Do I need to decode a base64 representation of a key?

Question

I'm creating a JWT authentication system that needs a secret key for the digital signature. I'm using HMAC SHA256.

After reading the accepted answer here, I decided to use a 128-bit key. I would like to store this in my API's configuration as plain-text, so I used PHP to generate a 16-byte key and then base64 encoded it.

I'm not a cryptography expert, and I can't seem to find whether or not I can directly use the string resulting from the base64 encoding, or if I need to decode and use the binary.

Encoding 128 bit random data as base64 results in 170 byte not so random data. Since you want to have 128 bit random data you cannot use the base64 encoded version but must decode it back to the 128 bit version. — Steffen Ullrich, Dec 29 '16 at 19:48

score 1 · Accepted Answer · answered Dec 29 '16 at 19:52

1

Encoding 128 bit random data as base64 results in 170 byte not so random data. Since the method you want to use requires 128 bit random data you cannot use the base64 encoded version but must decode it back to the 128 bit version.

answered Dec 29 '16 at 19:52

Steffen Ullrich

184,332
29
363
424

Do I need to decode a base64 representation of a key?

1 Answers1