1

我有一个用于创建 RSA 对象的 OpenSSL 密钥对:

  let getSigningKey (rsa:RSA) (key) =
    try
      rsa.ImportPkcs8PrivateKey(
        source = ReadOnlySpan(trimOpenSslPrivKey key),
        bytesRead = ref 0
      )
      Some rsa
    with ex ->
      LambdaLogger.Log <| sprintf "Exception : %s" ex.Message
      None

一旦它被创建,我就可以用它来签署 JWT 令牌没有问题。

但是,一旦我想创建加密的 JWT (JWE),我不确定如何使用它。

签署:

  let getSigningCredentials () =
    try
      getRsa()
      |> Option.map (fun rsa ->
        let signingCredentials =
          SigningCredentials(RsaSecurityKey(rsa), SecurityAlgorithms.RsaSha256)
        signingCredentials.CryptoProviderFactory <- CryptoProviderFactory(CacheSignatureProviders = false)
        signingCredentials)
    with ex ->
      LambdaLogger.Log(sprintf "Exception : %s" ex.Message)
      None

最后是 JWT 创建:

   JwtSecurityToken(
      issuer = "Bob",
      signingCredentials = signingCredentials,
      claims = claims,
      notBefore = Nullable notBefore,
      expires = Nullable expires
    )

我认为应该是类似的:

  SecurityTokenDescriptor(
      Issuer = "Bob",
      Claims = claims,
      NotBefore = Nullable notBefore,
      Expires = Nullable expires,
      EncryptingCredentials = ??,
      SigningCredentials = signingCredentials
    )

我不确定如何使用 RSA 作为 EncryptingCredentials。

4

0 回答 0