我正在尝试使用 RsaSsaPssSha256 签署 JWToken,并使用我从密钥库中读取的自签名 X509certificate2。
使用.net 4.61;
SecurityTokenDescriptor tokenDescriptor = new SecurityTokenDescriptor
{
Subject = ,
SigningCredentials = new SigningCredentials(privateKey, SecurityAlgorithms.RsaSsaPssSha256Signature),
Expires = DateTime.UtcNow.AddMinutes(expirationMinutes),
};
并得到以下错误:
"IDX10634: Unable to create the SignatureProvider.\nAlgorithm: 'PS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.X509SecurityKey, KeyId: 'xxxxxxxxxxxxxxxxxxxxxxxxxx', InternalId: 'xxxxx-xxxxxx-xxxx-xxxxxx'.'\n is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms"
不用说,SecurityAlgorithms.RsaSha256 按预期工作。
2.尝试使用Jose-JWT模块,得到如下错误:
"RsaUsingSha with PSS padding alg expects key to be of CngKey type."
我在这里错过了什么?