我使用本文档中提供的代码。这里的区别只是一些账户变量的值。用于生成私钥(存储在private.pem文件中(的算法是RSA_2048。
主要目标是用PS256加密算法实现JWT。
using System;
using System.Collections.Generic;
using System.IO;
using System.Security.Cryptography;
using Jose;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Security;
class Program
{
static void Main(string[] args)
{
var serviceAccountId = "myServiceAccountId";
var keyId = "myKeyId
var now = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
var headers = new Dictionary<string, object>()
{
{ "kid", keyId }
};
var payload = new Dictionary<string, object>()
{
{ "aud", "someAudience" },
{ "iss", serviceAccountId },
{ "iat", now },
{ "exp", now + 3600 }
};
RsaPrivateCrtKeyParameters privateKeyParams;
using (var pemStream = File.OpenText("private.pem"))
{
privateKeyParams = new PemReader(pemStream).ReadObject() as RsaPrivateCrtKeyParameters;
}
using (var rsa = new RSACryptoServiceProvider())
{
rsa.ImportParameters(DotNetUtilities.ToRSAParameters(privateKeyParams));
string encodedToken = Jose.JWT.Encode(payload, rsa, JwsAlgorithm.PS256, headers);
}
}
}
在线:
string encodedToken = Jose.JWT.Encode(payload, rsa, JwsAlgorithm.PS256, headers);
我收到一个异常:
System.AggregateException: One or more errors occurred. (Specified padding mode is not valid for this algorithm.)
---> System.Security.Cryptography.CryptographicException: Specified padding mode is not valid for this algorithm.
at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
at System.Security.Cryptography.RSA.SignData(Byte[] data, Int32 offset, Int32 count, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
at System.Security.Cryptography.RSA.SignData(Byte[] data, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
at Jose.RsaPssUsingSha.Sign(Byte[] securedInput, Object key)
at Jose.JWT.EncodeBytes(Byte[] payload, Object key, JwsAlgorithm algorithm, IDictionary`2 extraHeaders, JwtSettings settings)
at Jose.JWT.Encode(String payload, Object key, JwsAlgorithm algorithm, IDictionary`2 extraHeaders, JwtSettings settings)
at Jose.JWT.Encode(Object payload, Object key, JwsAlgorithm algorithm, IDictionary`2 extraHeaders, JwtSettings settings)
我使用jwt jose包进行编码。
如果您在Windows上的.Net Framework上运行,只需将RSACryptoServiceProvider替换为RSACng
using (var rsa = new RSACng())
如果你在.Net Core上,它会变得有点复杂,因为它依赖于操作系统加密库。您应该在代码中检测平台,并在Windows上使用RSACng或在Linux上使用RSAOpenSsl(可在.Net 6上获得(
using (RSA rsa = new RSAOpenSsl())
我遇到了同样的错误,我所做的就像遵循
var cert = new X509Certificate2(certificate.Value.Cer);
using var csp = (RSA) cert.PublicKey.Key;
var bytesEncrypted = csp.Encrypt(content, RSAEncryptionPadding.OaepSHA256);
在.Net 6中一切都很顺利,但在使用框架4.8时出错。
前面的答案几乎把我带到了那里。
我找到了一个变通方法如下:
var cert = new X509Certificate2(Convert.FromBase64String(content.CertificateContentRaw));
var csp = new RSACng();
var xml = cert.GetRSAPublicKey().ToXmlString(false);
csp.FromXmlString(xml);