Update to RSA encryption instead of hmac

Dockerfile

@@ -55,6 +55,14 @@ RUN set -e && \
 ################
 
 FROM mcr.microsoft.com/dotnet/aspnet:9.0
+
+WORKDIR /certs
+RUN apt update && apt upgrade -y && \
+    apt install -y openssl && \
+    openssl genrsa -out private_key.pem 2048 && \
+    openssl rsa -in private_key.pem -pubout -out public_key.pem
+
+
 WORKDIR /app
 
 ENV ASPNETCORE_HTTP_PORTS=5000

src/Server/Program.cs

@@ -32,7 +32,7 @@ string? _dbpass = Environment.GetEnvironmentVariable("MySQLPass");
 string dbPass = !string.IsNullOrEmpty(_dbpass) ? _dbpass : "oasv34$8gpv023dd";
 
 // Create the database serivice
-DatabaseService databaseService = new DatabaseService(connectionString: "server=" + dbserver + ";user=" + dbUser + ";database=" + dbdatabase + ";password=" + dbPass + ";port=3307;");
+DatabaseService databaseService = new DatabaseService(connectionString: "server=" + dbserver + ";user=" + dbUser + ";database=" + dbdatabase + ";password=" + dbPass + ";port=3306;");
 builder.Services.Add( new ServiceDescriptor( typeof( DatabaseService ), databaseService ) );
 
 ////////////////////////////////

src/Server/Services/AuthJWT.cs

@@ -1,5 +1,6 @@
 using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
+using System.Security.Cryptography;
 using System.Text;
 using Auth.Entities;
 using Microsoft.IdentityModel.Tokens;
@@ -7,6 +8,9 @@ using Microsoft.IdentityModel.Tokens;
 namespace Auth.Services {
     public class AuthJWT {
 
+        public static RsaSecurityKey RsaPublicKey = LoadRSAKey("/certs/public_key.pem");
+        public static RsaSecurityKey RsaPrivateKey = LoadRSAKey("/certs/private_key.pem");
+
         public static string TokenAudience = "mistox-llc-auth-token";
         public static string TokenIssuer = "https://auth.mistox.com";
         public static string TokenSecretKey = "";
@@ -18,15 +22,13 @@ namespace Auth.Services {
             ValidateIssuerSigningKey = true,
             ValidIssuer = TokenIssuer,
             ValidAudience = TokenAudience,
-            IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(TokenSecretKey)),
+            IssuerSigningKey = RsaPublicKey,
             ClockSkew = TimeSpan.FromMinutes(1)
         };
 
         public static string GenereateJWTToken(Account account, bool StayLoggedIn) {
-            var tokenHandler = new JwtSecurityTokenHandler();
+            JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
-            var key = Encoding.UTF8.GetBytes(TokenSecretKey);
+            SecurityTokenDescriptor tokenDiscriptor = new SecurityTokenDescriptor {
-
-            var tokenDiscriptor = new SecurityTokenDescriptor {
                 Subject = new ClaimsIdentity([
                     new Claim(ClaimTypes.NameIdentifier, account.ID.ToString()),
                     new Claim(ClaimTypes.Name, account.UserName),
@@ -37,7 +39,7 @@ namespace Auth.Services {
                 ]),
                 Expires = DateTime.UtcNow.AddDays(7),
                 IssuedAt = DateTime.UtcNow,
-                SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256),
+                SigningCredentials = new SigningCredentials(RsaPrivateKey, SecurityAlgorithms.RsaSha256),
                 Audience = TokenAudience,
                 Issuer = TokenIssuer
             };
@@ -56,5 +58,12 @@ namespace Auth.Services {
             }, Convert.ToBoolean(principal.FindFirst(ClaimTypes.IsPersistent)!.Value));
         }
 
+        public static RsaSecurityKey LoadRSAKey(string KeyPath) {
+            string KeyText = File.ReadAllText(KeyPath);
+            RSA rsa = RSA.Create();
+            rsa.ImportFromPem(KeyText.ToCharArray());
+            return new RsaSecurityKey(rsa);
+        }
+
     }
 }