Jwt payload not encrypted

Question

I seem to be missing something about Jwt. I followed this SO answer, which works.

However, my data is still not encrypted.

I generate a private key:

 `openssl genrsa -out privateKey.pem 512`

Then I (attempt to) encrypt it into a Jwt token, with this :

string privateKey = File.ReadAllText(@"privateKey.pem");
RSAParameters rsaParams;
using (var tr = new StringReader(privateKey))
{
    var pemReader = new PemReader(tr);
    var keyPair = pemReader.ReadObject() as AsymmetricCipherKeyPair;
    if (keyPair == null)
    {
        throw new Exception("Could not read RSA private key");
    }
    var privateRsaParams = keyPair.Private as RsaPrivateCrtKeyParameters;
    rsaParams = DotNetUtilities.ToRSAParameters(privateRsaParams);
}
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
    rsa.ImportParameters(rsaParams);
    //Dictionary<string, object> payload = claims.ToDictionary(k => k.Type, v => ect)v.Value);
    return Jose.JWT.Encode(payload, rsa, Jose.JwsAlgorithm.RS256);
}

Which yields a Jwt. When I take that token to jwt.io, I get this :

As you can see, the payload is visible, without me having to provide a key to decode it.

What am I doing wrong, and not understanding?

You are creating signed, but not encrypted token. You can refer to documentation of library you are using (https://github.com/dvsekhvalnov/jose-jwt) to see how to encrypt it. Note that question you were following even has a title: "How to _sign_ a JWT using RSA..." — Evk, Nov 03 '20 at 05:56
@Evk, thanks. That was where my misconception was. I was under the impressions signing and encrypting was the same thing. Could you please answer with your comment, so I can mark that as the answer? — WynDiesel, Nov 03 '20 at 06:34
and also https://stackoverflow.com/questions/48490472/not-understanding-jwt-encryption/48490509#48490509 — jps, Nov 03 '20 at 06:41

Jwt payload not encrypted

0 Answers0