JWT 密钥 - 非对称和对称 [英] JWT Keys - Asymmetric and Symmetric

问题描述

我了解对称密钥和非对称密钥之间的区别.我了解密钥用于计算签名然后验证它们.然而，深入一点，我想了解更多我在网上找不到的东西.

I understand the difference between symmetric and asymmetric keys. I understand that the keys are used to calculate the signature and then verify them. However diving a little deeper, I'd like to understand a bit more which I'm having trouble finding online.

是否向消费者提供了验证内容的密钥?如果使用对称密钥，那不是让消费者能够更改 JWT 内容吗?

Are the keys given to the consumers to verify the contents? Wouldn't that give consumers the ability to change the JWT contents if symmetric keys are used?

当使用非对称密钥时，签名是用私钥还是公钥计算?消费者是否获得了公钥/私钥?

When asymmetric keys are used is the signature calculated with the private or public key? Is the consumer given the public/private key?

推荐答案

对称密钥只能用于点对点的方式，所以接收者修改只有他和发送者的 JWT 是没有意义的有一个共享密钥(他是预期的接收者).

Symmetric keys are only to be used in a peer-to-peer way so it would be pointless for the receiver to modify JWTs for which only he and the sender have a shared key (and he is the intended recipient).

非对称密钥签名(在 JWT 中以及一般情况下)由发送方使用私钥生成，并由接收方使用公钥进行验证.消费者/接收者仅获得带外发生的公钥(即通过您用来交换安全数据的另一种通信方式).

Asymmetric key signatures (in JWTs as well as in general) are produced by the sender with the private key and verified by the receiver with the public key. The consumer/receiver is given only the public key which happens out_of_band (i.e. through another means of communication than the one you use to exchange the secured data).

这篇关于JWT 密钥 - 非对称和对称的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！