加密 JWT 安全令牌支持的算法 [英] Encrypting JWT security token supported algorithms

问题描述

我正在尝试使用以下代码段对我的 JWt 进行签名和编码:

I'm trying to sign and encode my JWt with this snippet:

var claims = new Claim[] { new SomeClaimes() };
var scKey = Encoding.UTF8.GetBytes("SOME KEY");
var ecKey = Encoding.UTF8.GetBytes("SOME OTHER KEY");
var tokenDescriptor = new SecurityTokenDescriptor {
    Subject = new ClaimsIdentity(claims),
    SigningCredentials = new SigningCredentials(
        new SymmetricSecurityKey(
            scKey),
            SecurityAlgorithms.HmacSha512),
    EncryptingCredentials = new EncryptingCredentials(
        new SymmetricSecurityKey(
            ecKey),
            // I tryied all possible combination of algorithms here:
            SecurityAlgorithms.XXXX,
            SecurityAlgorithms.YYYY), 
    Issuer = "My Jwt Issuer",
    Audience = "My Jwt Audience",
    IssuedAt = DateTime.UtcNow,
    Expires = DateTime.Now.AddDays(7),
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateJwtSecurityToken(tokenDescriptor);
var jwt = tokenHandler.WriteToken(token);

但是当我运行代码时，出现错误:

But when I run the code, I get error:

加密失败.不支持:算法:{0}"，安全密钥:{1}".

Encryption failed. No support for: Algorithm: '{0}', SecurityKey: '{1}'.

其中{0}和{1}是上面代码中XXXX和YYYY的任意组合(是的，我写了一个反射片段并尝试了它们的所有可能组合).哪些是支持的编码(和解码)签名 JWT 的算法?

Which {0} and {1} are any combination of XXXX and YYYY in the code above (yes, I wrote a reflection snippet and have tried all possible combination of them). Which are supported algorithms for encoding (and decoding) a signed JWT?

推荐答案

终于找到答案了:

var claims = new Claim[] { new SomeClaimes() };
var scKey = Encoding.UTF8.GetBytes("SOME KEY");
var ecKeyTemp = Encoding.UTF8.GetBytes("SOME OTHER KEY");

// Note that the ecKey should have 256 / 8 length:
byte[] ecKey = new byte[256 / 8];
Array.Copy(ecKeyTemp, ecKey, 256 / 8);

var tokenDescriptor = new SecurityTokenDescriptor {
    Subject = new ClaimsIdentity(claims),
    SigningCredentials = new SigningCredentials(
        new SymmetricSecurityKey(
            scKey),
            SecurityAlgorithms.HmacSha512),
    EncryptingCredentials = new EncryptingCredentials(
        new SymmetricSecurityKey(
            ecKey),
            SecurityAlgorithms.Aes256KW,
            SecurityAlgorithms.Aes256CbcHmacSha512), 
    Issuer = "My Jwt Issuer",
    Audience = "My Jwt Audience",
    IssuedAt = DateTime.UtcNow,
    Expires = DateTime.Now.AddDays(7),
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateJwtSecurityToken(tokenDescriptor);
var jwt = tokenHandler.WriteToken(token);

如您所见，使用SecurityAlgorithms.Aes256KW作为密钥加密算法和SecurityAlgorithms.Aes256CbcHmacSha512作为加密算法 将完成这项工作.请注意，用于加密算法的密钥应具有256/8 长度.

As you ca see, using SecurityAlgorithms.Aes256KW as the key encryption algorithm and SecurityAlgorithms.Aes256CbcHmacSha512 as the encryption algorithm will do the job. Note that the key used to encryption algorithm should have 256 / 8 length.

这篇关于加密 JWT 安全令牌支持的算法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！