加密 JWT 有效负载 [英] Encrypting JWT payload
问题描述
JWT 有 3 个部分:
JWTs have 3 parts:
- 标题:算法 &代币类型
- 有效负载:数据
- 使用密钥验证签名
是否可以加密有效载荷?以下是我的令牌的有效负载:
Is it possible to encrypt the payload? Following is my token's payload:
{
"iss": "joe",
"exp": "1300819380",
"data": {
"id": "12",
"userName": "PH",
"qntRed": "7",
"qntGrad": {
"1": "800",
"2": "858",
"3": "950",
"4": "745",
"5": "981"
}
}
如果qntGrad";包含敏感数据.我可以使用密钥对其进行加密吗?它仍然是有效的 JWT 吗?
If "qntGrad" contains sensitive data. Can I encrypt it using the secret key? Will it still be a valid JWT?
推荐答案
其实不止有签名的 JWT,还有 RFC 描述的几种技术:
In fact there is not only signed JWT, but several technologies described by RFCs:
- JWS JSON Web 签名 (RFC 7515),
- JWT JSON Web 令牌 (RFC 7519),
- JWE JSON Web 加密 (RFC 7516),
- JWA JSON Web 算法 (RFC 7518).
- JWK JSON 网络密钥 (RFC 7517).
- JWS JSON Web Signature (RFC 7515),
- JWT JSON Web Token (RFC 7519),
- JWE JSON Web Encryption (RFC 7516),
- JWA JSON Web Algorithms (RFC 7518).
- JWK JSON Web Key (RFC 7517).
在您的情况下,请阅读 RFC7516 (JWE).这些 JWE 有 5 个部分:
In your case, read the RFC7516 (JWE). These JWE have 5 parts:
- 受保护的标头
- 加密密钥
- 初始化向量
- 密文
- 身份验证标签
根据您的平台,您可能会找到一个库来帮助您创建此类加密的 JWT.关于 PHP
,我正在编写 一个库,它已经能够加载并创建这些 jose.
Depending on your platform, you may find a library that will help you to create such encrypted JWT. Concerning PHP
, I am writing a library that is already able to load and create these jose.
这篇关于加密 JWT 有效负载的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!