使用 JWT 令牌公钥
[英]Using JWT Token a Public Key
问题描述
Is it possible to use the last (signature) part or any other part or combination of parts of a JWT token as a kind of public key.
是否可以使用 JWT 令牌的最后(签名)部分或任何其他部分或部分组合作为一种公钥。 This would allow the client to sign a message such that only the JWT generator who has the private key would be able to decrypt and understand the message.这将允许客户端对消息进行签名,这样只有拥有私钥的 JWT 生成器才能解密和理解消息。
Is this possible?这可能吗?
If so is there an example I can look at?如果是这样,我可以看看一个例子吗?
1 个解决方案
解决方案1
1 2022-08-09 15:34:56
This is called "JWE" - json web encryption, and is part of a standard implementation RFC-7516 .这称为“JWE” - json web 加密,是标准实现RFC-7516的一部分。
No need to write your own libraries even - JWE is supported by many of the JWT implementations out there, which as a suite are referred to as JOSE (Json Object Signing and Encryption).甚至无需编写自己的库 - 许多JWT 实现都支持 JWE,它们作为一个套件被称为 JOSE(Json Object 签名和加密)。
There are many examples of JWE implementations out there.那里有很多 JWE 实现的例子。 I'm not sure which platform you're working with, but in abstract here's a link to what a JWE might look like , and here's a basic implementation using JavaScript .我不确定您正在使用哪个平台,但在摘要中,这是一个指向JWE 外观的链接,这是使用 JavaScript 的基本实现。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.