JWT RSA signing and verify in Node.js using RSA Public/Private Key Pairs

No video

JWT RSA signing and verify in Node.js using RSA Public/Private Key Pairs

Рет қаралды 12,790

Күн бұрын

#jwt #node #rsa #asymmetricencryption #piblicprivatekey
Learn how to do use JWT with RSA public and private keys in Nodejs
This is a code walkthrough. to understand why and when to use RSA please watch the previous video in the playlist.
Amazon Link: amzn.to/36pZN09
git: github.com/luc...
Nodejs: nodejs.org/en/...
npm package: www.npmjs.com/...
Visual studio code: code.visualstu...
Playlist about JWT
• JWT Token
Check out the playlist about RSA
• RSA

Пікірлер: 17

@bitorsic Жыл бұрын

You're indeed a saviour. Thank you. Looking forward to implement this in my projects. Great content

@AmarSingh-uw1db 3 жыл бұрын

Awsome video. Great explanation. I have a doubt that It makes any difference that we use RSA or any other algorithm for sign tokens or no algorithm for security purpose ?

@biswakalyandas8076 Жыл бұрын

In a scenario where you want other sites to validate your sites JWT token but you dont want them to generate new token on your behalf. This will be helpful

@dinkarinjosh 2 жыл бұрын

Great Tutorial. Can you please help ? Your code works, but when I use my key pair, it does not, how did you generate the pub/private keys? I tried both git bash -> ssh-keygen -t "ed25519" AND rsa . Please help. but a kudos, best explanation out there.

@cristianhoyos4767 4 жыл бұрын

I have a question here. According to the way you are doing this I think is not correct, but maybe I'm bad with my assumption. Shouldn't we generate (sign) the JWT with public key instead of private key? and shouldn't we use the private key for verifying it instead of public key?

@TechnoSaviour 4 жыл бұрын

In JWT singing is done with private key only. This process occurs at server end so your private key remains secure. If the client wants to verify the token the server can expose the public key so the client side can also verify the token.

@harshmittal3072 Жыл бұрын

@@TechnoSaviour Under RSA encryption, messages are encrypted with a code called a public key, which can be shared openly. Due to some distinct mathematical properties of the RSA algorithm, once a message has been encrypted with the public key, it can only be decrypted by another key, known as the private key. Each RSA user has a key pair consisting of their public and private keys. As the name suggests, the private key must be kept secret.

@harshmittal3072 Жыл бұрын

THIS is what many blogs say about RSA

@bitorsic Жыл бұрын

@@harshmittal3072 Signing is different from Encryption, although both use a key-pair generated by RSA. Both differ in the objective: Assume Alice uses her key-pair for the examples Encryption - The objective is to protect the data. Let's say Bob 'encrypts' a message using Alice's public key. This allows only Alice to read the data (using her private key), but there's no way to verify that it was indeed Bob who encrypted the data, or the source of the data, since anyone can use Alice's public key. Signing - The objective is to verify the source of the data. Let's say Alice 'signs' a message using her own private key. This allows anyone to verify that this data was indeed from Alice (using her public key), but there's no way to protect the data, since, again, anyone can use Alice's public key. Hope this explanation helps. You can read more about this at www.encryptionconsulting.com/education-center/encryption-and-signing#:~:text=Encryption%20uses%20a%20key%20to,of%20encryption%20in%20its%20process