我正在尝试从JSON Web密钥集(JWKS)创建System.Security.Cryptography.RSA的实例,该实例包含一些RSA密钥,但仅包括其模数(n),公共指数(e)和秘密指数( d),而不是密钥生成过程中使用的素数(p和q)。
这是包含私钥(当然是测试密钥)的jwks: https://belgianmobileid.github.io/slate/private_jwks.json
这是我尝试过的:
using System.Linq;
using System.Net;
using System.Security.Cryptography;
using Microsoft.IdentityModel.Tokens;
class Program
{
static void Main(string[] args)
{
var jwks = new WebClient().DownloadString("https://belgianmobileid.github.io/slate/private_jwks.json");
var webKeySet = JsonWebKeySet.Create(jwks);
// signing key has kid "s1"
var signingkey = webKeySet.Keys.Single(key => key.KeyId == "s1");
// throws System.Security.Cryptography.CryptographicException:
// 'The specified RSA parameters are not valid; both Exponent and Modulus are required fields.'
var rsa = RSA.Create(
new RSAParameters
{
Modulus = Base64UrlEncoder.DecodeBytes(signingkey.N),
Exponent = Base64UrlEncoder.DecodeBytes(signingkey.E),
D = Base64UrlEncoder.DecodeBytes(signingkey.D),
P = null, // unknown
Q = null // unknown
});
}
}
我当然不是密码专家,我只是想将JWKS解析成可以在代码中使用的东西。不知道p或q甚至可能吗?
答案 0 :(得分:1)
p和q(以及dp,dq和qi)不是执行签名/加密操作所必需的。
但是它们大大加快了计算过程(速度提高了10倍以上)。
您可以从n,e和d中恢复这些值。
p和q dp,dq和qi 您还将找到一个PHP实现in this project。
如果您具有安装了GMP和JSON扩展的PHP 7.1,则可以尝试以下命令:
curl -OL https://github.com/web-token/jwt-app/raw/gh-pages/jose.phar
curl -OL https://github.com/web-token/jwt-app/raw/gh-pages/jose.phar.pubkey
chmod +x jose.phar
./jose.phar key:optimize '{"kty":"RSA","d":"FVSxl…96w"}'
例如,使用您从链接中指出的以下键:
{ “KTY”: “RSA”, “d”: “FVSxlyJTtDwWxAkAIxexpZTaDd3EsiCTcjF9h5Ciu0fcZujvX7i-qC1Nhzxk5ScQ36j0vduDymsW4uTehJKmcIZAnw_oMtX9ikn85KiUGGVzoUu4TyaUGmoGmDGUIrqtKhXbhoFXmFrQrtMSjy-1V2J-I0nX7s-fqS3c2MPtmnPEMXkLpxHr2hStRiIQFIf3T7Dv4aX5-2o00JViEM-cXTQZJerkDjSgj7KhGP7EKnkTfV7sBAiuRnbtOFqrNNMjXpGWJQSPbof1_6oo3_R9Jw7TYTNMzIyXWDmpam_Zf_iPFltFRWTh9nUygCAvpnPXRgFkgJN2JuSY6oLrIG-HSQ”, “E”: “AQAB”, “使用”: “SIG”, “孩子”: “S1”, “ALG”: “RS256” 中, “n”: “pJADu0nyhCrh9XIRTO42V6YQqAeNABGGo006hknHw86wYByjHMhpYYwHuxuyx44mO8iQIcJkh5NPlkcaDN90RH0JOxyEE1pES5C3LqntC0mAP6BWoqMhY8g4PT2EJyPjVYZcpaZw0VUp6E5kx847dbvhMe8KWy0geuCwrCgXVhWDRoIyV7r2k948zlmRJjbdjkNosYEFI43nicZ_jckTbs_8nzlxDQo8GtstdhR_oUbXyyBJM66SUA8KxWV6NG0zubNIYWxHIwlU938gdpTNfUMKm78f78iPyfuoPz2dTb6Z7OP7WZb06eRv41i_dS0Zh-sKKHrpUYXRf6VrOoU96w”}
带有质数的键将是:
{ “KTY”: “RSA”, “d”: “FVSxlyJTtDwWxAkAIxexpZTaDd3EsiCTcjF9h5Ciu0fcZujvX7i-qC1Nhzxk5ScQ36j0vduDymsW4uTehJKmcIZAnw_oMtX9ikn85KiUGGVzoUu4TyaUGmoGmDGUIrqtKhXbhoFXmFrQrtMSjy-1V2J-I0nX7s-fqS3c2MPtmnPEMXkLpxHr2hStRiIQFIf3T7Dv4aX5-2o00JViEM-cXTQZJerkDjSgj7KhGP7EKnkTfV7sBAiuRnbtOFqrNNMjXpGWJQSPbof1_6oo3_R9Jw7TYTNMzIyXWDmpam_Zf_iPFltFRWTh9nUygCAvpnPXRgFkgJN2JuSY6oLrIG-HSQ”, “E”: “AQAB”, “使用”: “SIG”, “孩子”: “S1”, “ALG”: “RS256” 中, “n”: “pJADu0nyhCrh9XIRTO42V6YQqAeNABGGo006hknHw86wYByjHMhpYYwHuxuyx44mO8iQIcJkh5NPlkcaDN90RH0JOxyEE1pES5C3LqntC0mAP6BWoqMhY8g4PT2EJyPjVYZcpaZw0VUp6E5kx847dbvhMe8KWy0geuCwrCgXVhWDRoIyV7r2k948zlmRJjbdjkNosYEFI43nicZ_jckTbs_8nzlxDQo8GtstdhR_oUbXyyBJM66SUA8KxWV6NG0zubNIYWxHIwlU938gdpTNfUMKm78f78iPyfuoPz2dTb6Z7OP7WZb06eRv41i_dS0Zh-sKKHrpUYXRf6VrOoU96w”, “p”: “yFRFPKiUCelQ2c-vfy_09Ckd3TnGWFExHoiG7lOoRDxIWZjHy5ApSZ1S5Hx8pLcmJltpn3ad5LcgVv1hHUmcfw4NuyY1mduC4HUNKb6sZWQZJKDss1mJFFmL3Yg026Sy-_cK2wp0AP2nMqZ3JT3Pm6PsLn6VqKFNqAZNbnp4wrM”, “q”:“0ktANeYxLEB1uEDkSQgQ6pSppBnNMHishDZPjLNuy2AzfP5tP1sqsg0 Xbyr1gtJX9mccz3BwpmQCNZiWWhmLepvERK1gEb97eEmqVK1RwbRU0_z4osZcxudZxhI3QdyTOXYfp3n0SuIb4W-MWy8X4yZsiRf7K1eCJm1THcSUU-K”, “DP”: “XxhRvZewnnvY22xRPKkBOJ4EBS4Vz3rLPFlG4_9mUu3i0lVKEoGed8lsvfWyHWarf23JV98w2I9tlJ226fY1icKcFgjvTNf86pvl4bkXkRHRNagGdKS-A6D2WfT8Un9-T0lYJ95wbr_6DHsk99K9qH5J8VA5rtDTUj2bqCQPCy0”, “DQ”: “dzTM-0C3kxwfHwk53uRBopgO6cTueZGOSYv34Aw-U-6WgT5Ac2-cbj3ZkNzLOxM9ZaHhxP05_jgmwHb0k7JzTFdMFJorISRoOzGW6lUtSR6OD3URBERphx7R1uOwixccJbB-FROelWxC3bG74Fx7r_myAKylZlY-osXKHc-3PTE”, “气”: “s0SZ_zJImz6abac_i8XJmVBq8wa08NL1DHXTKJxaBJcQqUbQ6xIs5Hxxouezv8wWe8O4G4NDVwQHGZINVjwzLyjTK2J1FRvAzm1ei-PB9C9RdgnK4ELCIIuJizOFVgFiRf4rzsTtpPtX1tsihUIL3geYucng9UqYJpkj8AumqAY” }