我正在尝试解密 .Net 6 中的 jwt 令牌,但没有成功。
DecriptionKey 是 PEM 编码的私钥,类似这样
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----"
这个 python 代码的 .net6 等效项是什么,可以轻松完成这项工作?
from jose import jwe, jwt, jwk, jws
import base64
#from cryptography.hazmat.primitives import serialization
#from cryptography.hazmat.backends import default_backend
encrypted_jwe = "eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIn0.IDqmx1u_8Jd6XofUyTubUEAMWw9Zu2reF3JJsijRICCFRG_Dcb15pOs61DQx8DwhQbVSWA-Zbt_xlJ5dTtaC_JlP8PRFYbAkhHdOtPVUuEKIx9OEm5DOF5hi-d-VJd5JOrDaGgSSlz59vQHgY8whGzNTbJhfjyKwkz-uaEiyb8kblDAVd-mjBPcL1_1MOpMfyfuXgroi3RiR--zyjNgOUZ2R3hKZmlISAuRjrIJB8xKZntRu3GtJczX6jCgJFvWAYqrlHtMoRLuGrcOsM3WDx7urX9ur90A7idGuq2rj8aaOg2Ld-sAMfhoS0jKwK4Gj0CumAza4QvpZPVjVWaep7A.XlSCfsZVmku1CGxK.mCbCvPxsdWRDw_ZmlMtETrX_TLdxQQ0lxqFfUaX6Pv8TCChFodZb9PE0kUycW1pTTPYYbGh2d40CYgvLAMP_c1me27uFYOsy3P3CDoULKR-MNU4f19nCuRlMgWeMqG0e7GVmGQwem4TpcA4CZTdd5V0kzXBLm4ns3i3NlNoNrhfG7pW87Eb0oYo9s1wvALDmvgiFUb-apxUqJXaSIZ51pSSwkyPSLPtd_tq-8weNNuyf9SBsQUWEjRn8CHtmjuKhKOP4TaJYqjsA80ydLUUhmogrMzpqEgahitZ1ygDwv2UYwzykt5kklZ63OGPdZrYosM3t0kpi4CP9F5gyvx-jOiiMLcdz46d0t8315H9HEJW_Du3BkmW6IQ1r__mlrp2ylNMTVT7_oh_WQHUc2HEszJ-yELUSd0RM96vgXUGjWlwfex9hLYI2VaMSZ00MsarEl3HEUFnsTYIqeD8hLuJjeUGH_EXJRqh6n2-hdApO67IPRE3Eoy4rpAPZEsHrGP08WfFicjRr49PEaJlnsxVXsTxaO6smKWiCwh4JiFDYy7y-kw9orvRqyvR_8aVh1XhNFktUhtyRBOSXqN-nGxPnjD2C3lJgQAOck2i8lt_gcEiY2xqGiS0Qz-6119cRr3R2PkEXMFoVRL_8gK94OckenUg-OmIWydfJH66c_RaSGEsgozOjHCAiSiA0N2kzH_juBsLxH4CwR9VYm0lVitLVnoauVloz3fdm-so7uJ5ccFPPbfhCdKIOTwOSYxjVBJh_QWOz-BcfOeCfXIxP9PZ7DTsn2Esz2zT-hQgElOy01j0_rYfNOj92EEqRjbWGdtSr4onkAsQqIFhKJlSFQ7TbemgO6cliRWmB2Hje4XVJSVJBAv-qOh397sgCm4QYJknue0XejvIFSxaxGaoockQsA8VTl1Wtpj_Up1alKpm1tyIwVOEuQCdpy5XreSI3KxnnkKS17Ged1IT9RTL-F6X8xvgoig9rp00T9YnrXB4yNsLHkPkYHFPI4IN_O9ULrDSg_p6lN6ulc2DNY0ap-z9VSnOwKZuqnxyXxw5ymvraieRC.0fJ38Gr299EfDubtBpuRYg"
decryption_key = "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ1pSS08rckhWeFBuRFkKN2Nndk1PT2lyMGVyb1NRLy8rUnhJN05CV1NraURlNCtDUFp5NzYyUlNFZ20yeHY4SGc0dmw1MnFMSzk3STd2Ngp1QnlIUlNtQU96dnduQUkrQXJkVVd3bG93T1FGSFRHQ0FQK1JrdExHOWp3VTlaK2ZBNFJaQTdvMm5Gd2ZzVDBjClBBZ3BSODlja2JkYXdtbWtDUHYxbTQ3M2hnUkNyNytRVWJoR2VWSkFVZU84SHBmOGozRmJIdHBwdTJnR1pwcnEKZnIzUUh2UW9JUFRqOVFwN1poaDhuOXpIQnd2TzBxMHRsbDJPV0V4YXh3Q2RwZ0ZUVUJiamZQWTd4Z0hqVk1TeQpBQTBocW1hcWNOdFpWdFU3MWdoYnVlOW02T1JNajhBTThmc3ZUdEFlZWdJcG9uYVBxM1RBTjVnTTRjMHFGOVJDCnZHSEt0MW5YQWdNQkFBRUNnZ0VBQ25ORUtPbVFYbWJRQWZLQWpqc3FvanFLUy9rQ1JEelo0aDc1aDNDaFhkbU8KVDN1RDlrVkNVK0FXVDFQc1BnMzhrS0VwVm1PU21YWlB5R0lLUyt6YXpndjc0OFYzWDZ3R3ZRRXlESXJ1WVN6aQo1Y2JVcGlQWkxFaTR3d01XWFp5N1J1aDZwMk9VNG5KT3hPQ1ErK09TRDNFK0M3bXF3MHo3aFAwVXkrcSsycDhQCkVOcUhPeVVyVlphTVZySjk2VVFGTXFtTGl3R2xVM2NTemlGRHlLYlpGK1RDU0kydnhMbFhRNnhtMyt5R0ZGTHEKWTAxelBFTk5BSzJ2WXUrdlNaYTVIYmpuNzFDQndSY2J1bUJYWm5PVWdLdk9XWVBEVEQwYWhSWlczVWhwWDZTbgpSTUREdUhwWDZyNjZLSTZnUy9kZ09RSHo4YTcvUVZvZm1sTmxsY21yZVFLQmdRREh6ckREeS9XMU5KczFOVCt1ClJ0M1Q2ZmZSelJzdUYzemVtL3FxUnlzbXpOWi9JWFMwZGZMdkprZmJZVVpYdVYzekxKM2ZOK0hqK2wyb1dsajQKVUVKNkJRNmtLMTA4TlJlRDdxQUNWTDBVYlhWUFRrWWZnOGFTYzNWVTNvSk1pUGM0WDNvRkZZenVOSnNqMThZTwpmVVh1a0cyNVIvdkV3NFZJeHlBZFlEWFJ5UUtCZ1FERVgxQlgzZHhNcHp2Yk9rRlVyeFNyM2x5ZDJWNzdrUnRHCm54NXJtQ2ZBQmRuMkN1cmdkNjMvdHlBbElMSVEwUGRWNEkzSjhyOVNsRGd2c2RaMS9ZWXE3Qjg1QzE4QUZRWjMKTUlJcno3VHNCTU4xZ29sMWhvbjEweUxWZ1h0RCtYSmhSU1JLZVlyY2pVZ2s2YzVnL2NNbldaSk5Qck5IQnZabgpYVTNYcTFDZW53S0JnQmh4N3lwbFA3Qmx1VDl2UGxWQ0VrMms2RTdndXh5T2Z4WjFHdHZPVFRjNEJGNFZaOFBVClVsNXozb0syaWZhZGxTTDFLSE53ME5BbGgyUGJlZHNYWnFxckI3bUtIS1FMRXM5dldHQXdvZGxuOHR3N0JWVkIKdC8rZTVKSDNqeFZ5QkZ6L1FWeHg0SVljSlliakZUWWNtWHV3YTl3cE5HSkVVWUF2N0h2cmsyb1JBb0dCQUlueQpRdWhXckNrVTJaRjViT2RtVG1rbHZYNE5jeEhacjRWK3hjbmppeGp6ZzFlNTk2RlRzV0dQYlA5bjVtNjF2T29RCjRzbll3dG5wMFVaLzhSM1Z5T2hpRXRUcHpnU3F3RzMrSDVOVFI4NzgwYW04MTM4OTBiQmtiM1g0alhVRXlIclkKTFZRNzZYWmhzU3B0TEZNcU1HdDJHclkwczQvVHJraVNYTnFDT0JJVkFvR0FlZlhMMWJmUExnOVFKRlBLUmNZcgoycWRFRzFWRC8vSFF6K3lQaTlscVB3eGM3aGwreTcvcXMxQW1peUFFK2xESEJadEMwTGJ2Si9XNWR5K1ZtZFNWCkpvRkFXS1RUdTdORHZ4dTJ3RHNFRWVnZ3AxVnBId3ZzUzRDS2ZDa0l6ZlBzTFhyMTBFSExSSW43MXByKzdEa3oKSXkxdjZ0UkZONldFdHBHVzh4T0VOeEk9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K"
decrypted_token = jwe.decrypt(encrypted_jwe, base64.urlsafe_b64decode(decryption_key))
.net6 相当于简单的 python 代码。
我试试这个方法
using System.Text;
using System.Security.Cryptography;
using System.Text.RegularExpressions;
using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Crypto.Engines;
using System.IdentityModel.Tokens.Jwt;
using AesGcm = System.Security.Cryptography.AesGcm;
static string DecryptJwe2(string jweToken, string decryptionKey)
{
var privateKeyPemBytes = Convert.FromBase64String(decryptionKey); // PEM string here
var privateKeyPem = Encoding.UTF8.GetString(privateKeyPemBytes);
var jweTokenBytes = Convert.FromBase64String(SafeBase64String(jweToken)); // Your PEM string here
jweToken = Encoding.UTF8.GetString(jweTokenBytes);
// 1. Import Private Key
PemReader pemReader = new PemReader(new StringReader(privateKeyPem));
var keyPair = pemReader.ReadObject();
// 2. Decrypt with RSA Private Key
var decryptor = new RsaEngine();
decryptor.Init(false, (Org.BouncyCastle.Crypto.ICipherParameters)keyPair); // False for decryption with private key
byte[] decodedToken = Encoding.UTF8.GetBytes(jweToken); // Assuming Base64 encoding
byte[] decryptedToken = decryptor.ProcessBlock(decodedToken, 0, decodedToken.Length); // Fail with input too large for RSA cipher
return Encoding.UTF8.GetString(decryptedToken);
}
static string SafeBase64String(string base64String)
{
base64String = base64String.Replace('-', '+').Replace('_', '/'); // Replace Base64url characters with Base64 characters
// Add padding if necessary
int padding = base64String.Length % 4;
if (padding > 0) base64String += new string('=', 4 - padding);
return base64String;
}
使用 JOSE 库来解密加密令牌是最方便的,例如何塞-jwt。代码和Python代码一样简单。 PEM 编码密钥可以使用本机方法导入到 .NET 6 上。一个可能的实现是:
using Jose;
using System;
using System.Security.Cryptography;
using System.Text;
...
// Key import
string pkcs8PemB64 = "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ1pSS08rckhWeFBuRFkKN2Nndk1PT2lyMGVyb1NRLy8rUnhJN05CV1NraURlNCtDUFp5NzYyUlNFZ20yeHY4SGc0dmw1MnFMSzk3STd2Ngp1QnlIUlNtQU96dnduQUkrQXJkVVd3bG93T1FGSFRHQ0FQK1JrdExHOWp3VTlaK2ZBNFJaQTdvMm5Gd2ZzVDBjClBBZ3BSODlja2JkYXdtbWtDUHYxbTQ3M2hnUkNyNytRVWJoR2VWSkFVZU84SHBmOGozRmJIdHBwdTJnR1pwcnEKZnIzUUh2UW9JUFRqOVFwN1poaDhuOXpIQnd2TzBxMHRsbDJPV0V4YXh3Q2RwZ0ZUVUJiamZQWTd4Z0hqVk1TeQpBQTBocW1hcWNOdFpWdFU3MWdoYnVlOW02T1JNajhBTThmc3ZUdEFlZWdJcG9uYVBxM1RBTjVnTTRjMHFGOVJDCnZHSEt0MW5YQWdNQkFBRUNnZ0VBQ25ORUtPbVFYbWJRQWZLQWpqc3FvanFLUy9rQ1JEelo0aDc1aDNDaFhkbU8KVDN1RDlrVkNVK0FXVDFQc1BnMzhrS0VwVm1PU21YWlB5R0lLUyt6YXpndjc0OFYzWDZ3R3ZRRXlESXJ1WVN6aQo1Y2JVcGlQWkxFaTR3d01XWFp5N1J1aDZwMk9VNG5KT3hPQ1ErK09TRDNFK0M3bXF3MHo3aFAwVXkrcSsycDhQCkVOcUhPeVVyVlphTVZySjk2VVFGTXFtTGl3R2xVM2NTemlGRHlLYlpGK1RDU0kydnhMbFhRNnhtMyt5R0ZGTHEKWTAxelBFTk5BSzJ2WXUrdlNaYTVIYmpuNzFDQndSY2J1bUJYWm5PVWdLdk9XWVBEVEQwYWhSWlczVWhwWDZTbgpSTUREdUhwWDZyNjZLSTZnUy9kZ09RSHo4YTcvUVZvZm1sTmxsY21yZVFLQmdRREh6ckREeS9XMU5KczFOVCt1ClJ0M1Q2ZmZSelJzdUYzemVtL3FxUnlzbXpOWi9JWFMwZGZMdkprZmJZVVpYdVYzekxKM2ZOK0hqK2wyb1dsajQKVUVKNkJRNmtLMTA4TlJlRDdxQUNWTDBVYlhWUFRrWWZnOGFTYzNWVTNvSk1pUGM0WDNvRkZZenVOSnNqMThZTwpmVVh1a0cyNVIvdkV3NFZJeHlBZFlEWFJ5UUtCZ1FERVgxQlgzZHhNcHp2Yk9rRlVyeFNyM2x5ZDJWNzdrUnRHCm54NXJtQ2ZBQmRuMkN1cmdkNjMvdHlBbElMSVEwUGRWNEkzSjhyOVNsRGd2c2RaMS9ZWXE3Qjg1QzE4QUZRWjMKTUlJcno3VHNCTU4xZ29sMWhvbjEweUxWZ1h0RCtYSmhSU1JLZVlyY2pVZ2s2YzVnL2NNbldaSk5Qck5IQnZabgpYVTNYcTFDZW53S0JnQmh4N3lwbFA3Qmx1VDl2UGxWQ0VrMms2RTdndXh5T2Z4WjFHdHZPVFRjNEJGNFZaOFBVClVsNXozb0syaWZhZGxTTDFLSE53ME5BbGgyUGJlZHNYWnFxckI3bUtIS1FMRXM5dldHQXdvZGxuOHR3N0JWVkIKdC8rZTVKSDNqeFZ5QkZ6L1FWeHg0SVljSlliakZUWWNtWHV3YTl3cE5HSkVVWUF2N0h2cmsyb1JBb0dCQUlueQpRdWhXckNrVTJaRjViT2RtVG1rbHZYNE5jeEhacjRWK3hjbmppeGp6ZzFlNTk2RlRzV0dQYlA5bjVtNjF2T29RCjRzbll3dG5wMFVaLzhSM1Z5T2hpRXRUcHpnU3F3RzMrSDVOVFI4NzgwYW04MTM4OTBiQmtiM1g0alhVRXlIclkKTFZRNzZYWmhzU3B0TEZNcU1HdDJHclkwczQvVHJraVNYTnFDT0JJVkFvR0FlZlhMMWJmUExnOVFKRlBLUmNZcgoycWRFRzFWRC8vSFF6K3lQaTlscVB3eGM3aGwreTcvcXMxQW1peUFFK2xESEJadEMwTGJ2Si9XNWR5K1ZtZFNWCkpvRkFXS1RUdTdORHZ4dTJ3RHNFRWVnZ3AxVnBId3ZzUzRDS2ZDa0l6ZlBzTFhyMTBFSExSSW43MXByKzdEa3oKSXkxdjZ0UkZONldFdHBHVzh4T0VOeEk9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K";
string pkcs8Pem = Encoding.UTF8.GetString(Convert.FromBase64String(pkcs8PemB64));
RSA rsa = RSA.Create();
rsa.ImportFromPem(pkcs8Pem);
// JEW decryption
string token = "eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIn0.IDqmx1u_8Jd6XofUyTubUEAMWw9Zu2reF3JJsijRICCFRG_Dcb15pOs61DQx8DwhQbVSWA-Zbt_xlJ5dTtaC_JlP8PRFYbAkhHdOtPVUuEKIx9OEm5DOF5hi-d-VJd5JOrDaGgSSlz59vQHgY8whGzNTbJhfjyKwkz-uaEiyb8kblDAVd-mjBPcL1_1MOpMfyfuXgroi3RiR--zyjNgOUZ2R3hKZmlISAuRjrIJB8xKZntRu3GtJczX6jCgJFvWAYqrlHtMoRLuGrcOsM3WDx7urX9ur90A7idGuq2rj8aaOg2Ld-sAMfhoS0jKwK4Gj0CumAza4QvpZPVjVWaep7A.XlSCfsZVmku1CGxK.mCbCvPxsdWRDw_ZmlMtETrX_TLdxQQ0lxqFfUaX6Pv8TCChFodZb9PE0kUycW1pTTPYYbGh2d40CYgvLAMP_c1me27uFYOsy3P3CDoULKR-MNU4f19nCuRlMgWeMqG0e7GVmGQwem4TpcA4CZTdd5V0kzXBLm4ns3i3NlNoNrhfG7pW87Eb0oYo9s1wvALDmvgiFUb-apxUqJXaSIZ51pSSwkyPSLPtd_tq-8weNNuyf9SBsQUWEjRn8CHtmjuKhKOP4TaJYqjsA80ydLUUhmogrMzpqEgahitZ1ygDwv2UYwzykt5kklZ63OGPdZrYosM3t0kpi4CP9F5gyvx-jOiiMLcdz46d0t8315H9HEJW_Du3BkmW6IQ1r__mlrp2ylNMTVT7_oh_WQHUc2HEszJ-yELUSd0RM96vgXUGjWlwfex9hLYI2VaMSZ00MsarEl3HEUFnsTYIqeD8hLuJjeUGH_EXJRqh6n2-hdApO67IPRE3Eoy4rpAPZEsHrGP08WfFicjRr49PEaJlnsxVXsTxaO6smKWiCwh4JiFDYy7y-kw9orvRqyvR_8aVh1XhNFktUhtyRBOSXqN-nGxPnjD2C3lJgQAOck2i8lt_gcEiY2xqGiS0Qz-6119cRr3R2PkEXMFoVRL_8gK94OckenUg-OmIWydfJH66c_RaSGEsgozOjHCAiSiA0N2kzH_juBsLxH4CwR9VYm0lVitLVnoauVloz3fdm-so7uJ5ccFPPbfhCdKIOTwOSYxjVBJh_QWOz-BcfOeCfXIxP9PZ7DTsn2Esz2zT-hQgElOy01j0_rYfNOj92EEqRjbWGdtSr4onkAsQqIFhKJlSFQ7TbemgO6cliRWmB2Hje4XVJSVJBAv-qOh397sgCm4QYJknue0XejvIFSxaxGaoockQsA8VTl1Wtpj_Up1alKpm1tyIwVOEuQCdpy5XreSI3KxnnkKS17Ged1IT9RTL-F6X8xvgoig9rp00T9YnrXB4yNsLHkPkYHFPI4IN_O9ULrDSg_p6lN6ulc2DNY0ap-z9VSnOwKZuqnxyXxw5ymvraieRC.0fJ38Gr299EfDubtBpuRYg";
JweToken decToken = Jose.JWE.Decrypt(token, rsa);
Console.WriteLine(decToken.Plaintext); // eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9.eyJkZXZpY2VfaWQiOiIwMDk5OTk4OC0wMDAwLTAwMDAtZGQ0ZC1jZWM4ZjNkMmZhZWMiLCJkZXZpY2VfaW5mbyI6eyJBbmRyb2lkU2VjUGF0Y2hMZXZlbCI6IjIwMjMtMDUtMDUiLCJBcGlMZXZlbCI6IjMwIiwiQXBwVmVyc2lvbiI6IjAuMS40IiwiQm9hcmQiOiJzb3VsIiwiQnVpbGRJZCI6IlJUVDAuMjExMjIyLjAwMS4xNDA3IHJlbGVhc2Uta2V5cyIsIkRldmljZSI6InNvdWwiLCJEZXZpY2VUeXBlIjoiVFYiLCJHUFUiOiJNYWxpLUczMSIsIkhhcmR3YXJlVmVyc2lvbiI6ImFtbG9naWMiLCJNYW51ZmFjdHVyZXJOYW1lIjoiWGlhb21pIiwiT3BlbkdMRVNWZXJzaW9uIjoiMy4yIiwiUHJvZHVjdCI6InNvdWwiLCJSQU0iOiIxOTkwIiwiUm9vdGVkRGV2aWNlIjp0cnVlLCJsZWFuYmFjayI6dHJ1ZSwibW9kZWwiOiJNaVRWLUFZRlIwIiwic3lzdGVtVmVyc2lvbiI6IjExIn0sImV4cCI6MjY1NjQwMDY1NSwiaWF0IjoxNzA5NzE2MTM4LCJub25jZSI6Im5HYjZidDFyLS1PYndCd3p4RlYyRnRQcWxYb2J4WmtILUhpY3Qzc2FxWGREOVlma0tkakxiUSJ9.hejtpz-weznhqyzHrf307RxAI09wa6CpcoyTeoOHreY
解密的有效负载是一个嵌套的 JWT。
请注意,实际上没有必要对 PEM 编码密钥进行 Base64 编码,因为 PEM 编码已经是 ASN.1/DER 编码密钥的文本表示形式。