I would like to load PrivateKey from a .key file and use it to generate jwt token. I have following method to generate token
public String gen(String privateFile, String crtFile) {
long nowMillis = System.currentTimeMillis();
Date now = new Date(nowMillis);
long expMillis = nowMillis + 50000;
Date exp = new Date(expMillis);
// load private key
PrivateKey privKey= loadPrivateKey(privateFile);
// load public key
PublicKey pubKey= loadPublicKey(crtFile);
String jws = Jwts.builder()
.signWith(privKey, SignatureAlgorithm.RS512)
return jws;
loadPrivateKey method looks as follows:
public static PrivateKey loadPrivateKey(String filename)
throws Exception {
String privateKeyContent = new String(Files.readAllBytes(Paths.get(ClassLoader.getSystemResource(filename).toURI())));
privateKeyContent = privateKeyContent.replaceAll("\\n", "").replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "");
KeyFactory kf = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec keySpecPKCS8 = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKeyContent));
PrivateKey privKey = kf.generatePrivate(keySpecPKCS8);
return privKey;
On the compilation I get java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:663)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
Which I do not understand because I am opening PKCS8 private key. Would someone have an idea how to solve this?
I hope this will help you to generate the token.
keep the .key
or .der
file into classpath src/main/resources
public class JWTClientService {
public String generateJWTToken(ProjectConfig jwtConfig) {
return Jwts.builder()
.setExpiration(getExpiryDate(jwtConfig.getTokenExpiryUnit(), jwtConfig.getTokenExpiryFrequency()))
.claim(jwtConfig.getClaimKey(), Boolean.valueOf(jwtConfig.getClaimValue()))
.signWith(SignatureAlgorithm.RS512, privateKey(jwtConfig))
private Date getExpiryDate(String tokenExp, String tokenExpFreq) {
Calendar calendar = Calendar.getInstance();
int expiry = Integer.parseInt(tokenExp);
switch (tokenExpFreq.toLowerCase()) {
case "second": {
calendar.add(Calendar.SECOND, expiry);
case "minute": {
calendar.add(Calendar.MINUTE, expiry);
case "hour": {
calendar.add(Calendar.HOUR, expiry);
case "day": {
calendar.add(Calendar.DATE, expiry);
case "month": {
calendar.add(Calendar.MONTH, expiry);
default: {
calendar.add(Calendar.HOUR, expiry);
return calendar.getTime();
private PrivateKey privateKey(ProjectConfig jwtConfig) {
PrivateKey privateKey = null;
try {
InputStream inputStream = this.getClass().getClassLoader().getResourceAsStream(jwtConfig.getKeyPath());
ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream();
assert inputStream != null;
IOUtils.copy(inputStream, byteOutputStream);
byte[] privKeyByteArray = byteOutputStream.toByteArray();
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privKeyByteArray);
KeyFactory keyFactory = KeyFactory.getInstance(jwtConfig.getKeyAlgorithm());
privateKey = keyFactory.generatePrivate(keySpec);
} catch (Exception ex) {
throw new RuntimeException("Unable to generate private key..." + ex.getMessage());
return privateKey;
Find the Project config class:
public class ProjectConfig {
private String clientId;
private String clientSecret;
private String jwtTokenUrl;
private String keyAlgorithm;
private String keyPath;
private String subject;
private String issuer;
private String audience;
private String claimKey;
private String claimValue;
private String tokenExpiryFrequency;
private String tokenExpiryUnit;
public String getClientId() {
return clientId;
public void setClientId(String clientId) {
this.clientId = clientId;
public String getClientSecret() {
return clientSecret;
public void setClientSecret(String clientSecret) {
this.clientSecret = clientSecret;
public String getJwtTokenUrl() {
return jwtTokenUrl;
public void setJwtTokenUrl(String jwtTokenUrl) {
this.jwtTokenUrl = jwtTokenUrl;
public String getKeyAlgorithm() {
return keyAlgorithm;
public void setKeyAlgorithm(String keyAlgorithm) {
this.keyAlgorithm = keyAlgorithm;
public String getKeyPath() {
return keyPath;
public void setKeyPath(String keyPath) {
this.keyPath = keyPath;
public String getSubject() {
return subject;
public void setSubject(String subject) {
this.subject = subject;
public String getIssuer() {
return issuer;
public void setIssuer(String issuer) {
this.issuer = issuer;
public String getAudience() {
return audience;
public void setAudience(String audience) {
this.audience = audience;
public String getClaimKey() {
return claimKey;
public void setClaimKey(String claimKey) {
this.claimKey = claimKey;
public String getClaimValue() {
return claimValue;
public void setClaimValue(String claimValue) {
this.claimValue = claimValue;
public String getTokenExpiryFrequency() {
return tokenExpiryFrequency;
public void setTokenExpiryFrequency(String tokenExpiryFrequency) {
this.tokenExpiryFrequency = tokenExpiryFrequency;
public String getTokenExpiryUnit() {
return tokenExpiryUnit;
public void setTokenExpiryUnit(String tokenExpiryUnit) {
this.tokenExpiryUnit = tokenExpiryUnit;
Main Class :
public class TokenApplication {
static ObjectMapper objectMapper = new ObjectMapper()
.configure(JsonParser.Feature.AUTO_CLOSE_SOURCE, true);
public static void main(String[] args) {
ProjectConfig projectConfig = loadConfiguration("application-stg.properties");
if (args.length > 0 && args[0].equals("PROD")) {
projectConfig = loadConfiguration("application-prod.properties");
try {
JWTTokenService jwtTokenService = new JWTTokenService();
} catch (Exception ex) {
private static ProjectConfig loadConfiguration(String filePath) {
try (InputStream input = TokenApplication.class.getClassLoader().getResourceAsStream(filePath)) {
Properties props = new Properties();
return objectMapper.convertValue(new HashMap(props), ProjectConfig.class);
} catch (Exception ex) {
throw new RuntimeException("Not able to load configuration" + ex.getMessage());