ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Layer7 API Gateway: The given key (algorithm=RSA) is not valid for SHA512withECDSA
Article ID: 111567
STARTER PACK-7CA Rapid App SecurityCA API Gateway
When using the 'Encode JSON Web Token' assertion and signing the JWT using the ECDSA algorithm you receive one of the following errors. This message will be present in the SSG logs.
The given key (algorithm=RSA) is not valid for SHA512withECDSA The given key (algorithm=RSA) is not valid for SHA256withECDSA The given key (algorithm=RSA) is not valid for SHA384withECDSA
Release: Component: APIESM
The issue occurs when trying to use an RSA private key to sign the JWT. When selecting a private key installed on the Gateway you will need to confirm you are using the correct key type.
In policy manager:
1) Open the Manage Private Keys dialog (Tasks -> Certificates, Keys and Secrets -> Manage Private Keys) 2) Look for the private key you are selecting to sign the JWT. Specifically take note of the 'Key Type' field.
If the key type is RSA xxxx bits, it cannot be used with the ECDSA algorithm. You will need to create a new private key opting for one of the Elliptic Curve algorithms.