问题
I am currently getting following error:
IDX10630: The 'Microsoft.IdentityModel.Tokens.RsaSecurityKey, KeyId: '...', InternalId: '5a946596-9fe6-4c91-8c52-9b140849c7a4'.' for signing cannot be smaller than '2048' bits. KeySize: '512'
I use the following method:
public string GetIdTokenString(Dictionary<string, string> inputClaims, string privateKey)
{
string result = null;
try
{
var tokenHandler = new JwtSecurityTokenHandler();
privateKey = privateKey.Replace("-----BEGIN ENCRYPTED PRIVATE KEY-----", String.Empty).Replace("-----END ENCRYPTED PRIVATE KEY-----", String.Empty);
var privateKeyBytes = Convert.FromBase64String(privateKey);
byte[] privateKeyPasswordBytes = Encoding.UTF8.GetBytes(mypassword);
List<Claim> claims = new List<Claim>();
foreach (var o in inputClaims)
{
claims.Add(new Claim(o.Key, o.Value));
}
int length = 0;
RSA rSA = RSA.Create();
rSA.ImportEncryptedPkcs8PrivateKey(privateKeyPasswordBytes, privateKeyBytes, out length);
RsaSecurityKey securitykey = new RsaSecurityKey(rSA)
{
KeyId = "......"
};
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
Expires = DateTime.UtcNow.AddSeconds(60 * 5),
Audience = ...,
Issuer = .....
};
tokenDescriptor.SigningCredentials = new SigningCredentials(securitykey, SecurityAlgorithms.RsaSha256Signature);
var token = tokenHandler.CreateToken(tokenDescriptor);
if (token != null && token is JwtSecurityToken)
{
result = (token as JwtSecurityToken).RawData;
}
}
catch (Exception ex)
{
Logger.Fatal(ex);
}
return result;
}
there is a code mentioned in post
Error Creating JWT Token using RSA Security Key with key size less than 2048
but I'm not able to run it in .net core 3.1
One more thing is about over riding value in AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap
Any way i can change value of particular Key?
One thing i have tried which didn't work is
var mainclass = typeof(AsymmetricSignatureProvider)
.GetField(nameof(AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap), BindingFlags.Public | BindingFlags.Static );
var field = mainclass.GetValue(null) as Dictionary<string, int>;
if (field != null)
{
field["RS256"] = 512;
}
var mainclass2 = typeof(AsymmetricSignatureProvider).GetField(nameof(AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap), BindingFlags.Public | BindingFlags.Static);
var field2 = mainclass2.GetValue(null) as Dictionary<string, int>;
if (field2 != null)
{
field2["RS256"] = 512;
}
回答1:
Following is the solution i have used
var mainclass = typeof(AsymmetricSignatureProvider)
.GetField(nameof(AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap), BindingFlags.Public | BindingFlags.Static);
var field = mainclass.GetValue(null) as Dictionary<string, int>;
if (field != null)
{
field["RS256"] = 512;
}
var mainclass2 = typeof(AsymmetricSignatureProvider).GetField(nameof(AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap), BindingFlags.Public | BindingFlags.Static);
var field2 = mainclass2.GetValue(null) as Dictionary<string, int>;
if (field2 != null)
{
field2["RS256"] = 512;
}
来源:https://stackoverflow.com/questions/60599339/any-way-to-create-a-jwt-token-with-key-size-512-and-changing-default-minimum-si