Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PGP key for the jwks-rsa package not found on the keyserver #205

Open
5 tasks done
NikoLehtovirta opened this issue Feb 19, 2025 · 0 comments
Open
5 tasks done

PGP key for the jwks-rsa package not found on the keyserver #205

NikoLehtovirta opened this issue Feb 19, 2025 · 0 comments
Labels
bug This points to a verified bug in the code

Comments

@NikoLehtovirta
Copy link

Checklist

  • I have looked into the Readme and Examples, and have not found a suitable solution or answer.
  • I have looked into the API documentation and have not found a suitable solution or answer.
  • I have searched the issues and have not found a suitable solution or answer.
  • I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • I agree to the terms within the Auth0 Code of Conduct.

Description

With the recent update to com.auth0.java-jwt to keys have been rotated and currently the jwks-rsa package looks to be using the same key causing the PGP verification to fail during the install step. While the issue was solved for the com.auth0.java-jwt by updating it to 4.5.0 version the jwks-rsa package has not received any update which means there isn't any way to solve the issue until new release is made using new key.

Here are the key PGP info to show the issue using the pgpverify-maven-plugin:

com.auth0.java-jwt:4.5.0

Artifact:
        groupId:     com.auth0
        artifactId:  java-jwt
        type:        jar
        version:     4.5.0

PGP signature:
        version:     4
        algorithm:   SHA512 with RSA (Encrypt or Sign)
        keyId:       0x09C6FCE6AACD67E3
        create date: Wed Jan 29 16:38:44 EET 2025
        status:      valid

PGP key:
        version:     4
        algorithm:   RSA (Encrypt or Sign)
        bits:        3072
        fingerprint: 0xAC3F8C3B82B7990EE0EB32C009C6FCE6AACD67E3
        create date: Fri Oct 27 15:04:13 EEST 2023
        uids:        [Auth0 <[email protected]>]

com.auth0.java-jwt:4.4.0

Artifact:
        groupId:     com.auth0
        artifactId:  java-jwt
        type:        jar
        version:     4.4.0

PGP signature:
        version:     4
        algorithm:   SHA512 with RSA (Encrypt or Sign)
        keyId:       0x7C579522A12B1443
        create date: Fri Mar 31 21:33:04 EEST 2023
        status:      valid

PGP key:
        version:     4
        algorithm:   RSA (Encrypt or Sign)
        bits:        3072
        fingerprint: 0x0984FA32B926C76FE624E2157C579522A12B1443
        create date: Fri Jan 06 01:44:35 EET 2023
        uids:        []

com.auth0.jwks-rsa:0.22.1

Artifact:
        groupId:     com.auth0
        artifactId:  jwks-rsa
        type:        jar
        version:     0.22.1

PGP signature:
        version:     4
        algorithm:   SHA512 with RSA (Encrypt or Sign)
        keyId:       0x7C579522A12B1443
        create date: Fri Jul 28 15:26:41 EEST 2023
        status:      valid

PGP key:
        version:     4
        algorithm:   RSA (Encrypt or Sign)
        bits:        3072
        fingerprint: 0x0984FA32B926C76FE624E2157C579522A12B1443
        create date: Fri Jan 06 01:44:35 EET 2023
        uids:        []

Reproduction

  1. Install the pgpverify-maven-plugin:
  2. Add jwks-rsa as dependency.
  3. See the error com.auth0:jwks-rsa:jar:0.22.1 PGP key 0x7C579522A12B1443 not found on keyserver

Additional context

No response

jwks-rsa version

0.22.1

Java version

11
@NikoLehtovirta NikoLehtovirta added the bug This points to a verified bug in the code label Feb 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This points to a verified bug in the code
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@NikoLehtovirta