JWT error IDX10634: Unable to create the SignatureProvider C#

Question

I'm trying to run my app but it get stuck with the following error:

System.NotSupportedException HResult=0x80131515 Message=IDX10634: Unable to create the SignatureProvider. Algorithm: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]', SecurityKey: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]' is not supported.

Where

Algorithm is RS256

It stucks on executing this instruction: var sectoken = tokenHandler.CreateToken(tokenDescriptor);

What does it mean? What went wrong in my code? How can I solve this?

Here's my code:

using System.Security.Claims;
using System.Text;
using System.Threading.Tasks;
//...
public class TokenManager
{
    private string unencoded_key = "CaptainDeadpool";
    private string encoded_key = "CaptainDeadpool";
//...
    public TokenManager()
    {
        var plainTextBytes = Encoding.UTF8.GetBytes(unencoded_key);
        encoded_key = Convert.ToBase64String(plainTextBytes);
    }


    public string CreateFromUsername(string usr, int? timer)
    {
        if (timer == null) {  timer = 30; }
        double timeadd = Convert.ToDouble(timer);

        var secret = Convert.FromBase64String(encoded_key);
        var tokenHandler = new JwtSecurityTokenHandler();

        var actual = DateTime.UtcNow;

        var tokenDescriptor = new SecurityTokenDescriptor
        {
            Subject = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, usr) }),
            Expires = actual.AddMinutes(timeadd),

            SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(secret), SecurityAlgorithms.RsaSha256Signature)
        };

        var sectoken = tokenHandler.CreateToken(tokenDescriptor);
        var stringtoken = tokenHandler.WriteToken(sectoken);

        return stringtoken;
    }
//...

Here's my tokenDescriptor's content while issuing the error:

Setting the following flag is hugely helpful in debugging situations like this. It will repleace the [PII is Hidden] with the actual error. Just remember to remove the flag before releasing to production: IdentityModelEventSource.ShowPII = true; — Carlo Bos, May 03 '19 at 19:01

Evk · Accepted Answer · 2018-04-17T10:40:30.553

30

No idea what that error message means, but it doesn't matter I think, because your code is logically wrong. RSA is assymetric algorithm, but you are trying to use SymmetricSecurityKey with it.

So either use another (symmetric) signature algorithm (and ensure that your key size is valid for this algorithm), for example:

// adjust key size
private string unencoded_key = "CaptainDeadpool!";
private string encoded_key = "CaptainDeadpool!";
// ...
SigningCredentials = new SigningCredentials(
    new SymmetricSecurityKey(secret), 
    SecurityAlgorithms.HmacSha256Signature)

Or provide valid key, for example:

private readonly RSA _rsa;
public TokenManager() {
    // import instead of creating new, if necessary
    _rsa = new RSACryptoServiceProvider(2048);            
}
// ...

SigningCredentials = new SigningCredentials(
    new RsaSecurityKey(_rsa), 
    SecurityAlgorithms.RsaSha256Signature)

edited Apr 17 '18 at 10:40

answered Apr 17 '18 at 10:24

Evk

98,527
8
141
191

I tried the first solution but it hasn't solved the issue. The second one worked fine! Just a quick question,...what's "(2048)" for? Can I use my secret key instead? – Deadpool Apr 17 '18 at 10:36
1

2048 is a size of private key. Assymetric algorithm uses 2 keys - public and private (for that reason you cannot use your secret as is). I set it to 2048 because that's a requirement of `SecurityAlgorithms.RsaSha256Signature`. – Evk Apr 17 '18 at 10:39
2

For first "solution" to work you need to adjust your secret size as I said. For example, change your secret to `CaptainDeadpool!` (one additional character) – Evk Apr 17 '18 at 10:39
@Evk it was indeed problem with short "secret", at least for me. – psulek Mar 24 '19 at 15:54

score 4 · Answer 2 · answered Sep 18 '19 at 10:59

I had the same problem when using hmacSha256. if your security key is too short, you may receive that error. I increased the size of the secret secureKey and that resolved my problem.

 var authSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("You_Need_To_Provide_A_Longer_Secret_Key_Here"));

score 1 · Answer 3 · answered Jul 24 '23 at 07:08

1

The key must have at least 32 characters.

answered Jul 24 '23 at 07:08

Mehdi

520
1
5
9

JWT error IDX10634: Unable to create the SignatureProvider C#

3 Answers3

Linked