Error Creating JWT Token using RSA Security Key with key size less than 2048

耗尽温柔 提交于 2020-03-22 08:54:20

问题


I'm facing an exception when trying to create a JWT token in C# Web API application.

Test environment

  • Platform: Windows 10 x64 with .net framework: 4.6.1
  • jwt NuGet package: System.IdentityModel.Tokens.Jwt version: 4.0.2.206221351

Here is the code responsible for generating RSA keys:

    public SignatureInformation CreateNewSignatureInformation(int length = 0)
    {
        try
        {
            var signatureInformation = new SignatureInformation();

            var rsaProvider = new RSACryptoServiceProvider(length);

            var publicKey = rsaProvider.ToXmlString(false);
            signatureInformation.Public = publicKey;

            var privateKey = rsaProvider.ToXmlString(true);
            signatureInformation.Private = privateKey;

            return signatureInformation;
        }
        catch (Exception)
        {
            return null;
        }
    }

And here is the code responsible for generating a JTW token signed with a RSA key pair generated with the above code:

    private string GenerateToken(string privateKeyInXml)
    {
        var cryptoServiceProvider = new RSACryptoServiceProvider();
        cryptoServiceProvider.FromXmlString(privateKeyInXml);

        var creds = new SigningCredentials(new RsaSecurityKey(cryptoServiceProvider),
            SecurityAlgorithms.RsaSha256Signature,
            SecurityAlgorithms.Sha256Digest);

        var nbf = DateTime.UtcNow;
        var exp = nbf.AddMinutes(10);
        var jwtToken = new JwtSecurityToken("SAMPLE_ISSUER",
            "SAMPLE_AUDIENCE",
            null, //null is given as claims list in this sample
            nbf,
            exp,
            creds);

        var tokenHandler = new JwtSecurityTokenHandler();
        var token = tokenHandler.WriteToken(jwtToken); //the exception is thrown here
        return token;
    }

the exception thrown is of type System.ArgumentOutOfRangeException and the message is:

"IDX10630: The 'System.IdentityModel.Tokens.RsaSecurityKey' for signing cannot be smaller than '2048' bits.\r\nParameter name: key.KeySize\r\nActual value was 512."

Question

How can I generate a JWT Token using an RSA Security Key with key size less than 2048?


回答1:


Restriction on minimum key size in this case is controlled by SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning property. Unfortunately, there is also an "absolute" minimum, which is controlled by readonly field SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning, and this "absolute" minimum is set to 2048.

You have to use reflection to modify value of that readonly field to the value you desire. After that, you can set MinimumAsymmetricKeySizeInBitsForSigning to the same desired value.

Sample code:

var absoluteField = typeof(SignatureProviderFactory).GetField(nameof(SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning), BindingFlags.Public | BindingFlags.Static);
absoluteField.SetValue(null, 512);
SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning = 512;

After that your code should work fine and accept any assymetric keys of size 512 and above.



来源:https://stackoverflow.com/questions/50117838/error-creating-jwt-token-using-rsa-security-key-with-key-size-less-than-2048

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!