JWT RSA signing and verify in Node.js using RSA Public/Private Key Pairs
HTML-код
- Опубликовано: 11 сен 2024
- #jwt #node #rsa #asymmetricencryption #piblicprivatekey
Learn how to do use JWT with RSA public and private keys in Nodejs
This is a code walkthrough. to understand why and when to use RSA please watch the previous video in the playlist.
Amazon Link: amzn.to/36pZN09
git: github.com/luc...
Nodejs: nodejs.org/en/...
npm package: www.npmjs.com/...
Visual studio code: code.visualstu...
Playlist about JWT
• JWT Token
Check out the playlist about RSA
• RSA
You're indeed a saviour. Thank you. Looking forward to implement this in my projects. Great content
Great Tutorial. Can you please help ? Your code works, but when I use my key pair, it does not, how did you generate the pub/private keys?
I tried both git bash -> ssh-keygen -t "ed25519" AND rsa . Please help. but a kudos, best explanation out there.
Awsome video. Great explanation.
I have a doubt that It makes any difference that we use RSA or any other algorithm for sign tokens or no algorithm for security purpose ?
In a scenario where you want other sites to validate your sites JWT token but you dont want them to generate new token on your behalf. This will be helpful
I have a question here. According to the way you are doing this I think is not correct, but maybe I'm bad with my assumption. Shouldn't we generate (sign) the JWT with public key instead of private key? and shouldn't we use the private key for verifying it instead of public key?
In JWT singing is done with private key only. This process occurs at server end so your private key remains secure.
If the client wants to verify the token the server can expose the public key so the client side can also verify the token.
@@TechnoSaviour Under RSA encryption, messages are encrypted with a code called a public key, which can be shared openly. Due to some distinct mathematical properties of the RSA algorithm, once a message has been encrypted with the public key, it can only be decrypted by another key, known as the private key. Each RSA user has a key pair consisting of their public and private keys. As the name suggests, the private key must be kept secret.
THIS is what many blogs say about RSA
@@harshmittal3072
Signing is different from Encryption, although both use a key-pair generated by RSA. Both differ in the objective:
Assume Alice uses her key-pair for the examples
Encryption - The objective is to protect the data. Let's say Bob 'encrypts' a message using Alice's public key. This allows only Alice to read the data (using her private key), but there's no way to verify that it was indeed Bob who encrypted the data, or the source of the data, since anyone can use Alice's public key.
Signing - The objective is to verify the source of the data. Let's say Alice 'signs' a message using her own private key. This allows anyone to verify that this data was indeed from Alice (using her public key), but there's no way to protect the data, since, again, anyone can use Alice's public key.
Hope this explanation helps. You can read more about this at www.encryptionconsulting.com/education-center/encryption-and-signing#:~:text=Encryption%20uses%20a%20key%20to,of%20encryption%20in%20its%20process
In web api net core and angular?
Uncaught ReferenceError ReferenceError: Cannot access 'fs' before initialization
You can help me, Im using express server, and I want to do a middleware!!
I got the error JsonWebTokenError: invalid algorithm
You have to specify the algorithm
Ialso get an error. But it says JsonWebTokenError: invalid signature
Same for me
@@jpbl2418 I realized later that my public and private key did not match. No idea why. Had to regenerate.