A JWT, once encoded, is not possible to access its content, unless we know the secret of the signature

AUTOMATED TESTING TOOLS

Please wait while the activity loads.
If this activity does not load, try refreshing your browser. Also, this page requires javascript. Please visit using a browser with javascript enabled.

If loading fails, click here to try again

Question [CLICK ON ANY CHOICE TO KNOW THE RIGHT ANSWER]

A	true
B	false
C	Either A or B
D	None of the above

Explanation:

Detailed explanation-1: -signature is an encrypted string. Whatever algorithm you choose in the header part, you need to encrypt the first two parts of JWT which is base64(header) + ‘. ‘ + base64(payload) with that algorithm. This is the only part of JWT which is not publically readable because it is encrypted with a secret key.

Detailed explanation-2: -Select the algorithm RS256 from the Algorithm drop-down menu. Enter the header and the payload. Download the private key from the /home/vol/privatekey. Enter the downloaded private key in the Private Key field of the Verify Signature section.

There is 1 question to complete.

SOFTWARE ENGINEERING

SOFTWARE ENGINEERING TOOLS AND ENVIRONMENTS

AUTOMATED TESTING TOOLS