1

In my angular project I use apigee to do authorization.

I think that JWTs is a signed tokens Signed tokens can verify the integrity of the claims contained within it, while encrypted tokens hide those claims from other parties. When tokens are signed using public/private key pairs, the signature also certifies that only the party holding the private key is the one that signed it.

I think that apigee use the above technology and the private key stored on the authorization server. Right?

So for signing JWT:

The private key is owned by the issuer so it is invisible by user.

The public key can be shared with all parties that need to verify the signature. Which means the public is not secret for everybody. My question is that because it is public so can we(users) to print out the public key on client side? I just want to see what it looks like in plain text.

Bigeyes
  • 1,508
  • 2
  • 23
  • 42
  • your assumptions are correct and you can print a public key if you want. But if you just want to see it, why don't you just look for an example. [Here](https://stackoverflow.com/questions/41264157/how-to-convert-a-public-key-from-a-jwk-into-pem-for-openssl) you can see a public key in JWK and in PEM format. – jps Jan 17 '21 at 10:54
  • The thing is that I don't know how to print it from jwt token. The token includes three parts. Header, payload and signature. I assume the signature contains the public key. But it is a random string. How to generate it? – Bigeyes Jan 17 '21 at 13:54
  • No, that assumption is wrong. The signature is a hash of header and payload which is encrypted in the case of asymmetric key algorithms. The signature never contains a key. You either got a key in PEM format or can get it as a JWK from an endpoint. I think you should read some articles about JWT, e.g. https://jwt.io/introduction – jps Jan 17 '21 at 18:27
  • and about [signing](https://auth0.com/blog/json-web-token-signing-algorithms-overview/) – jps Jan 17 '21 at 18:33
  • either got a key in PEM format or can get it as a JWK from an endpoint. how? – Bigeyes Jan 19 '21 at 01:22

0 Answers0