How to Initialize AsymmetricJwk

uruk-project / Jwt

JSON Web Token implementation for .Net & .Net Core

MIT License

84 stars 13 forks source link

How to Initialize AsymmetricJwk #440

Closed khandokar closed 4 years ago

khandokar commented 4 years ago

Hi I am working on .Net and interested to use JsonWebToken for Signing Purpose. i want to implement Using OAuth 2.0 for Server to Server Applications in google. The only signing algorithm supported by the Google OAuth 2.0 Authorization Server is RSA using SHA-256 hashing algorithm. I have the private key in my hand.i need to initialize AsymmetricJwk, i think. But the example only showing SymmetricJwk.Can you Please help me, how can i initialize AsymmetricJwk using Private Key.

Thanks

ycrumeyrolle commented 4 years ago

It depends of the cryptographic material at your disposal. If you have a X509 certificate (X509Certificate2), the easiest way is to use the FromCertificate() method: var key = RsaJwk.FromX509Certificate(certificate, withPrivateKey: true);

If you have the RSAParameters, use the method FromParameters var key = RsaJwk.FromParameters(rsaParameters);

If you have the JSON representation in JWK format, use the FromJson method: var key = RsaJwk.FromJson(jsonString);

Or if you have each component of the RSA key, call the constructor: var key = new RsaJwk(d: { ... }, p: { ... }, q: { ... }, dp: { ... }, dq: { ... }, qi: { ... }, e: { ... }, n: { ... }); where each parameter is a byte[]

ycrumeyrolle commented 4 years ago

I fear that your RSA key is in PEM format, which is not supported in .Net until the a month ago https://github.com/dotnet/runtime/issues/31201.

khandokar commented 4 years ago

i used FromCertificate before creating the issue, google have .p12 file, but they are not recommending it, they are recommending the .json file but that was not in jwk format. The following keys exist in the file { "type": "", "project_id": "", "private_key_id": "", "private_key": "", "client_email": "", "client_id": "", "auth_uri": "", "token_uri": "", "auth_provider_x509_cert_url": "", "client_x509_cert_url": "" } i know they are providing the ..cert_url from where i can download the JWK formed json file, But instead how can i use private_key(i attached private_key only)? is it possible to retrieve each component of RSA Key?

Thanks

ycrumeyrolle commented 4 years ago

The Google RSA private key is in PKCS8 format, ASN.1 structured. The client_x509_cert_url provide certificates, but I did not had time to see what kind of key it contain. This might be the public key as it is exposed on the Internet.

I started to write an ASN.1 parser https://github.com/ycrumeyrolle/Jwt/pull/441 It will be something like: RsaJwk.FromPkcs8PrivateKey("The private key");

khandokar commented 4 years ago

That would be very nice.It will be available on next version right?

Thanks