JWT signature validation using certificate authority's public key

validation digital-signature jwt
11,070

No that is not possible in the way that you describe: you'll need the actual certificate to:

  1. verify the signature on the JWT with the public key in it
  2. verify that the certificate was signed by the root CA

but then again because of 2. you don't need to exchange the certificate out-of-band but the sender can send the certificate along with the JWT. So you can satisfy your goal anyway since you don't have to obtain all public keys from the clients separately.

Share:
11,070
sunsin1985
Author by

sunsin1985

I am a Java Developer with 10 years of professional experience in application development using technologies like Core Java, J2EE, Spring, Hibernate, JAX-WS based Web Services, JQuery, JavaScript. I love working on problems and coming up with software solutions to solve them. ~~ "Jeb aur pet bhari to kismat hari"

Updated on August 22, 2022

Comments

  • sunsin1985
    sunsin1985 over 1 year

    I am trying this:

    On client side: 1. Generate a JSON Web Token (JWT) using a header, payload. 2. Sign this JWT using my private key. I also have a certificate which is signed by a root CA. 3. Send the JWT to server.

    On server side: 1. Verify the received JWT. 2. I only have access to the public key/certificate of the root CA who has signed my certificate.

    Is is possible to verify the signature of the JWT using the public key or certificate of the root CA. Please note that I do not want to verify the JWT using my public key as there are many clients which have their private-public ket pairs and it would not be possible for the server to obtain all the public keys from the clients. My goal is to make the server-side validation use the public key/certificate of the root CA to validate the JWT.

    Is this possible?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

JwtSecurityTokenHandler and TokenValidationParameters
Verify a signature in JWT.IO
Understanding RSA signing for JWT
Node.js - Express.js JWT always returns an invalid token error in browser response
Flutter: How to refresh token when token expires with ferry (graphql) client?
How can I check valid format of Aadhar card, driving license and Pan Card in Flutter programmatically
I want to make sure that users can put numbers only from 1 - 10 in TextFormField Flutter
Tried to change the background color and text color in Flutter toast. But its not working properly
Validate a non-visible field in Flutter Form
Form validation breaks widgets alignment