JWE Decryption does not work for me with jose jwt

Question

I am using Jose-Jwt license on C# and I have the following code:                   

private string DecodeJWT(string token)
{
    string privateKeyPath = ConfigurationManager.AppSettings["PrivateKey"];
    var privateRSA = RsaProviderFromPrivateKeyInPemFile(privateKeyPath);           
    string json = Jose.JWT.Decode(token,privateRSA, Jose.JweAlgorithm.RSA_OAEP, Jose.JweEncryption.A256GCM);
    return json;
}


private RSACryptoServiceProvider RsaProviderFromPrivateKeyInPemFile(string privateKeyPath)
{
     using (TextReader privateKeyTextReader = new StringReader(System.IO.File.ReadAllText(privateKeyPath)))
     {
         PemReader pr = new PemReader(privateKeyTextReader);
         RSAParameters rsaParams = DotNetUtilities.ToRSAParameters((RsaPrivateCrtKeyParameters)pr.ReadObject());
         RSACryptoServiceProvider csp = new RSACryptoServiceProvider();
         csp.ImportParameters(rsaParams);
         return csp;
     }
}

However I didn't manage to decrypt the encrypted string. It returns the same encrypted string after decoding. Can anyone advise what I might have done wrong? I am actually following suggestions from this Q/A

It doesn't seem to work for me. :(

Answer 1

I found out that decoding actually works. But I need to further decrypt the data using the Public Key.

RSACryptoServiceProvider publicRSA = RsaProviderFromPublicKeyInPemFile(publicKeyPath);

        var validationParameters = new TokenValidationParameters()
        {
            RequireExpirationTime = false,
            RequireSignedTokens = true,
            ValidateAudience = false,
            ValidateIssuer = false,
            IssuerSigningKey = new RsaSecurityKey(publicRSA)
        };

        IdentityModelEventSource.ShowPII = true;
        var result = handler.ValidateToken(decryptedresult, validationParameters, out var validatedToken);

However the system is throwing {"IDX10501: Signature validation failed. Unable to match key: \nkid: 'C6Q-0bsHc4qyNq6MBEtftpB-DsTHNth4ZnlrFPUQ8PI'.\nExceptions caught:\n ''. \ntoken: {"IDX10501: Signature validation failed. Unable to match key: \nkid: 'C6Q-0bsHc4qyNq6MBEtftpB-DsTHNth4ZnlrFPUQ8PI'.\nExceptions caught:\n ''. \ntoken: '{\"alg\":\"RS256\",\"kid\":\"C6Q-0bsHc4qyNq6MBEtftpB-DsTHNth4ZnlrFPUQ8PI\"}.{\"uinfin\":{\"lastupdated\":\"2019-11-13\",\"source\":\"1\",\"classification\":\"C\",\"value\":\"S9812381D\"}....

However I can see the payload decrypted in the error message. I am stuck at how to handle this Unable to match key error.