Reputation: 1956
Using JWT Token a Public Key
Is it possible to use the last (signature) part or any other part or combination of parts of a JWT token as a kind of public key. This would allow the client to sign a message such that only the JWT generator who has the private key would be able to decrypt and understand the message.
Is this possible?
If so is there an example I can look at?
Upvotes: 0
Views: 607
Answers (1)
Reputation: 17620
This is called "JWE" - json web encryption, and is part of a standard implementation RFC-7516.
No need to write your own libraries even - JWE is supported by many of the JWT implementations out there, which as a suite are referred to as JOSE (Json Object Signing and Encryption).
There are many examples of JWE implementations out there. I'm not sure which platform you're working with, but in abstract here's a link to what a JWE might look like, and here's a basic implementation using JavaScript.
Upvotes: 1
Related Questions
- java-jwt with public/private keys
- JWT Private / Public Key Confusion
- JWT with RSA public and private key
- JWT : Multiple public keys to create a token and decode using one private keys
- JWT Using Asymmetric Encryption
- JWT - asymmetric encryption
- Using a JWT for more than authentication
- Nimbus JOSE JWT Encryption with RSA, Private and Public Key
- JWT: jwtk/jjwt with public/private keys
- How do JWTs Implement Public-key Cryptography?