Comments (4)
Hi @RafalSzczerba ,
can you post full stack trace? And if you have code that showing how do you load your privateKey
, can be helpful as well.
from jose-jwt.
Hello @dvsekhvalnov
Full stack trace:
Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The requested operation is not supported. at System.Security.Cryptography.ECCng.ImportKeyBlob(String blobType, ReadOnlySpan1 keyBlob, String curveName, SafeNCryptProviderHandle provider) at System.Security.Cryptography.CngKeyLite.ImportKeyBlob(String blobType, Byte[] keyBlob, String curveName) at System.Security.Cryptography.ECDsaImplementation.ECDsaCng.ImportKeyBlob(Byte[] ecKeyBlob, String curveName, Boolean includePrivateParameters) at System.Security.Cryptography.ECDsaImplementation.ECDsaCng.ImportParameters(ECParameters parameters) at Jose.Jwk.ECDsaKey() at Jose.netstandard1_4.EcdsaUsingSha.Sign(Byte[] securedInput, Object key) --- End of inner exception stack trace --- at Jose.netstandard1_4.EcdsaUsingSha.Sign(Byte[] securedInput, Object key) at Jose.JWT.EncodeBytes(Byte[] payload, Object key, JwsAlgorithm algorithm, IDictionary
2 extraHeaders, JwtSettings settings, JwtOptions options) at Jose.JWT.Encode(String payload, Object key, JwsAlgorithm algorithm, IDictionary`2 extraHeaders, JwtSettings settings, JwtOptions options)
PrivateKey creation:
var sPrivKey = File.ReadAllText(privateKeyFile); // here is a EC Priave key in .pem format
var pemReaderPriv = new Org.BouncyCastle.OpenSsl.PemReader(new StringReader(sPrivKey));
var pemPriv = pemReaderPriv.ReadObject();
ECPrivateKeyParameters privKeyParams;
var keyPair = pemPriv as Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair;
if (keyPair == null)
{
privKeyParams = pemPriv as ECPrivateKeyParameters;
}
else
{
privKeyParams = keyPair.Private as ECPrivateKeyParameters;
}
var xCord = privKeyParams.Parameters.G.XCoord.ToBigInteger().ToByteArray();
var yCord = privKeyParams.Parameters.G.YCoord.ToBigInteger().ToByteArray();
var dCord = privKeyParams.D.ToByteArray();
var privateKey = new Jwk(
crv: "P-256",
x: Base64Url.Encode(xCord),
y: Base64Url.Encode(yCord),
d: Base64Url.Encode(dCord[0] == 0
? dCord.Skip(1).ToArray()
: dCord)
);
var token = Jose.JWT.Encode(payload, privateKey, JwsAlgorithm.ES256, headers, options: new JwtOptions {DetachPayload = true, EncodePayload = false });
from jose-jwt.
Additionally I've found place where exception is made. It is in JWK.cs during attempt to import parameters: ecdsaKey.ImportParameters(param);
from jose-jwt.
Hm.. interesting, let's try simple thing first:
Jwk eccKey = new Jwk(
crv: "P-256",
x: "BHId3zoDv6pDgOUh8rKdloUZ0YumRTcaVDCppUPoYgk",
y: "g3QIDhaWEksYtZ9OWjNHn9a6-i_P9o5_NrdISP0VWDU",
d: "KpTnMOHEpskXvuXHFCfiRtGUHUZ9Dq5CCcZQ-19rYs4"
);
will your code work with key above ^^ ?
Also, on .NET 5+ you can use built-in functions to read PEM files, see here: https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.ecalgorithm.importfrompem?view=net-7.0#system-security-cryptography-ecalgorithm-importfrompem(system-readonlyspan((system-char)))
you can probably do something like (no explicit need to convert to Jwk
, library can take different key formats directly):
var eccPem = File.ReadAllText("my-key.pem");
var key = ECDsa.Create();
key.ImportFromPem(eccPem);
Jose.JWT.Encode(payload, key, ....);
from jose-jwt.
Related Issues (20)
- Exception: RsaUsingSha alg expects key to be of RSA type HOT 1
- JSON casing breaking change 4.0 HOT 3
- Support Asynchronous Signing in IJwsAlgorithm interface HOT 8
- Support for ECDH-ES-* on Linux is possible HOT 12
- Issue when encrypt using RSA_OAEP_256 and A256GCM HOT 5
- EcdhKeyManagement alg expects key to be of CngKey or Jwk types with kty='EC HOT 11
- A128CBC+HS256 support in parity with Java's Nimbus JOSE + JWT HOT 3
- Remove legacy dependency `System.Security.Cryptography.Algorithms` for `netstandard2.1` target HOT 1
- Kinda weird code in the library HOT 2
- Play Integrity Exception "org.jose4j.lang.IntegrityException: A256KW key unwrap/decrypt failed" HOT 8
- Get Public key from File HOT 10
- Decode throws when a nested property of an encoded model is a System.Decimal with one or more decimal places (e.g., 24.00m) HOT 2
- Windows Cryptography Next Generation (CNG) is not supported on this platform. HOT 5
- JWT Token Header HOT 1
- Is lib still supported? HOT 11
- Jose.JoseException: Unable to sign content. HOT 2
- JWE Decrypt not working for RSA algorithm HOT 9
- Susceptible to sign/encrypt confusion attack HOT 3
- Further exploitation about sign/encrypt attack HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jose-jwt.