0

I am trying to verify signatures against a public key, and i got that working using RSACryptoproviders etc. I set the public key (importing the key in PEM format, reading the rsa parameters and then creating an RsaSecurityKey) It all works, but now a client wants me to support not only the PEM format, but also de JWK format.

When I google, I find 100 sites converting PEM's to JWK's (there is a JwkConvert class even) but it only goes one way.

How in c# can I do it the other way around? so I can convert the JWK to a RsaSecurityKey?

I found this post: How to transform a jwk to public key over openssl But i'm hoping i don't have to write all that myself..

Also, i'm allready using BouncyCastle crypto library (I use it for importing the PEM format)

I was hoping I could retreive the RsaParameters from the JWK, but i'm just a user of crypto and the letters don't tell me anything.

to give a bit more information, this is my JWK:

{"keys":[{"kid":"OEbwVQck6qGhsCWiYenQowD9wHic7BtS-LALJEna-og","kty":"RSA","alg":"RS256","use":"sig","n":"w1Y2AZWK8k0gWPQv5Q_GnNHna8kD_TcZhB0_qM8cQ8ABJUiynLjS52tVLeo9NQnIBiiGDDby_bmAkJnxUtzanpGo4wnsvckjHFiThZSNnMpU_GIRFvhjyfPcnvzLhuvmd_gX9iDQmpJk2nbBoatkKwnaiAl0VQ8jP85DxQYsjlxwrKhhVqIe4EYEazq3zTpKOKWu4QSQYE74lvWbyqEmSPG32V2Te7L7BDVAgqsQhAqx0mRpMHcJPtgX0AsM5iQrxUow51Y22shd6pgLkgvbc8LfXKWHAUgeg20JBBQc_gReek1h0qToDY-hWdxLpGBOLeWUKoUVAzAj2gXgTER2TQ","e":"AQAB","x5c":["MIIClTCCAX0CBgFz4hEUBTANBgkqhkiG9w0BAQsFADAOMQwwCgYDVQQDDANJUkQwHhcNMjAwODEyMDk0NTM2WhcNMzAwODEyMDk0NzE2WjAOMQwwCgYDVQQDDANJUkQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDVjYBlYryTSBY9C/lD8ac0edryQP9NxmEHT+ozxxDwAElSLKcuNLna1Ut6j01CcgGKIYMNvL9uYCQmfFS3NqekajjCey9ySMcWJOFlI2cylT8YhEW+GPJ89ye/MuG6+Z3+Bf2INCakmTadsGhq2QrCdqICXRVDyM/zkPFBiyOXHCsqGFWoh7gRgRrOrfNOko4pa7hBJBgTviW9ZvKoSZI8bfZXZN7svsENUCCqxCECrHSZGkwdwk+2BfQCwzmJCvFSjDnVjbayF3qmAuSC9tzwt9cpYcBSB6DbQkEFBz+BF56TWHSpOgNj6FZ3EukYE4t5ZQqhRUDMCPaBeBMRHZNAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHrHDQWMgXLiumpq3JAKDjH+8bf6VRvG40xNRz6H0Xg3pdC+ME8Jqtl49z2oXLJPCDKqyX2Lv9YRn0tFP6VYkBLQp1BBg7j2y8frkMrhzoRt28dhMfyMtdFgOhykwaPl6V0ASmd/iMyjK52XYjyUj+kVFhBNe1dA9F5Ftw1tyfwY5EFWbLyoBLzH+oZxbZzWIdFdSE9hhxOsioIaOOfrpBkincvQOYf/0RJS9jrVM2bRNah0HmxrdkiZNwvszm2uHPVNzgNxiK1iNqTHztbNKm9uO7diziJ4I4f2fesSMEdZG8AZ52NwP1ZVcTE+ZXcOE/+NhyAVf+4SP4abpqzi8+Q="],"x5t":"oNVqosVxKIQ8TW3MGZzM8_2AIJQ","x5t#S256":"_VULg4UAhXE8V7vJFJDTUYeoH0FL2pbbK0Lc8-3CK3k"}]}

When i create a Microsoft JsonWebKey object out of it, the 'N' and the 'E' parameters are null (as are 'D', 'DP', 'DQ', 'P', 'Q', 'QI', 'X' and 'Y')

Therefor I can't create RsaParameters...

BasieP
  • 37
  • 1
  • 7
  • 2
    Does this answer your question? [How to validate signature of JWT from jwks without x5c](https://stackoverflow.com/questions/61395261/how-to-validate-signature-of-jwt-from-jwks-without-x5c) – jps Jun 02 '21 at 07:19
  • The keys are different in c# and JWK. The padding mode is different. You can add padding but you cannot remove. In one case you have a key that could be 208 bytes and the other case could be 256 bytes. The difference is the 256 bytes have random bytes at end that are ignored except there is a hash to validate the key. So you have to change encryption options in both encrypt and decrypt to take the short key or long key. – jdweng Jun 02 '21 at 08:26
  • @jdweng you lost me. I understand padding and stuff, but where does this come in? Currently I'm at the stage where the default JsonWebKey class doesn't seem to be able to parse my (valid) jwks... Should I try parsing it myself and extract the parameters? – BasieP Jun 02 '21 at 08:55

1 Answers1

1

as it turns out it was an oopsie from my side.. the string i posted was a jsonWebKeySET and not just a single jsonwebkey. I put it in the constructor of the JsonWebKey class and got no parse error whatsoever (grrr microsoft) so assumed it was correct.

Turns out I had to use the JsonWebKeySet() class. @jps comment helped a lot after that. (don't know how to give you credit for that)

BasieP
  • 37
  • 1
  • 7
  • JsonWebKeySet is a Microsoft product that is using the same padding mode a c#. You probably were using a library that was using the padding mode that java normally uses. – jdweng Jun 02 '21 at 09:43
  • nope, as i said i used a JsonWebKey instead of a JsonWebKeySet – BasieP Jun 02 '21 at 10:25
  • @BasieP hey there, I have been stuck on the similar issue for days. Do you have any example somewhere how did you solve it? – Vanessa Kensington Oct 25 '21 at 11:01