30

I understand the difference between symmetric and asymmetric keys. I understand that the keys are used to calculate the signature and then verify them. However diving a little deeper, I'd like to understand a bit more which I'm having trouble finding online.

Are the keys given to the consumers to verify the contents? Wouldn't that give consumers the ability to change the JWT contents if symmetric keys are used?

When asymmetric keys are used is the signature calculated with the private or public key? Is the consumer given the public/private key?

Luke Girvin
  • 13,221
  • 9
  • 64
  • 84
n00b
  • 5,843
  • 11
  • 52
  • 82

3 Answers3

39

Symmetric keys are only to be used in a peer-to-peer way so it would be pointless for the receiver to modify JWTs for which only he and the sender have a shared key (and he is the intended recipient).

Asymmetric key signatures (in JWTs as well as in general) are produced by the sender with the private key and verified by the receiver with the public key. The consumer/receiver is given only the public key which happens out_of_band (i.e. through another means of communication than the one you use to exchange the secured data).

Hans Z.
  • 50,496
  • 12
  • 102
  • 115
  • 2
    Thanks Hans. I have accepted your answer as it's explained my q on asymmetric keys. Could you expand on what you mean by symmetric keys are only to be used in a peer to peer way? Do you mean that they should be used say between servers that you own and complete control over? – n00b Oct 05 '15 at 11:33
  • 2
    no, I mean you use them between 2 parties only unlike a-symmetric keys that you may use in 1-to-many relationships. – Hans Z. Oct 05 '15 at 11:51
  • Right got it. Who produces the keys when symmetric keys are used? Even if the recipient is the intended target, couldn't they change the contents of the JWT to increase their privileges or to impersonate someone else? – n00b Oct 06 '15 at 00:54
  • the recipient of the JWT **is** the target environment so it doesn't even need the JWT to impersonate or increase privileges – Hans Z. May 05 '16 at 21:19
  • What I still don't understand from the answer is, with asymmetric singing, the client can verify the content with the public key. But with symmetric signing, can the client still veryfy the content, and how? Or can only the key owner verify the consistency of the token, e.g. the server? – knnhcn Apr 03 '19 at 12:36
  • Only holders of the secret can sign/verify JWTs. The point is not for the client to validate the JWT, but rather pass it along to a 3rd-party. The signature ensures the client has not modified the JWT, since the secret is unknown to the client, and any modification of the claims would invalidate the signature. – Adam Smooch Mar 24 '22 at 22:33
3

With asymmetric JWTs(JWS) that are signed with a Private Key of the Sender, the Receiver of the Token is basically receiving the Payload(header/claims) that are in clear text other the being base64 encoded. This is why they need to be transmitted in a Secured Socket Layer(SSL) environment. To Validate the Received Signature, the Public Key is used by the Receiver to recompute the Signature of the received Payload. If the two Signatures, the Received Signature and the Computed Signature, don't match, then the Payload cant be trusted-- it is Invalid Therefore, such an Asymmetric JWS would not be a good method to include a sensitive "claim" such as a Social Security Number because the content of the Payload is not encrypted. The include such sensitive data in a JWT the Json Web Token Encrypted JWE could be employed. In the JWE the entire Payload is encrypted.

user3594395
  • 181
  • 4
  • 7
  • @simUser user3594395 just said that the payload of a JWS (signed token) is not encrypted and if one needs encryption, JWE(encrypted JWT) could be used. There's nothing wrong with that statement. I don't understand why you wrote that even as an extra answer. The OP didn't ask about that. – jps Aug 27 '19 at 07:30
  • I was just reviewing past answers I posted. JWS and the JWE are both elegant and good mathematical solutions. Either could be used for Authentication. However, if the original signer wanted to put something secret in the Auth token, like a credit card with expiration, and not care who ever intercepted the key. I that would. Work the use of JWT is not limited to Authentication. They make great tokens to save protected data in a place that can be breached. Here is a JWT with my credit card and expiration data in it as claims – user3594395 May 21 '21 at 21:58
-2

No one will encrypt the payload of a JWT. It's all about the signature! RSA or ECDSA (both asymetric) signatures can be verified just with a puiblic key, for symetric signed signatures you'll need an auth-service.

Most Common JWT Signing Algorithms:

HMAC + SHA256
RSASSA-PKCS1-v1_5 + SHA256
ECDSA + P-256 + SHA256

see more https://www.rfc-editor.org/rfc/rfc7518#section-3

Community
  • 1
  • 1
simUser
  • 756
  • 2
  • 7
  • 15