问题描述
尝试在C#Web API应用程序中创建 JWT 令牌时遇到异常.
I'm facing an exception when trying to create a JWT token in C# Web API application.
测试环境
- 平台:带有.net框架的Windows 10 x64:4.6.1
- jwt NuGet软件包: System.IdentityModel.Tokens.Jwt版本:4.0.2.206221351
以下是负责生成RSA密钥的代码:
Here is the code responsible for generating RSA keys:
public SignatureInformation CreateNewSignatureInformation(int length = 0)
{
try
{
var signatureInformation = new SignatureInformation();
var rsaProvider = new RSACryptoServiceProvider(length);
var publicKey = rsaProvider.ToXmlString(false);
signatureInformation.Public = publicKey;
var privateKey = rsaProvider.ToXmlString(true);
signatureInformation.Private = privateKey;
return signatureInformation;
}
catch (Exception)
{
return null;
}
}
以下是负责生成JTW令牌的代码,该令牌用上述代码生成的RSA密钥对签名了:
And here is the code responsible for generating a JTW token signed with a RSA key pair generated with the above code:
private string GenerateToken(string privateKeyInXml)
{
var cryptoServiceProvider = new RSACryptoServiceProvider();
cryptoServiceProvider.FromXmlString(privateKeyInXml);
var creds = new SigningCredentials(new RsaSecurityKey(cryptoServiceProvider),
SecurityAlgorithms.RsaSha256Signature,
SecurityAlgorithms.Sha256Digest);
var nbf = DateTime.UtcNow;
var exp = nbf.AddMinutes(10);
var jwtToken = new JwtSecurityToken("SAMPLE_ISSUER",
"SAMPLE_AUDIENCE",
null, //null is given as claims list in this sample
nbf,
exp,
creds);
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.WriteToken(jwtToken); //the exception is thrown here
return token;
}
引发的异常类型为System.ArgumentOutOfRangeException
,消息为:
the exception thrown is of type System.ArgumentOutOfRangeException
and the message is:
"IDX10630: The 'System.IdentityModel.Tokens.RsaSecurityKey' for signing cannot be smaller than '2048' bits.\r\nParameter name: key.KeySize\r\nActual value was 512."
问题
如何使用密钥大小小于2048的RSA安全密钥生成JWT令牌?
How can I generate a JWT Token using an RSA Security Key with key size less than 2048?
推荐答案
在这种情况下,最小密钥大小的限制由SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning
属性控制.不幸的是,还有一个绝对"最小值,它由只读字段SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning
控制,并且该绝对"最小值设置为2048.
Restriction on minimum key size in this case is controlled by SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning
property. Unfortunately, there is also an "absolute" minimum, which is controlled by readonly field SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning
, and this "absolute" minimum is set to 2048.
您必须使用反射将那个只读字段的值修改为所需的值.之后,可以将MinimumAsymmetricKeySizeInBitsForSigning
设置为相同的期望值.
You have to use reflection to modify value of that readonly field to the value you desire. After that, you can set MinimumAsymmetricKeySizeInBitsForSigning
to the same desired value.
示例代码:
var absoluteField = typeof(SignatureProviderFactory).GetField(nameof(SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning), BindingFlags.Public | BindingFlags.Static);
absoluteField.SetValue(null, 512);
SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning = 512;
之后,您的代码应该可以正常工作,并接受任何大小为512以上的非对称密钥.
After that your code should work fine and accept any assymetric keys of size 512 and above.
这篇关于使用密钥大小小于2048的RSA安全密钥创建JWT令牌时出错的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!