JsonWebKey Class
Abblix.Jwt
Abblix.Jwt
JsonWebKey Class
Base class representing a JSON Web Key (JWK), a versatile structure for representing cryptographic keys using JSON. JWKs are crucial for digital signatures, encryption, and ensuring secure communication in web-based protocols.
public abstract record JsonWebKey : System.IEquatable<Abblix.Jwt.JsonWebKey>
Inheritance System.Object → JsonWebKey
Derived
↳ EllipticCurveJsonWebKey
↳ OctetJsonWebKey
↳ RsaJsonWebKey
Implements System.IEquatable<JsonWebKey>
Remarks
This is an abstract base class. Use specific subclasses for different key types:
- RsaJsonWebKey for RSA keys
- EllipticCurveJsonWebKey for Elliptic Curve keys
- OctetJsonWebKey for symmetric keys (oct)
Properties
JsonWebKey.Algorithm Property
Specifies the algorithm intended for use with the key, aligning with JWT and JWA specifications to ensure interoperability and secure key management.
public string? Algorithm { get; set; }
Property Value
JsonWebKey.Certificates Property
Contains a chain of one or more PKIX certificates (RFC 5280), offering a method to associate X.509 certificates with the key for validation and trust chain establishment in secure communications.
public byte[][]? Certificates { get; set; }
Property Value
JsonWebKey.HasPrivateKey Property
Checks if the key contains private key material.
public abstract bool HasPrivateKey { get; }
Property Value
JsonWebKey.HasPublicKey Property
Checks if the key contains public key material.
public abstract bool HasPublicKey { get; }
Property Value
JsonWebKey.KeyId Property
A unique identifier for the key, facilitating key selection and management in multi-key environments, enabling clients and servers to reference and utilize the correct key for cryptographic operations.
public string? KeyId { get; set; }
Property Value
JsonWebKey.KeyType Property
Identifies the cryptographic algorithm family used with the key, such as RSA, EC (Elliptic Curve), or oct (Octet Sequence), specifying the key's type and its intended cryptographic use.
public abstract string KeyType { get; }
Property Value
Remarks
This property is marked with System.Text.Json.Serialization.JsonIgnoreAttribute on the base class to prevent conflicts
with the custom JsonWebKeyConverter. Derived types override this property with
[JsonPropertyName("kty")] and [JsonInclude] attributes. The custom converter ensures
"kty" is always serialized by serializing the concrete type's properties, maintaining RFC 7517 compliance.
JsonWebKey.Thumbprint Property
A base64url-encoded SHA-1 thumbprint of the DER encoding of an X.509 certificate, providing a compact means to associate a certificate with the JWK for verification purposes without transmitting the full certificate.
public byte[]? Thumbprint { get; set; }
Property Value
JsonWebKey.Usage Property
Indicates the intended use of the key, for example, "sig" (signature) for signing operations or "enc" (encryption) for encryption operations, guiding clients on how to use the key appropriately.
public string? Usage { get; set; }
Property Value
Methods
JsonWebKey.ComputeJwkThumbprint() Method
Computes the JWK Thumbprint of this key per RFC 7638 §3 as the raw 32-byte SHA-256 digest of the canonical-JSON form built by Abblix.Jwt.JsonWebKey.CanonicalJson.
public byte[] ComputeJwkThumbprint();
Returns
System.Byte[]
The 32-byte SHA-256 digest.
Exceptions
System.InvalidOperationException
A required member
(per RFC 7638 §3.2) is missing on this key.
Remarks
The thumbprint is computed at runtime from the public-key material; it is not a
stored member on the JWK and is distinct from the X.509 certificate thumbprints
x5t (RFC 7517 §4.8) and x5t#S256 (RFC 7517 §4.9), which hash the
certificate, not the key. OAuth 2.0 DPoP (RFC 9449) uses this value for
cnf.jkt and the dpop_jkt request parameter.
JsonWebKey.ComputeJwkThumbprintBase64Url() Method
Computes the JWK Thumbprint of this key per RFC 7638 §3 and returns the
base64url-encoded form, which is the wire shape used by DPoP cnf.jkt and
the dpop_jkt authorization-request parameter.
public string ComputeJwkThumbprintBase64Url();
Returns
System.String
The base64url-encoded SHA-256 digest of the canonical-JSON form.
Exceptions
System.InvalidOperationException
A required member
(per RFC 7638 §3.2) is missing on this key.
JsonWebKey.Sanitize(bool) Method
Prepares a sanitized version of the JWK that excludes private key information unless explicitly included, suitable for public sharing while preserving the integrity of sensitive data.
public abstract Abblix.Jwt.JsonWebKey Sanitize(bool includePrivateKeys);
Parameters
includePrivateKeys System.Boolean
Whether to include private key data in the sanitized output.
Returns
JsonWebKey
A new instance of JsonWebKey with or without private key data based on the input parameter.