如何在C#中解密JWE源(使用RSA1_5 A256CBC-HS512加密)? [英] How to decrypt JWE source (encrypted with RSA1_5 A256CBC-HS512) in C#?
问题描述
我正在实现一个客户端,用于通过密码方式与某些服务器进行通信.客户端将带有公共RSA密钥的获取请求发送到服务器.文档如何与服务器通信"具有使用Java代码的示例.以下代码生成公用密钥:
I am implementing a client for communicate with some server by the cryptological way. The client sends get request with public RSA key to the server. Documentation "how to communicate with server" has the sample with java code. The following code generates the public key:
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(2048);
KeyPair keypair = keyGen.genKeyPair();
byte[] pubKeyBytes = keypair.getPublic().getEncoded();
我需要用C#实现我的客户端.我在C#中找到了执行相同操作的方法:
I need to implement my client in C#. I found the way how to do the same in C#:
var rsa = new RSACryptoServiceProvider(2048);
var parameters = _rsa.ExportParameters(includePrivateParameters: false);
The client uses parameters and solution from How to adapt public/private RSA keys of C# for using them as in Java? That's ok. The client can generate the key which can pass verification on the server. As result, I have the encrypted response and trying to decrypt it.
responseContent = rsa.Decrypt(responseContent)
但是此代码引发以下异常:
But this code throws following exception:
System.Security.Cryptography.CryptographicException:'要存储的数据 解密超出了此256字节模数的最大值.'
System.Security.Cryptography.CryptographicException: 'The data to be decrypted exceeds the maximum for this modulus of 256 bytes.'
responseContent 是字节数组,长度为250996.据我所知,不可能通过上述方式解密响应内容.
responseContent is byte array with length 250996. And as I see there is impossible to decrypt response content by way above.
从文档中我知道
另外,我有一个示例如何在java中解密响应:
Also, I have an example how to decrypt response in java:
JWEObject jweObject = JWEObject.parse(encryptedPayload);
RSAPrivateKey rsaPrivatteKey = (RSAPrivateKey)KeyFactory
.getInstance("RSA")
.generatePrivate(new PKCS8EncodedKeySpec(keybytes));
RSADecrypter RSADecrypter rsaDecrypter= new RSADecrypter(rsaPrivateKey);
JWEObject jweObject.decrypt(rsaDecrypter);
String decryptedResponse = jweObject.getPayload().toString();
我认为rsa.Decrypt与上面的代码类似.但是当我播种-不是. 经过一番研究,我发现我的回答是JWE来源. 基于 https://tools.ietf.org/html/rfc7516 ,我将响应分为用."分隔的部分.并从base64url解码它们.结果,我有:
I thought that rsa.Decrypt is analog of code above. But as I sow - not. After some research, I found that my response is JWE source. Based on https://tools.ietf.org/html/rfc7516 I split my response to parts which was separated by '.' and decode each of them from base64url. As result I have:
- 标头(JSON:{"enc":"A256CBC-HS512","alg":"RSA1_5"})
- 加密密钥(大小为256个字节)
- 初始化向量(大小为16个字节)
- 密文(大小1844688字节)
- 身份验证标签(大小为32个字节)
我认为主要内容在 Cipertext 中,我需要对其解密.但是我不知道为什么,因为 Cipertext 的大小超过256个字节,并且我不能使用rsa.Decrypt.
I think the main content is in Cipertext and I need to decrypt it. But I don't know how because of the Cipertext size is more than 256 bytes and I can't use rsa.Decrypt.
当源的大小大于RSA密钥时,如何解密源?
How to decrypt source when size of it is more than RSA key?
推荐答案
我找到了这个库 js-jose 可以完全满足我的需求.我将其添加为NuGet包,并编写了以下代码:
I found this library js-jose that can do exactly what I need. I added it as NuGet package, written following code:
JWT.Decode(responseContent, // content as String read from Response
rsa, // RSACryptoServiceProvider
JweAlgorithm.RSA1_5,
JweEncryption.A256CBC_HS512);
并且已解密内容.
这篇关于如何在C#中解密JWE源(使用RSA1_5 A256CBC-HS512加密)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
