JWK serialization in C# for RSA keys using OAEP padding
The types in this sample code enable serializing and deserializing RSA keys to/from the JWK format, with these restrictions:
- Only RSA keys with 2 primes are supported.
- Only OAEP padding is supported.
The types involved are:
RsaJwk
- The in-memory representation of an RSA key in JWK format.Base64UrlConverter
- A helper type for JSON.NET to format JWK byte arrays.RsaJwkExtensions
- ConvertsRsaJwk
to and from a(RSA, RSAEncryptionPadding)
pair.
This project has two parts: a .NET Core console application and a web page. The web page uses a public RSA key to encrypt a value, which can then be pasted into the console application. The console application uses the corresponding private RSA key to decrypt the value.
Specifically, the console application will:
- Deserialize an
(RSA, RSAEncryptionPadding)
pair from a JWKkey.json
file. If the file does not exist, it will create a newRSA
key and serialize it into thekey.json
file. This file contains the private key and should not be shared! - Serializes the public RSA key into a JWK
key.public.json
file, and also writes it directly into theencrypt.html
file. - Opens
encrypt.html
in a web browser. - Allows the user to paste encrypted, Base64-encoded text, and decodes and decrypts it.
To encrypt, the web page takes the user input, encodes it as UTF-8, encrypts it with the RSA public key, and Base64-encodes the result.
To decrypt, the console application takes the user input, Base64-decodes it, decrypts it with the RSA private key, and UTF8-decodes the result.
This example of asymmetrical encryption uses the RSA keys directly for all encryption. This is slow, and should only be done on very small data values. Larger data values should generate a symmetric key, encrypt that with the RSA key, and use the symmetrical key to encrypt the large amount of data.