如何使用JWK for ES256 alg验证JWT? [英] How to Validate JWT using JWK for ES256 alg?

查看：445 发布时间：2021/2/14 19:50:39 c# asp.net-core jwt jwk jose

本文介绍了如何使用JWK for ES256 alg验证JWT?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我有JWT

var signedJwt = "eyJhbGciOiJFUzI1NiIsImtpZCI6IjZjNTUxNmUxLTkyZGMtNDc5ZS1hOGZmLTVhNTE5OTJlMDAwMSIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1OTY3MzA4ODMsInJlcXVlc3RfYm9keV9zaGEyNTYiOiI4NDMyODhkMWMxYmM0NzhlMTBhOTM2NWQ1YjIzY2U5ZWZlY2E2ZjdkYjA3NDQ3Y2JmNjU4YTg3ZjEzZjI1ZjJmIn0.3yQY6gtNq0lQlx6eNLO_3coGqf2VkX2CBRWam9Lz0dcVvr8h4LkYfuZMwQf1fzZ_XXHEV_o17LciyBC-O72UUw"

然后我得到了一个公共密钥，

then I got a public key as:

{
    "alg": "ES256",
    "created_at": 1560466143,
    "crv": "P-256",
    "expired_at": null,
    "kid": "6c5516e1-92dc-479e-a8ff-5a51992e0001",
    "kty": "EC",
    "use": "sig",
    "x": "35lvC8uz2QrWpQJ3TUH8t9o9DURMp7ydU518RKDl20k",
    "y": "I8BuXB2bvxelzJAd7OKhd-ZwjCst05Fx47Mb_0ugros"
}

我正在尝试使用C#中的Jose库进行解码

I am trying to decode with Jose library in C#

var claims = Jose.JWT.Decode(signedJwt, publicKey, JwsAlgorithm.ES256);

每次出现错误:

EcdsaUsingSha算法期望密钥为CngKey或ECDsa类型.

EcdsaUsingSha algorithm expects key to be of either CngKey or ECDsa types.

我认为我使用密钥的方式不正确，但是我找不到任何将json密钥转换为pem或任何有效方法的方法.

I assume the way I am using key is not correct, but I could not find any way to convert json key to pem or anything valid.

推荐答案

您可以创建 EccKey 这个:

You can create a key of type EccKey from the JWK like this:

using Jose;
using Microsoft.AspNetCore.WebUtilities;
using Security.Cryptography;
using System;
using System.Text.Json;

namespace josejwttest
{
    public class JWK
    {
        public string alg { get; set; }
        public int? created_at { get; set; }
        public string crv { get; set; }
        public int? expired_at { get; set; }
        public string kid { get; set; }
        public string kty { get; set; }
        public string use { get; set; }
        public string x { get; set; }
        public string y { get; set; }
    }

    class Program
    {
        static void Main(string[] args)
        {
            var signedJwt = "eyJhbGciOiJFUzI1NiIsImtpZCI6IjZjNTUxNmUxLTkyZGMtNDc5ZS1hOGZmLTVhNTE5OTJlMDAwMSIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1OTY3MzA4ODMsInJlcXVlc3RfYm9keV9zaGEyNTYiOiI4NDMyODhkMWMxYmM0NzhlMTBhOTM2NWQ1YjIzY2U5ZWZlY2E2ZjdkYjA3NDQ3Y2JmNjU4YTg3ZjEzZjI1ZjJmIn0.3yQY6gtNq0lQlx6eNLO_3coGqf2VkX2CBRWam9Lz0dcVvr8h4LkYfuZMwQf1fzZ_XXHEV_o17LciyBC-O72UUw";

            var jwkJson = "{\"alg\": \"ES256\",\"created_at\": 1560466143, \"crv\": \"P -256\", \"expired_at\": null, \"kid\": \"6c5516e1-92dc-479e-a8ff-5a51992e0001\", \"kty\": \"EC\", \"use\": \"sig\", \"x\": \"35lvC8uz2QrWpQJ3TUH8t9o9DURMp7ydU518RKDl20k\", \"y\": \"I8BuXB2bvxelzJAd7OKhd-ZwjCst05Fx47Mb_0ugros\"}";

            var jwk = JsonSerializer.Deserialize<JWK> (jwkJson);
            
            var publicECCKey = EccKey.New(WebEncoders.Base64UrlDecode(jwk.x), WebEncoders.Base64UrlDecode(jwk.y)) ;

            var claims = Jose.JWT.Decode(signedJwt, publicECCKey, JwsAlgorithm.ES256);
        }
    }
}

x和y是在jwk中编码的Base64Url，因此您需要使用Base64Url解码器将其转换为byte[].我使用了 Base64UrlDecode ，但您当然可以使用任何其他解决方案.

x and y are Base64Url encoded in the jwk, so you need to use a Base64Url Decoder to transform it to byte[]. I used Base64UrlDecode for it, but you can of course use any other solution.

这篇关于如何使用JWK for ES256 alg验证JWT?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

如何使用JWK for ES256 alg验证JWT? [英] How to Validate JWT using JWK for ES256 alg?

问题描述

推荐答案

相关文章

C#/.NET最新文章

热门教程

热门工具

登录关闭

如何使用JWK for ES256 alg验证JWT? [英] How to Validate JWT using JWK for ES256 alg?

问题描述

推荐答案

相关文章

C#/.NET最新文章

热门教程

热门工具

登录 关闭

登录关闭