How to create JWT signed with RsaSsaPssSha256

Question

I'm trying to sign JWToken using RsaSsaPssSha256, with a self signed X509certificate2 that i read from the keystore.

using .net 4.61;

1. Tried to use System.IdentityModel.Tokens.Jwt from Microsoft:

SecurityTokenDescriptor tokenDescriptor = new SecurityTokenDescriptor
{
    Subject = ,
    SigningCredentials = new SigningCredentials(privateKey, SecurityAlgorithms.RsaSsaPssSha256Signature),  
    Expires = DateTime.UtcNow.AddMinutes(expirationMinutes),
};

and got the following error:

"IDX10634: Unable to create the SignatureProvider.\nAlgorithm: 'PS256', SecurityKey: 'Microsoft.IdentityModel.Tokens.X509SecurityKey, KeyId: 'xxxxxxxxxxxxxxxxxxxxxxxxxx', InternalId: 'xxxxx-xxxxxx-xxxx-xxxxxx'.'\n is not supported. The list of supported algorithms is available here: https://aka.ms/IdentityModel/supported-algorithms"

needless to say that SecurityAlgorithms.RsaSha256 is working as expected.

2. Tried to use Jose-JWT module and got the following error:

"RsaUsingSha with PSS padding alg expects key to be of CngKey type."

what am i missing here?

Answer 1

While upgrading from .NET 4.60 to 4.61, which is necessary when using RsaSsaPssSha256, i removed the System.IdentityModel.Tokens.Jwt packages and reinstalled them (even though it is the same dll file). now everything is working as expected.