Update 4_5_0_final.adoc
This commit is contained in:
parent
9437226341
commit
42a6a3789f
1 changed files with 3 additions and 5 deletions
|
@ -1,8 +1,6 @@
|
||||||
= Signature SPI
|
= Signature SPI
|
||||||
|
|
||||||
The Signature SPI makes it possible to plug-in additional signature algorithms. Not only does it enable
|
The Signature SPI makes it possible to plug-in additional signature algorithms. This enables additional signatures and also enables changing how signatures are generated. For example, using this allows using an HSM device to sign tokens.
|
||||||
additional signatures, but it also enables changing how signatures are generated. For example this would allow
|
|
||||||
using an HSM device to sign tokens.
|
|
||||||
|
|
||||||
Thanks to https://github.com/tnorimat[tnorimat] for contributing a signficant part of this work.
|
Thanks to https://github.com/tnorimat[tnorimat] for contributing a signficant part of this work.
|
||||||
|
|
||||||
|
@ -13,10 +11,10 @@ Alongside the Signature SPI there is now also support for additional signature a
|
||||||
Keycloak now has support for RS256, RS384, RS512, ES256, ES384, ES512, HS256, HS384 and HS512.
|
Keycloak now has support for RS256, RS384, RS512, ES256, ES384, ES512, HS256, HS384 and HS512.
|
||||||
|
|
||||||
Elliptic Curve Digital Signature Algorithm (ES256/384/512) are very interesting as they provide similar
|
Elliptic Curve Digital Signature Algorithm (ES256/384/512) are very interesting as they provide similar
|
||||||
security properties as RSA signatures, but uses significantly less CPU.
|
security properties as RSA signatures, but use significantly less CPU.
|
||||||
|
|
||||||
HMAC (HS256/384/512) are also very useful when you do not want your application to verify the signature itself.
|
HMAC (HS256/384/512) are also very useful when you do not want your application to verify the signature itself.
|
||||||
Since these are symmetric signatures only Keycloak is able to verify the signature, which requires the
|
Since these are symmetric signatures only Keycloak is able to verify the signature, which requires the
|
||||||
application to use the token introspection endpoint to verify tokens.
|
application to use the token introspection endpoint to verify tokens.
|
||||||
|
|
||||||
Thanks to https://github.com/tnorimat[tnorimat] for contributing a signficant part of this work.
|
Thanks to https://github.com/tnorimat[tnorimat] for contributing a signficant part of this work.
|
||||||
|
|
Loading…
Reference in a new issue