On this https://jwt.io/ application, you can paste a jwt and it returns you a public key. How is this public key generated, and how is it exported? Is it contained inside the JWT, and if it is, then how? In raw format?
Asked
Active
Viewed 160 times
0
-
Why do you think it returns a public key? – auspicious99 Jul 03 '20 at 15:30
-
It did for me .. I am not sure why . Maybe it found it somewhere on my browser ? – Cap Barracudas Jul 04 '20 at 19:21
1 Answers
1
The UI does not make this all too transparent, but no public key is exported. You should see an invalid signature info message below the left input field.
This means, that while jwt.io was able to read your token, it was not able to verify the signature. You can, however, provide the website with your secret (depending on the algorithm, a public and private key or shared secret): with this information, it is now able to verify the signature.
A JSON Web Token consists of three parts: a header, a body and a signature. These are highlighted in three colors by the jwt.io website.
Word of advise: never give out production level keys or tokens.
auspicious99
- 493
- 3
- 17
phisch
- 1,305
- 10
- 14