参考文档:
https://gist.github.com/ssippe/8fc11c4d7e766e66f06db0431dba3f0a
https://github.com/dvsekhvalnov/jose-jwt
https://mac-blog.org.ua/dotnet-core-firebase-jwt/
需要引用如下包: jose-jwt (version=2.5.0)、BouncyCastle 版本不限
加密和解密方式为:私钥加密、公钥解密
生成私钥、公钥可以利用openssl工具、也可以通过在线上工具生成
私钥:
-----BEGIN PRIVATE KEY----- MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMu4IDG1XU6a7bXo 4V1jSnbKk9Eum2WguAyq+maCRcP9JoHlE/HmhPOjl91aN5gDHw3pgB7QMMkPkuyY 0aG9UiIo7PbBgjXsNBErprKa8G7GKhDN4B3m8jxEi1NLtCk2H8AEf8H/deGFXCde fjQx0NDEDcTbJ8STfbsqrLhOq2xzAgMBAAECgYEAg1kZMNOd8IOFxqb7P2o4ZbUh b1rciL8CS/CleBiAgOgkvtWDcZFOoYQV83sqoxFIIYEuwS88dTZcZb32U5EsdYEx JvJwAAYnzpch/YAz0llvXSHzZwNfGGvs4qt0d74bFpPfveli82wSKMlykeajP2Ro RQpOniTYOWrJ01UHdUECQQDt1KTj/Xs5BNmEZAkJVmGekQROADk+ztceAe9UMj/J s5xECdXVwuFh2Rm62MMQNNoW2Pjz4Y5NqhjRu0MMZnlTAkEA20hZsgA78aqTO7s+ +y/CLgP3Cd7uG/5RkcmjBWq2eXkt6wmazZl0BMYb7vshblnMjFXJwuOmfBJl7rTr 1fg8YQJAEo4Jg0QObgdj1QFc9x6HJTDZLiC0VqMag1vRSTdWZK0fnutJhJDctp6S dFJe/Y+yCCBLY/OP/50qrIo4k+oWwwJAIn8hTTVoOL6C5xSv9cgvnhmVlYHyp4i8 wFieQs3k4vtDVARwzANmExIvdssfGUMbQMCGOxihKkeirYjcyQ6CQQJAbsbpzCjD wd9JCogmTu/xYqtL898ek7LeNkhgIY2KhYtlptxlHfzgLBUgiSTNTcD1YWtSSp6u A5ImxrryDYPmfg== -----END PRIVATE KEY-----
公钥:
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLuCAxtV1Omu216OFdY0p2ypPR LptloLgMqvpmgkXD/SaB5RPx5oTzo5fdWjeYAx8N6YAe0DDJD5LsmNGhvVIiKOz2 wYI17DQRK6aymvBuxioQzeAd5vI8RItTS7QpNh/ABH/B/3XhhVwnXn40MdDQxA3E 2yfEk327Kqy4TqtscwIDAQAB -----END PUBLIC KEY-----
核心代码:
/// <summary> /// JWT-RS256 加密 /// 私钥加密,公钥解密 /// </summary> /// <param name="payload">负荷部分,存储使用的信息</param> /// <param name="privateKey">私钥</param> /// <returns></returns> public static string JwtEncryptRS256(IDictionary<string, object> payload, string privateKey) { //可以扩展header //var headers = new Dictionary<string, object>() //{ // { "typ", "JWT" }, // { "cty", "JWT" }, // { "keyid", "111-222-333"} //}; using (var rsa = GetRSACryptoServiceProvider(privateKey, true)) //读取私钥 { var token = Jose.JWT.Encode(payload, rsa, Jose.JwsAlgorithm.RS256); //var token = Jose.JWT.Encode(payload, rsa, Jose.JwsAlgorithm.RS256, headers); //带header return token; } } /// <summary> /// JWT-RS256 解密 /// </summary> /// <param name="token">要解密的token</param> /// <param name="publicKey">公钥</param> /// <returns></returns> public static Dictionary<string, object> JwtDecryptRS256(string token, string publicKey) { try { using (var rsa = GetRSACryptoServiceProvider(publicKey, false)) //读取公钥 { var payload = Jose.JWT.Decode<Dictionary<string, object>>(token, rsa); return payload; } } catch (Exception ex) { return null; } } /// <summary> /// 根据 私钥 or 公钥 返回参数 /// </summary> /// <param name="key">私钥 or 公钥</param> /// <returns></returns> private static RSACryptoServiceProvider GetRSACryptoServiceProvider(string key, bool isprivate) { try { RSAParameters rsaParams; if (isprivate) { using (var sr = new StringReader(key)) { // use BouncyCastle to convert the key to RSA parameters //需要引用包 BouncyCastle var pemReader = new PemReader(sr); var keyPair = pemReader.ReadObject() as RsaPrivateCrtKeyParameters; if (keyPair == null) { //没有读到Privatekey } rsaParams = DotNetUtilities.ToRSAParameters(keyPair); } } else { using (var sr = new StringReader(key)) { var pemReader = new PemReader(sr); var keyPair = pemReader.ReadObject() as RsaKeyParameters; if (keyPair == null) { //没有读到Publickey } rsaParams = DotNetUtilities.ToRSAParameters(keyPair); } } var rsa = new RSACryptoServiceProvider(); rsa.ImportParameters(rsaParams); return rsa; } catch (Exception ex) { throw; } }
测试:
static void Main(string[] args) { string publicKey = File.ReadAllText(@"D:Squareopensslin sa_public_key.pem"); string privateKey = File.ReadAllText(@"D:Squareopensslin sa_private_key.pem"); int timestamp = TimeHelper.GetTimeStamp(DateTime.UtcNow.AddSeconds(5)); //时间戳 var payload = new Dictionary<string, object> { {"iss","123456"}, {"exp",timestamp} //5s }; var gettoken = JosejwtHelper.JwtEncryptRS256(payload, privateKey); //私钥加密 Console.WriteLine("加密结果:" + gettoken); Console.WriteLine("...."); var getvalue = JosejwtHelper.JwtDecryptRS256(gettoken, publicKey); //公钥解密 Console.WriteLine("解密结果:" + JsonConvert.SerializeObject(getvalue)); }
测试结果: