SOFTWARE ENGINEERING TOOLS AND ENVIRONMENTS
AUTOMATED TESTING TOOLS
Question
[CLICK ON ANY CHOICE TO KNOW THE RIGHT ANSWER]
|
A JWT, once encoded, is not possible to access its content, unless we know the secret of the signature
|
true
|
|
false
|
|
Either A or B
|
|
None of the above
|
Explanation:
Detailed explanation-1: -signature is an encrypted string. Whatever algorithm you choose in the header part, you need to encrypt the first two parts of JWT which is base64(header) + ‘. ‘ + base64(payload) with that algorithm. This is the only part of JWT which is not publically readable because it is encrypted with a secret key.
Detailed explanation-2: -Select the algorithm RS256 from the Algorithm drop-down menu. Enter the header and the payload. Download the private key from the /home/vol/privatekey. Enter the downloaded private key in the Private Key field of the Verify Signature section.
There is 1 question to complete.