问题描述
尝试在C#Web API应用程序中创建 JWT 令牌时遇到异常.
I'm facing an exception when trying to create a JWT token in C# Web API application.
测试环境
- 平台:带有.net框架的Windows 10 x64:4.6.1
- jwt NuGet软件包: System.IdentityModel.Tokens.Jwt版本:4.0.2.206221351
以下是负责生成RSA密钥的代码:
Here is the code responsible for generating RSA keys:
public SignatureInformation CreateNewSignatureInformation(int length = 0)
{
try
{
var signatureInformation = new SignatureInformation();
var rsaProvider = new RSACryptoServiceProvider(length);
var publicKey = rsaProvider.ToXmlString(false);
signatureInformation.Public = publicKey;
var privateKey = rsaProvider.ToXmlString(true);
signatureInformation.Private = privateKey;
return signatureInformation;
}
catch (Exception)
{
return null;
}
}
以下是负责生成JTW令牌的代码,该令牌用上述代码生成的RSA密钥对签名了:
And here is the code responsible for generating a JTW token signed with a RSA key pair generated with the above code:
private string GenerateToken(string privateKeyInXml)
{
var cryptoServiceProvider = new RSACryptoServiceProvider();
cryptoServiceProvider.FromXmlString(privateKeyInXml);
var creds = new SigningCredentials(new RsaSecurityKey(cryptoServiceProvider),
SecurityAlgorithms.RsaSha256Signature,
SecurityAlgorithms.Sha256Digest);
var nbf = DateTime.UtcNow;
var exp = nbf.AddMinutes(10);
var jwtToken = new JwtSecurityToken("SAMPLE_ISSUER",
"SAMPLE_AUDIENCE",
null, //null is given as claims list in this sample
nbf,
exp,
creds);
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.WriteToken(jwtToken); //the exception is thrown here
return token;
}
引发的异常类型为System.ArgumentOutOfRangeException,消息为:
the exception thrown is of type System.ArgumentOutOfRangeException and the message is:
"IDX10630: The 'System.IdentityModel.Tokens.RsaSecurityKey' for signing cannot be smaller than '2048' bits.\r\nParameter name: key.KeySize\r\nActual value was 512."
问题
如何使用密钥大小小于2048的RSA安全密钥生成JWT令牌?
How can I generate a JWT Token using an RSA Security Key with key size less than 2048?
推荐答案
在这种情况下,最小密钥大小的限制由SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning属性控制.不幸的是,还有一个绝对"最小值,它由只读字段SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning控制,并且该绝对"最小值设置为2048.
Restriction on minimum key size in this case is controlled by SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning property. Unfortunately, there is also an "absolute" minimum, which is controlled by readonly field SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning, and this "absolute" minimum is set to 2048.
您必须使用反射将那个只读字段的值修改为所需的值.之后,可以将MinimumAsymmetricKeySizeInBitsForSigning设置为相同的期望值.
You have to use reflection to modify value of that readonly field to the value you desire. After that, you can set MinimumAsymmetricKeySizeInBitsForSigning to the same desired value.
示例代码:
var absoluteField = typeof(SignatureProviderFactory).GetField(nameof(SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning), BindingFlags.Public | BindingFlags.Static);
absoluteField.SetValue(null, 512);
SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning = 512;
之后,您的代码应该可以正常工作,并接受任何大小为512以上的非对称密钥.
After that your code should work fine and accept any assymetric keys of size 512 and above.
这篇关于使用密钥大小小于2048的RSA安全密钥创建JWT令牌时出错的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!