Exploring Security Functions: Understanding Asymmetrical Encryption and JSON Web Tokens
In the State Changers meeting, the participants discussed various topics related to security and encryption and how they are used in platforms like Xano. Key topics included:
1. Security Functions in Xano: An overview was given on when and why they use these security functions. They are used not only to add layers of security but also for API call specifications.
2. Types of Encryption: Detailed distinction was made between symmetric and asymmetric encryption. Symmetric encryption, akin to AES, is used when the same person is locking and unlocking - useful when dealing with internal tools. Asymmetric encryption (like RSA and Elliptic Curve technologies) involves public and private keys. This ensures a secure transaction without needing to trust the other party, making it useful for interactions with external platforms.
3. JWT and JWE in Xano: The concept of JSON Web Tokens (JWS/JWT) and JSON Web Encryption (JWE) was explained in detail. JWS is commonly used for signed transactions, while JWE introduces another layer of encryption for added security. However, JWE use-cases are relatively infrequent. The public and private keys used in JWS and JWE were discussed, along with methods for validating tokens.
4. Key Generation and Decryption: The process of generating private keys for encryption was discussed along with the concept of using 'salt' or 'initialization vectors' to make encryption more secure. The use of tools like CyberChef for decoding base64 encoded data was illustrated.
The session was information-rich, providing extensive knowledge on encryption and key management principles. This would be a valuable resource for individuals working with secure transactions, encryption and token management, using platforms such as Xano.