{"title":"通过处理REST API中JWT签名的加密密钥管理来管理安全的JSON Web令牌实现::一项调查","authors":"A. Admin","doi":"10.54216/jcim.060101","DOIUrl":null,"url":null,"abstract":"JSON Web Token (JWT) is a compact and self-contained mechanism, digitally authenticated and trusted, for transmitting data between various parties. They are mainly used for implementing stateless authentication mechanisms. The Open Authorization (OAuth 2.0) implementations are using JWTs for their access tokens. OAuth 2.0 and JWT are used token frameworks or standards for authorizing access to REST APIs because of their statelessness and the signature implementation. The most important cryptographic algorithms were tested namely a symmetric algorithm HS256 (HMAC with SHA-256) and an asymmetric algorithm RS256 (RSA Signature with SHA-256) used to construct JWT for signing token based on several parameters of the speed of generating tokens, the size of tokens, time data transfer tokens and security of tokens against attacks.In this research,we propose an approach used for handling cryptographic key management for signing RS256 tokens to ensure the security of the application's architecture. JWT offer a variety of options to manage keys, the server always needs to verify the validity of the key before trusting it for verify that a JWT implementation is secure.The experimental results show It's better to use the RS256 signature method for handling cryptographic key management for signing tokens to manage a secure JWT Implementation","PeriodicalId":169383,"journal":{"name":"Journal of Cybersecurity and Information Management","volume":"77 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Managing a Secure JSON Web Token Implementation By Handling Cryptographic Key Management for JWT Signature in REST API: : A survey\",\"authors\":\"A. Admin\",\"doi\":\"10.54216/jcim.060101\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"JSON Web Token (JWT) is a compact and self-contained mechanism, digitally authenticated and trusted, for transmitting data between various parties. They are mainly used for implementing stateless authentication mechanisms. The Open Authorization (OAuth 2.0) implementations are using JWTs for their access tokens. OAuth 2.0 and JWT are used token frameworks or standards for authorizing access to REST APIs because of their statelessness and the signature implementation. The most important cryptographic algorithms were tested namely a symmetric algorithm HS256 (HMAC with SHA-256) and an asymmetric algorithm RS256 (RSA Signature with SHA-256) used to construct JWT for signing token based on several parameters of the speed of generating tokens, the size of tokens, time data transfer tokens and security of tokens against attacks.In this research,we propose an approach used for handling cryptographic key management for signing RS256 tokens to ensure the security of the application's architecture. JWT offer a variety of options to manage keys, the server always needs to verify the validity of the key before trusting it for verify that a JWT implementation is secure.The experimental results show It's better to use the RS256 signature method for handling cryptographic key management for signing tokens to manage a secure JWT Implementation\",\"PeriodicalId\":169383,\"journal\":{\"name\":\"Journal of Cybersecurity and Information Management\",\"volume\":\"77 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Cybersecurity and Information Management\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.54216/jcim.060101\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cybersecurity and Information Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.54216/jcim.060101","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Managing a Secure JSON Web Token Implementation By Handling Cryptographic Key Management for JWT Signature in REST API: : A survey
JSON Web Token (JWT) is a compact and self-contained mechanism, digitally authenticated and trusted, for transmitting data between various parties. They are mainly used for implementing stateless authentication mechanisms. The Open Authorization (OAuth 2.0) implementations are using JWTs for their access tokens. OAuth 2.0 and JWT are used token frameworks or standards for authorizing access to REST APIs because of their statelessness and the signature implementation. The most important cryptographic algorithms were tested namely a symmetric algorithm HS256 (HMAC with SHA-256) and an asymmetric algorithm RS256 (RSA Signature with SHA-256) used to construct JWT for signing token based on several parameters of the speed of generating tokens, the size of tokens, time data transfer tokens and security of tokens against attacks.In this research,we propose an approach used for handling cryptographic key management for signing RS256 tokens to ensure the security of the application's architecture. JWT offer a variety of options to manage keys, the server always needs to verify the validity of the key before trusting it for verify that a JWT implementation is secure.The experimental results show It's better to use the RS256 signature method for handling cryptographic key management for signing tokens to manage a secure JWT Implementation
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
