RSA-OAEP-256 not in SupportedAlgorithms.IsSupportedRsaAlgorithm() #1293
Comments
|
Hi @Cristallix - RSA-OAEP-256 is not currently supported. The team will triage the issue soon, but for now I'm marking it as an enhancement proposal. |
|
Yes, we want to use this as well given SHA1 is now discouraged and people are recommended to use SHA2 family. @brentschmaltz Minor, but there is a bug in the exception message as well that it shows 'System.String' as Algorithm. It should say No support for Algorithm: 'RSA-OAEP-256', ... |
brentschmaltz
modified the milestones:
v6 Next (Current In-Progress),
v6 Next + 1,
6.7.1,
v6 Backlog
|
@brentschmaltz Is this being addressed in the new release? What does v6 Next mean? |
|
+1 running into exact same issue, need this added asap plz |
|
+1 This was one of two issues I ran into in the question below (I will be updating the entry in the next 24 hours to reflect solution/workaround hopefully). |
|
+1 |
I tried the work-around and it works for OAEP-256. (AES-GCM decryption works fine without any change, so in the end I decided it wasn't worth it to add support for AES-GCM encryption to the provider.) using System.Security.Cryptography;
using Microsoft.IdentityModel.Tokens;
// inspired to: https://stackoverflow.com/a/68272468/166524
public class OAEP256CryptoProvider : ICryptoProvider
{
public const string OAEP_256 = "RSA-OAEP-256";
public bool IsSupportedAlgorithm(string algorithm, params object[] args)
{
return (algorithm == OAEP_256);
}
public object Create(string algorithm, params object[] args)
{
return new RsaOaepKeyWrapProvider(args[0] as SecurityKey, algorithm);
}
public void Release(object cryptoInstance)
{
}
private class RsaOaepKeyWrapProvider : KeyWrapProvider
{
public RsaOaepKeyWrapProvider(SecurityKey key, string algorithm)
{
Key = (RsaSecurityKey) key;
Algorithm = algorithm;
}
protected override void Dispose(bool disposing)
{
}
public override byte[] UnwrapKey(byte[] keyBytes)
{
return Key.Rsa.Decrypt(keyBytes, RSAEncryptionPadding.OaepSHA256);
}
public override byte[] WrapKey(byte[] keyBytes)
{
return Key.Rsa.Encrypt(keyBytes, RSAEncryptionPadding.OaepSHA256);
}
public override string Algorithm { get; }
public override string Context { get; set; }
public override RsaSecurityKey Key { get; }
}
} |
removing obsoleted ifdefs since net452 support was removed
removing obsoleted ifdefs since net452 support was removed
jennyf19
added
P2
I'm trying to decrypt a JWE + JWS token and here is the first part of the token :
eyJ6aXAiOiJERUYiLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0which after a base64ToString is giving :
{"zip":"DEF","enc":"A256CBC-HS512","alg":"RSA-OAEP-256"}The problem is that when I'm trying to decrypt the token it goes down to the method SupportedAlgorithms.IsSupportedRsaAlgorithm() but RSA-OAEP-256 isn't listed and I can't decrypt my token. Do you plan to support it any time soon or I'm missing something ?
Thanks !
The text was updated successfully, but these errors were encountered: