1

I am in one of the cases that needs signing a payload with multiple signatures, as case (2) in this answer.

As a reminder, JWT is specified by RFC7519, in which signing is defined to use JSON Web Signature, JWS, RFC7515.

JWS/RFC7515 define the compact representation in Section 7.1, which is widely implemented by libraries. But they also define the longer JWS JSON Serialization in Section 7.2, which allows for multiple signatures of the payload.

The documentation at jwt.io lists a plethora of Java libraries, but is there any of them that actually implements Section 7.2, with the multiple signatures?

Community
  • 1
  • 1
Leonel
  • 28,541
  • 26
  • 76
  • 103

1 Answers1

0

You can the bookstore

<dependency>
            <groupId>com.nimbusds</groupId>
            <artifactId>nimbus-jose-jwt</artifactId>
            <version>9.16</version>
        </dependency>

The following link shows how to make a signature with multiple private keys and then its corresponding validation

https://connect2id.com/products/nimbus-jose-jwt/examples/jws-json-multiple-signatures

https://8gwifi.org/jwkconvertfunctions.jsp

https://dzone.com/articles/json-message-signing-alternatives

Ronald Coarite
  • 4,460
  • 27
  • 31