Home > Enterprise >  JWT, is it safe to use the same key pair to sign from server-side and encrypt from client-side?
JWT, is it safe to use the same key pair to sign from server-side and encrypt from client-side?

Time:03-07

My private key is server-side and the public one are client-side. I use them to sign JWT from my server and sent to my clients, for authorisation. I have now to also encrypt the user password client-side during the authentication using JWE and verify it from server-side.

This two use case have the same requirements: private key is server-side, public key are client-side, and encryption algorythms can be the same. This is why I am thinking to use the same key pair but I am affraid to miss something about security and I would like to have confirmation, is it safe ?

CodePudding user response:

As best practice, you should not re-use the same key pair for different purposes. Just have two distinct key pairs, one for digital signatures, the other for public key encryption.

Page link:https//www.codepudding.com/Enterprise/325646.html

Prev:Jetpack compose BottomNavigation - java.lang.IllegalStateException: Already attached to lifecycleOwn
Next:How do I use {polished} package with {brochure} framework?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding