Supported JWT signing algorithms¶
To ensure secure communication and authentication, our platform supports a specific set of JWT signing algorithms. It is important that the JWTs used for authenticating service accounts meet these security requirements.
Below is a table detailing the supported algorithms and their corresponding key size requirements:
| Algorithm | Description | Key Size Requirement |
|---|---|---|
| RS256 | RSASSA-PKCS1-v1_5 using SHA-256 | Key size limited to between 2048 and 4096 bits |
| RS384 | RSASSA-PKCS1-v1_5 using SHA-384 | Key size limited to between 2048 and 4096 bits |
| RS512 | RSASSA-PKCS1-v1_5 using SHA-512 | Key size limited to between 2048 and 4096 bits |
| ES256 | ECDSA using P-256 and SHA-256 | Key size is fixed |
| ES384 | ECDSA using P-384 and SHA-384 | Key size is fixed |
| ES512 | ECDSA using P-521 and SHA-512 | Key size is fixed |
| PS256 | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 | Key size limited to between 2048 and 4096 bits |
| PS384 | RSASSA-PSS using SHA-384 and MGF1 with SHA-384 | Key size limited to between 2048 and 4096 bits |
| PS512 | RSASSA-PSS using SHA-512 and MGF1 with SHA-512 | Key size limited to between 2048 and 4096 bits |
Ensure that the JWTs used for authenticating with our service accounts conform to these specifications to prevent any compatibility or security issues. In addition, consider the following:
- It is crucial to select an algorithm compatible with your security infrastructure and the requirements of our platform.
- If you are experiencing issues with JWT authentication, please verify that your JWT signing configuration adheres to the standards listed above.
Related links¶
- Reference: Scopes
- Creating a Firefly or Kubernetes Agent service account
- Creating a Venafi Registry service account
- Creating a TLS Protect Datacenter service account
- Creating a Custom API Integration service account
- Toggling service accounts on or off
- Editing service account settings
- Deleting service accounts
API Reference