Reputation: 4115
How to Encryption JWT Payload with Public Key RSA_OAEP_256
I'm using "BouncyCastle.NetCore" and "jose-jwt" libraries to sign and encrypt a web token. I'm able to sign with my private key by below code. but the requirements is to also perform OpenID JWT Encryption In order to encrypt the JWT payload, we need to do that using provided public key string (base64 decoded with X509 key spec). the encode needed to use RSA algorithm and JWE header should include header name “alg" with the value: RSA_OAEP_256. Below code is sign only with private key but not sure how to complete the encode??
class Program
{
string publicKeyString = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQAB";
public static async Task Main(string[] args)
{
var payload = new System.Collections.Generic.Dictionary<string, object>()
{
{ "sub", "[email protected]" },
{ "iss", "https://www.YourBrand.com" },
{ "exp", 1300819380 },
{ "iat", 1446111752 },
{ "preferred_username", "JohnDoe2" },
{ "phone_number", "+2-10-344-3765333" }
};
var token = CreateToken(payload);
Console.WriteLine($"token={token}");
}
public static string CreateToken(object payload)
{
string jwt = string.Empty;
var fileStream = System.IO.File.OpenText("C:\\temp\\my_private_key.pem");
var pemReader = new Org.BouncyCastle.OpenSsl.PemReader(fileStream, new MyPasswordFinder());
var keyPair = (Org.BouncyCastle.Crypto.AsymmetricKeyParameter)pemReader.ReadObject();
RSAParameters rsaParams = DotNetUtilities.ToRSAParameters((RsaPrivateCrtKeyParameters)keyPair);
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
rsa.ImportParameters(rsaParams);
jwt = JWT.Encode(payload, rsa, JwsAlgorithm.RS256);//,options: new JwtOptions { EncodePayload = true }
}
return jwt;
}
}
Upvotes: 1
Views: 6534
Answers (1)
Reputation: 14577
The only difference EncodePayload seems to make is how payload ends up being written out to JWT body. It is true by default and does not affect payload encryption (see source code):
return jwtOptions.EncodePayload
? Compact.Serialize(headerBytes, payloadBytes, signature)
: Compact.Serialize(headerBytes, Encoding.UTF8.GetString(payloadBytes), signature);
What you probably want is to specify JweAlgorithm and correct JweEncryption (note, it's a different overload to the same function:
jwt = JWT.Encode(payload, rsa, JweAlgorithm.RSA_OAEP_256, JweEncryption.A256GCM);
Upvotes: 0
Related Questions
- How to sign a JWT using RS256 with RSA private key
- Encrypting JWT payload
- How to encrypt JWT security token?
- Encrypt JWT token
- Asp.Net Core Jwt access_token signing and encryption
- Sign the token payload using RSA algorithm
- decrypting JWT to Authentication Ticket with C# JwtFormat.Unprotect
- How to Encrypt JwtSecurityToken
- Encrypting JWT security token supported algorithms
- How to sign/encrypt JWT in C# with PEM key?