[null,null,["最后更新时间 (UTC):2024-05-20。"],[[["Tink supports creating and validating JSON Web Tokens (JWTs) using a secure subset of the RFC 7519 standard."],["It offers both asymmetric and symmetric key cryptography options for signing and verifying JWTs, with various algorithms like ES256, RS256, HS256, and others."],["Tink emphasizes secure key management practices, including using distinct key types for JWTs and enabling public keyset distribution in the JWK Sets format for easier sharing and rotation."],["However, it has certain limitations, such as supporting only the JWS Compact Serialization format and specific headers, while excluding features like JWE and the 'None' algorithm."],["For optimal security, Tink enforces signature/MAC verification before parsing tokens and recommends periodic public keyset updates to facilitate key rotation and minimize disruptions."]]],["Tink supports generating and verifying JWTs, implementing a secure subset of the standard. It utilizes JWS Compact Serialization, excluding JWS JSON Serialization and JWE. Supported headers are `typ`, `alg`, and `kid`; the `None` `alg` value is unsupported. Asymmetric keys (`JwtPublicKeySign`, `JwtPublicKeyVerify`) should be used between different entities, with supported algorithms including `ES256`, `RS256`, and `PS256`. Symmetric keys (`JwtMac`) are for same-entity usage, supporting `HS256`. Tink offers JWK Sets format conversion for public keys and recommends automated public keyset updates.\n"]]