3

I read the JSON Web Signature specification that can be found here. The spec defines two serialization representations for JSON Web Signatures. One is the JWS Compact Serialization and the other is JWS JSON Serialization method. The JWS JSON Serialization representation allows one to have multiple signatures. An example of a JWS that uses JWS JSON Serialization is:

{
        "payload": "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ",
        "signatures": [
            {
                "protected": "eyJhbGciOiJSUzI1NiJ9",
                "header": {
                    "kid": "2010-12-29"
                },
                "signature": "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7AAuHIm4Bh
                -0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4BAynRFdiuB
                --f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K0GarZRmB_eSN9383LcOLn6_dO
                --xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqvhJ1phCnvWh6IeYI2w9QOYEUipUTI8np6Lbg
                GY9Fs98rqVt5AXLIhWkWywlVmtVrBp0igcN_IoypGlUPQGe77Rw"
            },
            {
                "protected": "eyJhbGciOiJFUzI1NiJ9",
                "header": {
                    "kid": "e9bc097a-ce51-4036-9562-d2ade882db0d"
                },
                "signature": "DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSApmWQxfKTUJqPP3-Kg6NU1Q"
            }
        ]
    }

The spec implies that it can be beneficial at times to have multiple signatures. However, I can't for the life of me think of a reason you'd need to have more than one.

So, with that being said what is a use case of having more than one signature in a JWS?

Community
  • 1
  • 1
Rob L
  • 3,073
  • 6
  • 31
  • 61
  • 1
    If you want to validate a JWT and only have the public key of one signer, you can still validate it. –  Apr 26 '18 at 07:58
  • 2
    I see at least 2 use cases. 1. You sign a token with several signature algorithms (let say RS256, ES384 and PS512). epending on the audience capabilities (only supports ES384 algorithm), it will be able to verify the token. 2. Several parties agree for a common payload. Each party sign the payload with its key and signatures are merged into a single token. – Spomky-Labs Apr 26 '18 at 09:24
  • @FlorentMorselli Makes sense. If you put that into an answer and I'll accept it. – Rob L Apr 27 '18 at 17:14
  • I've just came across the same question and [Florent Morselli's comment](https://stackoverflow.com/questions/50031985/what-is-a-use-case-for-having-multiple-signatures-in-a-jws-that-uses-jws-json-se/51443679#comment87094771_50031985) does answer it. Almost 3 months have past since that comment was posted, so I created a [community wiki answer](https://stackoverflow.com/a/51443679/1426227) from it. I don't want the credit, I just want to ensure that this information won't get lost. This approach is described [here](https://meta.stackoverflow.com/a/251598/1426227). – cassiomolin Jul 20 '18 at 13:45
  • if you want a serialization format with one signature use the [Flattened JWS JSON Serialization](https://datatracker.ietf.org/doc/html/rfc7515#section-7.2.2). – Mohamed Hamzaoui Jul 27 '23 at 17:10

1 Answers1

6

According to Florent Morselli's comment, there are at least 2 use cases:

  1. You sign a token with several signature algorithms (let say RS256, ES384 and PS512). depending on the audience capabilities (only supports ES384 algorithm), it will be able to verify the token.

  2. Several parties agree for a common payload. Each party sign the payload with its key and signatures are merged into a single token.

cassiomolin
  • 124,154
  • 35
  • 280
  • 359