I have a OpenSSL key pair that I use to create the RSA object:
let getSigningKey (rsa:RSA) (key) =
try
rsa.ImportPkcs8PrivateKey(
source = ReadOnlySpan(trimOpenSslPrivKey key),
bytesRead = ref 0
)
Some rsa
with ex ->
LambdaLogger.Log <| sprintf "Exception : %s" ex.Message
None
Once it is created I can use it to sign the JWT tokens no problem.
However, once I would like to create encrypted JWT (JWE) I am not sure how this can be used.
Signing:
let getSigningCredentials () =
try
getRsa()
|> Option.map (fun rsa ->
let signingCredentials =
SigningCredentials(RsaSecurityKey(rsa), SecurityAlgorithms.RsaSha256)
signingCredentials.CryptoProviderFactory <- CryptoProviderFactory(CacheSignatureProviders = false)
signingCredentials)
with ex ->
LambdaLogger.Log(sprintf "Exception : %s" ex.Message)
None
And finally the JWT creation:
JwtSecurityToken(
issuer = "Bob",
signingCredentials = signingCredentials,
claims = claims,
notBefore = Nullable notBefore,
expires = Nullable expires
)
I think it should be similar:
SecurityTokenDescriptor(
Issuer = "Bob",
Claims = claims,
NotBefore = Nullable notBefore,
Expires = Nullable expires,
EncryptingCredentials = ??,
SigningCredentials = signingCredentials
)
I am not sure how to use RSA as the EncryptingCredentials.
The following c# code shows you how to get the encrypting credentials. I assume you have the RSA key pair.
EncryptingCredentials GetEncryptingCredentials(RSA rsa)
{
var parameters = rsa.ExportParameters(includePrivateParameters: false);
var publicRsaSecurityKey = new RsaSecurityKey(parameters);
return new EncryptingCredentials(publicRsaSecurityKey , SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes256CbcHmacSha512);
}
To get the token decryption key you can use the following code:
SecurityKey GetTokenDecryptionKey(RSA rsa)
{
var parameters = rsa.ExportParameters(includePrivateParameters: true);
return new RsaSecurityKey(parameters);
}