1

I'm using the "jose-jwt" library in C#. I'm able to get JWE encryption / decryption working for both RSA (RSA_OAEP_256, A256GCM) and EC (ECDH_ES_A256KW, A256GCM) in .NET 4.8. See sample code below.

However for .NET Core 3.1, only the RSA (RSA_OAEP_256, A256GCM) works. The "jose-jwt" library doesn't support EC (ECDH_ES_A256KW, A256GCM) in .NET Core.

Is it possible to use EC (ECDH_ES_A256KW, A256GCM) in .NET Core 3.1? If so, which library should I use? I've taken a look at the Microsoft library, but it appears EC (ECDH_ES_A256KW, A256GCM) is not support as well.

Microsoft.IdentityModel.JsonWebTokens;
Microsoft.IdentityModel.Tokens;

Note: I'm trying to encrypt a string using JWE, and not a claims list payload using JWT. 

var payload = "some string";

// jose-jwt
// ECDH_ES_A256KW, A256GCM
var x = new byte[] { 4, 114, 29, 223, 58, 3, 191, 170, 67, 128, 229, 33, 242, 178, 157, 150, 133, 25, 209, 139, 166, 69, 55, 26, 84, 48, 169, 165, 67, 232, 98, 9 };
byte[] y = { 131, 116, 8, 14, 22, 150, 18, 75, 24, 181, 159, 78, 90, 51, 71, 159, 214, 186, 250, 47, 207, 246, 142, 127, 54, 183, 72, 72, 253, 21, 88, 53 };
var publicEccKey = EccKey.New(x, y, null, CngKeyUsages.KeyAgreement);
var token = JWT.Encode(payload, publicEccKey, JweAlgorithm.ECDH_ES_A256KW, JweEncryption.A256GCM);
//{
//  "alg": "ECDH-ES+A256KW",
//  "enc": "A256GCM",
//  "epk": {
//    "kty": "EC",
//    "x": "Y-5VLvlizkiIkszi2Z8lKFwQUHrh6RbbIo0KOKm2clo",
//    "y": "rducXOiOXDwchHTLfS03ZAQHzFRd4yiudAkzRsGLsvI",
//    "crv": "P-256"
//  }
//}

// jose-jwt
// RSA_OAEP_256, A256GCM
var publicRSAKey = new RSACryptoServiceProvider();
publicRSAKey.ImportParameters(new RSAParameters
{
    // "n"
    Modulus = Base64Url.Decode("0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw"),
    // "e"
    Exponent = Base64Url.Decode("AQAB")
});
token = JWT.Encode(payload, publicRSAKey, JweAlgorithm.RSA_OAEP_256, JweEncryption.A256GCM);
//{
//  "alg": "RSA-OAEP",
//  "enc": "A256GCM"
//}
Carl Prothman
  • 1,461
  • 13
  • 23

0 Answers0