如何在 .NET 4.7(非核心)中使用私钥 RSA JWT 签名?

时间:2021-05-09 02:16:45

标签: .net jwt rsa

我正在尝试使用 .NET 4.7 生成由 .NET CORE 3.1 网站读取的 JWT 令牌。我在 CORE 中加密和解密令牌工作正常,但无法弄清楚如何在 .NET 4.7 中以编程方式处理相同的主题。

这是示例 CORE 端的加密代码(我知道它在没有“asdfasdf”的情况下也能工作):

var keyBytes = Encoding.ASCII.GetBytes(customerJwtEncryptionKey);
        var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(keyBytes),
                                            SecurityAlgorithms.Aes256KW, SecurityAlgorithms.Aes256CbcHmacSha512);

    // get signing credentials
    var privateSigningKey = "asdfasdf";
    using RSA rsa = RSA.Create(4096);
    rsa.ImportRSAPrivateKey(Convert.FromBase64String(privateSigningKey), out _);           
    var signingCredentials = new SigningCredentials(new RsaSecurityKey(rsa), SecurityAlgorithms.RsaSha512)
    {
        CryptoProviderFactory = new CryptoProviderFactory { CacheSignatureProviders = false }
    };

    var jwtIssuer = "www.test.com";

    var tokenDescriptor = new SecurityTokenDescriptor
    {
        Issuer = jwtIssuer,
        Subject = CreateClaimsIdentity(request),
        Expires = tokenExpirationTime,
        SigningCredentials = signingCredentials,                
        EncryptingCredentials = encryptingCredentials
    };

这是我目前使用 .NET 4.7 和 C# 所获得的:

    var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(keyBytes),
                                        SecurityAlgorithms.Aes256KW, SecurityAlgorithms.Aes256CbcHmacSha512);

    // get signing credentials
    var privateSigningKey = JwtPrivateSigningKey;
    //RSA rsa = RSA.Create();
    byte[] privateKeyBytes = Convert.FromBase64String(privateSigningKey);
    //RsaSecurityKey securityKey = new RsaSecurityKey();

    CspParameters cspParameters = new CspParameters { };

    RSACryptoServiceProvider myRSA = new RSACryptoServiceProvider(4096);
    RSAParameters publicKey = myRSA.ExportParameters(true);
    


    var signingCredentials = new SigningCredentials(new RsaSecurityKey(rsa), SecurityAlgorithms.RsaSha512)
    {
        CryptoProviderFactory = new CryptoProviderFactory { CacheSignatureProviders = false }
    };

    var jwtIssuer = "http://demosite.com";

    var tokenDescriptor = new SecurityTokenDescriptor
    {
        Issuer = jwtIssuer,
        Subject = CreateClaimsIdentity(),
        Expires = tokenExpirationTime,
        SigningCredentials = signingCredentials,
        EncryptingCredentials = encryptingCredentials
    };

我编写的代码适用于加密凭据,但我不知道如何将私钥导入 RsaSecurityKey 并将其用作 SecurityTokenDescriptor 的签名凭据。如果有人知道如何做到这一点,请联系。谢谢!

哦,How to sign a JWT using RS256 with RSA private key 使用 BouncyCastle,而不是普通的 .NET。

0 个答案:

没有答案
相关问题
最新问题