Following from my previous post Generate JSON Web Key from a PKCS#12 X509Certificate, here is how to sign a JSON Web Token (JWT) using the private key of a PKCS#12 certificate file.
The public key was supplied to the authorisation party as JSON Web Key. Subsequent new content submissions are then signed using the private key of the same certificate file and supplied as JSON Web Token. The receiving party will use the public key previously received to decode and verify the new content received.
Using the same certificate previously generated in Azure Key Vault, extract the private key for signing the JWT. The result is a string of signed JWT.
//initialise the Secret client connection to Azure Key Vault.
var secretClient = new SecretClient(new Uri("https://ivsdev-mykeyvault.vault.azure.net/"), new DefaultAzureCredential());
//retrieve the certificate content to initialise the X509Certificate instance.
var secretValue = secretClient.GetSecret("MyFirstCertificate");
var certificateString = secretValue.Value.Value;
var certificate = new X509Certificate2(Convert.FromBase64String(certificateString));
//extract the RSA private key.
var privateKey = certificate.GetRSAPrivateKey();
var rsaSecurityKey = new RsaSecurityKey(privateKey);
//initialise the header using the private key, and signing algorithm.
var header = new JwtHeader(new SigningCredentials(rsaSecurityKey, SecurityAlgorithms.RsaSha256));
header.Add("kid", "my key id value");
//specify the attribute values of the payload
var payload = new JwtPayload();
payload.Add("iss", "The value of issuer");
payload.Add("iat", "The value of 'issued at'");
payload.Add("exp", "The value of expiration");
//initialise the token with the header and payload, and generate the JSON Web Token string.
var token = new JwtSecurityToken(header, payload);
var handler = new JwtSecurityTokenHandler();
var jwtString = handler.WriteToken(token);That's all for this post.