stackoom
  简体   繁体   中英

JWE Decryption does not work for me with jose jwt

 原文  2019-11-19 06:26:27       c#/ encryption/ jwe

Question

I am using Jose-Jwt license on C# and I have the following code:

private string DecodeJWT(string token)
{
    string privateKeyPath = ConfigurationManager.AppSettings["PrivateKey"];
    var privateRSA = RsaProviderFromPrivateKeyInPemFile(privateKeyPath);           
    string json = Jose.JWT.Decode(token,privateRSA, Jose.JweAlgorithm.RSA_OAEP, Jose.JweEncryption.A256GCM);
    return json;
}


private RSACryptoServiceProvider RsaProviderFromPrivateKeyInPemFile(string privateKeyPath)
{
     using (TextReader privateKeyTextReader = new StringReader(System.IO.File.ReadAllText(privateKeyPath)))
     {
         PemReader pr = new PemReader(privateKeyTextReader);
         RSAParameters rsaParams = DotNetUtilities.ToRSAParameters((RsaPrivateCrtKeyParameters)pr.ReadObject());
         RSACryptoServiceProvider csp = new RSACryptoServiceProvider();
         csp.ImportParameters(rsaParams);
         return csp;
     }
}

However I didn't manage to decrypt the encrypted string. It returns the same encrypted string after decoding. Can anyone advise what I might have done wrong? I am actually following suggestions from this Q/A

It doesn't seem to work for me. :(

1 answers

solution1
 0  2019-11-20 07:18:01

I found out that decoding actually works. But I need to further decrypt the data using the Public Key.

RSACryptoServiceProvider publicRSA = RsaProviderFromPublicKeyInPemFile(publicKeyPath); 

        var validationParameters = new TokenValidationParameters()
        {
            RequireExpirationTime = false,
            RequireSignedTokens = true,
            ValidateAudience = false,
            ValidateIssuer = false,
            IssuerSigningKey = new RsaSecurityKey(publicRSA)
        };

        IdentityModelEventSource.ShowPII = true;
        var result = handler.ValidateToken(decryptedresult, validationParameters, out var validatedToken);

However the system is throwing {"IDX10501: Signature validation failed. Unable to match key: \nkid: 'C6Q-0bsHc4qyNq6MBEtftpB-DsTHNth4ZnlrFPUQ8PI'.\nExceptions caught:\n ''. \ntoken: {"IDX10501: Signature validation failed. Unable to match key: \nkid: 'C6Q-0bsHc4qyNq6MBEtftpB-DsTHNth4ZnlrFPUQ8PI'.\nExceptions caught:\n ''. \ntoken: '{\"alg\":\"RS256\",\"kid\":\"C6Q-0bsHc4qyNq6MBEtftpB-DsTHNth4ZnlrFPUQ8PI\"}.{\"uinfin\":{\"lastupdated\":\"2019-11-13\",\"source\":\"1\",\"classification\":\"C\",\"value\":\"S9812381D\"}....

However I can see the payload decrypted in the error message. I am stuck at how to handle this Unable to match key error.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to get token from JWE Encrypt method of Jose Sdk Encryption with public key in Jose-JWT JWT token generated with jose-jwt and jwt.io how to add claims in jwt using jose-jwt EnvelopedCms decryption does not work with Azure Key Vault Jose.JWT.Encode gives Invalid algorithm specified Exception c# Jose-Jwt: Signed and Encrpyt from KeyPair string GraphQL .NET Authentication with JWT does not work Why does passing a FileStream to a PGP Decryption function work but not a MemoryStream? c# JWT load ES256 PEM file into CngKey (jose-jwt)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM