Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Understanding Adobe I/O token encryption for ACS services

Avatar

Avatar
Boost 5
Level 2
xavierv6303633
Level 2

Likes

6 likes

Total Posts

21 posts

Correct Reply

1 solution
Top badges earned
Boost 5
Validate 1
Contributor
Shape 1
Boost 3
View profile

Avatar
Boost 5
Level 2
xavierv6303633
Level 2

Likes

6 likes

Total Posts

21 posts

Correct Reply

1 solution
Top badges earned
Boost 5
Validate 1
Contributor
Shape 1
Boost 3
View profile
xavierv6303633
Level 2

25-03-2021

Hello,

 

We're implementing transactional messaging in ACS, and have just set up the JWT Authentication in Adobe I/O. The way the encryption happens for the JWT seems strange to me, and I was wondering if anyone could help clarify this?

 

In any other 'normal' instances, like let's say an encrypted PGP file sent from a client to ACC, it is the client (the sender) who encrypts the file using a public key, and ACC (the recipient) who decrypts it using its private key.

 

With the Adobe I/O JWT exchange, it is the opposite : the client needs to encrypt it with a private key, and Adobe decrypts it with a public key. So we need to ask the client to generate a key pair and send us the public key, which is kind of strange. My client was asking about this behaviour, and I couldn't answer because it seems like the wrong logic to me too.

 

Can someone shed some light on this please? Every article I find on this topic says the same : "The public key is verified with the client and the private key used in the decryption process".

 

Thank you!

Xavier

ACS encryption IO jwt

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Boost 250
Employee
ramon_bisswanger
Employee

Likes

266 likes

Total Posts

392 posts

Correct Reply

192 solutions
Top badges earned
Boost 250
Affirm 100
Give Back 25
View profile

Avatar
Boost 250
Employee
ramon_bisswanger
Employee

Likes

266 likes

Total Posts

392 posts

Correct Reply

192 solutions
Top badges earned
Boost 250
Affirm 100
Give Back 25
View profile
ramon_bisswanger
Employee

05-04-2021

You may refer to below article. JWT is about signing and not encrypting.

https://stackoverflow.com/questions/454048/what-is-the-difference-between-encrypting-and-signing-in-...

Answers (0)