Update 4_5_0_final.adoc

This commit is contained in:
Stian Thorgersen 2018-09-24 21:52:06 +02:00
parent 9437226341
commit 42a6a3789f

View file

@ -1,8 +1,6 @@
= Signature SPI = Signature SPI
The Signature SPI makes it possible to plug-in additional signature algorithms. Not only does it enable The Signature SPI makes it possible to plug-in additional signature algorithms. This enables additional signatures and also enables changing how signatures are generated. For example, using this allows using an HSM device to sign tokens.
additional signatures, but it also enables changing how signatures are generated. For example this would allow
using an HSM device to sign tokens.
Thanks to https://github.com/tnorimat[tnorimat] for contributing a signficant part of this work. Thanks to https://github.com/tnorimat[tnorimat] for contributing a signficant part of this work.
@ -13,7 +11,7 @@ Alongside the Signature SPI there is now also support for additional signature a
Keycloak now has support for RS256, RS384, RS512, ES256, ES384, ES512, HS256, HS384 and HS512. Keycloak now has support for RS256, RS384, RS512, ES256, ES384, ES512, HS256, HS384 and HS512.
Elliptic Curve Digital Signature Algorithm (ES256/384/512) are very interesting as they provide similar Elliptic Curve Digital Signature Algorithm (ES256/384/512) are very interesting as they provide similar
security properties as RSA signatures, but uses significantly less CPU. security properties as RSA signatures, but use significantly less CPU.
HMAC (HS256/384/512) are also very useful when you do not want your application to verify the signature itself. HMAC (HS256/384/512) are also very useful when you do not want your application to verify the signature itself.
Since these are symmetric signatures only Keycloak is able to verify the signature, which requires the Since these are symmetric signatures only Keycloak is able to verify the signature, which requires the