c# - 在客户端和服务器之间生成相同的 JOSE 令牌 (PHP-C#)

Question

好吧，我正在尝试使用这两个库生成相同的密钥：

• https://github.com/dvsekhvalnov/jose-jwt这是用于 C#
• https://github.com/Spomky-Labs/jose这适用于 PHP

我已经实现了两个：

在 C# 中：

public static string CypherData<T>(T payload)
{
    return JWT.Encode(payload, pubkey, JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM, JweCompression.DEF);
}

Console.WriteLine(Api.CypherData("hola"));

这就是我加载公钥 PEM 字符串的方式：

private static RSACryptoServiceProvider GetPubKey()
{
     ConnPreCheck();

     JObject obj = JsonConvert.DeserializeObject<JObject>(getPubKey.HttpGet());

     pubkeyStr = obj["data"]["pubKey"].ToString();

     return PemKeyUtils.GetRSAProviderFromPemString(pubkeyStr);
}

这就是它返回的内容：

eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.L3Teg2RSXXpp4jakLkl2PQgidJ5BIXyP5QZM2B4RaO0vs55aT22D9_dPl6d83KvXezM4YkOnyoF0JA0eLX3k8W4eWkHUhgoYqxgwQSWWhjrpDxcpNdXbDlB6zVb_BKf5upro5qm23nr_SOkkqhKJGrw_sIXvD1LjOburLolDqojrnvK5awGtiFwkPZjRh_wh4z4buEfYsWJCKhTLU6aG_DipmbAXq1o9u1-cqiQJC0JlPJRbh6JJDmVc9YqBv0W0rFEa7W5HA12TO-RtV42tEPApr3hNmD8QwzvxxZYKpMzoBAsSQcvSKk878qeOAcx3pZyoDZ6WzD-LRusWy7nJwOa6AC9NsL91mv8WsZxWar9AnzOsKleSJ7k8I477pXE_H1g7XnFBgmA4egF-721sa7SO2LtS440v1ytA4504sdjVYeOfWmRSU4UljnUqaYTd031fzCevzNEO0Q7mncn-sJACVHiwQB9c703SvYZaFOyzU-vdXUqBRTR6x0JvQd_lFNgSS9pOQC5BQbAKOME9fjdXiwRUKfyHXCUAUj88CJEMqxg3_VYYfUC04GahmoysR9QUpK3l84Z5TLOi47SvO-NkR-2wf7v4ko8bZIR3E6XFHFG9lWwdzR_JPz7fm0OFiYB0HN8XgWE4bQ2tasYsmFhWVfkeRZodnlqFvImSNjA.GIGFv4h_nYkpBiA5.1_66eMEb.BJTezaLucvfluWQ8VEzgCQ

在 PHP 中：

那么，PHP 实现如下：

include(__DIR__ . "/../libs/jose/autoload.php");

$file = __DIR__ . '/../keys/public.key';
$contents = file_get_contents($file);

// This is the input we want to load verify.
$input = @$_GET["input"];

$key = new \Jose\KeyConverter\RSAKey($contents);

$jwe = \Jose\Factory\JWEFactory::createJWEToCompactJSON(
    $input,                    // The message to encrypt
    new \Jose\Object\JWK($key->toArray()),                        // The key of the recipient
    [
        'alg' => 'RSA-OAEP',
        'enc' => 'A256GCM',
        'zip' => 'DEF',
    ]
);

它们是相似的代码，不是吗？

但是输出不同：

eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00iLCJ6aXAiOiJERUYifQ.jbNHUCuXYcXZWrHsJrPclV-fjYmFWwwPj4t3kAOt7PahQfsz0a1GaRrODcwKce4yRtLyjv2U7CtFMxt9ah3XTwIqm1mzzPMhO4LnFIRqMRgsxEgIijRqNOOpE85M3UPBRqjYw0wdjaqfJToLVLwaHgUPCkOqsHrdOOWkxN20fZYy4Z1PQAC0rk2WqLD0x7Za1jdV6LvVtd18iFIaRqf2uNYcRePdyInRxwHGp9JfRkVCQILTfwHlxQBKrwJxhZOzdHrjjNjxNsjAsHGMix6MAbUR0YT4hlrE59eriDVxix4uQrrChuzWVz_kY9-zvB9SDZnYDdfgONYUgTMpbkMTVWsF40JmWJ6wvGs3HaaIxN17UjQLemKgrS4-bqvbnschhZTIGi5-f8Cr_SwGo411VNYhNpD4P1H2dEjmAFpn3SdW3Oi6pPgK2tvIpEwGUS-Gi29-aCCNeuyE2m5dbFW28G9HMmvZHAky4KHE4NlNJTrH0aBxQX_Gc7eTf9q00gJtKQ5CinXaUYAB0xSEbsNACZuFLPawuxj_3FGn6dHYFOkSsatCTcqV5tiGJXG6ns-wDc682-G9Mj8HCIzYzakp-yZLIaY00fg5xQdgKJrk0QbCtvbwiQGoupyMV9f3RpEBJznPrq4STypxskdh6jksB6T_1fhPqZMVt2BHR4phCBg.9380DJUDH4TQnnr7.zEuMQwRr.BfdStBMcVnVR-2ujTLjuaA

你可以在这里看到不同之处：

左边是 C#，右边是 PHP。你可以在那里看到它：http: //qbz28b-user.freehosting.host/html/Result.html

显然，当我尝试用 PHP 解密用 C# 生成的文本时...

...在PHP中解密的实现：

include(__DIR__ . "/../libs/jose/autoload.php");

$file = __DIR__ . '/../keys/private.key';
$contents = file_get_contents($file);

// This is the input we want to load verify.
$input = @$_GET["input"];

$jwk = new \Jose\KeyConverter\RSAKey($contents);

// We create our loader.
$loader = new Jose\Loader();
$loader->load($input);

// The payload is decrypted using our key.
$jws = $loader->loadAndDecryptUsingKey(
    $input,            // The input to load and decrypt
    new \Jose\Object\JWK($jwk->toArray()),              // The symmetric or private key
    ['RSA-OAEP'],      // A list of allowed key encryption algorithms
    ['A256GCM'],       // A list of allowed content encryption algorithms
    $recipient_index   // If decrypted, this variable will be set with the recipient index used to decrypt
);

$coreData["content"] = $jws->getPayload();

出现以下异常：

致命错误：未捕获的 InvalidArgumentException：无法解密 JWE。在 C:\xampp\htdocs\z3nth10n-PHP\libs\jose\Decrypter.php:80 堆栈跟踪：#0 C:\xampp\htdocs\z3nth10n-PHP\libs\jose\Loader.php(95): Jose\ Decrypter->decryptUsingKeySet(Object(Jose\Object\JWE), Object(Jose\Object\JWKSet), NULL) #1 C:\xampp\htdocs\z3nth10n-PHP\libs\jose\Loader.php(30): Jose \Loader->loadAndDecrypt('eyJhbGciOiJSU0E...', Object(Jose\Object\JWKSet), Array, Array, NULL) #2 C:\xampp\htdocs\z3nth10n-PHP\includes\actions.php(321): Jose\Loader->loadAndDecryptUsingKey('eyJhbGciOiJSU0E...', Object(Jose\Object\JWK), Array, Array, NULL) #3 C:\xampp\htdocs\z3nth10n-PHP\api.php(9): 包括('C:\xampp\htdocs...') #4 {main} 在第 80 行的 C:\xampp\htdocs\z3nth10n-PHP\libs\jose\Decrypter.php 中抛出

我一直在查看代码很长时间，我意识到问题不在于代码，问题在于生成的令牌。而且我不知道我能做什么，你可以在这里测试一下。

编码一个词...

...然后，解密它。

有什么建议可以看吗？