Understanding Adobe I/O token encryption for ACS services

Question

Hello,

We're implementing transactional messaging in ACS, and have just set up the JWT Authentication in Adobe I/O. The way the encryption happens for the JWT seems strange to me, and I was wondering if anyone could help clarify this?

In any other 'normal' instances, like let's say an encrypted PGP file sent from a client to ACC, it is the client (the sender) who encrypts the file using a public key, and ACC (the recipient) who decrypts it using its private key.

With the Adobe I/O JWT exchange, it is the opposite : the client needs to encrypt it with a private key, and Adobe decrypts it with a public key. So we need to ask the client to generate a key pair and send us the public key, which is kind of strange. My client was asking about this behaviour, and I couldn't answer because it seems like the wrong logic to me too.

Can someone shed some light on this please? Every article I find on this topic says the same : "The public key is verified with the client and the private key used in the decryption process".

Thank you!

Xavier

bisswang · Accepted Answer

You may refer to below article. JWT is about signing and not encrypting.https://stackoverflow.com/questions/454048/what-is-the-difference-between-encrypting-and-signing-in-asymmetric-encryption

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded