- 追加された行はこの色です。
- 削除された行はこの色です。
「[[マイクロソフト系技術情報 Wiki>http://techinfoofmicrosofttech.osscons.jp/]]」は、「[[Open棟梁Project>https://github.com/OpenTouryoProject/]]」,「[[OSSコンソーシアム .NET開発基盤部会>https://www.osscons.jp/dotNetDevelopmentInfrastructure/]]」によって運営されています。
-[[戻る>JWT]]
* 目次 [#u45db361]
#contents
*概要 [#rb87a68b]
jose-jwtを使い倒す。
名前の通り、[[JWT]]ライブラリである「jose-jwt」が良さそうなので使い倒す。
**特徴 [#o4d29f44]
Readme.md中で、以下の様に述べられている。
-.NETと[[.NET Core]]用の最小 or ゼロ依存のアルティメット[[JWT]]実装
-jose.4.j、Nimbus-JOSE-JWT、json-jwtライブラリとの互換性を広範にテスト。
**[[比較>JWT#r4ac23c8]] [#efad17e4]
ライトユーザー向けではなく、ヘビーユーザー向け。
-クロスプラットフォーム実装
-ClientではなくAuthZサイド実装用
的な。
*詳細 [#jebc97ce]
**機能 [#v9a01dd1]
***[[JWS]] [#l00fa0a9]
署名・検証
***[[JWE]] [#pd6a0dcb]
暗号化・復号化
***ユーティリティ [#n2439696]
・・・
**依存関係 [#da102a96]
以下を使用している。
#ref(browser.png,left,nowrap,参照設定)
***[[CAPI(CSP)、CNG>.NETの署名・暗号化アルゴリズム#fde2f12c]] [#q7931d76]
-実装がある。
--https://github.com/dotnet/corefx/tree/master/src/System.Security.Cryptography.Csp/src/System/Security/Cryptography
--https://github.com/dotnet/corefx/tree/master/src/System.Security.Cryptography.Cng/src/System/Security/Cryptography
-Linuxでは...([[こちら>#cd2d506c]])
-しかし、実際に動かすと...([[コチラ>#j86fe726]])。
--プロバイダ~
Windows上でも、Linux上でもNotImplementedExceptionになる。
--CngKey~
Windows上では動作するが、Linux上では、PlatformNotSupportedExceptionが発生する。
Unhandled Exception: System.PlatformNotSupportedException: Windows Cryptography Next Generation (CNG) is not supported on this platform.
at System.Security.Cryptography.CngKeyBlobFormat.get_EccPrivateBlob()
at Security.Cryptography.EccKey.New(Byte[] x, Byte[] y, Byte[] d, CngKeyUsages usage)
---[[X509Certificate2.GetECDsaPrivateKey()>OpenSSL#w0f78b28]]で解決可能(ECDsaOpenSsl)。~
why CngKey.Import is not supported on ubuntu? · Issue #18733 · dotnet/corefx~
https://github.com/dotnet/corefx/issues/18733
***[[OpenSSL>OpenSSL#dbb192d0]] [#l3af4ef0]
-上記の、AlgorithmとX509Certificateでは、更に下位にOpenSSLのNuGetライブラリを参照している。
--Algorithm~
https://github.com/dotnet/corefx/tree/master/src/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography
--X509Certificate~
https://github.com/dotnet/corefx/tree/master/src/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates
-ネイティブ実装~
ライセンスには各種Linuxディストリビューション毎のネイティブ実装のライセンスが表示されるので、~
当該ライブラリのクロスプラットフォーム対応も完了しているものと考える。
#ref(license.png,left,nowrap,license)
*Linux上 [#j6420fdb]
**Linux上 [#j6420fdb]
**[[WSL上での.NET Core開発>Windows Subsystem for Linux#w85d0688]] [#t837eaeb]
「/mnt/c」※ 1 を経由して実行~
***WSL上での.NET Core開発 [#t837eaeb]
-[[「/mnt/c」※ 1 を経由して実行>Windows Subsystem for Linux#w85d0688]]~
※ 1 : DrvFs?のVFSファイルシステムプラグイン。
**[[CNG>.NETの署名・暗号化アルゴリズム#fde2f12c]]が動作しない。 [#cd2d506c]
Unhandled Exception: System.PlatformNotSupportedException: Windows Cryptography Next Generation (CNG) is not supported on this platform.
at System.Security.Cryptography.CngKeyBlobFormat.get_EccPrivateBlob()
at Security.Cryptography.EccKey.New(Byte[] x, Byte[] y, Byte[] d, CngKeyUsages usage)
-[[dotnetコマンド]]を使用して、ビルドと実行を行う。
-ECDsaなら[[X509Certificate2.GetECDsaPrivateKey()>OpenSSL#w0f78b28]]で解決可能かもしれない。
--why CngKey.Import is not supported on ubuntu? · Issue #18733 · dotnet/corefx~
https://github.com/dotnet/corefx/issues/18733
**bcrypt.dllが見つからない。 [#mfc25367]
***bcrypt.dllが見つからない。 [#mfc25367]
Unhandled Exception: System.DllNotFoundException: Unable to load DLL 'bcrypt.dll': The specified module or one of its dependencies could not be found.
(Exception from HRESULT: 0x8007007E)
at Jose.native.BCrypt.BCryptOpenAlgorithmProvider(IntPtr& phAlgorithm, String pszAlgId, String pszImplementation, UInt32 dwFlags)
at Jose.AesGcm.OpenAlgorithmProvider(String alg, String provider, String chainingMode)
at Jose.AesGcm.Encrypt(Byte[] key, Byte[] iv, Byte[] aad, Byte[] plainText)
at Jose.AesGcmKeyWrapManagement.WrapNewKey(Int32 cekSizeBits, Object key, IDictionary`2 header)
at Jose.JWT.EncodeBytes(Byte[] payload, Object key, JweAlgorithm alg, JweEncryption enc, Nullable`1 compression, IDictionary`2 extraHeaders, JwtSettings settings)
*参考 [#jda0c6e9]
-NuGet Gallery | jose-jwt~
https://www.nuget.org/packages/jose-jwt/
-dvsekhvalnov/jose-jwt~
https://github.com/dvsekhvalnov/jose-jwt~
*サンプル・コード [#q8a19d35]
**サンプル・コード [#q8a19d35]
**実装 [#q3a5562c]
https://github.com/OpenTouryoProject/SampleProgram/blob/master/Other/Encryption/jose_jwt_Sample/jose_jwt_Sample/Program.cs
***実装 [#q3a5562c]
https://github.com/OpenTouryoProject/SampleProgram/blob/master/Other/jose_jwt_Sample/jose_jwt_Sample/Program.cs
**実行 [#pe988d02]
-コマンド~
SampleProgramリポジトリを「C:\Git」にクローンした場合。
cd /mnt/c/Git1/SampleProgram/Other/Encryption/jose_jwt_Sample
dotnet publish -c Release -r ubuntu.16.04-x64 --self-contained
cd jose_jwt_Sample/bin/Release/netcoreapp2.0/ubuntu.16.04-x64/
dotnet jose_jwt_Sample.dll
***結果 [#n5e68266]
-出力(on Window)
**結果 [#n5e68266]
***出力(on Window) [#b265ce98]
RSA privateX509Key: is not null
RSA privateSignatureAlgorithm: sha256RSA
RSA privateX509Key.PrivateKey: is System.Security.Cryptography.RSACng
RSA publicX509Key: is not null
RSA publicSignatureAlgorithm: sha256RSA
RSA publicX509Key: is System.Security.Cryptography.X509Certificates.PublicKey
RSA publicX509Key.Key: is System.Security.Cryptography.RSACng
DSA privateX509Key: is not null
DSA privateSignatureAlgorithm: System.Security.Cryptography.CryptographicException, The OID value is invalid.
DSA privateX509Key.PrivateKey: is System.Security.Cryptography.DSACng
DSA publicX509Key: is not null
DSA publicSignatureAlgorithm: System.Security.Cryptography.CryptographicException, The OID value is invalid.
DSA publicX509Key: is System.Security.Cryptography.X509Certificates.PublicKey
DSA publicX509Key.Key: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException, プロバイダーの公開キーは無効です。
privateDSA: is not null
ECDsa privateX509Key: is not null
ECDsa privateSignatureAlgorithm: sha256ECDSA
ECDsa privateX509Key.PrivateKey: System.NotSupportedException, The certificate key algorithm is not supported.
ECDsa publicX509Key: is not null
ECDsa publicSignatureAlgorithm: sha256ECDSA
ECDsa publicX509Key: is System.Security.Cryptography.X509Certificates.PublicKey
ECDsa publicX509Key.Key: System.NotSupportedException, The certificate key algorithm is not supported.
privateECDsa: is not null
publicECDsa: is not null
----------------------------------------------------------------------------------------------------
JwsAlgorithm.none: eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.
JwsAlgorithm.HS256: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.dvd5Ak6zcBy0OB7gxVtehT3Ab5NO7XEggon6r_CTSfE
JWT Header: {"alg":"HS256","typ":"JWT"}
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JwsAlgorithm.RS256: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.e2bHvaNKCS3H7eRTA2Wl-Yr5UDvLsNH26AG_qBOWXy__vJNSkPagLjvZB7yMTcKDKIOlE5tEw1ttZMgxeHxadrLCzQMYk7QKeqIePuTzGBcLza3JefGsVec_yx4DI1H2A5lvVCtBB3pA3L7HtRDr2qfxesqk_a1tV7EPfGZ4KjQ
JwsAlgorithm.RS256: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.jMJbrOaZ_p0xouAFfetm_orlTuwPbJK65-rEto5lIGgCR_oCG_ApQWeCXc5xikto_IcN2nNsHWMOMJMII6WlhVmn9pFTuuj-fZH_aB-aasDSguyXd59BA43a4glZbPCITOwZFfeNMpXGrKG_YNvexP5mtiJYYCDXMgq2zBHS9lQYcGXy4YyGPD_jNu6ziLRNDdKCkRqTppTE2SexZAwaSJRGGuY-fHA3jVPBV90Cty7yBC3ybKmiE4imVQs8CUw7ic61HSytgItIlreol4PMMP8fXB6O1e_K8QJFfRIf9oC07y9Mo5OWl4CCOxvKAo9nos0GTWUUNUH-sugJhUV14A
JWT Header: {"alg":"RS256","typ":"JWT"}
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JwsAlgorithm.ES256: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.4zIp6hcWRqWzvprKAcwEaWbLx7INcknvOTrNwBxLLlvZeqCG8NOELBReZmrQVpZvqFvNGmlacCWxktwfpO_lfg
JwsAlgorithm.ES256: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.wkgMJIB4R7gU7WUGJCipcHbv6mblDVY5waSP4s7T8V41GHH8KVYyie-YzCKOYjnDyGkHPu1i2axMHdkntDFgTA
JWT Header: {"alg":"ES256","typ":"JWT"}
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JweAlgorithm.DIR, JweEncryption.A128CBC_HS256: eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..Psk4PWhbgJ5SBQZPH4z-bw.8dlABeojYURZVe_hGvfaXdudLevjUknq-QGJhnepbXWPUmv8wU4rvp5kHdL3ZHxs.HR4m7-7cmctPgWLbt32ifw
JweAlgorithm.RSA1_5, JweEncryption.A128CBC_HS256: eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.KfU6IprzIIQBWcSiN3G5sU8BN1UA_m17KgsLsya3mmPcP9BtH-OS2RuQzLuD067Og_-7BdlDstRtXZGeh4KJTx1b6DWwWMu5U2LMr70_6QNuPapjsxAf9HdbhvMHfFXPA-PMsF4ljco7WZpWgJmbKTkmlMIh3D1wFbQ6X1SKgYTchPpXEEI_nczyvjDvLA3v2Gt9o8Zuk8J3xUM5Dps_xBpBLLYI91BXfqBAr0letNuscmjbXp5dY9_wHUMvVOq3frXyTOPI65o14ffEUpPeX6rsIHe_PpCBnxmJMcvdEiBIQsMNIVeVTKylAvL9_jJEtbtN5XfBseWaMFekjA7SaQ.QjJKl0Yq-yiU_Kvi31Aw5Q.1v7oiXXTRuMQ6B2wuVZHsMmkkfRZ8kRY5HluSi-lrbKa3WHHwT_s4AQw8ox7P-Eg.8c-M08sMyFZC3k5rSYcamA
JWT Header: {"alg":"RSA1_5","enc":"A128CBC-HS256"}
- JWE Encrypted Key: KfU6IprzIIQBWcSiN3G5sU8BN1UA_m17KgsLsya3mmPcP9BtH-OS2RuQzLuD067Og_-7BdlDstRtXZGeh4KJTx1b6DWwWMu5U2LMr70_6QNuPapjsxAf9HdbhvMHfFXPA-PMsF4ljco7WZpWgJmbKTkmlMIh3D1wFbQ6X1SKgYTchPpXEEI_nczyvjDvLA3v2Gt9o8Zuk8J3xUM5Dps_xBpBLLYI91BXfqBAr0letNuscmjbXp5dY9_wHUMvVOq3frXyTOPI65o14ffEUpPeX6rsIHe_PpCBnxmJMcvdEiBIQsMNIVeVTKylAvL9_jJEtbtN5XfBseWaMFekjA7SaQ
- JWE Initialization Vector: QjJKl0Yq-yiU_Kvi31Aw5Q
- JWE Ciphertext: 1v7oiXXTRuMQ6B2wuVZHsMmkkfRZ8kRY5HluSi-lrbKa3WHHwT_s4AQw8ox7P-Eg
- JWE Authentication Tag: 8c-M08sMyFZC3k5rSYcamA
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JweAlgorithm.A256KW, JweEncryption.A256CBC_HS512: eyJhbGciOiJBMjU2S1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIn0.AD9liopHl8AXXtfSzwxDYK7lcSoe-bm36jKEirazya15r-QW3cKqqHeO7JhJI6-oxolebrqM6tQrEUmytXgVUnrloyjbfmkJ.GdqQPXeULgijoHTiz3mSDw.NA-YcUrxdJhZWVQTSqOT8n1htLTylP7DaZd-SSeiLpV2KfSgiUd-cAOR8UiqVfAy.cz02bW3JjrNSM2qki1TY2AburxafZPthsRkO4jdodRQ
JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM: eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.WTHZMC0ZApHIs0aJX10q2hPpe6uYT-0IYepDRJjuB0w77mxyHF-ksAseq1hSkPyvl_8VJbdF4hISExlK6dDFbMmFr7OjESv_L8aC1v-gWSe59s1QlKeO7aEX9ttI-81UrndN5jaCP-mKb1dblAbgQuX5-t4ypQ7ZuOgqy4rBAmE3ywli0iGN32H4Lkm3kgC2FCgmOvQPLMlGO9WEK002PQ_hkZBNVgO1-Vi7xBjC6u5laAXNIKkJTrMarkrYqRJWtn8j4mbyul83dijs94z3MMQT_ilufO-cs2JVzKYLdAsiOnjifJzC3XE6sq2QwmM9rZ-V0YqbChhDhsGXM1JeEg.N6bHpmIf_61AqfOz.ZMF9pX3srN-Rl-NQDbaNZSG4p5GiPbSFB3Q-fd3lHJhpJ6ZR2EwVKZ272Q.1Tr-Nne9x0x2Kt8XCYRWBg
JWT Header: {"alg":"RSA-OAEP","enc":"A256GCM"}
- JWE Encrypted Key: WTHZMC0ZApHIs0aJX10q2hPpe6uYT-0IYepDRJjuB0w77mxyHF-ksAseq1hSkPyvl_8VJbdF4hISExlK6dDFbMmFr7OjESv_L8aC1v-gWSe59s1QlKeO7aEX9ttI-81UrndN5jaCP-mKb1dblAbgQuX5-t4ypQ7ZuOgqy4rBAmE3ywli0iGN32H4Lkm3kgC2FCgmOvQPLMlGO9WEK002PQ_hkZBNVgO1-Vi7xBjC6u5laAXNIKkJTrMarkrYqRJWtn8j4mbyul83dijs94z3MMQT_ilufO-cs2JVzKYLdAsiOnjifJzC3XE6sq2QwmM9rZ-V0YqbChhDhsGXM1JeEg
- JWE Initialization Vector: N6bHpmIf_61AqfOz
- JWE Ciphertext: ZMF9pX3srN-Rl-NQDbaNZSG4p5GiPbSFB3Q-fd3lHJhpJ6ZR2EwVKZ272Q
- JWE Authentication Tag: 1Tr-Nne9x0x2Kt8XCYRWBg
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JweAlgorithm.A256GCMKW, JweEncryption.A256CBC_HS512: eyJhbGciOiJBMjU2R0NNS1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIiwiaXYiOiJtQ19vd0dtdEN2MEYyd25hIiwidGFnIjoiNnVRc0Z6cG9zYkp6NV9EanZIYXNqdyJ9._FAA7PA_psMh37Wqln_AvE6IFvpu9HENupBP2KZXapElHjN80uj4EIsc3z9dVmmGpm3Mb9aca4B8aCoaLC1RNA.ZvST1J6vDRnqtoNsVPJX2A.8DvHDMSdUlK1wEhR9n6XPOzVgj_bKGAZFEvSMytcWj7RtxNUnkCizosMKK1Y2AMe.PTDKfWQk8liccKk1MpXDNy4uhY-9tddCFehmT84JPp4
JweAlgorithm.DIR, JweEncryption.A128CBC_HS256: eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..-0WCyaIBCnH4XNPFf7CQQg.LvSzXkSHInUbHrYovoiQAeCfr39Vhu98vjzpJmG9DFeY8FgKzlKQgTC3snUMmG7e.qp1aPGQgVXaOPD-uFFvSTw
JWT Header: {"alg":"dir","enc":"A128CBC-HS256"}
- JWE Encrypted Key:
- JWE Initialization Vector: -0WCyaIBCnH4XNPFf7CQQg
- JWE Ciphertext: LvSzXkSHInUbHrYovoiQAeCfr39Vhu98vjzpJmG9DFeY8FgKzlKQgTC3snUMmG7e
- JWE Authentication Tag: qp1aPGQgVXaOPD-uFFvSTw
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JweAlgorithm.PBES2_HS256_A128KW, JweEncryption.A256CBC_HS512: eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIiwicDJjIjo4MTkyLCJwMnMiOiJvd1RpVjNFc3Bza1E2RUNnIn0.FqSi-M5hjv7SzkrufO_lJg1AjY6dU1KzopK28vxovJhAQf8JCmx2YNhdKi3G-fiHRFrFGK9Pi7wXSIHiIE6Qe6mNO8KNcHVv.bRJWD9kV6p1bWgyBvcPZDA.WzyUTsMBGhkzceCaZx4RwvD4wvjLJLd_1CS7n9umm-inaMMiWjf7hE4VftDu9ZYL.KIPnr7eD6ZzoLLXKSqdZTCt8G4bMIqKZzJDUrs5ZVqc
JweAlgorithm.A256KW, JweEncryption.A256CBC_HS512: eyJhbGciOiJBMjU2S1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIn0.X3l4kS2DDU08YOr8p-lFbxMmWyJ4oV9NjgEOSl_T3l3jdCG1xhrkH0p8gqAExkdrjVMlWKeJdgc-gjNaVyH3ocS38yMT7eK1.jdGmcQ8Gvs2qJDQ_Uit3RA.AfB3jBklSYpA1isPjtWpwXWJ6twQl2ILoHrysQA57osDh133fBp1S9JEocicfiXu.L3oBVsQISga8OX_gK6skvkXkN7BVSh3DY2YvJ2Op2fc
JWT Header: {"alg":"A256KW","enc":"A256CBC-HS512"}
- JWE Encrypted Key: X3l4kS2DDU08YOr8p-lFbxMmWyJ4oV9NjgEOSl_T3l3jdCG1xhrkH0p8gqAExkdrjVMlWKeJdgc-gjNaVyH3ocS38yMT7eK1
- JWE Initialization Vector: jdGmcQ8Gvs2qJDQ_Uit3RA
- JWE Ciphertext: AfB3jBklSYpA1isPjtWpwXWJ6twQl2ILoHrysQA57osDh133fBp1S9JEocicfiXu
- JWE Authentication Tag: L3oBVsQISga8OX_gK6skvkXkN7BVSh3DY2YvJ2Op2fc
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JweAlgorithm.A256GCMKW, JweEncryption.A256CBC_HS512: eyJhbGciOiJBMjU2R0NNS1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIiwiaXYiOiI5ekRFVkM0OVVWcVJFRFRHIiwidGFnIjoid1lWNjlkdDE4RzZYMXFfal80WGdxdyJ9.sacNOJZNjvaa4Op7lf0_LGigYfiIDAefuGnC7ZoVD9cdgg9DNDetmu4SqRWmu7IiG9JKTPQfRsH4mTvR4dxGSQ.AxA471H1JlLIOHB3rbNplg.-5RI7ackZh6eTAbzGMqIiik2tdhFFQYoQjPyBWs80dG0-Ka8MEB9690X5folp6WB.fUXy3_RVeJ5JYUC3E3sq6vmA8FuJix3uwH8OqBz-XlA
JWT Header: {"alg":"A256GCMKW","enc":"A256CBC-HS512","iv":"9zDEVC49UVqREDTG","tag":"wYV69dt18G6X1q_j_4Xgqw"}
- JWE Encrypted Key: sacNOJZNjvaa4Op7lf0_LGigYfiIDAefuGnC7ZoVD9cdgg9DNDetmu4SqRWmu7IiG9JKTPQfRsH4mTvR4dxGSQ
- JWE Initialization Vector: AxA471H1JlLIOHB3rbNplg
- JWE Ciphertext: -5RI7ackZh6eTAbzGMqIiik2tdhFFQYoQjPyBWs80dG0-Ka8MEB9690X5folp6WB
- JWE Authentication Tag: fUXy3_RVeJ5JYUC3E3sq6vmA8FuJix3uwH8OqBz-XlA
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JweAlgorithm.ECDH_ES, JweEncryption.A256GCM: System.NotImplementedException, not yet
JweAlgorithm.PBES2_HS256_A128KW, JweEncryption.A256CBC_HS512: eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIiwicDJjIjo4MTkyLCJwMnMiOiJrMnFWZHhXRk8wVnFyTVREIn0.txlaYhmMVIPSF8tJU1CNG5_94Th4U5oFWosMGhTX_FI8TCZEgKYBNWcrImxjqUUiUxTVysrMOCxFnZlaz6COnu6ndn_UZqHC.FS62noEqP9Y0_V108WtizA.fY2VHelOGc341BQ0SJfhYFvZ_VjAmeAi8M4dMI4WxLi4REY62RQ3Z-uVTk4X-q6N.WYGrsQV7dwttuu1_zQBjd5jVlocdkVJY_JOcpyu2usg
JWT Header: {"alg":"PBES2-HS256+A128KW","enc":"A256CBC-HS512","p2c":8192,"p2s":"k2qVdxWFO0VqrMTD"}
- JWE Encrypted Key: txlaYhmMVIPSF8tJU1CNG5_94Th4U5oFWosMGhTX_FI8TCZEgKYBNWcrImxjqUUiUxTVysrMOCxFnZlaz6COnu6ndn_UZqHC
- JWE Initialization Vector: FS62noEqP9Y0_V108WtizA
- JWE Ciphertext: fY2VHelOGc341BQ0SJfhYFvZ_VjAmeAi8M4dMI4WxLi4REY62RQ3Z-uVTk4X-q6N
- JWE Authentication Tag: WYGrsQV7dwttuu1_zQBjd5jVlocdkVJY_JOcpyu2usg
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
----------------------------------------------------------------------------------------------------
Adding extra headers to RS256: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6IkpXVCIsImtleWlkIjoiMTExLTIyMi0zMzMifQ.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.KwtpHrjNKBnyHo6QRaULxcWZDF9mDKHiQG1QBSmnrwHi7vJSiLH_3fFIcTkQvdu7FstmPOuuVD-T3EPKfv61aHz5o-0dRTylooln5tS_2_uZ4lPV4A2C_Pr_cYzRawUIuTwhCi3n0i-fQapYvKT41qjh0vKalEuDmd6-WDnpGcKdI3dv-kSB_42FfIdbEKDEtYvgyzwj5An9YJim29OsiM-GW6tyqei3nzHrQ0yPhgfKOd89M_azGynAVTTNKvPyZujnILu-XnVu54So-5W2fwg-WkKIpvP2ZZFAWRs-DEapBJWrNm10GGZdid-98SmGoifkaDNpCeIcQe3uetDB6w
JWT Header: {"alg":"RS256","typ":"JWT","cty":"JWT","keyid":"111-222-333"}
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
Strict validation(RS256): {"sub":"mr.x@contoso.com","exp":1300819380}
-検証
--サイト~
***出力(on Linux) [#e516d6ff]
RSA privateX509Key: is not null
RSA privateSignatureAlgorithm: sha256RSA
RSA privateX509Key.PrivateKey: is System.Security.Cryptography.RSAOpenSsl
RSA publicX509Key: is not null
RSA publicSignatureAlgorithm: sha256RSA
RSA publicX509Key: is System.Security.Cryptography.X509Certificates.PublicKey
RSA publicX509Key.Key: is System.Security.Cryptography.RSAOpenSsl
DSA privateX509Key: is not null
DSA privateSignatureAlgorithm: dsa_with_SHA256
DSA privateX509Key.PrivateKey: is System.Security.Cryptography.DSAOpenSsl
DSA publicX509Key: is not null
DSA publicSignatureAlgorithm: dsa_with_SHA256
DSA publicX509Key: is System.Security.Cryptography.X509Certificates.PublicKey
DSA publicX509Key.Key: is System.Security.Cryptography.DSAOpenSsl
privateDSA: is not null
ECDsa privateX509Key: is not null
ECDsa privateSignatureAlgorithm: sha256ECDSA
ECDsa privateX509Key.PrivateKey: System.NotSupportedException, The certificate key algorithm is not supported.
ECDsa publicX509Key: is not null
ECDsa publicSignatureAlgorithm: sha256ECDSA
ECDsa publicX509Key: is System.Security.Cryptography.X509Certificates.PublicKey
ECDsa publicX509Key.Key: System.NotSupportedException, The certificate key algorithm is not supported.
privateECDsa: is not null
publicECDsa: is not null
----------------------------------------------------------------------------------------------------
JwsAlgorithm.none: eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.
JwsAlgorithm.HS256: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.dvd5Ak6zcBy0OB7gxVtehT3Ab5NO7XEggon6r_CTSfE
JWT Header: {"alg":"HS256","typ":"JWT"}
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JwsAlgorithm.RS256: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.jMJbrOaZ_p0xouAFfetm_orlTuwPbJK65-rEto5lIGgCR_oCG_ApQWeCXc5xikto_IcN2nNsHWMOMJMII6WlhVmn9pFTuuj-fZH_aB-aasDSguyXd59BA43a4glZbPCITOwZFfeNMpXGrKG_YNvexP5mtiJYYCDXMgq2zBHS9lQYcGXy4YyGPD_jNu6ziLRNDdKCkRqTppTE2SexZAwaSJRGGuY-fHA3jVPBV90Cty7yBC3ybKmiE4imVQs8CUw7ic61HSytgItIlreol4PMMP8fXB6O1e_K8QJFfRIf9oC07y9Mo5OWl4CCOxvKAo9nos0GTWUUNUH-sugJhUV14A
JWT Header: {"alg":"RS256","typ":"JWT"}
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JwsAlgorithm.ES256: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.jGK8Qif5JYRdr4sDugTVZ-DHGodVChkp1TjzoNKCAZ6f0hh_LolY50OZ3d8jPn94e0YjfyESNod_Tncgl4SltA
JWT Header: {"alg":"ES256","typ":"JWT"}
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JweAlgorithm.RSA1_5, JweEncryption.A128CBC_HS256: eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.HxWK2wod23F8c7I0cR3CEIO-Le7Ijp5YnqHc092LqDWWniRr2P3_wM6yrGO5kAxoJIb41OhAh5ASzs0RjxT_bmJW-_diaeBkInrGnHSOfYMtK7pGzdWZ2SLF9tPxE2haOrTUszhXJJseJEz1f6i9uQcDvwV1yvFn7LgMt1dYY9wxrHAVGbcAlK4HVADJHlPmr6Q18sIcEugoifZ78TWM0g4EDFws4ceQpar1ncz-r9najTI461alwdLiZNv3lC4FaARbnoscnADRaALlXf6oE9OE_YAiZMx4dic738bl3a27G2IPgF5kfalk3NeK8UxYdMccZMbehlH1Ji4EUmmWrg.FvmunYTd-ywH_-9MIqdfkg.Q6GRykB-v0dHQHgNFSyjueh9vPdn8NBNwtBWVQfAw8ih7_koDLohua7JCs6u6DMt.ZN0UElA0ROGMqMyXTAF04w
JWT Header: {"alg":"RSA1_5","enc":"A128CBC-HS256"}
- JWE Encrypted Key: HxWK2wod23F8c7I0cR3CEIO-Le7Ijp5YnqHc092LqDWWniRr2P3_wM6yrGO5kAxoJIb41OhAh5ASzs0RjxT_bmJW-_diaeBkInrGnHSOfYMtK7pGzdWZ2SLF9tPxE2haOrTUszhXJJseJEz1f6i9uQcDvwV1yvFn7LgMt1dYY9wxrHAVGbcAlK4HVADJHlPmr6Q18sIcEugoifZ78TWM0g4EDFws4ceQpar1ncz-r9najTI461alwdLiZNv3lC4FaARbnoscnADRaALlXf6oE9OE_YAiZMx4dic738bl3a27G2IPgF5kfalk3NeK8UxYdMccZMbehlH1Ji4EUmmWrg
- JWE Initialization Vector: FvmunYTd-ywH_-9MIqdfkg
- JWE Ciphertext: Q6GRykB-v0dHQHgNFSyjueh9vPdn8NBNwtBWVQfAw8ih7_koDLohua7JCs6u6DMt
- JWE Authentication Tag: ZN0UElA0ROGMqMyXTAF04w
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM: System.DllNotFoundException, Unable to load DLL 'bcrypt.dll': The specified module or one of its dependencies could not be found.
(Exception from HRESULT: 0x8007007E)
JweAlgorithm.DIR, JweEncryption.A128CBC_HS256: eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..Hm6fqQ008JcA9g-19IqckQ.Wtsi7F6KbJ9jqp26IAcDno_B5Z5xdmRSCmUMp52q9WhtcSqIER7bING8MwwLc5VD.jpQ2rQmoEg1kHnkmBjLXMw
JWT Header: {"alg":"dir","enc":"A128CBC-HS256"}
- JWE Encrypted Key:
- JWE Initialization Vector: Hm6fqQ008JcA9g-19IqckQ
- JWE Ciphertext: Wtsi7F6KbJ9jqp26IAcDno_B5Z5xdmRSCmUMp52q9WhtcSqIER7bING8MwwLc5VD
- JWE Authentication Tag: jpQ2rQmoEg1kHnkmBjLXMw
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JweAlgorithm.A256KW, JweEncryption.A256CBC_HS512: eyJhbGciOiJBMjU2S1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIn0.smsrsSobtS4q7QHpcK_FtNdTkJxu18LOzRlARsPVJY2emh0kpYed4YSP9CM1fmCqMIdv1EsKTrkJWYmhiSRqy_63pM8aw1nw.plU_Z5Fm9mA2cE8ZAPNrAQ.1A94B7pu8PWSl25CksT3PoSfZS35bSt4_z5vliy3QLN6dXtZvnBiIsO0f0ZAroEw.R9HTEmq2ZTkth57WFUWsUoQsZY3kCtA2XEqNUSbUUBc
JWT Header: {"alg":"A256KW","enc":"A256CBC-HS512"}
- JWE Encrypted Key: smsrsSobtS4q7QHpcK_FtNdTkJxu18LOzRlARsPVJY2emh0kpYed4YSP9CM1fmCqMIdv1EsKTrkJWYmhiSRqy_63pM8aw1nw
- JWE Initialization Vector: plU_Z5Fm9mA2cE8ZAPNrAQ
- JWE Ciphertext: 1A94B7pu8PWSl25CksT3PoSfZS35bSt4_z5vliy3QLN6dXtZvnBiIsO0f0ZAroEw
- JWE Authentication Tag: R9HTEmq2ZTkth57WFUWsUoQsZY3kCtA2XEqNUSbUUBc
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
JweAlgorithm.A256GCMKW, JweEncryption.A256CBC_HS512: System.DllNotFoundException, Unable to load DLL 'bcrypt.dll': The specified module or one of its dependencies could not be found.
(Exception from HRESULT: 0x8007007E)
JweAlgorithm.ECDH_ES, JweEncryption.A256GCM: System.PlatformNotSupportedException, Windows Cryptography Next Generation (CNG) is not supported on this platform.
JweAlgorithm.PBES2_HS256_A128KW, JweEncryption.A256CBC_HS512: eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIiwicDJjIjo4MTkyLCJwMnMiOiJNNmtfejVJdEdXa0hBRV92In0.XKltmS-Uv8SRcpCxEiZZES8-NgwtcAHxoTcUUJrzns-mTuqKzMt5EOJeGjDVGsdRd2zh_080YSHYSj0bi4G0ZbR9afA8UIkQ.BSQA-sf_7SwiYIR7fZmP4A.F-4Qe97AeAWZFqsmL-_LJp17ITY_KvMEcpbL_qXDnQoGtx7DdAHvLHXuWzSxQ6sS.8gmpTzsnIJw4nY4NwEpYvMOO5IHYm2WZrY9Wlj41uzY
JWT Header: {"alg":"PBES2-HS256+A128KW","enc":"A256CBC-HS512","p2c":8192,"p2s":"M6k_z5ItGWkHAE_v"}
- JWE Encrypted Key: XKltmS-Uv8SRcpCxEiZZES8-NgwtcAHxoTcUUJrzns-mTuqKzMt5EOJeGjDVGsdRd2zh_080YSHYSj0bi4G0ZbR9afA8UIkQ
- JWE Initialization Vector: BSQA-sf_7SwiYIR7fZmP4A
- JWE Ciphertext: F-4Qe97AeAWZFqsmL-_LJp17ITY_KvMEcpbL_qXDnQoGtx7DdAHvLHXuWzSxQ6sS
- JWE Authentication Tag: 8gmpTzsnIJw4nY4NwEpYvMOO5IHYm2WZrY9Wlj41uzY
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
----------------------------------------------------------------------------------------------------
Adding extra headers to RS256: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6IkpXVCIsImtleWlkIjoiMTExLTIyMi0zMzMifQ.eyJzdWIiOiJtci54QGNvbnRvc28uY29tIiwiZXhwIjoxMzAwODE5MzgwfQ.KwtpHrjNKBnyHo6QRaULxcWZDF9mDKHiQG1QBSmnrwHi7vJSiLH_3fFIcTkQvdu7FstmPOuuVD-T3EPKfv61aHz5o-0dRTylooln5tS_2_uZ4lPV4A2C_Pr_cYzRawUIuTwhCi3n0i-fQapYvKT41qjh0vKalEuDmd6-WDnpGcKdI3dv-kSB_42FfIdbEKDEtYvgyzwj5An9YJim29OsiM-GW6tyqei3nzHrQ0yPhgfKOd89M_azGynAVTTNKvPyZujnILu-XnVu54So-5W2fwg-WkKIpvP2ZZFAWRs-DEapBJWrNm10GGZdid-98SmGoifkaDNpCeIcQe3uetDB6w
JWT Header: {"alg":"RS256","typ":"JWT","cty":"JWT","keyid":"111-222-333"}
Decoded: {"sub":"mr.x@contoso.com","exp":1300819380}
Strict validation(RS256): {"sub":"mr.x@contoso.com","exp":1300819380}
***Inspect ECCurve [#zcb17741]
by the [[ObjectInspector.Inspect>https://github.com/OpenTouryoProject/OpenTouryo/blob/develop/root/programs/CS/Frameworks/Infrastructure/Public/Util/ObjectInspector.cs]]
[
Oid = Error. can't process, IsPrime = True, IsCharacteristic2 = False, IsExplicit = True, IsNamed = False,
A = [255, 255, 255, 255, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 252],
B = [90, 198, 53, 216, 170, 58, 147, 231, 179, 235, 189, 85, 118, 152, 134, 188, 101, 29, 6, 176, 204, 83, 176, 246, 59, 206, 60, 62, 39, 210, 96, 75],
G = [
X = [107, 23, 209, 242, 225, 44, 66, 71, 248, 188, 230, 229, 99, 164, 64, 242, 119, 3, 125, 129, 45, 235, 51, 160, 244, 161, 57, 69, 216, 152, 194, 150],
Y = [79, 227, 66, 226, 254, 26, 127, 155, 142, 231, 235, 74, 124, 15, 158, 22, 43, 206, 51, 87, 107, 49, 94, 206, 203, 182, 64, 104, 55, 191, 81, 245]],
Order = [255, 255, 255, 255, 0, 0, 0, 0, 255, 255, 255, 255, 255, 255, 255, 255, 188, 230, 250, 173, 167, 23, 158, 132, 243, 185, 202, 194, 252, 99, 37, 81],
Cofactor = [1],
Seed = [196, 157, 54, 8, 134, 231, 4, 147, 106, 102, 120, 225, 19, 157, 38, 183, 129, 159, 126, 144],
CurveType = PrimeShortWeierstrass, Hash = null, Polynomial = null,
Prime = [255, 255, 255, 255, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255]
]
*参考 [#s38a4b31]
**jose-jwt [#ff4c5656]
-NuGet Gallery | jose-jwt~
https://www.nuget.org/packages/jose-jwt/
-dvsekhvalnov/jose-jwt~
https://github.com/dvsekhvalnov/jose-jwt~
**検証 [#f84ed697]
-サイト~
https://jwt.io/
--公開鍵~
https://github.com/OpenTouryoProject/OpenTouryo/blob/develop/root/files/resource/X509/SHA256RSA.cer.pem
-公開鍵~
https://github.com/OpenTouryoProject/OpenTouryo/blob/develop/root/files/resource/X509/
----
Tags: [[:IT国際標準]], [[:認証基盤]], [[:クレームベース認証]], [[:暗号化]], [[:.NET Core]], [[:.NET Standard]]
![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
