问题
I'm trying to sign and encode my JWt with this snippet:
var claims = new Claim[] { new SomeClaimes() };
var scKey = Encoding.UTF8.GetBytes("SOME KEY");
var ecKey = Encoding.UTF8.GetBytes("SOME OTHER KEY");
var tokenDescriptor = new SecurityTokenDescriptor {
Subject = new ClaimsIdentity(claims),
SigningCredentials = new SigningCredentials(
new SymmetricSecurityKey(
scKey),
SecurityAlgorithms.HmacSha512),
EncryptingCredentials = new EncryptingCredentials(
new SymmetricSecurityKey(
ecKey),
// I tryied all possible combination of algorithms here:
SecurityAlgorithms.XXXX,
SecurityAlgorithms.YYYY),
Issuer = "My Jwt Issuer",
Audience = "My Jwt Audience",
IssuedAt = DateTime.UtcNow,
Expires = DateTime.Now.AddDays(7),
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateJwtSecurityToken(tokenDescriptor);
var jwt = tokenHandler.WriteToken(token);
But when I run the code, I get error:
Encryption failed. No support for: Algorithm: '{0}', SecurityKey: '{1}'.
Which {0}
and {1}
are any combination of XXXX
and YYYY
in the code above (yes, I wrote a reflection snippet and have tried all possible combination of them). Which are supported algorithms for encoding (and decoding) a signed JWT?
回答1:
Finally I found the answer:
var claims = new Claim[] { new SomeClaimes() };
var scKey = Encoding.UTF8.GetBytes("SOME KEY");
var ecKeyTemp = Encoding.UTF8.GetBytes("SOME OTHER KEY");
// Note that the ecKey should have 256 / 8 length:
byte[] ecKey = new byte[256 / 8];
Array.Copy(ecKeyTemp, ecKey, 256 / 8);
var tokenDescriptor = new SecurityTokenDescriptor {
Subject = new ClaimsIdentity(claims),
SigningCredentials = new SigningCredentials(
new SymmetricSecurityKey(
scKey),
SecurityAlgorithms.HmacSha512),
EncryptingCredentials = new EncryptingCredentials(
new SymmetricSecurityKey(
ecKey),
SecurityAlgorithms.Aes256KW,
SecurityAlgorithms.Aes256CbcHmacSha512),
Issuer = "My Jwt Issuer",
Audience = "My Jwt Audience",
IssuedAt = DateTime.UtcNow,
Expires = DateTime.Now.AddDays(7),
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateJwtSecurityToken(tokenDescriptor);
var jwt = tokenHandler.WriteToken(token);
As you ca see, using SecurityAlgorithms.Aes256KW
as the key encryption algorithm and SecurityAlgorithms.Aes256CbcHmacSha512
as the encryption algorithm will do the job. Note that the key used to encryption algorithm should have 256 / 8
length.
回答2:
HmacSha512 use just one key to sign or verify token, try algorithm like RsaSha256 to public / private key encryption.
来源:https://stackoverflow.com/questions/53487247/encrypting-jwt-security-token-supported-algorithms