The title says everything. If someone changes the payload but doesn't change the encrypted part, is it verified by the module?
Asked
Active
Viewed 28 times
0
-
If it works after alteration then what is the point of using it? – Xaqron May 08 '20 at 18:18
-
1No, the signature is a hash of header and payload, if you change anything ithe sig is invalid – jps May 08 '20 at 18:19
-
That's precisely what you use the signature part to do; validate that the token hasn't been altered. – Paul May 08 '20 at 18:21