-
Notifications
You must be signed in to change notification settings - Fork 18
Using RS256 Encryption
Malcolm edited this page Aug 24, 2016
·
3 revisions
This article gives a practical example of using RS256 encryption to create and parse JWT tokens. There are 3 steps involved with using encryption:
- Create a token for encryption, or acquire a token for decryption
- Configure the encryption
- Serialize or deserialize the token
- If you're creating and encrypting a token, you'll need a private key.
- If you're decrypting an existing, serialized token, you'll need a public key.
- You'll need both if you intend to process tokens in both directions.
For the purposes of this article, I'm using the key pair found on the Sample Key Pair article. You should use your own key pair outside of these examples.
See that article for an example of creating your own key pair.
//
// Create a token, configuring it with any headers and payload you need
//
$token = new Emarref\Jwt\Token();
$token->addClaim(new \Emarref\Jwt\Claim\PrivateClaim('my_claim', 'my_value'));
//
// Configure the encryption for the JWT instance
//
$algorithm = new Emarref\Jwt\Algorithm\Rs256();
$encryption = Emarref\Jwt\Encryption\Factory::create($algorithm);
// Read in the contents of the PRIVATE key for use in encryption
$privateKey = file_get_contents('/path/to/private.key');
// Configure the encryption with the private key
$encryption->setPrivateKey($privateKey);
// Set up the JWT instance
$jwt = new \Emarref\Jwt\Jwt();
//
// Serializing the token will encrypt its contents
//
$serializedToken = $jwt->serialize($token, $encryption);
// $serializedToken contains the encrypted token as a string.If you are given a public key by a third party, or if you are writing the half of your application that decrypts tokens, the following example shows the decryption of an encrypted token.
//
// Acquire the serialized token somehow.
// For this example, I will use a token I serialized following the encryption example above.
//
$token = 'eyJhbGciOiJSUzI1NiJ9.eyJteV9jbGFpbSI6Im15X3ZhbHVlIn0.LpyBf_vibYGRV1MZLB5gcljTGlmZhPpz7jJHklKKJyXNPJBC18FWNkdiXH0lX2OnBxkuaqPq6meCKsjAHLGKBFvLWkLk90NT3HCUBpAY4Tz8A7UEKq4J1tnx1BnMcU1D33aPiZk7rTWyr9BdjQuKe-3a1NtHx0-Zckxdrt3ME2DF-a-zjBjBW7NlFads2z_YvwxlAwnaA1KR3whGUamDcJFcLd6gp5keazzGSsb3Z8fNlExkjVqMfuN1DWZKpVJtFNAmzCxNZEGsJHCHaPT_TfmJxWiuFvEzG1B83LGI_guQBEhyhY66RmJI-0IifTHnKXe4o6xQVI2o8N0dIxAsSQobject';
//
// Configure the encryption for the JWT instance
//
$algorithm = new Emarref\Jwt\Algorithm\Rs256();
$encryption = Emarref\Jwt\Encryption\Factory::create($algorithm);
// Read in the contents of the PUBLIC key for use in decryption
$publicKey = file_get_contents('/path/to/public.crt');
// Configure the encryption with the public key
$encryption->setPublicKey($publicKey);
// Set up the JWT instance
$jwt = new \Emarref\Jwt\Jwt();
//
// De-serializing the token will decrypt its contents
//
$deserializedToken = $jwt->deserialize($token);To verify the token has been successfully decrypted, you may dump the headers and payload.
echo $deserializedToken->getHeader()->jsonSerialize();
echo $deserializedToken->getPayload()->jsonSerialize();