From 42a6a3789f63ec3a4d09e823fa8e0c58ebd97a85 Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Mon, 24 Sep 2018 21:52:06 +0200 Subject: [PATCH] Update 4_5_0_final.adoc --- release_notes/topics/4_5_0_final.adoc | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/release_notes/topics/4_5_0_final.adoc b/release_notes/topics/4_5_0_final.adoc index b596f9eaee..985a647b7f 100644 --- a/release_notes/topics/4_5_0_final.adoc +++ b/release_notes/topics/4_5_0_final.adoc @@ -1,8 +1,6 @@ = Signature SPI -The Signature SPI makes it possible to plug-in additional signature algorithms. Not only does it enable -additional signatures, but it also enables changing how signatures are generated. For example this would allow -using an HSM device to sign tokens. +The Signature SPI makes it possible to plug-in additional signature algorithms. This enables additional signatures and also enables changing how signatures are generated. For example, using this allows using an HSM device to sign tokens. Thanks to https://github.com/tnorimat[tnorimat] for contributing a signficant part of this work. @@ -13,10 +11,10 @@ Alongside the Signature SPI there is now also support for additional signature a Keycloak now has support for RS256, RS384, RS512, ES256, ES384, ES512, HS256, HS384 and HS512. Elliptic Curve Digital Signature Algorithm (ES256/384/512) are very interesting as they provide similar -security properties as RSA signatures, but uses significantly less CPU. +security properties as RSA signatures, but use significantly less CPU. HMAC (HS256/384/512) are also very useful when you do not want your application to verify the signature itself. Since these are symmetric signatures only Keycloak is able to verify the signature, which requires the application to use the token introspection endpoint to verify tokens. -Thanks to https://github.com/tnorimat[tnorimat] for contributing a signficant part of this work. \ No newline at end of file +Thanks to https://github.com/tnorimat[tnorimat] for contributing a signficant part of this work.