Ask Your Question

unable to get JWT signing key( base64 encoded) right

asked 2019-08-20 09:22:18 -0500

kappapilla gravatar image

updated 2019-08-20 13:09:44 -0500

metadaddy gravatar image

Hello StreamSetters, I have been trying to read files off BOX using JWT authentication. I followed this link . I tried creating my own private/public key and also their recommended key generate. I added grant type and client id and secret in extra parameters. attached is my pipeline.

I used the following to decrypt the key in base64 and used StreamSets RSSSA 256 as well as HMAC 256 but no luck

openssl enc -d -base64 -in gen_enc_key -out gen_dec_base64

fails with invalid key or invalid character for base64

Pipeline JSON:

edit retag flag offensive close merge delete


Is it the openssl command that fails? Also, I don't see the pipeline. Could you try attaching again?

metadaddy gravatar imagemetadaddy ( 2019-08-20 09:32:42 -0500 )edit

openssl works but pipeline errors didnt let me attach as i dont have 50 points..

kappapilla gravatar imagekappapilla ( 2019-08-20 11:13:29 -0500 )edit

@kappapilla I just gave you a reputation bonus so you can attach :-)

metadaddy gravatar imagemetadaddy ( 2019-08-20 12:21:28 -0500 )edit

Hi, were you able to resolve this issue? I am trying to address the same use case and running into the same issue as yours. Let me try to go through Pat's recommendation and share my feedback here.

Aadav gravatar imageAadav ( 2019-08-30 14:21:52 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2019-08-20 13:15:52 -0500

metadaddy gravatar image

updated 2019-08-20 14:17:09 -0500

Looking at the Box documentation, you need to first decrypt the key, then base64 encode it. Try this:

openssl rsa -in gen_enc_key -out gen_dec

You'll need to provide the passphrase from the Box config file for the above step

openssl base64 -in gen_dec -out gen_dec_base64
edit flag offensive delete link more



tried that as well Pat! this just encodes the file. but box key is encrypted. box need the key to be decrypted before using it for signing .. so decrypted key without any encoding as well ( JWT google example in SS looks similar) but SS throws invalid character.. cmd in quest is decrypt and encode

kappapilla gravatar imagekappapilla ( 2019-08-20 13:22:53 -0500 )edit

I updated my answer...

metadaddy gravatar imagemetadaddy ( 2019-08-20 14:17:36 -0500 )edit

still same error.. Pat.. i am going to look into the following way of generating private key..

kappapilla gravatar imagekappapilla ( 2019-08-21 10:52:35 -0500 )edit
Login/Signup to Answer

Question Tools

1 follower


Asked: 2019-08-20 09:22:18 -0500

Seen: 68 times

Last updated: Aug 20