Private key in CngKey format using jose-jwt - EccKey.New(x, y, d, CngKeyUsages.KeyAgreement) not working in production but fine in local

Question

I'm trying to read get the x, y and d parameter values from a pem file generated using https://mkjwk.org/ with P 256 curve, Encryption, ECDH-ES+A128KW with X509 set to true. The values for x, y , d are retrieved using below:

using (var reader = new StringReader(privateKeyString))

                {
                    var param = (ECPrivateKeyParameters)new PemReader(reader).ReadObject();
                    x = param.Parameters.G.AffineXCoord.GetEncoded();
                    y = param.Parameters.G.AffineYCoord.GetEncoded();
                    d = param.D.ToByteArrayUnsigned();
                }

But the statement below is throwing exception when executed in remote server with Windows Server 2012 but running fine in local system running on Windows 10:

var privateKey = EccKey.New(x, y, d, CngKeyUsages.KeyAgreement);

The exception found in remote is given below:

The requested operation is not supported at System.Security.Cryptography.NCryptNative.ImportKey(SafeNCryptProviderHandle provider, Byte[] keyBlob, String format) at System.Security.Cryptography.CngKey.Import(Byte[] keyBlob, String curveName, CngKeyBlobFormat format, CngProvider provider) at Jose.keys.EccKey.New(Byte[] x, Byte[] y, Byte[] d, CngKeyUsages usage)...

I am using the below library for my purpose: https://github.com/dvsekhvalnov/jose-jwt

Are you using same version of Net? For an application to run on a different machine you either need the same version of net on both machines or publish and install. — jdweng, Feb 24 '21 at 13:46
Where is the pem file you are trying to read? You may not have access to the file system on a Windows 2012. Put the PEM on a network drive that you have read permission. — jdweng, Feb 24 '21 at 15:37
I just tried reading directly from the pem file string (getting in privateKeyString parameter) as well to rule out the chances of any read permission issue with reading the file. But unfortunately no luck yet! :( — Abhishek Roy, Feb 24 '21 at 17:46
So you took the text between the BEGIN and END? Is the encryption mode in the PEM? — jdweng, Feb 24 '21 at 18:31
I took the whole text including -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----. We set encryption in key use dropdown while generating that in https://mkjwk.org/ — Abhishek Roy, Feb 25 '21 at 03:01
That website is JSON and the default padding mode on JSON is different than in Net. If code is not working that you need to set the padding mode in c# to match JSON. — jdweng, Feb 25 '21 at 11:31
Thanks..finally worked when I read the x, y, d using Json web token from microsoft.identity.token instead of reading from PEM file content — Abhishek Roy, Feb 27 '21 at 17:22

Private key in CngKey format using jose-jwt - EccKey.New(x, y, d, CngKeyUsages.KeyAgreement) not working in production but fine in local

0 Answers0