11.2. 加签加密顺序(Signing and Encryption Order )
虽然嵌套jwt的签名和加密操作在语法上可以以任何顺序应用,但如果签名和加密都是必要的,通常生成方应该对消息进行签名,然后对结果进行加密(从而加密签名)。这可以防止去掉签名、只留下加密消息的攻击,并为签名者提供隐私。此外,加密文本的签名在许多管辖区被认为是无效的。
请注意,与签名和加密操作顺序相关的潜在安全问题已由底层JWS和JWE规范解决;特别是,由于JWE只支持使用经过身份验证的加密算法,因此对于应用于许多上下文中的加密后可能需要进行签名的加密关注并不适用于此规范。
While syntactically the signing and encryption operations for Nested JWTs may be applied in any order, if both signing and encryption are necessary, normally producers should sign the message and then encrypt the result (thus encrypting the signature). This prevents attacks in which the signature is stripped, leaving just an encrypted message, as well as providing privacy for the signer. Furthermore, signatures over encrypted text are not considered valid in many jurisdictions.
Note that potential concerns about security issues related to the order of signing and encryption operations are already addressed by the underlying JWS and JWE specifications; in particular, because JWE only supports the use of authenticated encryption algorithms, cryptographic concerns about the potential need to sign after encryption that apply in many contexts do not apply to this specification.
若有收获,就点个赞吧
0 人点赞
