加密 JWT 安全令牌支持的算法

Encrypting JWT security token supported algorithms

我正在尝试使用此代码段对我的 JWt 进行签名和编码:

var claims = new Claim[] { new SomeClaimes() };
var scKey = Encoding.UTF8.GetBytes("SOME KEY");
var ecKey = Encoding.UTF8.GetBytes("SOME OTHER KEY");
var tokenDescriptor = new SecurityTokenDescriptor {
    Subject = new ClaimsIdentity(claims),
    SigningCredentials = new SigningCredentials(
        new SymmetricSecurityKey(
            scKey),
            SecurityAlgorithms.HmacSha512),
    EncryptingCredentials = new EncryptingCredentials(
        new SymmetricSecurityKey(
            ecKey),
            // I tryied all possible combination of algorithms here:
            SecurityAlgorithms.XXXX,
            SecurityAlgorithms.YYYY), 
    Issuer = "My Jwt Issuer",
    Audience = "My Jwt Audience",
    IssuedAt = DateTime.UtcNow,
    Expires = DateTime.Now.AddDays(7),
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateJwtSecurityToken(tokenDescriptor);
var jwt = tokenHandler.WriteToken(token);

但是当我 运行 代码时,我得到错误:

Encryption failed. No support for: Algorithm: '{0}', SecurityKey: '{1}'.

其中{0}{1}是上面代码中XXXXYYYY的任意组合(是的,我写了一个反射片段并尝试了所有可能的组合其中)。编码(和解码)签名的 JWT 支持哪些算法?

HmacSha512只使用一个密钥来签名或验证token,尝试像RsaSha256这样的算法来public/私钥加密

终于找到答案了:

var claims = new Claim[] { new SomeClaimes() };
var scKey = Encoding.UTF8.GetBytes("SOME KEY");
var ecKeyTemp = Encoding.UTF8.GetBytes("SOME OTHER KEY");

// Note that the ecKey should have 256 / 8 length:
byte[] ecKey = new byte[256 / 8];
Array.Copy(ecKeyTemp, ecKey, 256 / 8);

var tokenDescriptor = new SecurityTokenDescriptor {
    Subject = new ClaimsIdentity(claims),
    SigningCredentials = new SigningCredentials(
        new SymmetricSecurityKey(
            scKey),
            SecurityAlgorithms.HmacSha512),
    EncryptingCredentials = new EncryptingCredentials(
        new SymmetricSecurityKey(
            ecKey),
            SecurityAlgorithms.Aes256KW,
            SecurityAlgorithms.Aes256CbcHmacSha512), 
    Issuer = "My Jwt Issuer",
    Audience = "My Jwt Audience",
    IssuedAt = DateTime.UtcNow,
    Expires = DateTime.Now.AddDays(7),
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateJwtSecurityToken(tokenDescriptor);
var jwt = tokenHandler.WriteToken(token);

如您所见,使用 SecurityAlgorithms.Aes256KW 作为 密钥加密算法SecurityAlgorithms.Aes256CbcHmacSha512 作为 加密算法 将完成这项工作。请注意,用于加密算法的密钥应具有 256 / 8 长度。