参考文档:
https://gist.github.com/ssippe/8fc11c4d7e766e66f06db0431dba3f0a
https://github.com/dvsekhvalnov/jose-jwt
https://mac-blog.org.ua/dotnet-core-firebase-jwt/
需要引用如下包: jose-jwt (version=2.5.0)、bouncycastle 版本不限
加密和解密方式为:私钥加密、公钥解密
生成私钥、公钥可以利用openssl工具、也可以通过在线上工具生成
私钥:
-----begin private key----- miicdgibadanbgkqhkig9w0baqefaascamawggjcageaaogbamu4idg1xu6a7bxo 4v1jsnbkk9eum2wguayq+macrcp9johle/hmhpojl91an5gdhw3pgb7qmmkpkuyy 0ag9uiio7pbbgjxsnberprka8g7gkhdn4b3m8jxei1nltck2h8aef8h/degfxcde fjqx0ndedctbj8stfbsqrlhoq2xzagmbaaecgyeag1kzmnod8iofxqb7p2o4zbuh b1rcil8cs/clebiagogkvtwdczfooyqv83sqoxfiiyeuws88dtzczb32u5esdyex jvjwaaynzpch/yaz0llvxshzzwnfggvs4qt0d74bfppfveli82wskmlykeajp2ro rqponityowrj01uhduecqqdt1ktj/xs5bnmezakjvmgekqroadk+ztceae9umj/j s5xecdxvwufh2rm62mmqnnow2pjz4y5nqhjru0mmznltakea20hzsga78aqto7s+ +y/clgp3cd7ug/5rkcmjbwq2exkt6wmazzl0bmyb7vshblnmjfxjwuomfbjl7rtr 1fg8yqjaeo4jg0qobgdj1qfc9x6hjtdzlic0vqmag1vrstdwzk0fnutjhjdctp6s dfje/y+yccbly/op/50qrio4k+owwwjain8httvool6c5xsv9cgvnhmvlyhyp4i8 wfieqs3k4vtdvarwzanmexivdssfgumbqmcgoxihkkeiryjcyq6cqqjabsbpzcjd wd9jcogmtu/xyqtl898ek7lenkhgiy2khytlptxlhfzglbugistntcd1ywtssp6u a5imxrrydypmfg== -----end private key-----
公钥:
-----begin public key----- migfma0gcsqgsib3dqebaquaa4gnadcbiqkbgqdlucaxtv1omu216ofdy0p2yppr lptlolgmqvpmgkxd/sab5rpx5otzo5fdwjeyax8n6yae0ddjd5lsmnghvviikoz2 wyi17dqrk6aymvbuxioqzead5vi8ritts7qpnh/abh/b/3xhhvwnxn40mddqxa3e 2yfek327kqy4tqtscwidaqab -----end public key-----
核心代码:
/// <summary>
/// jwt-rs256 加密
/// 私钥加密,公钥解密
/// </summary>
/// <param name="payload">负荷部分,存储使用的信息</param>
/// <param name="privatekey">私钥</param>
/// <returns></returns>
public static string jwtencryptrs256(idictionary<string, object> payload, string privatekey)
{
//可以扩展header
//var headers = new dictionary<string, object>()
//{
// { "typ", "jwt" },
// { "cty", "jwt" },
// { "keyid", "111-222-333"}
//};
using (var rsa = getrsacryptoserviceprovider(privatekey, true)) //读取私钥
{
var token = jose.jwt.encode(payload, rsa, jose.jwsalgorithm.rs256);
//var token = jose.jwt.encode(payload, rsa, jose.jwsalgorithm.rs256, headers); //带header
return token;
}
}
/// <summary>
/// jwt-rs256 解密
/// </summary>
/// <param name="token">要解密的token</param>
/// <param name="publickey">公钥</param>
/// <returns></returns>
public static dictionary<string, object> jwtdecryptrs256(string token, string publickey)
{
try
{
using (var rsa = getrsacryptoserviceprovider(publickey, false)) //读取公钥
{
var payload = jose.jwt.decode<dictionary<string, object>>(token, rsa);
return payload;
}
}
catch (exception ex)
{
return null;
}
}
/// <summary>
/// 根据 私钥 or 公钥 返回参数
/// </summary>
/// <param name="key">私钥 or 公钥</param>
/// <returns></returns>
private static rsacryptoserviceprovider getrsacryptoserviceprovider(string key, bool isprivate)
{
try
{
rsaparameters rsaparams;
if (isprivate)
{
using (var sr = new stringreader(key))
{
// use bouncycastle to convert the key to rsa parameters
//需要引用包 bouncycastle
var pemreader = new pemreader(sr);
var keypair = pemreader.readobject() as rsaprivatecrtkeyparameters;
if (keypair == null)
{
//没有读到privatekey
}
rsaparams = dotnetutilities.torsaparameters(keypair);
}
}
else
{
using (var sr = new stringreader(key))
{
var pemreader = new pemreader(sr);
var keypair = pemreader.readobject() as rsakeyparameters;
if (keypair == null)
{
//没有读到publickey
}
rsaparams = dotnetutilities.torsaparameters(keypair);
}
}
var rsa = new rsacryptoserviceprovider();
rsa.importparameters(rsaparams);
return rsa;
}
catch (exception ex)
{
throw;
}
}
测试:
static void main(string[] args)
{
string publickey = file.readalltext(@"d:\square\openssl\bin\rsa_public_key.pem");
string privatekey = file.readalltext(@"d:\square\openssl\bin\rsa_private_key.pem");
int timestamp = timehelper.gettimestamp(datetime.utcnow.addseconds(5)); //时间戳
var payload = new dictionary<string, object>
{
{"iss","123456"},
{"exp",timestamp} //5s
};
var gettoken = josejwthelper.jwtencryptrs256(payload, privatekey); //私钥加密
console.writeline("加密结果:" + gettoken);
console.writeline("....");
var getvalue = josejwthelper.jwtdecryptrs256(gettoken, publickey); //公钥解密
console.writeline("解密结果:" + jsonconvert.serializeobject(getvalue));
}
测试结果:
黄山市民网:https://www.huangshanshimin.com/
