使用密钥大小小于2048的RSA安全密钥创建JWT令牌时出错 [英] Error Creating JWT Token using RSA Security Key with key size less than 2048

问题描述

尝试在C#Web API应用程序中创建 JWT 令牌时遇到异常.

I'm facing an exception when trying to create a JWT token in C# Web API application.

测试环境

• 平台:带有.net框架的Windows 10 x64:4.6.1
• jwt NuGet软件包: System.IdentityModel.Tokens.Jwt版本:4.0.2.206221351

以下是负责生成RSA密钥的代码:

Here is the code responsible for generating RSA keys:

    public SignatureInformation CreateNewSignatureInformation(int length = 0)
    {
        try
        {
            var signatureInformation = new SignatureInformation();

            var rsaProvider = new RSACryptoServiceProvider(length);

            var publicKey = rsaProvider.ToXmlString(false);
            signatureInformation.Public = publicKey;

            var privateKey = rsaProvider.ToXmlString(true);
            signatureInformation.Private = privateKey;

            return signatureInformation;
        }
        catch (Exception)
        {
            return null;
        }
    }

以下是负责生成JTW令牌的代码，该令牌用上述代码生成的RSA密钥对签名了:

And here is the code responsible for generating a JTW token signed with a RSA key pair generated with the above code:

    private string GenerateToken(string privateKeyInXml)
    {
        var cryptoServiceProvider = new RSACryptoServiceProvider();
        cryptoServiceProvider.FromXmlString(privateKeyInXml);

        var creds = new SigningCredentials(new RsaSecurityKey(cryptoServiceProvider),
            SecurityAlgorithms.RsaSha256Signature,
            SecurityAlgorithms.Sha256Digest);

        var nbf = DateTime.UtcNow;
        var exp = nbf.AddMinutes(10);
        var jwtToken = new JwtSecurityToken("SAMPLE_ISSUER",
            "SAMPLE_AUDIENCE",
            null, //null is given as claims list in this sample
            nbf,
            exp,
            creds);

        var tokenHandler = new JwtSecurityTokenHandler();
        var token = tokenHandler.WriteToken(jwtToken); //the exception is thrown here
        return token;
    }

引发的异常类型为System.ArgumentOutOfRangeException，消息为:

the exception thrown is of type System.ArgumentOutOfRangeException and the message is:

"IDX10630: The 'System.IdentityModel.Tokens.RsaSecurityKey' for signing cannot be smaller than '2048' bits.\r\nParameter name: key.KeySize\r\nActual value was 512."

问题

如何使用密钥大小小于2048的RSA安全密钥生成JWT令牌?

How can I generate a JWT Token using an RSA Security Key with key size less than 2048?

推荐答案

在这种情况下，最小密钥大小的限制由SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning属性控制.不幸的是，还有一个绝对"最小值，它由只读字段SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning控制，并且该绝对"最小值设置为2048.

Restriction on minimum key size in this case is controlled by SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning property. Unfortunately, there is also an "absolute" minimum, which is controlled by readonly field SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning, and this "absolute" minimum is set to 2048.

您必须使用反射将那个只读字段的值修改为所需的值.之后，可以将MinimumAsymmetricKeySizeInBitsForSigning设置为相同的期望值.

You have to use reflection to modify value of that readonly field to the value you desire. After that, you can set MinimumAsymmetricKeySizeInBitsForSigning to the same desired value.

示例代码:

var absoluteField = typeof(SignatureProviderFactory).GetField(nameof(SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning), BindingFlags.Public | BindingFlags.Static);
absoluteField.SetValue(null, 512);
SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning = 512;

之后，您的代码应该可以正常工作，并接受任何大小为512以上的非对称密钥.

After that your code should work fine and accept any assymetric keys of size 512 and above.

这篇关于使用密钥大小小于2048的RSA安全密钥创建JWT令牌时出错的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！