stackoom
  简体   繁体   中英

Is it safe to encrypt my JWT authentication token client side if I don't store the key?

 原文  2019-02-13 10:05:32       security/ react-native/ cryptography

Question

I am planning on encrypting my JWT access tokens and storing it in AsyncStorage (React Native). I will be using a PIN code to encrypt the token and request the PIN code on every app startup. I will decrypt the access token with the PIN code and store it in my state for later use.

Would this be a secure approach?

1 answers

solution1
 0  2019-02-15 07:47:18

First of all, JWT does not encrypt data (ie Header and Payload parts of the token). It only encodes using Base64Url, which can be decoded without any secret keys.

JWT is used in network request where the Signature part is signed/encrypted to ensure the header and payload data is not manipulated on the way.

So if you want to securely store your access token, JWT is not helping you. You may try bcrypt to encrypt your data and use the PIN as crypt-salt.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question What is the best practice to store jwt token in client side? Is it safe to use my Flickr API key in client-side JavaScript? Is wasm safe to store client side secrets? Using Ionic 5 and angular on client side and Flask on server side, how do I encrypt my http URL parameters? How to encrypt JWT security token? How to use Cookie for store jwt token user authentication? Encrypt file on client side Owin middleware for Bearer Token Authentication that supports JWT key rotation Which would be safe to store authentication token, rootScope or sessionStorage in AngularJS Safe to store unencrypted password into HTML5 client side database?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM