1.使用openssl协议生成公钥和私钥
genrsa -out private.key 1024
rsa -in private.key -pubout -out public.key
2.使用生成的公钥私钥和RS256非对称算法进行token加密和验证
2.1使用私钥加密颁发token
const privateKey = fs.readFileSync('./keys/private.key')
const publicKey = fs.readFileSync('./keys/public.key')
useRouter.get('/login', (ctx, next) => {
const payload = {id: 001, name: 'kobe'}
const token = jwt.sign(payload, privateKey, {
expiresIn: 60 * 5 ,
algorithm: 'RS256'
})
ctx.body = {
code: 0,
token,
message: '登录成功,可以进行其他操作~'
}
})
2.2 使用公钥解密验证token
useRouter.get('/list', (ctx, next) => {
const authorization = ctx.headers.authorization
const token = authorization.replace('Bearer ', '')
try {
const res = jwt.verify(token, publicKey, {
algorithms: ['RS256']
})
console.log(res)
ctx.body = {
code: 0,
data: [
{id: 01, name: 'rose'},
]
}
} catch (error) {
ctx.body = {
code: -1010,
message: '无效token~'
}
}
})
3.允许后颁发token时报错:secretOrPrivateKey has a minimum key size of 2048 bits for RS256
![在这里插入图片描述](https://img-blog.csdnimg.cn/af363bc2024d4afca905aa6e6648ca61.png)
3.1 解决方法: 生成私钥时把1024改成2048,然后重新颁发就ok了
genrsa -out private.key 2048
3.2 然后就能正常运行并颁发token了,如下图所示:颁发token成功
![在这里插入图片描述](https://img-blog.csdnimg.cn/58305e688328459793db2f65a9d02444.png#pic_center)
3.3 验证token成功
![在这里插入图片描述](https://img-blog.csdnimg.cn/989cbaa15b064c2eb6e59c6bfe4cec9d.png)