Search code examples

ASP.NET Core 5 - Decoding an AES-GCM-256 JWE

I'm trying unsuccessfully to decode an encrypted token.

I tried the AesGcm class of c# but it's giving me an error regarding the TAG:

The computed authentication tag did not match the input authentication tag.

This is how I try to decode:

string tag =  token.Split(".")[4];
byte[] tag_byte = Base64UrlEncoder.DecodeBytes(tag);

new AesGcm(secretKey_byte).Decrypt(iv_byte, ciphertext_byte, tag_byte, decryptedPayload);

Then I switched to BouncyCastle and I get this error:

Invalid value for MAC size: 176


     using Org.BouncyCastle.Crypto;
     using Org.BouncyCastle.Crypto.Parameters;
     using Org.BouncyCastle.Security;

     string ciphertext = token.Split(".")[3];          
     byte[] ciphertext_byte = Encoding.UTF8.GetBytes(ciphertext);          
     string cipherText_Encoded = System.Convert.ToBase64String(ciphertext_byte);

     string secretKey_hash = Utils.ComputeSha256Hash(secretKey);

     string iv = token.Split(".")[2];
     byte[] iv_byte = Encoding.UTF8.GetBytes(iv);
     string iv_Encoded = System.Convert.ToBase64String(iv_byte);

     string tag = token.Split(".")[4];
     byte[] tag_byte = Encoding.UTF8.GetBytes(tag);

     string decryptedToken = Utils.DecryptWithGCM(cipherText_Encoded, secretKey_hash, iv_Encoded , tag_byte);


    public static string ComputeSha256Hash(string rawData)
        // Create a SHA256   
        using (SHA256 sha256Hash = SHA256.Create())
            // ComputeHash - returns byte array  
            byte[] bytes = sha256Hash.ComputeHash(Encoding.UTF8.GetBytes(rawData));
            // Convert byte array to a string   
            StringBuilder builder = new StringBuilder();

            for (int i = 0; i < bytes.Length; i++)

            return builder.ToString();

    public static string DecryptWithGCM(string EncryptedString, string KeyString, string NonceString, byte[] tag)
        byte[] key = Convert.FromBase64String(KeyString);
        byte[] nonce = Convert.FromBase64String(NonceString);

        byte[] ciphertext = Convert.FromBase64String(EncryptedString);
        var plaintextBytes = new byte[ciphertext.Length];

        var cipher = new GcmBlockCipher(new AesEngine());
        var parameters = new AeadParameters(new KeyParameter(key), tag.Length * 8, nonce);
        cipher.Init(false, parameters);

        var bcCiphertext = ciphertext.Concat(tag).ToArray();

        var offset = cipher.ProcessBytes(bcCiphertext, 0, bcCiphertext.Length, plaintextBytes, 0);
        cipher.DoFinal(plaintextBytes, offset);

        return Encoding.UTF8.GetString(plaintextBytes);

This is my token and secret key

Key: (before hashing)





  • Ok, I have given up on the built-in decryptor and BouncyCastle and have opted to try Jose-jwt nuget package.

    And it works!

    byte[] secretKey_byte = Utils.ComputeSha256Hash(secretKey);
    JweToken decryptedToken = JWE.Decrypt(token, secretKey_byte);

    So simple. The decrypted JWT will be under decryptedToken.Plaintext