0

It seems to me that if my private and public key are compromised (which i use to sign and verify JWTs), that anyone can independently generate JWT tokens for themselves to use on my API?

Whereas on the other hand if I generated my own tokens myself, and stored a look-up table of 'one-way-hashed user id' => 'token', then if someone broke into my system, they would not be able to generate tokens to use on my API, and they would also not be able to use the tokens (because they would not know which token belonged to which user)

If someone breaks into your system and it is still secure, then you made a secure system; nothing to worry about.

with JWT, it appears to me that if someone breaks in, I do have something to worry about.

aman
  • 499
  • 8
  • 18

3 Answers3

3

It seems to me that if my private and public key are compromised (which i use to sign and verify JWTs), that anyone can independently generate JWT tokens for themselves to use on my API?

Yes, that's correct.

Public keys are intended to be public and can be distributed.

On the other hand, private keys are supposed to be private and must be kept secure in your server. Anyone who has access to the private keys should be capable to issue tokens.

Disclosing your private key is a huge security breach.

cassiomolin
  • 124,154
  • 35
  • 280
  • 359
  • 1
    wow. so just to clarify, JWT has baked-in a single point of failure? Is there supposed to be more to JWTs, for example - a better implementation where a different private key is used per-user, or something so the system is not so easily manipulated? – aman Sep 14 '18 at 14:40
  • 2
    @aman You can have a set of keys to sign the tokens and rotate them periodically. If you do so, you can use the `kid` header claim to lookup the correct key when verifying the token. See this [answer](https://stackoverflow.com/a/43870513/1426227) for reference. – cassiomolin Sep 14 '18 at 15:08
2

It seems to me that if my private and public key are compromised (which i use to sign and verify JWTs), that anyone can independently generate JWT tokens for themselves to use on my API?

As also pointed out that you need to keep your Private Key Secure , the best way to keep it secure is to use an HSM for signing your data , in this case you can extend the JWT generator to sign the data through a crypto dll inside the HSM , this insures that the private key is never exposed outside the HSM

Soumen Mukherjee
  • 2,953
  • 3
  • 22
  • 34
1

Whereas on the other hand if I generated my own tokens myself, and stored a look-up table of 'one-way-hashed user id' => 'token',

Any one can generate your non-keyed hash. Secure hashes involved a private key which becomes a digital signature. Now we've come full circle, because that's exactly what a JWT token is.

Alternatively, you store them in a datastore, but now you must query this on every round trip. Most ticket(cookie)/token authentication systems use public key verification, which verifies the validity of the ticket/token without a database roundtrip.

If you store them in a datastore, now you must track expiration in the datastore as well. Tickets/tokens can have an expiration built into them. The nice thing about tickets/tokens is the client holds them. You can expire a session more quickly than the authentication. I.e. often you get a ticket that may allow you to be logged in for 2 hours, but the web server can expire your session in 10 minutes to reduce memory usage. When you access the web server in 15 minutes, it will see your ticket/token and see that it is still valid, and create a new session. This means at any point in time the server is tracking far fewer idle users.

JWT issuers are great for distributed systems, where authentication is shared. Rather than reimplement the authentication in every system, exposing multiple systems to the private key, as well as potential bugs in the authentication, we centralize it to one system. We can also leverage third party integrators that generate JWTs. All we need to do is get their public key for verifying the JWTs.

If someone breaks into your system and it is still secure, then you made a secure system; nothing to worry about.

I have your list of nonces you were saving in your database now, and can login as anyone. I also likely have your connection strings, even if you're encrypting your application config, if I have root access then I can access the same key store that's used by the application to decrypt them. Now I get your username/passwords from your database and can login as anyone, regardless of what authentication scheme you use.

You'll be hard pressed to find a system that can still be secure after someone's gained root or physical access to the machine.

There's a small handful of systems that have purpose built hardware for storing keys and handle requests for encryption operations through an interface, thus ensuring the keys are protected at a hardware level and never accessed directly from software:

https://en.wikipedia.org/wiki/Hardware_security_module

AaronLS
  • 37,329
  • 20
  • 143
  • 202