jwt icon indicating copy to clipboard operation
jwt copied to clipboard
verified publisher icon jwt-dotnet

Example of ECDSAAlgorithm?

Open mattabb opened this issue 3 years ago • 8 comments

I was unable to correctly sign with a ECDSA key. I attempted to create an algorithm like:

var algo = new ECDSAAlgorithm();

I was unable to do this, however was able to create: var algo = new ECDSAAlgorithmFactory()

which was unworkable.

mattabb avatar Jun 09 '22 20:06 mattabb

I frankly never used it myself as it was an OSS contribution to the library.

ECDSAAlgorithm accepts either one or two ECDsa objects (two for encoding/signing, just one for reading/validation). Or X509Certificate2 which I guess must be certain certificate so cert.GetECDsaPrivateKey() and cert.GetECDsaPublicKey() would return something.

abatishchev avatar Jun 09 '22 21:06 abatishchev

@mattabb I'm not sure why you chose ECDSA, however when I went to chose between the two, I avoided it since it only works on .Net Standard 2.0. I instead went with RS family of encryption. If that would work for you, I'd be happy to share my steps.

drusellers avatar Jun 16 '22 11:06 drusellers

I wrote a small sample project for minimal APIs and it uses JWT and with ECDSA keys.

You can see how I used it in this class: https://github.com/hartmark/minimal-api-sample/blob/main/Backend/Infrastructure/DataService/JwtGenerator.cs

hartmark avatar Jun 18 '22 01:06 hartmark

Thanks, @hartmark. @drusellers please take a look, let me know if it works for you, and that the issue can be closed.

abatishchev avatar Jun 20 '22 02:06 abatishchev

I wrote a small sample project for minimal APIs and it uses JWT and with ECDSA keys.

You can see how I used it in this class: https://github.com/hartmark/minimal-api-sample/blob/main/Backend/Infrastructure/DataService/JwtGenerator.cs

Looks good @hartmark . One question, is there somewhere I can find recommended secret sizes based on the length of the key? I'm a little confused on that and had thought that the PrivateKey/PublicKey would suffice for signing

mattabb avatar Jul 02 '22 16:07 mattabb

Looks good @hartmark . One question, is there somewhere I can find recommended secret sizes based on the length of the key? I'm a little confused on that and had thought that the PrivateKey/PublicKey would suffice for signing

ES521 uses P-521 so 521bits or around 66 (rounded up) characters.

I'm not so knowledgeable about the details about if it's weaker if shorter. But I have read that if it is shorter it will pad the secret internally.

hartmark avatar Jul 02 '22 17:07 hartmark

I had an Eureka moment and remember I just used this method to generate the key.

https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.ecdsa.create?view=net-6.0#system-security-cryptography-ecdsa-create

The security implications of different lengths of the secret is not known for me.

hartmark avatar Jul 02 '22 18:07 hartmark

Nice example @hartmark . But where can I get secret for ECDsa? I've created it with openssl and don't have any secret.

MaxLevs avatar Sep 21 '22 18:09 MaxLevs