加密JWT有效负载 [英] Encrypting JWT payload
问题描述
JWT包含3个部分:
JWTs have 3 parts:
- HEADER:ALGORITHM&代币类型
- PAYLOAD:DATA
- 要使用秘密密钥验证的签名
是否可以加密有效载荷?以下是我令牌的有效载荷:
Is it possible to encrypt the payload? Following is my token's payload:
{
"iss": "joe",
"exp": "1300819380",
"data": {
"id": "12",
"userName": "PH",
"qntRed": "7",
"qntGrad": {
"1": "800",
"2": "858",
"3": "950",
"4": "745",
"5": "981"
}
}
如果"qntGrad"包含敏感数据.我可以使用密钥对其进行加密吗?它将仍然是有效的JWT吗?
If "qntGrad" contains sensitive data. Can I encrypt it using the secret key? Will it still be a valid JWT?
推荐答案
事实上,不仅有签名的JWT,而且还有RFC描述的几种技术:
In fact there is not only signed JWT, but several technologies described by RFCs:
- JW S JSON Web签名(RFC 7515),
- JW T JSON Web令牌(RFC 7519),
- JW E JSON Web加密(RFC 7516),
- JW A JSON Web算法(RFC 7518).
- JW K JSON Web密钥(RFC 7517).
- JWS JSON Web Signature (RFC 7515),
- JWT JSON Web Token (RFC 7519),
- JWE JSON Web Encryption (RFC 7516),
- JWA JSON Web Algorithms (RFC 7518).
- JWK JSON Web Key (RFC 7517).
对于您的情况,请阅读RFC7516(JWE).这些JWE包含5个部分:
In your case, read the RFC7516 (JWE). These JWE have 5 parts:
- 受保护的标题
- 加密密钥
- 初始化向量
- 密文
- 身份验证标签
根据您的平台,您可能会找到一个库来帮助您创建这种加密的JWT.关于PHP
,我正在编写一个库,该库已经可以加载并创建这些jose.
Depending on your platform, you may find a library that will help you to create such encrypted JWT. Concerning PHP
, I am writting a library that is already able to load and create these jose.
这篇关于加密JWT有效负载的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!