JWT键-非对称和对称 [英] JWT Keys - Asymmetric and Symmetric
问题描述
我了解对称和非对称密钥之间的区别.我了解密钥用于计算签名,然后对其进行验证.但是,如果再深入一点,我想了解更多一些我在网上找不到的问题.
I understand the difference between symmetric and asymmetric keys. I understand that the keys are used to calculate the signature and then verify them. However diving a little deeper, I'd like to understand a bit more which I'm having trouble finding online.
是否向消费者提供了用于验证内容的密钥?如果使用对称密钥,这是否会使消费者能够更改JWT内容?
Are the keys given to the consumers to verify the contents? Wouldn't that give consumers the ability to change the JWT contents if symmetric keys are used?
使用非对称密钥时,签名是使用私钥还是公钥计算的?消费者是否获得了公钥/私钥?
When asymmetric keys are used is the signature calculated with the private or public key? Is the consumer given the public/private key?
推荐答案
仅以对等方式使用对称密钥,因此,接收方修改仅由他和发送方共同使用的JWT毫无意义.有一个共享密钥(他是预期的收件人).
Symmetric keys are only to be used in a peer-to-peer way so it would be pointless for the receiver to modify JWTs for which only he and the sender have a shared key (and he is the intended recipient).
非对称密钥签名(无论在JWT中还是在一般情况下)由发送者使用私钥生成,并由接收者使用公钥进行验证.仅向消费者/接收者提供发生在带外的公钥(即通过另一种通信方式,而不是您用来交换安全数据的公钥).
Asymmetric key signatures (in JWTs as well as in general) are produced by the sender with the private key and verified by the receiver with the public key. The consumer/receiver is given only the public key which happens out_of_band (i.e. through another means of communication than the one you use to exchange the secured data).
这篇关于JWT键-非对称和对称的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
