@Immutable public static final class JwtRsaSsaPkcs1Parameters.KidStrategy extends Object
| Modifier and Type | Field and Description |
|---|---|
static JwtRsaSsaPkcs1Parameters.KidStrategy |
BASE64_ENCODED_KEY_ID
The "kid" is the URL safe (RFC 4648 Section 5) base64-encoded big-endian key_id in the
keyset.
|
static JwtRsaSsaPkcs1Parameters.KidStrategy |
CUSTOM
The "kid" is fixed.
|
static JwtRsaSsaPkcs1Parameters.KidStrategy |
IGNORED
The "kid" header is ignored.
|
public static final JwtRsaSsaPkcs1Parameters.KidStrategy BASE64_ENCODED_KEY_ID
In PublicKeySign#signAndEncode Tink always adds the KID.
In PublicKeyVerify#verifyAndDecode Tink checks that the kid is present and equal
to this value.
This strategy is recommended by Tink.
public static final JwtRsaSsaPkcs1Parameters.KidStrategy IGNORED
In PublicKeySign#signAndEncode Tink does not write a "kid" header.
In PublicKeyVerify#verifyAndDecode Tink ignores the "kid" header.
public static final JwtRsaSsaPkcs1Parameters.KidStrategy CUSTOM
parameters.getCustomKid().
In PublicKeySign#signAndEncode Tink writes the "kid" header to the value given by
parameters.getCustomKid().
In PublicKeyVerify#verifyAndDecode, if the kid is present, it needs to match
parameters.getCustomKid(). If the kid is absent, it will be accepted.
Note: Tink does not allow to randomly generate new JwtRsaSsaPkcs1Key objects from
parameters objects with KidStrategy equals to CUSTOM.