1

I am new to JWS concept, and have been asked to create a snippet for JSON signature in C#. We would be having multiple signatures, so each time a JSON payload is signed, it will be added to the signatures.

I checked about JWS JSON Serialization and how it can be used in cases for multiple signatures.

The following is the code used for signing and encryption:

// Checking if the request contains body, usually will be null wiht HTTP GET and DELETE
if (request.Content != null)
{
    byte[] content = await request.Content.ReadAsByteArrayAsync();
    MD5 md5 = MD5.Create();

    // Hashing the request body, any change in request body will result in different hash, we'll ensure message integrity
    byte[] requestContentHash = md5.ComputeHash(content);
    requestContentBase64String = Convert.ToBase64String(requestContentHash);
}

// Creating the raw signature string
string signatureRawData = String.Format("{0}{1}{2}{3}{4}{5}", APPId, requestHttpMethod, requestUri, requestTimeStamp, nonce, requestContentBase64String);

var secretKeyByteArray = Convert.FromBase64String(APIKey);

byte[] signature = Encoding.UTF8.GetBytes(signatureRawData);

using (HMACSHA256 hmac = new HMACSHA256(secretKeyByteArray))
{
    byte[] signatureBytes = hmac.ComputeHash(signature);
    string requestSignatureBase64String = Convert.ToBase64String(signatureBytes);

    // Setting the values in the Authorization header using custom scheme (amx)
    request.Headers.Authorization = new AuthenticationHeaderValue("amx", string.Format("{0}:{1}:{2}:{3}", APPId, requestSignatureBase64String, nonce, requestTimeStamp));
}

response = await base.SendAsync(request, cancellationToken);

But how do we implement a JSON signature?

I need help implementing how we use SignedXML logic, for signing XML documents with x509 certificate.

rene
  • 41,474
  • 78
  • 114
  • 152
Siddharth
  • 436
  • 2
  • 11
  • 29

1 Answers1

-4

enter image description here

I picked up the diagram from here https://jwt.io/index.html

JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

JWT.IO allows you to decode, verify and generate JWT.

Try the Nuget jose-jwt package.

var payload = new Dictionary<string, object>()
{
    { "sub", "mr.x@contoso.com" },
    { "exp", 1300819380 }
};

string token = Jose.JWT.Encode(payload, null, JwsAlgorithm.none);
Ziaullah Khan
  • 2,020
  • 17
  • 20
  • 3
    The question is regarding JWS, meaning Web Signatures. Web Tokens (JWT) is something different. That is probably why you got a negative vote. Your answer should not be marked as correct answer. – SondreB Aug 18 '20 at 21:39