How to forge RS256 JWTs

seguri · June 21, 2022, 4:17pm

Hi,
I need to forge invalid but verified JWTs to test our JwtValidators in Spring Boot services.
I’ve learned how to forge HS256 JWTs by using the secret found at:

SELECT value
  FROM component_config CC
  JOIN component C ON CC.component_id = C.id
 WHERE C.realm_id = 'MyRealm'
   AND C.provider_id = 'hmac-generated'
   AND CC.name = 'secret'

How can I do the same with RS256 JWTs? What can I do with the value found with the query:

   AND C.provider_id = 'rsa-generated'
   AND CC.name = 'privateKey'

Where do I find the value to put here (jwt.io)?

seguri · July 4, 2022, 3:30pm

Nobody has ever forged JWTs?

Topic		Replies	Views
Refresh token is signed with HS256, How to validate the token offline? Getting advice	1	579	June 7, 2021
How to validate JWT Token - userInfo or is there a library or method call in Java? Getting advice	0	799	May 29, 2020
Decrypting JWT signatures Getting advice	1	1461	September 8, 2022
Validating access token signature Getting advice authentication	0	1650	February 21, 2022
Newbie question: If I create a new keycloak realm, where do I find the key that can be used to authenticate its issued tokens? Configuring the server authentication	0	371	May 25, 2020

How to forge RS256 JWTs

Related Topics