Skip to content
Better HN
Top
New
Best
Ask
Show
Jobs
Search
⌘K
Abusing JWT public keys without the public key
(opens in new tab)
(blog.silentsignal.eu)
2 points
dnet
5y ago
2 comments
Share
Abusing JWT public keys without the public key | Better HN
2 comments
default
newest
oldest
outsomnia
5y ago
> The main lesson is: one should not rely on the secrecy of public keys
... that might be why they are called "public" keys
dnet
OP
5y ago
Yet we've had people argue that they wouldn't give us the public part of their JWT RSA signing keypair, because "they wouldn't publish that anyway", hence this post.
j
/
k
navigate · click thread line to collapse
