Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-31647

Upgrade the encryption algorithm used by JWT Service

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Won't Do
    • Affects Version/s: 2021.0
    • Fix Version/s: None
    • Component/s: Authentication
    • Tags:
    • Backlog priority:
      700
    • Sprint:
      nxplatform #81
    • Story Points:
      3

      Description

      Currently JWT Service uses the algorithm HS512 (HMACSHA512).

      The usage of this algorithm triggers a warning in the browser console with this message

      HMACSHA512Algorithm is obsolete HMAC SHA based algorithms are not secure to protect modern web applications. Consider switching to RSASSA or EDCSA.

      So we should move to use RS256 for example

        Attachments

          Issue Links

          links to

          Web Link Signing Algorithms

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: