Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signed and crypted JWT #15

Closed
biancini opened this issue Oct 24, 2015 · 7 comments
Closed

Signed and crypted JWT #15

biancini opened this issue Oct 24, 2015 · 7 comments

Comments

@biancini
Copy link

This is more a question than a real issue.
Wondering if (and how) I could generate a token which is signed with key 1 and crypted with key 2 (and of course with specific algorithms).
@dvsekhvalnov
Copy link
Owner

Hi @biancini ,

can you refine what do you mean by signed and encrypted together?

Usually you are using:

  1. signatures to protect against payload from being altered. Signatures provide way to proof integrity of your content (token).
  2. encryption when you want to hide content from unintended parties. encryption for sure providing you same integrity level that signatures do, so you really don't need separate signing step if you are using encrypted tokens.

Or may be i didn't get your question correctly?

@biancini
Copy link
Author

I am usibg JWT library to implement an Open ID connect client.
On the official certification test suite, I read the test "Can use request_uri request parameter with signed and encrypted request" that says:

Pass a Request Object by Reference, using the request_uri parameter.Sign the Request Object using the 'RS256' algorithm, then Encrypt the Request Object using the 'RSA1_5' and 'A128CBC-HS256' algorithms.

Link here: https://rp.certification.openid.net:8080/test_list

And it makes sense because the client had to sign the message with its private key and encrypt it with the public key of the server.
The server then decrypts the message with it private key and then verifies the signature with the public key of the client.

How can I do that?
Thanks,
A.

@dvsekhvalnov
Copy link
Owner

If you have example (even in psedo-code) of what do you want to achieve it can be helpful :)

Regardless are you looking for something like this?

string signedObject = Jose.JWT.Encode(token, clientPrivateKey, JwsAlgorithm.RS256);

string encrypted = Jose.JWT.Encode(signedObject, serverPublicKey, JweAlgorithm.RSA1_5, JweEncryption.A128CBC_HS256);

@biancini
Copy link
Author

Yes, this would completely satisfy my need!

@dvsekhvalnov
Copy link
Owner

Okay, glad it working :)

Feel free to close if you don't have other questions.

@biancini
Copy link
Author

I will give it a try and if it is working I will close the issue.
Not sure of the encrypted parte should be the whole message string or only the payload.
Thanks for now!

@biancini
Copy link
Author

It works smooth and easy.
Thanks

@vaindil vaindil mentioned this issue Aug 11, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@biancini @dvsekhvalnov