0

We all know that the payload jwt is encoded with Base64,which can be decoded easily! My question is that why not the payload be encoded with symmetric encryption algorithm like des?

zhangtaichao
  • 23
  • 2
  • Possible duplicate of [If you can decode JWT how are they secure?](https://stackoverflow.com/questions/27301557/if-you-can-decode-jwt-how-are-they-secure) – pedrofb Apr 25 '18 at 05:39

1 Answers1

2

Base64 is just used to make the JWT transportable over channels that require ASCII. Putting a JWT as JSON into a HTTP request header may cause trouble while encoding it into Base64 should always work.

Note that Base64 is not used for encryption, it is used to make transportation easier.