Y
Hacker News
new
|
ask
|
show
|
jobs
Abusing JWT public keys without the public key
(
blog.silentsignal.eu
)
2 points
by
dnet
1958 days ago
1 comments
outsomnia
1958 days ago
> The main lesson is: one should not rely on the secrecy of public keys
... that might be why they are called "public" keys
link
dnet
1958 days ago
Yet we've had people argue that they wouldn't give us the public part of their JWT RSA signing keypair, because "they wouldn't publish that anyway", hence this post.
link
... that might be why they are called "public" keys