HMAC or Public Key Signing of JWTs?

As we move into a tokenized world with greater levels of trustworthiness for our data, many developers encapsulate trusted information…

HMAC or Public Key Signing of JWTs?

As we move into a tokenized world with greater levels of trustworthiness for our data, many developers encapsulate trusted information within a JWT. This allows them pass URL-safe information, and to digitally sign the token and thus prove its trustworthiness. This information might grant access to the rights to use a range of networked services, so it is important to understand how the token is signed. But which should you choose? Public key or symmetric key?

There are basically three main trustworthy classifications on JWTs:

  • No trust. No signing. So cannot be trusted!
  • Public key signing. This is where a private key signs the token, and a public key verifies it. Typically we use ECDSA or RSA for this.
  • HMAC signing. This is where we share a secret symmetric key and then use this to sign and verify the token. It is typical for the symmetric key to be generated from a secret passphrase.

In public key signing, we have a key pair to sign the token:

And with HMAC, we share a secret signing key:

To be considered:

  • With HMAC generated from a passphrase, you often considerably reduce the number of possible keys, and thus significantly reduce the security levels with this.
  • A leak of the secret passphrase or symmetric key in HMAC is more likely, as it needs to be shared with validators.
  • For the highest security, public key signing allows for just the public key to be distributed.
  • On a breach of the private key in the public key method, the public key needs to be revoked.
  • If you need to protect your payload, it needs to be encrypted with a wrapped key (and where the symmetric key used is wrapped with the public key of an entity, and thus requires the associated private key to reveal the encryption key on the payload).
  • For the smallest footprint, ECDSA is much smaller than RSA signatures.
  • With HMAC, we must find a secret way of distributed the shared key, without Eve discovering it.

If you are unsure about this and what you should use, I have created a demo of a public key version (using ECDSA):

https://asecuritysite.com/tink/tink_jwt

and an HMAC version:

https://asecuritysite.com/tink/tink_jwt2