1. 首页
  2. 问答
  3. 错误,同时生成jwt SignatureAlgorithm不支持

错误,同时生成jwt SignatureAlgorithm不支持

2016-07-29 70 views
0

我想生成应通过谷歌Firebase验证的jwt令牌。下面是我的代码生成JWT令牌,直到我改变算法的工作细到“RsaSha256Signature”它,然后给了我错误错误,同时生成jwt SignatureAlgorithm不支持

“异常:‘System.InvalidOperationException:加密算法’。http://www.w3.org/2001/04/xmldsig-more#rsa-sha256“在这种情况下不支持 ”

如果我不改变它,并把它作为“HmacSha256Signature”它工作正常

  var plainTextSecurityKey = "-----BEGIN PRIVATE KEY-----; 
      var signingKey = new InMemorySymmetricSecurityKey(Encoding.UTF8.GetBytes(plainTextSecurityKey)); 
      var signingCredentials = new SigningCredentials(signingKey, 
       SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest); 

      var claimsIdentity = new ClaimsIdentity(new List<Claim>() 
     { 
      new Claim(ClaimTypes.NameIdentifier, email), 
      new Claim(ClaimTypes.Role, role), 
     }, "Custom"); 

      var securityTokenDescriptor = new SecurityTokenDescriptor() 
      { 
       AppliesToAddress = "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit", 
       TokenIssuerName = "serviceemail", 
       Subject = claimsIdentity, 
       SigningCredentials = signingCredentials, 
      }; 

      var tokenHandler = new JwtSecurityTokenHandler(); 
      var plainToken = tokenHandler.CreateToken(securityTokenDescriptor); 
      var signedAndEncodedToken = tokenHandler.WriteToken(plainToken); 

      var tokenValidationParameters = new TokenValidationParameters() 
      { 
       ValidAudiences = new string[] 
      { 
       "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit", 
       "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit" 
      }, 
       ValidIssuers = new string[] 
      { 
       "service email", 
       "service email" 
      }, 
       IssuerSigningKey = signingKey 
      }; 

      SecurityToken validatedToken; 
      tokenHandler.ValidateToken(signedAndEncodedToken, 
       tokenValidationParameters, out validatedToken); 

      return validatedToken.ToString();

来源

2016-07-29 Hammad Bukhari

回答

1

signingKey不是RSA密钥,所以你不能使用RsaSha256Signature。 HmacSha256Signature作品,因为你正在创建一个固定的密码一HMAC对称密钥

var plainTextSecurityKey = "-----BEGIN PRIVATE KEY-----; 
var signingKey = new InMemorySymmetricSecurityKey(Encoding.UTF8.GetBytes(plainTextSecurityKey)); 
var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest);

我不是在C#中的专家,但可能你需要像this

// NOTE: Replace this with your actual RSA public/private keypair! 
var provider = new RSACryptoServiceProvider(2048); 
var parameters = provider.ExportParameters(true); 

// Build the credentials used to sign the JWT 
var signingKey = new RsaSecurityKey(parameters); 
var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.RsaSha256);

,您将需要包含一个密钥库中私人和公共密钥。请注意,HMAC是一种对称算法,签名和验证的密钥是相同的,但RSA需要密钥对

来源

2016-07-29 11:31:57 pedrofb

相关问题

 相关问题