search

dvsekhvalnov / jose-jwt

Ultimate Javascript Object Signing and Encryption (JOSE), JSON Web Token (JWT) and Json Web Keys (JWK) Implementation for .NET and .NET Core
MIT License
936 stars 184 forks source link

Can I Use Jose-Jwt Inside TokenValidationParameters #247

Closed sohlae closed 4 months ago

sohlae commented 4 months ago

I have a .NET 6.0 application which needs to decrypt a JWE that is encrypted using the A256GCM algorithm. Is it possible to use the jose-jwt library to create a SecurityKey that can decrypt it?

X509Certificate2 pfxCertificate = Cryptography.GetCertificate(certThumbprint, StoreLocation.CurrentUser);
RSA privateKey = pfxCertificate.GetRSAPrivateKey();
RsaSecurityKey tokenDecryptionKey = new RsaSecurityKey(privateKey); 

var handler = new JsonWebTokenHandler();
var result = handler.ValidateToken(token, new TokenValidationParameters
{
    ValidAudience = "api1",
    ValidIssuer = "https://test.com",
    IssuerSigningKey = issuerSigningKey,
    TokenDecryptionKey = tokenDecryptionKey //This results in an error because it is not able to decrypt A256GCM.
});
dvsekhvalnov commented 4 months ago

Hi @josh-monreal ,

not sure i got the question correctly, what did you mean by "create a SecurityKey" ?

If you know the recipient key you can use library to decrypt A256GCM JWE for sure.

There are plenty of examples in documentation: https://github.com/dvsekhvalnov/jose-jwt?tab=readme-ov-file#verifying-and-decoding-tokens

sohlae commented 4 months ago

Thank you @dvsekhvalnov, I found a way to do it. I'll close this now.