JWT.Encode works fine on local machine in .NET7.0 Windows 11 , on windows server 2012 throw exception: Unable to sign content., inner exception: The requested operation is not supported.| about jose-jwt HOT 4 OPEN

Hi @RafalSzczerba ,

can you post full stack trace? And if you have code that showing how do you load your privateKey, can be helpful as well.

from jose-jwt.

Hello @dvsekhvalnov
Full stack trace:

Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The requested operation is not supported. at System.Security.Cryptography.ECCng.ImportKeyBlob(String blobType, ReadOnlySpan1 keyBlob, String curveName, SafeNCryptProviderHandle provider) at System.Security.Cryptography.CngKeyLite.ImportKeyBlob(String blobType, Byte[] keyBlob, String curveName) at System.Security.Cryptography.ECDsaImplementation.ECDsaCng.ImportKeyBlob(Byte[] ecKeyBlob, String curveName, Boolean includePrivateParameters) at System.Security.Cryptography.ECDsaImplementation.ECDsaCng.ImportParameters(ECParameters parameters) at Jose.Jwk.ECDsaKey() at Jose.netstandard1_4.EcdsaUsingSha.Sign(Byte[] securedInput, Object key) --- End of inner exception stack trace --- at Jose.netstandard1_4.EcdsaUsingSha.Sign(Byte[] securedInput, Object key) at Jose.JWT.EncodeBytes(Byte[] payload, Object key, JwsAlgorithm algorithm, IDictionary2 extraHeaders, JwtSettings settings, JwtOptions options) at Jose.JWT.Encode(String payload, Object key, JwsAlgorithm algorithm, IDictionary`2 extraHeaders, JwtSettings settings, JwtOptions options)

PrivateKey creation:

            var sPrivKey = File.ReadAllText(privateKeyFile);   // here is a EC Priave key in .pem format
            var pemReaderPriv = new Org.BouncyCastle.OpenSsl.PemReader(new StringReader(sPrivKey));
            var pemPriv = pemReaderPriv.ReadObject();
            ECPrivateKeyParameters privKeyParams;
            var keyPair = pemPriv as Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair;
            if (keyPair == null)
            {
                privKeyParams = pemPriv as ECPrivateKeyParameters;
            }
            else
            {
                privKeyParams = keyPair.Private as ECPrivateKeyParameters;
            }
            var xCord = privKeyParams.Parameters.G.XCoord.ToBigInteger().ToByteArray();
            var yCord = privKeyParams.Parameters.G.YCoord.ToBigInteger().ToByteArray();    
            var dCord = privKeyParams.D.ToByteArray();               
            var privateKey = new Jwk(
                crv: "P-256",
                x: Base64Url.Encode(xCord),
                y: Base64Url.Encode(yCord),
                d: Base64Url.Encode(dCord[0] == 0
                    ? dCord.Skip(1).ToArray()
                    : dCord)
            );
            
                                var token = Jose.JWT.Encode(payload, privateKey, JwsAlgorithm.ES256, headers, options: new JwtOptions {DetachPayload = true, EncodePayload = false });

from jose-jwt.

Additionally I've found place where exception is made. It is in JWK.cs during attempt to import parameters: ecdsaKey.ImportParameters(param);

from jose-jwt.

Hm.. interesting, let's try simple thing first:

Jwk eccKey = new Jwk(
    crv: "P-256",
    x: "BHId3zoDv6pDgOUh8rKdloUZ0YumRTcaVDCppUPoYgk",
    y: "g3QIDhaWEksYtZ9OWjNHn9a6-i_P9o5_NrdISP0VWDU",
    d: "KpTnMOHEpskXvuXHFCfiRtGUHUZ9Dq5CCcZQ-19rYs4"
);

will your code work with key above ^^ ?

Also, on .NET 5+ you can use built-in functions to read PEM files, see here: https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.ecalgorithm.importfrompem?view=net-7.0#system-security-cryptography-ecalgorithm-importfrompem(system-readonlyspan((system-char)))

you can probably do something like (no explicit need to convert to Jwk, library can take different key formats directly):

var eccPem = File.ReadAllText("my-key.pem");

var key = ECDsa.Create();
key.ImportFromPem(eccPem);

Jose.JWT.Encode(payload, key, ....);

from jose-jwt.