1

I need to decode the encryptedToken with private key file .p12..

For private key, I already assign in X509Certificate2 and calling with

RSA privateKey = _x509private.GetRSAPrivateKey();

I am not using RSACryptoServiceProvider privateKey = _x509private.PublicKey.Key as RSACryptoServiceProvider; because that function is already deprecated.

But when I want to use this function to decode the encryptedToken string plainToken = Jose.JWT.Decode(encryptedToken, privateKey);

What I expected as output is token that I will verify token with public key. But, Unfortunately I get the error message of

Algorithm 'AesGcm' is not supported on this platform.

I was thinking the error message was arise because I didn't use RSACryptoServiceProvider as Private key.

I already search how to convert RSA to RSACryptoServiceProvider, but can't find anything...

I also considering not using the Jose.JWT.Decode(), but no luck...

Is there anyone that can help me?

PS: I am using .NET6 and Visual Studio Mac 2019 V.8

Mary Franklin
  • 13
  • 4
  • Note : The token decoded the header (using https://jwt.io/) was { "alg": "RSA-OAEP", "enc": "A256GCM", "kid": } – Mary Franklin Jun 17 '22 at 02:54
  • Ok I found out that RSA-OAEP is out date for jose-jwt. "Don't use RSA-OAEP because it's SHA-1 hashing is considered weak for today's applications." https://connect2id.com/products/nimbus-jose-jwt/examples/jwt-with-rsa-encryption but how I can decode with .Net? the token is not generate by our side.... – Mary Franklin Jun 17 '22 at 03:41
  • .NET on macOS can’t use Apple’s AES-GCM implementation and requires OpenSSL to be installed to provide the algorithm. https://stackoverflow.com/questions/71147421/how-to-use-net-core-with-openssl3-on-mac-os may help. – bartonjs Jun 17 '22 at 12:19

1 Answers1

0

As bartonjs said in this comment, it only affects macOS.

.NET on macOS can’t use Apple’s AES-GCM implementation and requires OpenSSL to be installed to provide the algorithm. How to use .Net Core with Openssl3 on Mac OS? may help.

bartonjs
  • 30,352
  • 2
  • 71
  • 111
Mary Franklin
  • 13
  • 4
  • Please don't add "thank you" as an answer. Instead, **[accept the answer](https://stackoverflow.com/help/accepted-answer)** that you found most helpful. - [From Review](/review/low-quality-posts/32058690) – Saeed Zhiany Jun 20 '22 at 02:54
  • 1
    @SaeedZhiany - there was no answer to accept - the thanks were to the answer provided in the comment (which can't be accepted), not to another answer (which can). In this instance the correct action would be to click "looks ok", "edit" (which is what I did), or to skip. The OP has done the right thing by converting a comment to an answer (with attribution). – Wai Ha Lee Jun 20 '22 at 04:59
  • 1
    I've made it more obvious that that's what's happened by editing the answer a bit, but from the Low quality answers reviews page it should be clear what's happening as (a) the OP has posted the answer, (b) the OP is thanking another user, (c) the user being thanked had commented on the question, (d) there isn't an "Other answers" link on the review page. If this answer got deleted then we would have no way of knowing what helped the OP. – Wai Ha Lee Jun 20 '22 at 05:00