IDX10603: The algorithm: 'HS256' requires the SecurityKey.KeySize to be greater than '128' bits. KeySize reported: '32'. Parameter name: key.KeySize

Question

I was just working with Asp.Net Core Web API, and implementing Authentication. And I am calling this API from an Angular Application. But I am always getting an error as below.

IDX10603: The algorithm: 'HS256' requires the SecurityKey.KeySize to be greater than '128' bits. KeySize reported: '32'. Parameter name: key.KeySize

Below is my code for ConfigureServices in Startup.cs file.

public IServiceProvider ConfigureServices(IServiceCollection services)             {                 services.AddDbContext<APIContext>(option => option.UseInMemoryDatabase("AngularApp"));                  services.AddCors(options => options.AddPolicy("Cors", builder =>                 {                     builder.AllowAnyOrigin().                     AllowAnyMethod().                     AllowAnyHeader();                 }                 ));                  var signinKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Secret phase"));                  services.AddAuthentication(options =>                 {                     options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;                     options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;                 }).AddJwtBearer(cfg =>                 {                     cfg.RequireHttpsMetadata = false;                     cfg.SaveToken = true;                     cfg.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters()                     {                         IssuerSigningKey = signinKey,                         ValidateAudience = false,                         ValidateIssuer = false,                         ValidateLifetime = false,                         ValidateIssuerSigningKey = true,                         ValidateActor = false,                         ClockSkew = TimeSpan.Zero                     };                 });                 services.AddMvc();                  var serviceProvider = services.BuildServiceProvider();                 return serviceProvider;             } 

And I am using JwtPackagein my controller as follows.

JwtPackage CreateJwtToken(User usr)         {             var signinKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("this is my custom Secret key for authnetication"));             var signInCredentials = new SigningCredentials(signinKey, SecurityAlgorithms.HmacSha256);             var claims = new Claim[] {                 new Claim(JwtRegisteredClaimNames.Sub,usr.Id)             };             var jwt = new JwtSecurityToken(claims: claims, signingCredentials: signInCredentials);             var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);             return new JwtPackage() { FirstName = usr.FirstName, Token = encodedJwt };         } 

Can you please help me to fix this issue? Thank you.

Answer 1

Ah, it was my mistake, a simple one. I was not providing enough characters for the secret key name.

I changed my signinkey to this one,

var signinKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("this is my custom Secret key for authentication")); 

from,

var signinKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Secret phase")); 

That solved my issue, as the HmacSha256 in the line SigningCredentials(signinKey, SecurityAlgorithms.HmacSha256)should be greater than 128 bits. In short, just use a long string as the key.