-
-
Notifications
You must be signed in to change notification settings - Fork 81
JWS
nov edited this page Sep 9, 2015
·
8 revisions
In many cases, you will sign and/or encrypt JWTs. (alg=none won't be used in general) For signing, call JSON::JWT#sign(key, algorithm).
These values are supported as algorithm.
-
HS256(default) HS384HS512RS256RS384RS512ES256ES384ES512
For historical reasons, HS256 is the default, but I recommend you to use RS256 if possible. Using shared key isn't a good choice for assertion signing in general.
shared_key = 'shared-key'
jwt.sign(shared_key) # HS256 is the default
jwt.sign(shared_key, :HS384)
jwt.sign(shared_key, :HS512)private_key = OpenSSL::PKey::RSA.new(2048)
jwt.sign(private_key, :RS256)
jwt.sign(private_key, :RS384)
jwt.sign(private_key, :RS512)private_key = OpenSSL::PKey::EC.new('prime256v1').generate_key
jwt.sign(private_key, :ES256)
private_key = OpenSSL::PKey::EC.new('secp384r1').generate_key
jwt.sign(private_key, :ES384)
private_key = OpenSSL::PKey::EC.new('secp521r1').generate_key
jwt.sign(private_key, :ES512)TODO