jwt and encryption algorithms

Language 2020-02-10 18:38:54 views: null

JWT

Brief introduction

JWT, stands for Json Web Token, JSON is a lightweight style authorization and authentication specification, enabling stateless, distributed Web application authorization; official website: https://jwt.io

Jwt on GitHub java client: https://github.com/jwtk/jjwt

 

Data Format

JWT data comprising three parts:

  • Header: the head, the head usually has two pieces of information:

    • Declared type, here is the JWT

    We will head base64 encode the data to obtain a first part

  • Payload: payload is valid data, typically contains the following information:

    • User identity information (note that here because the base64-encoded, can be decoded, so do not store sensitive information)

    • Registration Statement: As token of the issue of time, the expiration time, the issuer, etc.

    This part also base64-encoded to give a second portion of the data

  • Signature: Signature, authentication information is the whole data. The first two steps of the general data, coupled with the service key (Secret) (not leak, preferably replaced periodically), generated by the encryption algorithm. It used to verify data integrity and reliability of the entire

Generated data formats: token == individual personal identification documents jwt =

Can be seen divided into three segments, the above data is part

 

JWT interaction flow

flow chart:

Translation steps:

  • 1, a user logs

  • 2, the authentication service, by generating a token according to the secret

  • 3, the generated token back to the browser

  • 4, each request carries the user token

  • 5, jwt interpretation service using the public key signature, the signature is valid after the determination, the user information acquired from the Payload

  • 6, processes the request, it returns a response result

Because the token JWT issued already contains a user's identity information, and each request would carry, such services do not need to store user information without even having to query the database in full compliance with the stateless Rest norms.

 

Asymmetric encryption

Encryption is the information encoding and decoding technology, the original code is readable information (also known as plaintext) translated code form (also known as ciphertext), the decoding process is the inverse (decryption), the encrypted encryption key points algorithm, encryption algorithm can be divided into three categories:

  • Symmetric encryption, such as AES

    • 基本原理:将明文分成N个组,然后使用密钥对各个组进行加密,形成各自的密文,最后把所有的分组密文进行合并,形成最终的密文。

    • 优势:算法公开、计算量小、加密速度快、加密效率高

    • 缺陷:双方都使用同样密钥,安全性得不到保证

  • 非对称加密,如RSA

    • 基本原理:同时生成两把密钥:私钥和公钥,私钥隐秘保存,公钥可以下发给信任客户端

      • 私钥加密,持有私钥或公钥才可以解密

      • 公钥加密,持有私钥才可解密

    • 优点:安全,难以破解

    • 缺点:算法比较耗时

  • 不可逆加密,如MD5,SHA

    • 基本原理:加密过程中不需要使用密钥,输入明文后由系统直接经过加密算法处理成密文,这种加密后的数据是无法被解密的,无法根据密文推算出明文。

RSA算法历史:

1977年,三位数学家Rivest、Shamir 和 Adleman 设计了一种算法,可以实现非对称加密。这种算法用他们三个人的名字缩写:RSA

Leon_Jinhai_Sun
发布了2106 篇原创文章 · 获赞 46 · 访问量 13万+
他的留言板 关注

Guess you like

Origin blog.csdn.net/Leon_Jinhai_Sun/article/details/104251716
Recommended
Ranking
vue project automated build tools 1.0, support for multi-page build
JDBC add, update, delete data
SpringCloud combat service in response to the decline tutorial series (Chapter IV)
A segmentation fault (core dumped) error occurs when C+11 compiles and calls the PCL library
Django achieve websocket
Go语言并发之道--笔记1
Three-tier structure and application
Zhejiang data structure after-school exercise practice two 7-2 Reversing Linked List (25 points)
Front-end interview brushing day9 (updated daily high-frequency inspection points for front-end interviews)
The difference between the shell of the single and double quote
Daily
More
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)

Code World

© 2018 codetd.com