ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Layer7 API Gateway: The given key (algorithm=RSA) is not valid for SHA512withECDSA


Article ID: 111567


Updated On:


STARTER PACK-7 CA Rapid App Security CA API Gateway


When using the 'Encode JSON Web Token'  assertion and signing the JWT using the ECDSA algorithm you receive one of the following errors. This message will be present in the SSG logs.

The given key (algorithm=RSA) is not valid for SHA512withECDSA
The given key (algorithm=RSA) is not valid for SHA256withECDSA
The given key (algorithm=RSA) is not valid for SHA384withECDSA



Component: APIESM


The issue occurs when trying to use an RSA private key to sign the JWT. When selecting a private key installed on the Gateway you will need to confirm you are using the correct key type.

In policy manager:

1) Open the Manage Private Keys dialog (Tasks -> Certificates, Keys and Secrets -> Manage Private Keys)
2) Look for the private key you are selecting to sign the JWT. Specifically take note of the 'Key Type' field.

If the key type is RSA xxxx bits, it cannot be used with the ECDSA algorithm. You will need to create a new private key opting for one of the Elliptic Curve algorithms.