-
Notifications
You must be signed in to change notification settings - Fork 438
Supported Algorithms
Maria Furman edited this page Jan 8, 2021
·
13 revisions
| IdentityModel Target / Algorithm name |
.NET 4.5 | .NET 4.6.1 | .NET 4.7.2 | .NET Standard 2.0 |
|---|---|---|---|---|
|
RsaSha256 ( RS256) |
✅ | ✅ | ✅ | ✅ |
|
RsaSha384 ( RS384) |
✅ | ✅ | ✅ | ✅ |
|
RsaSha512 ( RS512) |
✅ | ✅ | ✅ | ✅ |
|
RsaSha256Signature ( http://www.w3.org/2001/04/xmldsig-more#rsa-sha256) |
✅ | ✅ | ✅ | ✅ |
|
RsaSha384Signature ( http://www.w3.org/2001/04/xmldsig-more#rsa-sha384) |
✅ | ✅ | ✅ | ✅ |
|
RsaSha512Signature ( http://www.w3.org/2001/04/xmldsig-more#rsa-sha512) |
✅ | ✅ | ✅ | ✅ |
|
RsaOAEP ( RS-OAEP) |
✅ | ✅ | ✅ | ✅ |
|
RsaPKCS1 ( RSA1_5) |
✅ | ✅ | ✅ | ✅ |
|
RsaOaepKeyWrap ( http://www.w3.org/2001/04/xmlenc#rsa-oaep) |
✅ | ✅ | ✅ | ✅ |
|
RsaSsaPssSha256 ( PS256) |
❌ | ❓ | ❓ | ❔ |
|
RsaSsaPssSha384 ( PS384) |
❌ | ❓ | ❓ | ❔ |
|
RsaSsaPssSha512 ( PS512) |
❌ | ❓ | ❓ | ❔ |
|
RsaSsaPssSha256Signature ( http://www.w3.org/2007/05/xmldsig-more#sha256rsa-MGF1) |
❌ | ❓ | ❓ | ❔ |
|
RsaSsaPssSha384Signature ( http://www.w3.org/2007/05/xmldsig-more#sha384rsa-MGF1) |
❌ | ❓ | ❓ | ❔ |
|
RsaSsaPssSha512Signature ( http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1) |
❌ | ❓ | ❓ | ❔ |
| IdentityModel Target / Algorithm name |
.NET 4.5 | .NET 4.6.1 | .NET 4.7.2 | .NET Standard 2.0 |
|---|---|---|---|---|
|
EcdsaSha256 ( ES256) |
✅ | ✅ | ✅ | ✅ |
|
EcdsaSha384 ( ES384) |
✅ | ✅ | ✅ | ✅ |
|
EcdsaSha512 ( ES512) |
✅ | ✅ | ✅ | ✅ |
|
EcdsaSha256Signature ( http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256) |
✅ | ✅ | ✅ | ✅ |
|
EcdsaSha384Signature ( http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384) |
✅ | ✅ | ✅ | ✅ |
|
EcdsaSha512Signature ( http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512) |
✅ | ✅ | ✅ | ✅ |
| IdentityModel Target / Algorithm name |
.NET 4.5 | .NET 4.6.1 | .NET 4.7.2 | .NET Standard 2.0 |
|---|---|---|---|---|
|
Sha256 ( SHA256) |
✅ | ✅ | ✅ | ✅ |
|
Sha384 ( SHA384) |
✅ | ✅ | ✅ | ✅ |
|
Sha512 ( SHA512) |
✅ | ✅ | ✅ | ✅ |
|
Sha256Digest ( http://www.w3.org/2001/04/xmlenc#sha256) |
✅ | ✅ | ✅ | ✅ |
|
Sha384Digest ( http://www.w3.org/2001/04/xmldsig-more#sha384) |
✅ | ✅ | ✅ | ✅ |
|
Sha512Digest ( http://www.w3.org/2001/04/xmlenc#sha512) |
✅ | ✅ | ✅ | ✅ |
| IdentityModel Target / Algorithm name |
.NET 4.5 | .NET 4.6.1 | .NET 4.7.2 | .NET Standard 2.0 |
|---|---|---|---|---|
|
Aes128CbcHmacSha256 ( A128CBC-HS256) |
✅ | ✅ | ✅ | ✅ |
|
Aes192CbcHmacSha384 ( A192CBC-HS384) |
✅ | ✅ | ✅ | ✅ |
|
Aes256CbcHmacSha512 ( A256CBC-HS512) |
✅ | ✅ | ✅ | ✅ |
|
Aes128KW ( A128KW) |
✅ | ✅ | ✅ | ✅ |
|
Aes256KW ( A256KW) |
✅ | ✅ | ✅ | ✅ |
|
HmacSha256 ( HS256) |
✅ | ✅ | ✅ | ✅ |
|
HmacSha384 ( HS384) |
✅ | ✅ | ✅ | ✅ |
|
HmacSha512 ( HS512) |
✅ | ✅ | ✅ | ✅ |
|
HmacSha256Signature ( http://www.w3.org/2001/04/xmldsig-more#hmac-sha256) |
✅ | ✅ | ✅ | ✅ |
|
HmacSha384Signature ( http://www.w3.org/2001/04/xmldsig-more#hmac-sha384) |
✅ | ✅ | ✅ | ✅ |
|
HmacSha512Signature ( http://www.w3.org/2001/04/xmldsig-more#hmac-sha512) |
✅ | ✅ | ✅ | ✅ |
Conceptual Documentation
- Using TokenValidationParameters.ValidateIssuerSigningKey
- Scenarios
- Validating tokens
- Outbound policy claim type mapping
- How ASP.NET Core uses Microsoft.IdentityModel extensions for .NET
- Using a custom CryptoProvider
- SignedHttpRequest aka PoP (Proof-of-Possession)
- Creating and Validating JWEs (Json Web Encryptions)
- Caching in Microsoft.IdentityModel
- Resiliency on metadata refresh
- Use KeyVault extensions
- Signing key roll over