JwtBuilder.signWith HS256 key no more than 4 character

[HeCG08]

I try signing my data with key "rumoss":
JwtBuilder builder = Jwts.builder().setId("666").setSubject("Tanijia") .setIssuedAt(new Date()) .signWith(SignatureAlgorithm.HS256,"rumoss");
Console:
eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiI2NjYiLCJzdWIiOiJUYW5pamlhIiwiaWF0IjoxNTM5NDExMDM1fQ.XNHLD4N4Bfb_Zj7bNnApytFwBRZIIxk4R0YZI9I4LAg
And then I try decoding with another key: "rumo",It works:
Claims claims = Jwts.parser().setSigningKey("rumo").parseClaimsJws(token).getBody(); System.out.println("Parsed Id: " + claims.getId()); System.out.println("Parsed Subject: " + claims.getSubject()); System.out.println("Parsed IssuedA: " + claims.getIssuedAt());
Console:
Parsed Id: 666 Parsed Subject: Tanijia Parsed IssuedA: Sat Oct 13 14:10:35 CST 2018
I replace with some key ,like 'rumo1','rumo11','rumo111', it works too. But 'rumo1111' throw Exception.

[lhazlewood]

Duplicate of #211 #269 #324 #362

.signWith(SignatureAlgorithm, base64EncodedKey requires the second argument to be Base64, not a plaintext password. You seem to be using the API incorrectly.

The latest stable version of JJWT (0.10.5 at the time of this comment) goes through more lengths to ensure you correctly use Base64 and/or proper key lengths. You can't just change appended characters of Base64 and always expect different results. See #211 for why.