Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pgjwt should support asymmetric/RSA private key signing #13

Closed
raphet opened this issue Aug 17, 2020 · 1 comment
Closed

pgjwt should support asymmetric/RSA private key signing #13

raphet opened this issue Aug 17, 2020 · 1 comment

Comments

@raphet
Copy link

raphet commented Aug 17, 2020
edited
Loading

See https://security.stackexchange.com/a/234018

Having multiple services accessing a public key for signage verification - with postgres as authority server is a safer situation than distributing the secret HMAC key on every services.

Therefore I am suggesting to include into the pgjwt module a way to support creating JWT using a private RSA key within postgres. That way, login/authentication via postgrest would be possible and third party services would only need to know the public key to verify any jwt token's origin/legitimacy.
@michelp
Copy link
Owner

michelp commented Dec 26, 2021

Unfortunately pgcrypto does not support public key signing.

@michelp michelp closed this as completed Dec 26, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@michelp @raphet