加密JWT安全令牌支持的算法 [英] Encrypting JWT security token supported algorithms

问题描述

我正在尝试使用以下代码片段对我的JWt进行签名和编码:

I'm trying to sign and encode my JWt with this snippet:

var claims = new Claim[] { new SomeClaimes() };
var scKey = Encoding.UTF8.GetBytes("SOME KEY");
var ecKey = Encoding.UTF8.GetBytes("SOME OTHER KEY");
var tokenDescriptor = new SecurityTokenDescriptor {
    Subject = new ClaimsIdentity(claims),
    SigningCredentials = new SigningCredentials(
        new SymmetricSecurityKey(
            scKey),
            SecurityAlgorithms.HmacSha512),
    EncryptingCredentials = new EncryptingCredentials(
        new SymmetricSecurityKey(
            ecKey),
            // I tryied all possible combination of algorithms here:
            SecurityAlgorithms.XXXX,
            SecurityAlgorithms.YYYY), 
    Issuer = "My Jwt Issuer",
    Audience = "My Jwt Audience",
    IssuedAt = DateTime.UtcNow,
    Expires = DateTime.Now.AddDays(7),
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateJwtSecurityToken(tokenDescriptor);
var jwt = tokenHandler.WriteToken(token);

但是当我运行代码时，出现错误:

But when I run the code, I get error:

加密失败.不支持:算法:"{0}"，安全密钥:"{1}".

Encryption failed. No support for: Algorithm: '{0}', SecurityKey: '{1}'.

在上面的代码中，{0}和{1}是XXXX和YYYY的任意组合(是的，我编写了一个反射代码段，并尝试了所有可能的组合).哪些受支持的用于对签名的JWT进行编码(和解码)的算法?

Which {0} and {1} are any combination of XXXX and YYYY in the code above (yes, I wrote a reflection snippet and have tried all possible combination of them). Which are supported algorithms for encoding (and decoding) a signed JWT?

推荐答案

最后我找到了答案:

var claims = new Claim[] { new SomeClaimes() };
var scKey = Encoding.UTF8.GetBytes("SOME KEY");
var ecKeyTemp = Encoding.UTF8.GetBytes("SOME OTHER KEY");

// Note that the ecKey should have 256 / 8 length:
byte[] ecKey = new byte[256 / 8];
Array.Copy(ecKeyTemp, ecKey, 256 / 8);

var tokenDescriptor = new SecurityTokenDescriptor {
    Subject = new ClaimsIdentity(claims),
    SigningCredentials = new SigningCredentials(
        new SymmetricSecurityKey(
            scKey),
            SecurityAlgorithms.HmacSha512),
    EncryptingCredentials = new EncryptingCredentials(
        new SymmetricSecurityKey(
            ecKey),
            SecurityAlgorithms.Aes256KW,
            SecurityAlgorithms.Aes256CbcHmacSha512), 
    Issuer = "My Jwt Issuer",
    Audience = "My Jwt Audience",
    IssuedAt = DateTime.UtcNow,
    Expires = DateTime.Now.AddDays(7),
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateJwtSecurityToken(tokenDescriptor);
var jwt = tokenHandler.WriteToken(token);

如您所见，使用SecurityAlgorithms.Aes256KW作为密钥加密算法和SecurityAlgorithms.Aes256CbcHmacSha512作为加密算法即可完成工作.请注意，用于加密算法的密钥应具有256 / 8长度.

As you ca see, using SecurityAlgorithms.Aes256KW as the key encryption algorithm and SecurityAlgorithms.Aes256CbcHmacSha512 as the encryption algorithm will do the job. Note that the key used to encryption algorithm should have 256 / 8 length.

这篇关于加密JWT安全令牌支持的算法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！