发表新帖
发表新帖

Encrypting JWT payload

后端 未结
关注
3 1801
刺人心
刺人心 2020-12-31 01:07

JWTs have 3 parts:

  1. HEADER:ALGORITHM & TOKEN TYPE
  2. PAYLOAD:DATA
  3. SIGNATURE TO BE VERIFIED WITH THE SECRET KEY

Is it possible to

3条回答
  • 悲哀的现实
    悲哀的现实 (楼主)
    2020-12-31 02:02

    In fact there is not only signed JWT, but several technologies described by RFCs:

    • JWS JSON Web Signature (RFC 7515),
    • JWT JSON Web Token (RFC 7519),
    • JWE JSON Web Encryption (RFC 7516),
    • JWA JSON Web Algorithms (RFC 7518).
    • JWK JSON Web Key (RFC 7517).

    In your case, read the RFC7516 (JWE). These JWE have 5 parts:

    • Protected Header
    • Encrypted Key
    • Initialization Vector
    • Ciphertext
    • Authentication Tag

    Depending on your platform, you may find a library that will help you to create such encrypted JWT. Concerning PHP, I am writting a library that is already able to load and create these jose.

    0 讨论(0)
 看不清?
提交回复
热议问题