c# – JWT Web令牌加密 – SecurityAlgoritms.HmacSha256 vs SecurityAlgoritms.HmacSha256Signature

对于基于令牌的身份验证,Microsoft.IdentityModel.Tokens提供了可用于创建SigningCredentials的安全算法列表:

  string secretKey = "MySuperSecretKey";
  byte[] keybytes = Encoding.ASCII.GetBytes(secretKey);
  SecurityKey securityKey = new SymmetricSecurityKey(keybytes);
  SigningCredentials signingCredentials =
                    new SigningCredentials(securityKey,
                        SecurityAlgorithms.HmacSha256);

  SigningCredentials signingCredentials =
                    new SigningCredentials(securityKey,
                        SecurityAlgorithms.HmacSha256Signature);

HmacSha256和HmacSha256Signature有什么区别?你什么时候使用签名而不是非签名?**

还有其他算法“非签名”和“签名”算法 – RsaSha256和RsaSha256

最佳答案 HmacSha256是一个字符串常量,评估为“HS256”. HmacSha256Signature也是一个字符串常量,但计算结果为“
http://www.w3.org/2001/04/xmldsig-more#hmac-sha256

System.IdentityModel.Tokens.SecurityAlgorithms的最新定义不包括HmacSha256,而是允许您为SigningCredentials分离签名和摘要算法.

您应该使用HmacSha256Signature来保护您的应用程序,因为HmacSha256看起来已被弃用.

来自Microsoft文档……

The members that have a Signature suffix can be used to specify the
signatureAlgoritm parameter and the members that have a Digest suffix
can be used to specify the digestAlgorithm parameter.

点赞