Issue using store passwords


Article ID: 194835


Updated On:


CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway


I am using a variable called ${secpass.jwe_pwd.plaintext} to get the content of the password jwe_pwd
The Decode JSON WEb token fails if I use the variable and it works if I use an hardcoded password.

It seems the Decode Json Web token assertion doesn't recognize the content of the variable correctly.


the error reported in the env where the decode JWT assertion is not working is:

2020-05-28T15:53:18.445+0200 WARNING 1020 com.l7tech.external.assertions.jwt.server.ServerEncodeJsonWebTokenAssertion: 10808: Invalid key for dir with A128CBC-HS256, expected a 256 bit key but a 264 bit key was provided.


Release : 9.x

Component : API GATEWAY


The error would indicate there is something added to the password :  expected a 256 bit key but a 264 bit key was provided.

When using copy and paste the password the error occurs , after typing it the problem did not occur .
Make sure the copied password has no additional BLANKS, CR or LF at the end .
Due to the masking you will not see this