This repository provides an implementation in C# of RFC7517 (JSON Web Keys).
Notice: The current implementation has been used in a production environment.
However, no support will be offered for this project. Here be dragons. Please fill any bugs you may find.
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key.
All details of the implementation are based on the following literature:
Supported Key Types for creating new JWKs (with the corresponding intended algorithm):
| Algorithm | Support | |
|---|---|---|
| RSA | RS256, RS384, RS512 | ✅ |
| Eliptic Curves | ES256, ES384, ES512 | ✅ |
| HMAC | HS256, HS384, HS512 | ❎ |
| AES | A128GCMKW, A192GCMKW, A256GCMKW | ❎ |
| None | none | ❎ |
| Meaning | |
|---|---|
| ✅ | Fully implemented and tested |
| ❎ | Currently being implemented / Untested |
| ❌ | Not implemented yet |
Building JSON Web Key Sets is also supported.
The following configuration has been succesfully tested for building and running the project:
- Visual Studio for Mac - Version 17.4.2 (build 17)
- .Net Core - Version 6.0.402
- [] Complete support for all JWK key types
- [] Support for EdDSA keys (See RFC8037)
- [] Support for x5u, x5c, x5t, x5t#S256 parameters in a JWK
- [] Check for required key parameters on deserialization
- [] Follow RFC7517 security conciderations guidelines
https://www.nuget.org/packages/CreativeCode.JWK/
dotnet add package CreativeCode.JWK
git clone https://github.com/alexzautke/JWK.gitdotnet pack -c Release- Install NuGet package from local source
See JWK Example
Simply run dotnet test in the root folder of the project. All tests should be passing.
More details about security risks associated with JWKs are documented in RFC section 9.
One should place no more trust in the data cryptographically secured by a key than in the method by which it was obtained and in the trustworthiness of the entity asserting an association with the key.
Please follow the recommendations on how to obtain a JWK.
Current issues:
- This library does currently not support the "x5c" element within a JWK. It would enable the user to provide additional information about the authorship of the key.
Private and symmetric keys MUST be protected from disclosure to unintended parties.
Current issues:
- This library does currently not use any kind of protected memory to store the generated key associated with a JWK.
Keys are only as strong as the amount of entropy used to generate them.
Current issues:
- This library does currenty not check if "enough" entropy is available on a system to generate a secure key.
This project is licensed under the MIT License - see the LICENSE file for details