Understanding Adobe I/O token encryption for ACS services

Avatar

Avatar

xavierv6303633

Avatar

xavierv6303633

xavierv6303633

25-03-2021

Hello,

 

We're implementing transactional messaging in ACS, and have just set up the JWT Authentication in Adobe I/O. The way the encryption happens for the JWT seems strange to me, and I was wondering if anyone could help clarify this?

 

In any other 'normal' instances, like let's say an encrypted PGP file sent from a client to ACC, it is the client (the sender) who encrypts the file using a public key, and ACC (the recipient) who decrypts it using its private key.

 

With the Adobe I/O JWT exchange, it is the opposite : the client needs to encrypt it with a private key, and Adobe decrypts it with a public key. So we need to ask the client to generate a key pair and send us the public key, which is kind of strange. My client was asking about this behaviour, and I couldn't answer because it seems like the wrong logic to me too.

 

Can someone shed some light on this please? Every article I find on this topic says the same : "The public key is verified with the client and the private key used in the decryption process".

 

Thank you!

Xavier

ACS encryption IO jwt

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

ramon_bisswange

Employee

Avatar

ramon_bisswange

Employee

ramon_bisswange
Employee

05-04-2021

You may refer to below article. JWT is about signing and not encrypting.

https://stackoverflow.com/questions/454048/what-is-the-difference-between-encrypting-and-signing-in-...

Answers (0)