參考文檔:git
https://gist.github.com/ssippe/8fc11c4d7e766e66f06db0431dba3f0a
https://github.com/dvsekhvalnov/jose-jwt
github
https://mac-blog.org.ua/dotnet-core-firebase-jwt/ide
須要引用以下包: jose-jwt (version=2.5.0)、BouncyCastle 版本不限工具
加密和解密方式爲:私鑰加密、公鑰解密 測試
生成私鑰、公鑰能夠利用openssl工具、也能夠經過在線上工具生成加密
私鑰:spa
-----BEGIN PRIVATE KEY----- MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMu4IDG1XU6a7bXo 4V1jSnbKk9Eum2WguAyq+maCRcP9JoHlE/HmhPOjl91aN5gDHw3pgB7QMMkPkuyY 0aG9UiIo7PbBgjXsNBErprKa8G7GKhDN4B3m8jxEi1NLtCk2H8AEf8H/deGFXCde fjQx0NDEDcTbJ8STfbsqrLhOq2xzAgMBAAECgYEAg1kZMNOd8IOFxqb7P2o4ZbUh b1rciL8CS/CleBiAgOgkvtWDcZFOoYQV83sqoxFIIYEuwS88dTZcZb32U5EsdYEx JvJwAAYnzpch/YAz0llvXSHzZwNfGGvs4qt0d74bFpPfveli82wSKMlykeajP2Ro RQpOniTYOWrJ01UHdUECQQDt1KTj/Xs5BNmEZAkJVmGekQROADk+ztceAe9UMj/J s5xECdXVwuFh2Rm62MMQNNoW2Pjz4Y5NqhjRu0MMZnlTAkEA20hZsgA78aqTO7s+ +y/CLgP3Cd7uG/5RkcmjBWq2eXkt6wmazZl0BMYb7vshblnMjFXJwuOmfBJl7rTr 1fg8YQJAEo4Jg0QObgdj1QFc9x6HJTDZLiC0VqMag1vRSTdWZK0fnutJhJDctp6S dFJe/Y+yCCBLY/OP/50qrIo4k+oWwwJAIn8hTTVoOL6C5xSv9cgvnhmVlYHyp4i8 wFieQs3k4vtDVARwzANmExIvdssfGUMbQMCGOxihKkeirYjcyQ6CQQJAbsbpzCjD wd9JCogmTu/xYqtL898ek7LeNkhgIY2KhYtlptxlHfzgLBUgiSTNTcD1YWtSSp6u A5ImxrryDYPmfg== -----END PRIVATE KEY-----
公鑰:code
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLuCAxtV1Omu216OFdY0p2ypPR LptloLgMqvpmgkXD/SaB5RPx5oTzo5fdWjeYAx8N6YAe0DDJD5LsmNGhvVIiKOz2 wYI17DQRK6aymvBuxioQzeAd5vI8RItTS7QpNh/ABH/B/3XhhVwnXn40MdDQxA3E 2yfEk327Kqy4TqtscwIDAQAB -----END PUBLIC KEY-----
核心代碼:jwt
/// <summary> /// JWT-RS256 加密 /// 私鑰加密,公鑰解密 /// </summary> /// <param name="payload">負荷部分,存儲使用的信息</param> /// <param name="privateKey">私鑰</param> /// <returns></returns> public static string JwtEncryptRS256(IDictionary<string, object> payload, string privateKey) { //能夠擴展header //var headers = new Dictionary<string, object>() //{ // { "typ", "JWT" }, // { "cty", "JWT" }, // { "keyid", "111-222-333"} //}; using (var rsa = GetRSACryptoServiceProvider(privateKey, true)) //讀取私鑰 { var token = Jose.JWT.Encode(payload, rsa, Jose.JwsAlgorithm.RS256); //var token = Jose.JWT.Encode(payload, rsa, Jose.JwsAlgorithm.RS256, headers); //帶header return token; } } /// <summary> /// JWT-RS256 解密 /// </summary> /// <param name="token">要解密的token</param> /// <param name="publicKey">公鑰</param> /// <returns></returns> public static Dictionary<string, object> JwtDecryptRS256(string token, string publicKey) { try { using (var rsa = GetRSACryptoServiceProvider(publicKey, false)) //讀取公鑰 { var payload = Jose.JWT.Decode<Dictionary<string, object>>(token, rsa); return payload; } } catch (Exception ex) { return null; } } /// <summary> /// 根據 私鑰 or 公鑰 返回參數 /// </summary> /// <param name="key">私鑰 or 公鑰</param> /// <returns></returns> private static RSACryptoServiceProvider GetRSACryptoServiceProvider(string key, bool isprivate) { try { RSAParameters rsaParams; if (isprivate) { using (var sr = new StringReader(key)) { // use BouncyCastle to convert the key to RSA parameters //須要引用包 BouncyCastle var pemReader = new PemReader(sr); var keyPair = pemReader.ReadObject() as RsaPrivateCrtKeyParameters; if (keyPair == null) { //沒有讀到Privatekey } rsaParams = DotNetUtilities.ToRSAParameters(keyPair); } } else { using (var sr = new StringReader(key)) { var pemReader = new PemReader(sr); var keyPair = pemReader.ReadObject() as RsaKeyParameters; if (keyPair == null) { //沒有讀到Publickey } rsaParams = DotNetUtilities.ToRSAParameters(keyPair); } } var rsa = new RSACryptoServiceProvider(); rsa.ImportParameters(rsaParams); return rsa; } catch (Exception ex) { throw; } }
測試:blog
static void Main(string[] args) { string publicKey = File.ReadAllText(@"D:\Square\openssl\bin\rsa_public_key.pem"); string privateKey = File.ReadAllText(@"D:\Square\openssl\bin\rsa_private_key.pem"); int timestamp = TimeHelper.GetTimeStamp(DateTime.UtcNow.AddSeconds(5)); //時間戳 var payload = new Dictionary<string, object> { {"iss","123456"}, {"exp",timestamp} //5s }; var gettoken = JosejwtHelper.JwtEncryptRS256(payload, privateKey); //私鑰加密 Console.WriteLine("加密結果:" + gettoken); Console.WriteLine("...."); var getvalue = JosejwtHelper.JwtDecryptRS256(gettoken, publicKey); //公鑰解密 Console.WriteLine("解密結果:" + JsonConvert.SerializeObject(getvalue)); }
測試結果:
