问题描述

限时删除！！

我阅读了可在此处找到的 JSON Web 签名规范.该规范为 JSON Web 签名定义了两种序列化表示.一种是 JWS 紧凑序列化方法，另一种是 JWS JSON 序列化方法.JWS JSON 序列化表示允许一个人拥有多个签名.使用 JWS JSON 序列化的 JWS 示例如下:

I read the JSON Web Signature specification that can be found here. The spec defines two serialization representations for JSON Web Signatures. One is the JWS Compact Serialization and the other is JWS JSON Serialization method. The JWS JSON Serialization representation allows one to have multiple signatures. An example of a JWS that uses JWS JSON Serialization is:

{
        "payload": "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ",
        "signatures": [
            {
                "protected": "eyJhbGciOiJSUzI1NiJ9",
                "header": {
                    "kid": "2010-12-29"
                },
                "signature": "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7AAuHIm4Bh
                -0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4BAynRFdiuB
                --f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K0GarZRmB_eSN9383LcOLn6_dO
                --xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqvhJ1phCnvWh6IeYI2w9QOYEUipUTI8np6Lbg
                GY9Fs98rqVt5AXLIhWkWywlVmtVrBp0igcN_IoypGlUPQGe77Rw"
            },
            {
                "protected": "eyJhbGciOiJFUzI1NiJ9",
                "header": {
                    "kid": "e9bc097a-ce51-4036-9562-d2ade882db0d"
                },
                "signature": "DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSApmWQxfKTUJqPP3-Kg6NU1Q"
            }
        ]
    }

规范暗示有时拥有多个签名可能是有益的.但是，我这辈子都想不出你需要不止一个的理由.

The spec implies that it can be beneficial at times to have multiple signatures. However, I can't for the life of me think of a reason you'd need to have more than one.

那么，话虽如此，在 JWS 中拥有多个签名的用例是什么?

So, with that being said what is a use case of having more than one signature in a JWS?

推荐答案

根据 Florent Morselli 的评论，至少有 2 个用例:

According to Florent Morselli's comment, there are at least 2 use cases:

1. 您使用多种签名算法(比如 RS256、ES384 和 PS512)对令牌进行签名.根据受众能力(仅支持 ES384 算法)，它将能够验证令牌.

1. You sign a token with several signature algorithms (let say RS256, ES384 and PS512). depending on the audience capabilities (only supports ES384 algorithm), it will be able to verify the token.

多方同意共同的有效载荷.每一方都使用其密钥对有效负载进行签名，并将签名合并为一个令牌.

Several parties agree for a common payload. Each party sign the payload with its key and signatures are merged into a single token.

这篇关于在使用 JWS JSON 序列化的 JWS 中具有多个签名的用例是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！

1403页，肝出来的..