Expand my Community achievements bar.

SOLVED

Understanding Adobe I/O token encryption for ACS services

Avatar

Level 3

Hello,

 

We're implementing transactional messaging in ACS, and have just set up the JWT Authentication in Adobe I/O. The way the encryption happens for the JWT seems strange to me, and I was wondering if anyone could help clarify this?

 

In any other 'normal' instances, like let's say an encrypted PGP file sent from a client to ACC, it is the client (the sender) who encrypts the file using a public key, and ACC (the recipient) who decrypts it using its private key.

 

With the Adobe I/O JWT exchange, it is the opposite : the client needs to encrypt it with a private key, and Adobe decrypts it with a public key. So we need to ask the client to generate a key pair and send us the public key, which is kind of strange. My client was asking about this behaviour, and I couldn't answer because it seems like the wrong logic to me too.

 

Can someone shed some light on this please? Every article I find on this topic says the same : "The public key is verified with the client and the private key used in the decryption process".

 

Thank you!

Xavier

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
2 Replies

Avatar

Correct answer by
Employee Advisor

You may refer to below article. JWT is about signing and not encrypting.

https://stackoverflow.com/questions/454048/what-is-the-difference-between-encrypting-and-signing-in-...