function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Anurag JainAnurag Jain 

Crypto.sign giving exception in winter 17 for developers

Hi all,

I am using following code to genrate sign, It is working fine in summer 16 salesforce release but my org it autmatically upgraded to winter 17 and this code starts giving follwoing exception:-

"EXCEPTION: System.SecurityException: Invalid Crypto Key
STACKTRACE: Class.System.Crypto.sign: line 35, column 1
AnonymousBlock: line 7, column 1
AnonymousBlock: line 7, column 1
LINE: 35 COLUMN: 1"


can any one help me on this???
string modifiedPrivateKey = 'MIIEpAIBAAKCAQEA1l9J+lUhM3RIADiLy2ajqUjltBqSVMthUlNnu8GsN4z85aniBIDebY+RkFhKDDW9hu8xM/Q4NEI7klmCVWI5BnobWfUjRbhd9oW94qBP7B1Ka6BsSn3RbfvGZZLcDNXd6806acpgMn79fjYPUQPI1kSfrd1GeMDQDGtNFsnCTd9zq2Vye4RQJrlDzC7g70i3jEHCh853ifD4MaQwo+SWf/eF7bLqA+81qUB2llRyA7SH9YF1I/ZmgH57MVTXb62HRMr/JxERDOerHLt7CK9hdbmM3vpRZz8MJnIMrNJKXXbxS69F8aLK7q+8i8xkl1IRwWVD9uJJaWpz7NEBs9EenwIDAQABAoIBACRDLjJoYBtiGiPfbNZVYG3sZN7Yd9RcKvRQI4YBNu6WrNj0qcT1P6rs1ETEipISLSM8JuiQ8Uj1wzn4ZjGnUdokoafP7c2HaG2hJgPF9n8MXWBjXK4lJl4ibucTtqF9M/MFXlIy557jGGJXJrQfncORDCnO+nLGuuq+4+Vs769YQ+bfj69pzfo4kUKaZRj6tgDcAo9Owbe6b7t1gGIM1fo+1fnyZrgYUxwor6periyvjefJaw8N78ASXbu9zHvVrbqaZmwXRJqCRRm8yYigGwQoxLX1DEryrSSCOEZWNUYzG+Det8XuvmsfRkYfw9p/Bz5XO5V70eU5zq5sw6qGkuECgYEA7feem7nGKMFyEVD9st8jhRvOD3n+Z5QAsbaCN5u3GkvXyKXeD7c0RYP4EPtVjEFcB+jy0zktl4Eks+iz7HhGvQhykQx5s5JC5k6P0Rsd+7YOU/8YsuSOvlXnnuclCzpoX1iClYVTJVQ9U7axbE3P07blQ3PqBu1pZ2XPC/sstRkCgYEA5p3xo4/gHQy65qpmh6EHtW2WlQDxbhLBCok8lCEioZaGK9PyNesGsuTcPLU4bj+mch3Yggn7aHfL/zXjdt4K5KWM6wVyK7KNgDisoJzA7fC4u+3VptLjeWKi+xVhPHLmnmuQP3Dq6SDCF2xbuIvynW0jiujdw6NQWYLo+NT+cHcCgYEAvocbvqMnPUplAehOuABgeBqjCVErl9KwG5l8+Pj7yVogEs561Sph96aJ307cV8ec39hrUyLclgkYUdNm+1XxjThOQkQyzMu2NJ+CFnIXt4k0P5xnMhQ9FbfCE0AOMMc6+dvr8bslryWbVINZ2tUSKPiu5yrPnWxIkDi7ZWRdj0ECgYASqR8fZAn3b8tD1O/884vDI332yp++j2ftaVNsjQ3XU23B6CGGOWFOYnRruSI60Y2vWDjntNUSC/eGzB5+xNLO05KGhedKH+WRRYS6blSyLDNWiZUrLY9YiCG1/XHjyUxd70g5yfJIMO1jpdH6KeDU2jrxB4zCQtnClHQzhlCcWwKBgQDGF4JypvYibSkfoiGHQR0Lq3U4l69t5KRcpBYuWdugPdBcdLUOlYOf+6ZPoH+gpk0Awlu+ZqgWfxPTa7eHLxIwCb2Y81bfrCISiUlUUJnPcE7bNrSnoskTQb8flqtGYT94eux0MKktRg6Wojrug/p7kvr7K1zA+zrfjvUK4Rc5LA0K';
string jwtClaims = 'eyJpc3MiOiJ5bnFpNTYzc3hzMDh4ZWR6ajM2a29lenduczZ1ZmRyMCIsInN1YiI6IjI4NTc5Mzg5NCIsImJveF9zdWJfdHlwZSI6InVzZXIiLCJhdWQiOiJodHRwczovL2FwaS5ib3guY29tL29hdXRoMi90b2tlbiIsImp0aSI6InRKVFRwUklmRFhFUlNkNjFBS0hIam9wUm41ZEVSMjBMIiwiZXhwIjoxNDc2MDg4ODA4fQ';
string jwtHeader = 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InAwbXE4aHZqIn0';
String algorithmName = 'RSA-SHA256';
Blob input = Blob.valueOf(jwtHeader + '.' + jwtClaims);
Blob privateKeyBlob = EncodingUtil.base64Decode(modifiedPrivateKey);
Blob signed = Crypto.sign(algorithmName, input, privateKeyBlob);
Thanks Anurag
 
Srini NandhiSrini Nandhi

Hi Anurag,

Did you got any solution for this. I am also facing same issue. If you get any solution for this let me know.

Thanks,

Srini

MythreyeeSSMythreyeeSS
Hi Anurag - 

The modifiedPrivateKey need to be in PKCS#8 format. The documentation says "The value of privateKey must be decoded using the EncodingUtilbase64Decode method, and should be in RSA's PKCS #8 (1.2) Private-Key Information Syntax Standard form. The value cannot exceed 4 KB.".
The easy way to get the pkcs8 format is to use Open SSL command to convert the private key to PKCS#8 format. Thanks.
MythreyeeSSMythreyeeSS
Hi - Instead of Blob input = Blob.valueOf(jwtHeader + '.' + jwtClaims);, Please try adding Blob input = EncodingUtil.base64Decode(jwtHeader)+ '.' + EncodingUtil.base64Decode(jwtClaims);
Sachin Dubey 4Sachin Dubey 4
HI Anurag,

Did you get any solution for this. I am also facing this issue. if you found an solution please share with us.

Thanks in advance.