Hello, Thank you for the detailed explanation; it is really helpful! I have a question: how does the receiver decrypt the message if only the server has the private key?
Hi, server encrypts the signature using the private key. Receiver decrypts the signature using the public key. Any one can decrypt a signature, but only server can encrypt a signature. Hope this helps, cheers 👍🙏
@@learningsoftwareskills Thank you for your input! However, I think there might be a misunderstanding. In public key cryptography, the public key is used for encryption, while the private key is used for decryption. When it comes to signatures, the server creates the signature by encrypting it with its private key, and the receiver can verify it using the server's public key. This ensures authenticity. Let me know if you'd like to discuss it further! Cheers! 👍
Great explanation. I have a question does the public key should be present in the JWT, or it should be already be present on the client side for verification.
@@learningsoftwareskills I think you didn't understand his question. The client should fetch the public key from the authentication server. If the public key came in the JWT, someone could tamper the JWT by replacing the public key with a new one. AWS Cognito for example provides a URL where the public key can be obtained.
@@brunobkpzica4598 oooh nice recommendation for aws cognito, ill use it for fetching a certificate x509, as far as i know this is more secure than public key because theres a more specific way to validate the token with a issuer and subject info and also with expiration, since public key does have these features
It was very helpful. thank you.
Nice one🎉 thanks for the video.
Thanks for the encouraging feedback👍
One of the best explanations I found about JWT in the internet. Thank you for the video
Thanks a lot for the amazing feedback 👍🙏
i second that
One of the best explanations thank you..
Thank you for the amazing feedback 👍🙏
excellent! Thank you so much!!!
@@rryann088 thank you for the amazing feedback 👍🙏
Best explaination ever, very concise :D
@@SoyJavero thank you 🙏👍
Very nice explanation 😃 kudos👏 first I understand deeply
Thank you very much 🙏👍
Good Explanation
Thank you very much 👍
Really very good explanation. It helped me to understand what JWT is and how it works. Thanks a lot
You are welcome 🙏👍
Very well explained!! Thanks
I am glad you liked it 👍
Too good explanation... Keep up the good work!!!!!
Thank you 🙏👍
Excellent Video on JWT token validation! Keep the good work going!
Thank you👍🙏
Really detailed explanation about JWT.
Thank you for this video!
Hi, Glad you liked it! Thanks 🙏😊
Thank you. I wish i had seen this video before a job interview i had last week.
Thank you very much for ur amazing feedback 👍🙏
next time you'll get it right :D
Too good sir, really helpful, may god bless u
Thank you 👍🙏
excellent and precise, thank you
You are welcome 👍🙏
Perfect explanation, thanks
Thank you for the amazing feedback 👍🙏
Awesome explanation buddy
Thanks buddy
superb explanation
Thank you 🙏
Very well explained
Thank you 🙏👍
Hello,
Thank you for the detailed explanation; it is really helpful!
I have a question: how does the receiver decrypt the message if only the server has the private key?
Hi, server encrypts the signature using the private key. Receiver decrypts the signature using the public key.
Any one can decrypt a signature, but only server can encrypt a signature.
Hope this helps, cheers 👍🙏
@@learningsoftwareskills Thank you for your input! However, I think there might be a misunderstanding. In public key cryptography, the public key is used for encryption, while the private key is used for decryption. When it comes to signatures, the server creates the signature by encrypting it with its private key, and the receiver can verify it using the server's public key. This ensures authenticity. Let me know if you'd like to discuss it further! Cheers! 👍
Precise
@@Mayank-pk2oj thank you 👍🙏
Great explanation.
I have a question does the public key should be present in the JWT, or it should be already be present on the client side for verification.
Hi, public key should be present in jwt. This is required for validating the hash
Hope this helps, cheers 👍
@@learningsoftwareskills I think you didn't understand his question. The client should fetch the public key from the authentication server. If the public key came in the JWT, someone could tamper the JWT by replacing the public key with a new one. AWS Cognito for example provides a URL where the public key can be obtained.
@@brunobkpzica4598 hi, you are right. I was wrong about the public key. The public key should be fetched from the server. Thanks 👍
@@adityathakur3748 sorry the reply was wrong. The public key should be fetched from the issuing server for validating the signature.
@@brunobkpzica4598 oooh nice recommendation for aws cognito, ill use it for fetching a certificate x509, as far as i know this is more secure than public key because theres a more specific way to validate the token with a issuer and subject info and also with expiration, since public key does have these features