有没有办法创建密钥大小为512的JWT令牌?以及更改AsymmetricSignatureProvider的默认最小大小要求
我当前遇到以下错误: IDX10630:用于签名的“Microsoft.IdentityModel.Tokens.RsaSecurityKey,KeyId:”…,内部ID:“5a946596-9fe6-4c91-8c52-9b140849c7a4.”不能小于“2048”位。键大小:“512” 我使用以下方法:有没有办法创建密钥大小为512的JWT令牌?以及更改AsymmetricSignatureProvider的默认最小大小要求,jwt,token,rsa,.net-core-3.1,Jwt,Token,Rsa,.net Core 3.1,我当前遇到以下错误: IDX10630:用于签名的“Microsoft.IdentityModel.Tokens.RsaSecurityKey,KeyId:”…,内部ID:“5a946596-9fe6-4c91-8c52-9b140849c7a4.”不能小于“2048”位。键大小:“512” 我使用以下方法: public string GetIdTokenString(Dictionary<string, string> inputClaims, string privateKe
public string GetIdTokenString(Dictionary<string, string> inputClaims, string privateKey)
{
string result = null;
try
{
var tokenHandler = new JwtSecurityTokenHandler();
privateKey = privateKey.Replace("-----BEGIN ENCRYPTED PRIVATE KEY-----", String.Empty).Replace("-----END ENCRYPTED PRIVATE KEY-----", String.Empty);
var privateKeyBytes = Convert.FromBase64String(privateKey);
byte[] privateKeyPasswordBytes = Encoding.UTF8.GetBytes(mypassword);
List<Claim> claims = new List<Claim>();
foreach (var o in inputClaims)
{
claims.Add(new Claim(o.Key, o.Value));
}
int length = 0;
RSA rSA = RSA.Create();
rSA.ImportEncryptedPkcs8PrivateKey(privateKeyPasswordBytes, privateKeyBytes, out length);
RsaSecurityKey securitykey = new RsaSecurityKey(rSA)
{
KeyId = "......"
};
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
Expires = DateTime.UtcNow.AddSeconds(60 * 5),
Audience = ...,
Issuer = .....
};
tokenDescriptor.SigningCredentials = new SigningCredentials(securitykey, SecurityAlgorithms.RsaSha256Signature);
var token = tokenHandler.CreateToken(tokenDescriptor);
if (token != null && token is JwtSecurityToken)
{
result = (token as JwtSecurityToken).RawData;
}
}
catch (Exception ex)
{
Logger.Fatal(ex);
}
return result;
}
公共字符串GetIdTokenString(字典输入声明,字符串私钥)
{
字符串结果=null;
尝试
{
var tokenHandler=new JwtSecurityTokenHandler();
privateKey=privateKey.Replace(“----开始加密私钥------”,String.Empty)。Replace(----结束加密私钥------”,String.Empty);
var privateKeyBytes=Convert.FromBase64String(privateKey);
byte[]privateKeyPasswordBytes=Encoding.UTF8.GetBytes(mypassword);
列表声明=新列表();
foreach(inputClaims中的var o)
{
添加(新的索赔(o.Key,o.Value));
}
整数长度=0;
RSA=RSA.Create();
rSA.ImportEncryptedPkcs8PrivateKey(privateKeyPasswordBytes,privateKeyBytes,out-length);
RsaSecurityKey securitykey=新的RsaSecurityKey(rSA)
{
KeyId=“……”
};
var tokenDescriptor=新的SecurityTokenDescriptor
{
主题=新的索赔实体(索赔),
Expires=DateTime.UtcNow.AddSeconds(60*5),
观众=。。。,
发行人=。。。。。
};
tokenDescriptor.SigningCredentials=新的签名凭证(securitykey、SecurityAlgorithms.rsasA256Signature);
var token=tokenHandler.CreateToken(tokenDescriptor);
if(token!=null&&token为JwtSecurityToken)
{
结果=(标记为JwtSecurityToken);
}
}
捕获(例外情况除外)
{
致命的(例);;
}
返回结果;
}
这篇文章中提到了一个代码
但我无法在.NETCore3.1中运行它
还有一件事是关于超车价值的
AsymmetricSignatureProvider.DefaultMinimumAsymmetriceKeySizeInBitsForSigningMap
我可以用任何方法更改特定键的值吗
有一件事我试过,但没有成功,那就是
var mainclass = typeof(AsymmetricSignatureProvider)
.GetField(nameof(AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap), BindingFlags.Public | BindingFlags.Static );
var field = mainclass.GetValue(null) as Dictionary<string, int>;
if (field != null)
{
field["RS256"] = 512;
}
var mainclass2 = typeof(AsymmetricSignatureProvider).GetField(nameof(AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap), BindingFlags.Public | BindingFlags.Static);
var field2 = mainclass2.GetValue(null) as Dictionary<string, int>;
if (field2 != null)
{
field2["RS256"] = 512;
}
var mainclass=typeof(不对称签名提供者)
.GetField(名称(AsymmetricSignatureProvider.DefaultMinimumAsymmetriceKeySizeInBitsforSigningMap)、BindingFlags.Public | BindingFlags.Static);
var field=mainclass.GetValue(null)作为字典;
如果(字段!=null)
{
字段[“RS256”]=512;
}
var mainclass2=typeof(AsymmetricSignatureProvider).GetField(nameof(AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyMap),BindingFlags.Public | BindingFlags.Static);
var field2=mainclass2.GetValue(null)作为字典;
如果(字段2!=null)
{
字段2[“RS256”]=512;
}
以下是我使用的解决方案
var mainclass = typeof(AsymmetricSignatureProvider)
.GetField(nameof(AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap), BindingFlags.Public | BindingFlags.Static);
var field = mainclass.GetValue(null) as Dictionary<string, int>;
if (field != null)
{
field["RS256"] = 512;
}
var mainclass2 = typeof(AsymmetricSignatureProvider).GetField(nameof(AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap), BindingFlags.Public | BindingFlags.Static);
var field2 = mainclass2.GetValue(null) as Dictionary<string, int>;
if (field2 != null)
{
field2["RS256"] = 512;
}
var mainclass=typeof(不对称签名提供者)
.GetField(名称(AsymmetricSignatureProvider.DefaultMinimumAsymmetriceKeySizeInBitsforSigningMap)、BindingFlags.Public | BindingFlags.Static);
var field=mainclass.GetValue(null)作为字典;
如果(字段!=null)
{
字段[“RS256”]=512;
}
var mainclass2=typeof(AsymmetricSignatureProvider).GetField(nameof(AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyMap),BindingFlags.Public | BindingFlags.Static);
var field2=mainclass2.GetValue(null)作为字典;
如果(字段2!=null)
{
字段2[“RS256”]=512;
}
现在,为什么您认为他们不会接受小于2048的密钥大小?他们?我支持一个遗留应用程序,其中密钥生成由当前生成大小为512的密钥的旧组件负责。我必须利用该密钥来生成和验证id令牌