(signing) + " key's algorithm cannot be null."); } // These next checks use equalsIgnoreCase per https://github.com/jwtk/jjwt/issues/381#issuecomment-412912272 if (!HS256.jcaName.equalsIgnoreCase(alg) && !HS384.jcaName.equalsIgnoreCase(alg) && !HS512.jcaName.equalsIgnoreCase(alg)) { throw new InvalidKeyException("The " + keyType(signing) + " key's algorithm '" + alg + "' does not equal a valid HmacSHA* algorithm name and cannot be used with " + name() + "."); } int size = encoded.length * 8; //size in bits if (size < keyLength) { // 【修改的地方】 String msg = "The " + keyType(signing) + " key's size is " + size + " bits which " + "is not secure enough for the " + name() + " algorithm. The JWT " + "JWA Specification (RFC 7518, Section 3.2) states that keys used with " + name() + " MUST have a " + "size >= " + minKeyLength + " bits (the key size must be greater than or equal to the hash " + "output size). Consider using the " + Keys.class.getName() + " class's " + "'secretKeyFor(SignatureAlgorithm." + name() + ")' method to create a key guaranteed to be " + "secure enough for " + name() + ". See " + "https://tools.ietf.org/html/rfc7518#section-3.2 for more information."; throw new WeakKeyException(msg); } } else { //EC or RSA if (signing) { if (!(key instanceof PrivateKey)) { String msg = familyName + " signing keys must be PrivateKey instances."; throw new InvalidKeyException(msg); } } if (isEllipticCurve()) { if (!(key instanceof ECKey)) { String msg = familyName + " " + keyType(signing) + " keys must be ECKey instances."; throw new InvalidKeyException(msg); } ECKey ecKey = (ECKey) key; int size = ecKey.getParams().getOrder().bitLength(); if (size < keyLength) { // 【修改的地方】 String msg = "The " + keyType(signing) + " key's size (ECParameterSpec order) is " + size + " bits which is not secure enough for the " + name() + " algorithm. The JWT " + "JWA Specification (RFC 7518, Section 3.4) states that keys used with " + name() + " MUST have a size >= " + keyLength + " bits. Consider using the " + Keys.class.getName() + " class's " + "'keyPairFor(SignatureAlgorithm." + name() + ")' method to create a key pair guaranteed " + "to be secure enough for " + name() + ". See " + "https://tools.ietf.org/html/rfc7518#section-3.4 for more information."; throw new WeakKeyException(msg); } } else { //RSA if (!(key instanceof RSAKey)) { String msg = familyName + " " + keyType(signing) + " keys must be RSAKey instances."; throw new InvalidKeyException(msg); } RSAKey rsaKey = (RSAKey) key; int size = rsaKey.getModulus().bitLength(); if (size < keyLength) { // 【修改的地方】 String section = name().startsWith("P") ? "3.5" : "3.3"; String msg = "The " + keyType(signing) + " key's size is " + size + " bits which is not secure " + "enough for the " + name() + " algorithm. The JWT JWA Specification (RFC 7518, Section " + section + ") states that keys used with " + name() + " MUST have a size >= " + keyLength + " bits. Consider using the " + Keys.class.getName() + " class's " + "'keyPairFor(SignatureAlgorithm." + name() + ")' method to create a key pair guaranteed " + "to be secure enough for " + name() + ". See " + "https://tools.ietf.org/html/rfc7518#section-" + section + " for more information."; throw new WeakKeyException(msg); } } } }