stackoom
  简体   繁体   中英

How to decode HS256 Code of STIR/SHAKEN into JSON object?

 原文  2022-09-07 19:24:38       c#/ jwt/ x509/ ecdsa

Question

I am trying to decode a STIR/SHAKEN HS256 JSON Web Token.

I tried with the Jose .NET library:

string token = "eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9jci5zYW5zYXkuY29tL1RlY2hub2xvZ3lfSW5ub3ZhdGlvbl9MYWJfNTk5SiJ9.eyJhdHRlc3QiOiJCIiwiZGVzdCI6eyJ0biI6WyIxNDc5MjM5OTcwMyJdfSwiaWF0IjoxNjU5NTIxNDU5LCJvcmlnIjp7InRuIjoiMTQ2OTUwMTYwNzAifSwib3JpZ2lkIjoiOTIzNDIxOTgtMTMxNC0xMWVkLWExM2QtYmRjMWMxZDI4ODg4In0.8RF_eaVKeGGyjet4lujwPz0J_XBdtwkSKrnrOq7-pA6ODtJPD1parLgimEpDUyzSravtTaxuACxBz4yrKtMZgw";
  
string x = Jose.JWT.Decode(token, Nothing, JweAlgorithm.PBES2_HS256_A128KW);

It gives an error

Jose.InvalidAlgorithmException: 'The algorithm type passed to the Decode method did not match the algorithm type in the header.'

Trying the token above on https://jwt.io/ Debugger works and returns the following:

HEADER:ALGORITHM & TOKEN TYPE 

{
  "alg": "ES256",
  "ppt": "shaken",
  "typ": "passport",
  "x5u": "https://cr.sansay.com/Technology_Innovation_Lab_599J"
}

PAYLOAD:DATA

{
  "attest": "B",
  "dest": {
    "tn": [
      "14792399703"
    ]
  },
  "iat": 1659521459,
  "orig": {
    "tn": "14695016070"
  },
  "origid": "92342198-1314-11ed-a13d-bdc1c1d28888"
}

1 answers

solution1
 0 ACCPTED  2022-09-07 20:17:04

The token is actually signed with the ES256 algorithm, not HS256. The key is provided in the URL that is given in the header in the X5U -claim , which is a URL pointing to a X.509 certificate. For the demo below and to keep it simple, I saved the certificate to a file name x509.pem .

Here is a simple demo:

using Jose;
using System;
using System.Security.Cryptography.X509Certificates;

namespace JoseJWTES256X509Test
{
    class Program
    {
        static void Main(string[] args)
        {
            string token = "eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9jci5zYW5zYXkuY29tL1RlY2hub2xvZ3lfSW5ub3ZhdGlvbl9MYWJfNTk5SiJ9.eyJhdHRlc3QiOiJCIiwiZGVzdCI6eyJ0biI6WyIxNDc5MjM5OTcwMyJdfSwiaWF0IjoxNjU5NTIxNDU5LCJvcmlnIjp7InRuIjoiMTQ2OTUwMTYwNzAifSwib3JpZ2lkIjoiOTIzNDIxOTgtMTMxNC0xMWVkLWExM2QtYmRjMWMxZDI4ODg4In0.8RF_eaVKeGGyjet4lujwPz0J_XBdtwkSKrnrOq7-pA6ODtJPD1parLgimEpDUyzSravtTaxuACxBz4yrKtMZgw";
            var publicKey = new X509Certificate2("x509.pem").GetECDsaPublicKey();

            string payload = Jose.JWT.Decode(token, publicKey, JwsAlgorithm.ES256);

            Console.WriteLine(payload);
        }
    }
}

As a result the token will be verified and the payload will be printed. In case of a failed verification, the Decode -function would throw an exception.

As a side note: the Decode -function actually verifies the signature before decoding, and that's for what it needs the key. For the actual decoding, no key is needed because the payload is just Bese64Url encoded. That's why https://jwt.io can also decode the token without knowing the key.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question JWT Header algorithm: is "hs256" the same as "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256" IDX10603: The algorithm: 'HS256' requires the SecurityKey.KeySize to be greater than '128' bits. KeySize reported: '32'. Parameter name: key.KeySize Decode json into .Net Object How to decrypt JWE source (encrypted with RSA1_5 A256CBC-HS512) in C#? How to create this nested JSON object in android and decode it in c#? Decode Json Object with unknown keys How to decode string as JSON How to decode JSON Error while trying to decode a JSON object How to decode json string in LUA?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM