jose-jwt のバックアップ(No.10)

[ トップ ]   [ 新規 | 一覧 | 単語検索 | 最終更新 | ヘルプ ]

• バックアップ一覧
• 差分 を表示
• 現在との差分 を表示
• ソース を表示
• jose-jwt へ行く。
  • 1 (2018-11-03 (土) 16:01:35)
  • 2 (2018-11-03 (土) 19:01:29)
  • 3 (2018-11-03 (土) 19:14:52)
  • 4 (2018-11-05 (月) 09:12:35)
  • 5 (2018-11-05 (月) 15:10:00)
  • 6 (2018-11-05 (月) 17:13:23)
  • 7 (2018-11-05 (月) 21:20:57)
  • 8 (2018-11-07 (水) 10:21:46)
  • 9 (2018-11-07 (水) 14:28:43)
  • 10 (2018-11-08 (木) 19:14:46)
  • 11 (2018-11-09 (金) 00:05:49)
  • 12 (2018-11-09 (金) 09:30:55)
  • 13 (2018-11-09 (金) 17:36:21)
  • 14 (2018-11-09 (金) 18:31:03)
  • 15 (2018-11-09 (金) 22:42:34)
  • 16 (2018-11-13 (火) 16:01:39)

---

「マイクロソフト系技術情報 Wiki」は、「Open棟梁Project」,「OSSコンソーシアム .NET開発基盤部会」によって運営されています。

• 戻る

目次 †

概要 †

jose-jwtを使い倒す。

特徴 †

Readme.md中で、以下の様に述べられている。

• .NETと.NET Core用の最小 or ゼロ依存のアルティメットJWT実装
• jose.4.j、Nimbus-JOSE-JWT、json-jwtライブラリとの互換性を広範にテスト。

比較 †

ライトユーザー向けではなく、ヘビーユーザー向け。

• クロスプラットフォーム実装
• ClientではなくAuthZサイド実装用

的な。

詳細 †

機能 †

JWS †

署名・検証

JWE †

暗号化・復号化

ユーティリティ †

・・・

依存関係 †

以下を使用している。

CAPI(CSP)、CNG †

• 実装がある。
  • https://github.com/dotnet/corefx/tree/master/src/System.Security.Cryptography.Csp/src/System/Security/Cryptography
  • https://github.com/dotnet/corefx/tree/master/src/System.Security.Cryptography.Cng/src/System/Security/Cryptography

• Linuxでは...（こちら）

OpenSSL †

• 上記の、AlgorithmとX509Certificateでは、更に下位にOpenSSLのNuGetライブラリを参照している。
  • Algorithm
    https://github.com/dotnet/corefx/tree/master/src/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography
  • X509Certificate
    https://github.com/dotnet/corefx/tree/master/src/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates

• ネイティブ実装
  ライセンスには各種Linuxディストリビューション毎のネイティブ実装のライセンスが表示されるので、
  当該ライブラリのクロスプラットフォーム対応も完了しているものと考える。
  

Linux上 †

WSL上での.NET Core開発 †

• 「/mnt/c」※ 1 を経由して実行
  ※ 1 : DrvFs??のVFSファイルシステムプラグイン。

• dotnetコマンドを使用して、ビルドと実行を行う。

• コマンド

  cd /mnt/c/Git1/SampleProgram/Other/jose_jwt_Sample
  dotnet publish -c Release -r ubuntu.16.04-x64 --self-contained
  cd jose_jwt_Sample/bin/Release/netcoreapp2.0/ubuntu.16.04-x64/
  dotnet jose_jwt_Sample.dll
  

CNGが動作しない。 †

Unhandled Exception: System.PlatformNotSupportedException: Windows Cryptography Next Generation (CNG) is not supported on this platform.
   at System.Security.Cryptography.CngKeyBlobFormat.get_EccPrivateBlob()
   at Security.Cryptography.EccKey.New(Byte[] x, Byte[] y, Byte[] d, CngKeyUsages usage)

• ECDsaならX509Certificate2.GetECDsaPrivateKey()で解決可能。
  しかし、まさかの、Windowsで動かなくて、Linux上で動く。ことを確認した。
  • why CngKey?.Import is not supported on ubuntu? · Issue #18733 · dotnet/corefx
    https://github.com/dotnet/corefx/issues/18733

bcrypt.dllが見つからない。 †

Unhandled Exception: System.DllNotFoundException: Unable to load DLL 'bcrypt.dll': The specified module or one of its dependencies could not be found.
 (Exception from HRESULT: 0x8007007E)
   at Jose.native.BCrypt.BCryptOpenAlgorithmProvider(IntPtr& phAlgorithm, String pszAlgId, String pszImplementation, UInt32 dwFlags)
   at Jose.AesGcm.OpenAlgorithmProvider(String alg, String provider, String chainingMode)
   at Jose.AesGcm.Encrypt(Byte[] key, Byte[] iv, Byte[] aad, Byte[] plainText)
   at Jose.AesGcmKeyWrapManagement.WrapNewKey(Int32 cekSizeBits, Object key, IDictionary`2 header)
   at Jose.JWT.EncodeBytes(Byte[] payload, Object key, JweAlgorithm alg, JweEncryption enc, Nullable`1 compression, IDictionary`2 extraHeaders, JwtSettings settings)

参考 †

• NuGet Gallery | jose-jwt
  https://www.nuget.org/packages/jose-jwt/
• dvsekhvalnov/jose-jwt
  https://github.com/dvsekhvalnov/jose-jwt
  

サンプル・コード †

実装 †

https://github.com/OpenTouryoProject/SampleProgram/blob/master/Other/jose_jwt_Sample/jose_jwt_Sample/Program.cs

結果 †

出力（on Window） †

RSA privateX509Key: is not null
RSA privateSignatureAlgorithm: sha256RSA
RSA privateX509Key.PrivateKey: is System.Security.Cryptography.RSACng
RSA publicX509Key: is not null
RSA publicSignatureAlgorithm: sha256RSA
RSA publicX509Key: is System.Security.Cryptography.X509Certificates.PublicKey
RSA publicX509Key.Key: is System.Security.Cryptography.RSACng
DSA privateX509Key: is not null
DSA privateSignatureAlgorithm: System.Security.Cryptography.CryptographicException, The OID value is invalid.
DSA privateX509Key.PrivateKey: is System.Security.Cryptography.DSACng
DSA publicX509Key: is not null
DSA publicSignatureAlgorithm: System.Security.Cryptography.CryptographicException, The OID value is invalid.
DSA publicX509Key: is System.Security.Cryptography.X509Certificates.PublicKey
DSA publicX509Key.Key: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException, プロバイダーの公開キーは無効です。
privateDSA: is not null
ECDsa privateX509Key: is not null
ECDsa privateSignatureAlgorithm: System.Security.Cryptography.CryptographicException, The OID value is invalid.
ECDsa privateX509Key.PrivateKey: is System.Security.Cryptography.DSACng
ECDsa publicX509Key: is not null
ECDsa publicSignatureAlgorithm: System.Security.Cryptography.CryptographicException, The OID value is invalid.
ECDsa publicX509Key: is System.Security.Cryptography.X509Certificates.PublicKey
ECDsa publicX509Key.Key: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException, プロバイダーの公開キーは無効です。
privateECDsa: is null
publicECDsa: is null
----------------------------------------------------------------------------------------------------
JwsAlgorithm.none: eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.
JwsAlgorithm.HS256: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.dvd5Ak6zcBy0OB7gxVtehT3Ab5NO7XEggon6r_CTSfE
JWT Header: {"alg":"HS256","typ":"JWT"}
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JwsAlgorithm.RS256: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.jMJbrOaZ_p0xouAFfetm_orlTuwPbJK65-rEto5lIGgCR_oCG_ApQWeCXc5xikto_IcN2nNsHWMOMJMII6WlhVmn9pFTuuj-fZH_aB-aasDSguyXd59BA43a4glZbPCITOwZFfeNMpXGrKG_YNvexP5mtiJYYCDXMgq2zBHS9lQYcGXy4YyGPD_jNu6ziLRNDdKCkRqTppTE2SexZAwaSJRGGuY-fHA3jVPBV90Cty7yBC3ybKmiE4imVQs8CUw7ic61HSytgItIlreol4PMMP8fXB6O1e_K8QJFfRIf9oC07y9Mo5OWl4CCOxvKAo9nos0GTWUUNUH-sugJhUV14A
JWT Header: {"alg":"RS256","typ":"JWT"}
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JwsAlgorithm.ES256: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.PrjcULr43rR5QxXdnD8YPfSQ2b9DU3rqmBNCcY8tEjaY_SUl5KRTzXWAFGJjVcg1_VApnUc00uoUUuZPZI1d-g
JWT Header: {"alg":"ES256","typ":"JWT"}
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JweAlgorithm.RSA1_5, JweEncryption.A128CBC_HS256: eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.Tu9QV6n2XQttygOYIJ-u6LWEcFMsME3SixONOc3XVvEOscoFaoNsst8w0eTr_FmgYGqnfnDe9bNMJzN6oLQtWz0wJj6jGq0JzEOyV55ioYD0voNHt1FV_hhT0o85ZYQHrr71F_1lVcdow6s0sxGYySW6BNzWXDQFK-iBtsGKTHmoID7JIbHPQZ1O2oQrdBxdjksmI82NF1dyCLMQ0WbKd_1gW1y_RIHuz32TNNkLiQcTCQlylICkczFdxkv_PHn4afbBnCN48xWlJr6TkyzIo6hsJE4B4oVCEAh6EPxEyKdMm8Obc7eUSkeqOxHCy0aK0rAKVHgxaBJeMxqPGihfvg.vOqWj8wJ4MI0NgX5qNtaCw.v6ez9piQy3kdDFyE0lMV0rP_L5a_fs46dvi547EFQDG67Yn7SWM-ixQXjJ2ER2B0.mLmrCs0m74QwZRkEgImrTg
JWT Header: {"alg":"RSA1_5","enc":"A128CBC-HS256"}
- JWE Encrypted Key: Tu9QV6n2XQttygOYIJ-u6LWEcFMsME3SixONOc3XVvEOscoFaoNsst8w0eTr_FmgYGqnfnDe9bNMJzN6oLQtWz0wJj6jGq0JzEOyV55ioYD0voNHt1FV_hhT0o85ZYQHrr71F_1lVcdow6s0sxGYySW6BNzWXDQFK-iBtsGKTHmoID7JIbHPQZ1O2oQrdBxdjksmI82NF1dyCLMQ0WbKd_1gW1y_RIHuz32TNNkLiQcTCQlylICkczFdxkv_PHn4afbBnCN48xWlJr6TkyzIo6hsJE4B4oVCEAh6EPxEyKdMm8Obc7eUSkeqOxHCy0aK0rAKVHgxaBJeMxqPGihfvg
- JWE Initialization Vector: vOqWj8wJ4MI0NgX5qNtaCw
- JWE Ciphertext: v6ez9piQy3kdDFyE0lMV0rP_L5a_fs46dvi547EFQDG67Yn7SWM-ixQXjJ2ER2B0
- JWE Authentication Tag: mLmrCs0m74QwZRkEgImrTg
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM: eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.hIxL1q9DqF0bB8Y7I36v6zGO4FDePFynoFGCfYUWFGy3P0_lXKKNbexhUZOGTqiV6rlmcYID0V3OkaHNzhbO6r0IvDuWuGzclq0w6_pnKOotpoKJB_C41LRuYr-zd6uq9xJdZFle-qZ4xddxuxnG8WeN3YuKYemqdX_qEKlbO0UBjPhIDUf6gVEnACRfeSc5-lO-88v333iLPIGTruRnXU1bo9JTm2OOYEnl97QftD9SOAGRWnsfhaE8xYS4j6QMIVwSquV4_f9B1Lxa8agn6AgEqZkh1Hnne4mmV5RHlz1LtN0_7uv904j7W5pw4vWk4LynYLVBxKNJ1MUzBpLp-Q.F5ypDx0Ow7k5IGlu.783lTBP99Dn2SZzdDhbYLpW66xcVE9Bxh9g2kj8LCQVcm451NNZ3v4GzYA.e7vCNJHzDIzCeeyuCdokGA
JWT Header: {"alg":"RSA-OAEP","enc":"A256GCM"}
- JWE Encrypted Key: hIxL1q9DqF0bB8Y7I36v6zGO4FDePFynoFGCfYUWFGy3P0_lXKKNbexhUZOGTqiV6rlmcYID0V3OkaHNzhbO6r0IvDuWuGzclq0w6_pnKOotpoKJB_C41LRuYr-zd6uq9xJdZFle-qZ4xddxuxnG8WeN3YuKYemqdX_qEKlbO0UBjPhIDUf6gVEnACRfeSc5-lO-88v333iLPIGTruRnXU1bo9JTm2OOYEnl97QftD9SOAGRWnsfhaE8xYS4j6QMIVwSquV4_f9B1Lxa8agn6AgEqZkh1Hnne4mmV5RHlz1LtN0_7uv904j7W5pw4vWk4LynYLVBxKNJ1MUzBpLp-Q
- JWE Initialization Vector: F5ypDx0Ow7k5IGlu
- JWE Ciphertext: 783lTBP99Dn2SZzdDhbYLpW66xcVE9Bxh9g2kj8LCQVcm451NNZ3v4GzYA
- JWE Authentication Tag: e7vCNJHzDIzCeeyuCdokGA
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JweAlgorithm.DIR, JweEncryption.A128CBC_HS256: eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..4ea3kXXGk1ltQ1RPILoxDQ.MxQKdHzhMuAXKiM3q69T_dfjsUEX-V8abMCRD-2lEL3X2CPc2XRimHSHk4f_Ckgb.Kop59CAjQC0-AT3-ScFUpA
JWT Header: {"alg":"dir","enc":"A128CBC-HS256"}
- JWE Encrypted Key: 
- JWE Initialization Vector: 4ea3kXXGk1ltQ1RPILoxDQ
- JWE Ciphertext: MxQKdHzhMuAXKiM3q69T_dfjsUEX-V8abMCRD-2lEL3X2CPc2XRimHSHk4f_Ckgb
- JWE Authentication Tag: Kop59CAjQC0-AT3-ScFUpA
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JweAlgorithm.A256KW, JweEncryption.A256CBC_HS512: eyJhbGciOiJBMjU2S1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIn0.HPu1ltWbIKKTlQ8omG27x-I8yxhxQ5H0brN6hesaGg4OCrdWmwIoiwetxxz1UNfeB0zfOMkMcsa-YJ-Wd5DFGO7wxuiVaNgz.QtMzcwyyNx5AhmBT9qXBoA.br9u5Gw2AHDbZbBd8delv5gWF3lZikPgKTRIKeefiKHV37F0RSf1881dQsfGWTnS.t-ema0tnx3fy7vxRZHv9IEojebKY82CZJE2YpW2iNXY
JWT Header: {"alg":"A256KW","enc":"A256CBC-HS512"}
- JWE Encrypted Key: HPu1ltWbIKKTlQ8omG27x-I8yxhxQ5H0brN6hesaGg4OCrdWmwIoiwetxxz1UNfeB0zfOMkMcsa-YJ-Wd5DFGO7wxuiVaNgz
- JWE Initialization Vector: QtMzcwyyNx5AhmBT9qXBoA
- JWE Ciphertext: br9u5Gw2AHDbZbBd8delv5gWF3lZikPgKTRIKeefiKHV37F0RSf1881dQsfGWTnS
- JWE Authentication Tag: t-ema0tnx3fy7vxRZHv9IEojebKY82CZJE2YpW2iNXY
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JweAlgorithm.A256GCMKW, JweEncryption.A256CBC_HS512: eyJhbGciOiJBMjU2R0NNS1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIiwiaXYiOiJvamlTTGpVekxkY0N6enhlIiwidGFnIjoiNlQ1eEJiTmhvRmtzV3NKaDJhdVhkZyJ9.Zo-Yo47wlciev8MP73CuYHDkaew12v68y73KA9jE6465Rs2UqsGXr63IqMQc0nTvvlE_SHOuTVexHQeOg6-8_g.WGpvtxRpSC41QUe3XtLU1Q.GZWWzavjpaOGn6CbIEsPLlaSqMaLPDRYi2Qwv7x-rC9nTA3kYe87n1XEQZaI11Lb.5GMeGTsUw6MdV45tjXYZbKrD2hEw02wLmxcPiT4Pyqc
JWT Header: {"alg":"A256GCMKW","enc":"A256CBC-HS512","iv":"ojiSLjUzLdcCzzxe","tag":"6T5xBbNhoFksWsJh2auXdg"}
- JWE Encrypted Key: Zo-Yo47wlciev8MP73CuYHDkaew12v68y73KA9jE6465Rs2UqsGXr63IqMQc0nTvvlE_SHOuTVexHQeOg6-8_g
- JWE Initialization Vector: WGpvtxRpSC41QUe3XtLU1Q
- JWE Ciphertext: GZWWzavjpaOGn6CbIEsPLlaSqMaLPDRYi2Qwv7x-rC9nTA3kYe87n1XEQZaI11Lb
- JWE Authentication Tag: 5GMeGTsUw6MdV45tjXYZbKrD2hEw02wLmxcPiT4Pyqc
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JweAlgorithm.ECDH_ES, JweEncryption.A256GCM: System.NotImplementedException, not yet
JweAlgorithm.PBES2_HS256_A128KW, JweEncryption.A256CBC_HS512: eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIiwicDJjIjo4MTkyLCJwMnMiOiJyYjFNb2VEQld0YUdmRldGIn0.NsZRujqDaWBYS20RVLSV-fXUiFhi6lTfubFCDl8sBxJ1XYhiiP9deEhRJdUD-EDNA44F6CCSi64uD0lIDoVVxS-OF5pu2qvg.e4Bdm68A4QhU5oHq5YJy_w.Qw_P8ipbTB2-srHxy5wBGkU29CLMD-3WTBnjwxEoaLlLiTqKOiEk_XWAI9ArB7da.E5AFzoOc8VequV0LjPuZOXnyRkQigRPxEXYUknxIvu4
JWT Header: {"alg":"PBES2-HS256+A128KW","enc":"A256CBC-HS512","p2c":8192,"p2s":"rb1MoeDBWtaGfFWF"}
- JWE Encrypted Key: NsZRujqDaWBYS20RVLSV-fXUiFhi6lTfubFCDl8sBxJ1XYhiiP9deEhRJdUD-EDNA44F6CCSi64uD0lIDoVVxS-OF5pu2qvg
- JWE Initialization Vector: e4Bdm68A4QhU5oHq5YJy_w
- JWE Ciphertext: Qw_P8ipbTB2-srHxy5wBGkU29CLMD-3WTBnjwxEoaLlLiTqKOiEk_XWAI9ArB7da
- JWE Authentication Tag: E5AFzoOc8VequV0LjPuZOXnyRkQigRPxEXYUknxIvu4
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
----------------------------------------------------------------------------------------------------
Adding extra headers to RS256: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6IkpXVCIsImtleWlkIjoiMTExLTIyMi0zMzMifQ.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.KwtpHrjNKBnyHo6QRaULxcWZDF9mDKHiQG1QBSmnrwHi7vJSiLH_3fFIcTkQvdu7FstmPOuuVD-T3EPKfv61aHz5o-0dRTylooln5tS_2_uZ4lPV4A2C_Pr_cYzRawUIuTwhCi3n0i-fQapYvKT41qjh0vKalEuDmd6-WDnpGcKdI3dv-kSB_42FfIdbEKDEtYvgyzwj5An9YJim29OsiM-GW6tyqei3nzHrQ0yPhgfKOd89M_azGynAVTTNKvPyZujnILu-XnVu54So-5W2fwg-WkKIpvP2ZZFAWRs-DEapBJWrNm10GGZdid-98SmGoifkaDNpCeIcQe3uetDB6w
JWT Header: {"alg":"RS256","typ":"JWT","cty":"JWT","keyid":"111-222-333"}
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
Strict validation(RS256): {"sub":"mr.x@contoso.com","exp":1300819380}

出力（on Linux） †

RSA privateX509Key: is not null
RSA privateSignatureAlgorithm: sha256RSA
RSA privateX509Key.PrivateKey: is System.Security.Cryptography.RSAOpenSsl
RSA publicX509Key: is not null
RSA publicSignatureAlgorithm: sha256RSA
RSA publicX509Key: is System.Security.Cryptography.X509Certificates.PublicKey
RSA publicX509Key.Key: is System.Security.Cryptography.RSAOpenSsl
DSA privateX509Key: is not null
DSA privateSignatureAlgorithm: dsa_with_SHA256
DSA privateX509Key.PrivateKey: is System.Security.Cryptography.DSAOpenSsl
DSA publicX509Key: is not null
DSA publicSignatureAlgorithm: dsa_with_SHA256
DSA publicX509Key: is System.Security.Cryptography.X509Certificates.PublicKey
DSA publicX509Key.Key: is System.Security.Cryptography.DSAOpenSsl
privateDSA: is not null
ECDsa privateX509Key: is not null
ECDsa privateSignatureAlgorithm: dsa_with_SHA256
ECDsa privateX509Key.PrivateKey: is System.Security.Cryptography.DSAOpenSsl
ECDsa publicX509Key: is not null
ECDsa publicSignatureAlgorithm: dsa_with_SHA256
ECDsa publicX509Key: is System.Security.Cryptography.X509Certificates.PublicKey
ECDsa publicX509Key.Key: is System.Security.Cryptography.DSAOpenSsl
privateECDsa: is null
publicECDsa: is null
----------------------------------------------------------------------------------------------------
JwsAlgorithm.none: eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.
JwsAlgorithm.HS256: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.dvd5Ak6zcBy0OB7gxVtehT3Ab5NO7XEggon6r_CTSfE
JWT Header: {"alg":"HS256","typ":"JWT"}
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JwsAlgorithm.RS256: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.jMJbrOaZ_p0xouAFfetm_orlTuwPbJK65-rEto5lIGgCR_oCG_ApQWeCXc5xikto_IcN2nNsHWMOMJMII6WlhVmn9pFTuuj-fZH_aB-aasDSguyXd59BA43a4glZbPCITOwZFfeNMpXGrKG_YNvexP5mtiJYYCDXMgq2zBHS9lQYcGXy4YyGPD_jNu6ziLRNDdKCkRqTppTE2SexZAwaSJRGGuY-fHA3jVPBV90Cty7yBC3ybKmiE4imVQs8CUw7ic61HSytgItIlreol4PMMP8fXB6O1e_K8QJFfRIf9oC07y9Mo5OWl4CCOxvKAo9nos0GTWUUNUH-sugJhUV14A
JWT Header: {"alg":"RS256","typ":"JWT"}
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JwsAlgorithm.ES256: System.ArgumentException, EcdsaUsingSha algorithm expects key to be of either CngKey or ECDsa types.
JweAlgorithm.RSA1_5, JweEncryption.A128CBC_HS256: eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.YAvkmpDaYGqc5ANlUvUn6bwr2_cnlBYJWXaTXPaYx2w2zMyYnYlmRIhw_xOlSKAK07Ja0tsDSeigPGpgWUXt_ZyNKEFL42Fzj4T9oUh3AhP_P4gSMTSqr2_MoSUvgEYlc98SbBSveWFl9kkFLRyx-gecPsYl_glFb39zo4ppK8-DJ1FFNYZ9gqdkocZBBfWgPrtFe0Q1i-vW7b6ikHSJOCSJk1i_Zp_YBu9hQuvWGebjIXIUoeJI2prT-GgNEKoOiJ7jk4Vqd5Hwpmit_7v0qyTnwB41FkY9Dx4NE1ERbwmv-goKB5TGyqfAtsyxzE4jUaSzYAr6WiUjYIVkjqfWSQ.LOzASVTdWUoKuP_lUE5JtQ.D2ihh04nIL34jlwdI-LauueYC2RnFLZMNG1ThivsU6uCV4C3efs4lMlTr3v9yrin.DbM87_fASRg-ASIej8l7RQ
JWT Header: {"alg":"RSA1_5","enc":"A128CBC-HS256"}
- JWE Encrypted Key: YAvkmpDaYGqc5ANlUvUn6bwr2_cnlBYJWXaTXPaYx2w2zMyYnYlmRIhw_xOlSKAK07Ja0tsDSeigPGpgWUXt_ZyNKEFL42Fzj4T9oUh3AhP_P4gSMTSqr2_MoSUvgEYlc98SbBSveWFl9kkFLRyx-gecPsYl_glFb39zo4ppK8-DJ1FFNYZ9gqdkocZBBfWgPrtFe0Q1i-vW7b6ikHSJOCSJk1i_Zp_YBu9hQuvWGebjIXIUoeJI2prT-GgNEKoOiJ7jk4Vqd5Hwpmit_7v0qyTnwB41FkY9Dx4NE1ERbwmv-goKB5TGyqfAtsyxzE4jUaSzYAr6WiUjYIVkjqfWSQ
- JWE Initialization Vector: LOzASVTdWUoKuP_lUE5JtQ
- JWE Ciphertext: D2ihh04nIL34jlwdI-LauueYC2RnFLZMNG1ThivsU6uCV4C3efs4lMlTr3v9yrin
- JWE Authentication Tag: DbM87_fASRg-ASIej8l7RQ
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM: System.DllNotFoundException, Unable to load DLL 'bcrypt.dll': The specified module or one of its dependencies could not be found.
 (Exception from HRESULT: 0x8007007E)
JweAlgorithm.DIR, JweEncryption.A128CBC_HS256: eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..1jqaOr-p1813RxeXSwuBEg.Ox993pIUNgNRLIK_W6XPBllBTNpJn9oRl23FbnuDW9edQBfSu9qtk59Dynf8VJC5.SnU4G-pZGbGwJ1Q1wStIAA
JWT Header: {"alg":"dir","enc":"A128CBC-HS256"}
- JWE Encrypted Key: 
- JWE Initialization Vector: 1jqaOr-p1813RxeXSwuBEg
- JWE Ciphertext: Ox993pIUNgNRLIK_W6XPBllBTNpJn9oRl23FbnuDW9edQBfSu9qtk59Dynf8VJC5
- JWE Authentication Tag: SnU4G-pZGbGwJ1Q1wStIAA
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JweAlgorithm.A256KW, JweEncryption.A256CBC_HS512: eyJhbGciOiJBMjU2S1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIn0.ibRLRXHWA7ijo2SmnV0ZwMm1QZ9jQah3a1CVzRPFJh5LHEjmxqRa6rbI-1BpdALIHwE3P8MUibBQHUP1EXgiMZFJd6M4dtQy.cBnKcf9-tfhRUDIRMhya6g.F1FQk9bptPmR3mss_opL4hd48DUVfp_z3AQwSAlcDtBAJaQeKj4KMAJvqgtVUL3b.tf1KQGRFZR8ORCpDdXgDDG1cDMaudM4fzQZnmT3VScY
JWT Header: {"alg":"A256KW","enc":"A256CBC-HS512"}
- JWE Encrypted Key: ibRLRXHWA7ijo2SmnV0ZwMm1QZ9jQah3a1CVzRPFJh5LHEjmxqRa6rbI-1BpdALIHwE3P8MUibBQHUP1EXgiMZFJd6M4dtQy
- JWE Initialization Vector: cBnKcf9-tfhRUDIRMhya6g
- JWE Ciphertext: F1FQk9bptPmR3mss_opL4hd48DUVfp_z3AQwSAlcDtBAJaQeKj4KMAJvqgtVUL3b
- JWE Authentication Tag: tf1KQGRFZR8ORCpDdXgDDG1cDMaudM4fzQZnmT3VScY
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JweAlgorithm.A256GCMKW, JweEncryption.A256CBC_HS512: System.DllNotFoundException, Unable to load DLL 'bcrypt.dll': The specified module or one of its dependencies could not be found.
 (Exception from HRESULT: 0x8007007E)
JweAlgorithm.ECDH_ES, JweEncryption.A256GCM: System.PlatformNotSupportedException, Windows Cryptography Next Generation (CNG) is not supported on this platform.
JweAlgorithm.PBES2_HS256_A128KW, JweEncryption.A256CBC_HS512: eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIiwicDJjIjo4MTkyLCJwMnMiOiJwclF4ZE9MUVJrOWxkTW5oIn0.viZNj6NH_ojNhSWrlpDGKjhiyNBM0xnYlCFkCGjNk71NiUVJz4jrdL925rzGHBhxUjUfwIALYRaXEZGCEz7Ja8RVCdoSr4-S.q4yzRqWbw4aIx2K0wuTkzQ.ssWtQmESu8a3uBd7izZE5G15-GNa67zGy_-CaFlMMHt5ppjhMXkWiyPNTl7Zrh5s.8oiJDgqHfAmVhZ9hfHhIvWZ7XUVNED2NaHK7iKyl-L8
JWT Header: {"alg":"PBES2-HS256+A128KW","enc":"A256CBC-HS512","p2c":8192,"p2s":"prQxdOLQRk9ldMnh"}
- JWE Encrypted Key: viZNj6NH_ojNhSWrlpDGKjhiyNBM0xnYlCFkCGjNk71NiUVJz4jrdL925rzGHBhxUjUfwIALYRaXEZGCEz7Ja8RVCdoSr4-S
- JWE Initialization Vector: q4yzRqWbw4aIx2K0wuTkzQ
- JWE Ciphertext: ssWtQmESu8a3uBd7izZE5G15-GNa67zGy_-CaFlMMHt5ppjhMXkWiyPNTl7Zrh5s
- JWE Authentication Tag: 8oiJDgqHfAmVhZ9hfHhIvWZ7XUVNED2NaHK7iKyl-L8
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
----------------------------------------------------------------------------------------------------
Adding extra headers to RS256: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6IkpXVCIsImtleWlkIjoiMTExLTIyMi0zMzMifQ.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.KwtpHrjNKBnyHo6QRaULxcWZDF9mDKHiQG1QBSmnrwHi7vJSiLH_3fFIcTkQvdu7FstmPOuuVD-T3EPKfv61aHz5o-0dRTylooln5tS_2_uZ4lPV4A2C_Pr_cYzRawUIuTwhCi3n0i-fQapYvKT41qjh0vKalEuDmd6-WDnpGcKdI3dv-kSB_42FfIdbEKDEtYvgyzwj5An9YJim29OsiM-GW6tyqei3nzHrQ0yPhgfKOd89M_azGynAVTTNKvPyZujnILu-XnVu54So-5W2fwg-WkKIpvP2ZZFAWRs-DEapBJWrNm10GGZdid-98SmGoifkaDNpCeIcQe3uetDB6w
JWT Header: {"alg":"RS256","typ":"JWT","cty":"JWT","keyid":"111-222-333"}
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
Strict validation(RS256): {"sub":"mr.x@contoso.com","exp":1300819380}

参考 †

検証 †

• サイト
  https://jwt.io/
• 公開鍵
  https://github.com/OpenTouryoProject/OpenTouryo/blob/develop/root/files/resource/X509/SHA256RSA.cer.pem

---

Tags: :IT国際標準, :認証基盤, :クレームベース認証, :暗号化, :.NET Core, :.NET Standard

     

Site admin: dotNetDevelopmentInfrastructure

PukiWiki 1.4.7 Copyright © 2001-2006 PukiWiki Developers Team. License is GPL.
Based on "PukiWiki" 1.3 by yu-ji. Powered by PHP 5.3.3. HTML convert time: 0.030 sec.