Any way to create a JWT token with key size 512? and changing default minimum size requirement of AsymmetricSignatureProvider

Question

I am currently getting following error:

IDX10630: The 'Microsoft.IdentityModel.Tokens.RsaSecurityKey, KeyId: '...', InternalId: '5a946596-9fe6-4c91-8c52-9b140849c7a4'.' for signing cannot be smaller than '2048' bits. KeySize: '512'

I use the following method:

 public string GetIdTokenString(Dictionary<string, string> inputClaims, string privateKey)
        {
            string result = null;
            try
            {
                var tokenHandler = new JwtSecurityTokenHandler();                
                privateKey = privateKey.Replace("-----BEGIN ENCRYPTED PRIVATE KEY-----", String.Empty).Replace("-----END ENCRYPTED PRIVATE KEY-----", String.Empty);
                var privateKeyBytes = Convert.FromBase64String(privateKey);
                byte[] privateKeyPasswordBytes = Encoding.UTF8.GetBytes(mypassword);
                List<Claim> claims = new List<Claim>();
                foreach (var o in inputClaims)
                {                    
                    claims.Add(new Claim(o.Key, o.Value));
                }
                int length = 0;
                RSA rSA = RSA.Create();
                rSA.ImportEncryptedPkcs8PrivateKey(privateKeyPasswordBytes, privateKeyBytes, out length);
                RsaSecurityKey securitykey = new RsaSecurityKey(rSA)
                {
                    KeyId = "......"
                };
                var tokenDescriptor = new SecurityTokenDescriptor
                {
                    Subject = new ClaimsIdentity(claims),
                    Expires = DateTime.UtcNow.AddSeconds(60 * 5),
                    Audience = ...,
                    Issuer = .....                   

                };
                tokenDescriptor.SigningCredentials = new SigningCredentials(securitykey, SecurityAlgorithms.RsaSha256Signature);

                var token = tokenHandler.CreateToken(tokenDescriptor);


                if (token != null && token is JwtSecurityToken)
                {
                    result = (token as JwtSecurityToken).RawData;
                }
            }
            catch (Exception ex)
            {
                Logger.Fatal(ex);
            }
            return result;
        }

there is a code mentioned in post

Error Creating JWT Token using RSA Security Key with key size less than 2048

but I'm not able to run it in .net core 3.1

One more thing is about over riding value in AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap

Any way i can change value of particular Key?

One thing i have tried which didn't work is

 var mainclass = typeof(AsymmetricSignatureProvider)
                .GetField(nameof(AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap), BindingFlags.Public | BindingFlags.Static );
                var field = mainclass.GetValue(null) as Dictionary<string, int>;
                if (field != null)
                {
                    field["RS256"] = 512;
                }

                var mainclass2 = typeof(AsymmetricSignatureProvider).GetField(nameof(AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap), BindingFlags.Public | BindingFlags.Static);
                var field2 = mainclass2.GetValue(null) as Dictionary<string, int>;
                if (field2 != null)
                {
                    field2["RS256"] = 512;
                }

Now why do you suppose they won't accept a keysize less than 2048? — President James K. Polk, Mar 10 '20 at 01:50
they? I am supporting a legacy application where key generation is responsibility of old component which currently generate key of size 512. I have to utilize that key for generating and validating id token — Kamran Shahid, Mar 10 '20 at 06:51

score 1 · Accepted Answer · answered Mar 09 '20 at 14:38

Following is the solution i have used

var mainclass = typeof(AsymmetricSignatureProvider)
                       .GetField(nameof(AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap), BindingFlags.Public | BindingFlags.Static);
                var field = mainclass.GetValue(null) as Dictionary<string, int>;
                if (field != null)
                {
                    field["RS256"] = 512;

                }

                var mainclass2 = typeof(AsymmetricSignatureProvider).GetField(nameof(AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap), BindingFlags.Public | BindingFlags.Static);
                var field2 = mainclass2.GetValue(null) as Dictionary<string, int>;
                if (field2 != null)
                {
                    field2["RS256"] = 512;
                }

Any way to create a JWT token with key size 512? and changing default minimum size requirement of AsymmetricSignatureProvider

1 Answers1

Linked