Encrypting JWT payload

后端未结

关注

 3  1775

刺人心

JWTs have 3 parts:

HEADER:ALGORITHM & TOKEN TYPE
PAYLOAD:DATA
SIGNATURE TO BE VERIFIED WITH THE SECRET KEY

Is it possible to

相关标签:

3条回答

悲哀的现实

2020-12-31 02:02
In fact there is not only signed JWT, but several technologies described by RFCs:
- JWS JSON Web Signature (RFC 7515),
- JWT JSON Web Token (RFC 7519),
- JWE JSON Web Encryption (RFC 7516),
- JWA JSON Web Algorithms (RFC 7518).
- JWK JSON Web Key (RFC 7517).
In your case, read the RFC7516 (JWE). These JWE have 5 parts:
- Protected Header
- Encrypted Key
- Initialization Vector
- Ciphertext
- Authentication Tag
Depending on your platform, you may find a library that will help you to create such encrypted JWT. Concerning PHP, I am writting a library that is already able to load and create these jose.
0 讨论(0)
发布评论:

提交评论
- 加载中...
梦毁少年i

2020-12-31 02:02

Not encrypting the token means that other external services can read and validate that the token is in fact authentic without having access to your private key. (They would only need the public key)

0 讨论(0)
发布评论:

提交评论
- 加载中...

有刺的猬

2020-12-31 02:06

Below is a very simple and effective method for encrypting using AES. Note you will need to get your own key (link included in comments).

Note that when you encrypt, it will set an IV for each encryption call. You will need this to decrypt.

public class CustomEncryption
{
    public static string Encrypt256(string text, byte[] AesKey256, out byte[] iv)
    {
        // AesCryptoServiceProvider
        AesCryptoServiceProvider aes = new AesCryptoServiceProvider();
        aes.BlockSize = 128;
        aes.KeySize = 256;
        aes.Key = aesKey256();
        aes.Mode = CipherMode.CBC;
        aes.Padding = PaddingMode.PKCS7;
        iv = aes.IV;

        byte[] src = Encoding.Unicode.GetBytes(text);

        using (ICryptoTransform encrypt = aes.CreateEncryptor())
        {
            byte[] dest = encrypt.TransformFinalBlock(src, 0, src.Length);

            return Convert.ToBase64String(dest);
        }
    }

    public static string Decrypt256(string text, byte[] AesKey256, byte[] iv)
    {
        AesCryptoServiceProvider aes = new AesCryptoServiceProvider();
        aes.BlockSize = 128;
        aes.KeySize = 256;
        aes.IV = iv;
        aes.Key = aesKey256();
        aes.Mode = CipherMode.CBC;
        aes.Padding = PaddingMode.PKCS7;

        byte[] src = System.Convert.FromBase64String(text);

        using (ICryptoTransform decrypt = aes.CreateDecryptor())
        {
            byte[] dest = decrypt.TransformFinalBlock(src, 0, src.Length);
            return Encoding.Unicode.GetString(dest);
        }
    }

    private static byte[] aesKey256()
    {
        //you will need to get your own aesKey
        //for testing you can generate one from
        //https://asecuritysite.com/encryption/keygen

        return new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5 };
    }
}

}

0 讨论(0)