JWT加密有效负载信息 [英] JWT encrypt payload information
问题描述
我是JWT技术的新手,而且我正在阅读很多有关它的信息.
I'm new to JWT technology and I've being reading a lot of about it.
我知道JWT有3个部分:
I know JWT has 3 parts:
- HEADER:ALGORITHM&代币类型
- PAYLOAD:DATA
- 要使用秘密密钥验证的签名
是否可以加密有效载荷信息?我的意思是,例如,我的令牌中包含以下有效负载信息:
Is it possible to encrypt the Payload information? I mean, let's say for instance I have this payload information in my token:
{
"iss": "joe",
"exp": "1300819380",
"data": {
"id": "12",
"userName": "PH",
"qntRed": "7",
"qntGrad": {
"1": "800",
"2": "858",
"3": "950",
"4": "745",
"5": "981"
}
}
我们说"qntGrad"是敏感信息.是否也可以使用密钥对它进行加密?还是JWT令牌吗?
And let's say "qntGrad" is sensitive information. Is it possible to encrypt that too with the secret key? Is it still a JWT token?
推荐答案
事实上,不仅有签名的JWT,而且还有RFC描述的几种技术:
In fact there is not only signed JWT, but several technologies described by RFCs:
- JW S JSON Web签名(RFC 7515),
- JW T JSON Web令牌(RFC 7519),
- JW E JSON Web加密(RFC 7516),
- JW A JSON Web算法(RFC 7518).
- JW K JSON Web密钥(RFC 7517).
- JWS JSON Web Signature (RFC 7515),
- JWT JSON Web Token (RFC 7519),
- JWE JSON Web Encryption (RFC 7516),
- JWA JSON Web Algorithms (RFC 7518).
- JWK JSON Web Key (RFC 7517).
对于您的情况,请阅读RFC7516(JWE).这些JWE包含5个部分:
In your case, read the RFC7516 (JWE). These JWE have 5 parts:
- 受保护的标题
- 加密密钥
- 初始化向量
- 密文
- 身份验证标签
根据您的平台,您可能会找到一个库来帮助您创建这种加密的JWT.关于PHP,我正在编写一个库,该库已经可以加载并创建这些jose.
Depending on your platform, you may find a library that will help you to create such encrypted JWT. Concerning PHP, I am writting a library that is already able to load and create these jose.
这篇关于JWT加密有效负载信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
