[JWT] JWT Signature With RS256 - Learn The Advantages Compared to HS256

Posted Answer1215

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了[JWT] JWT Signature With RS256 - Learn The Advantages Compared to HS256相关的知识,希望对你有一定的参考价值。

The advantage of RS256 over HS256 is RS256 no longer need to share the secret key between client and server side.

To create a token, we need to private key, which should be kept safe. We can use third-party server such as Auth0 to generate private-public key paris. 

The public key is used only to validate JWT token on the server, and cannot use public key to create a JWT token, so even the server is hacked, hacker still cannot use the information create a token to access the data.

 

Create a token:

var jwt = require(‘jsonwebtoken‘);
var fs = require(‘fs‘);


var privateKey = fs.readFileSync(‘./demos/private.key‘);

var payload = {
  name: ‘Alice‘
};


var token = jwt.sign(payload, privateKey, {
    algorithm: ‘RS256‘,
    expiresIn: 120,
    subject: "1"
});


console.log(‘RSA 256 JWT‘, token);

 

Validate a token:

var jwt = require(‘jsonwebtoken‘);
var fs = require(‘fs‘);


// verify an existing JWT
var existingToken = ‘eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiQWxpY2UiLCJpYXQiOjE1MDI5MDMxNTcsImV4cCI6MTUwMjkwMzI3Nywic3ViIjoiMSJ9.KQJ-f3r4TNCLVrox1JaL5pxQAM6vSw4CNKj1lCf3HDWXGdIHW5rgD5odKpNBjrkbl1smjEL_ClLnFwG_iGDPKvu2bqktcrbXwi1-XUrY-jDKLkpoEHL2C9tGYnyDRl6Pg1SP97Hl-VWkGNyekYMerL8vh0RwgcK7y8UsuA33WgnP1DtfhKIghwcd493ARN4nBvmMJ11Zk35c7FBIN2w4Xl4ny8RU4l0_xy5DBF3JAKV1jilTHOKEvsrY8Ry3qRKaxxR6-QE_pfGOte3BRlt6544BUul1yI662tVAn1R28KXKnwCGAwo_HZ1kC-OrxmsjoXI4HDuHG2k5eRX-QC_W4Q‘;


var publicKey = fs.readFileSync(‘./demos/public.key‘);


console.log("verifying");

const verify = jwt.verify(existingToken, publicKey);



console.log("Decoded JWT:", verify);

 

以上是关于[JWT] JWT Signature With RS256 - Learn The Advantages Compared to HS256的主要内容,如果未能解决你的问题,请参考以下文章

JWT Web 令牌加密 - SecurityAlgoritms.HmacSha256 与 SecurityAlgoritms.HmacSha256Signature

JSON Web Signature 规范解析

spring boot 2 集成JWT实现api接口认证

环境/身份验证可能存在问题 - BigQuery 管理员:invalid_grant, Invalid JWT Signature

如何使用 RSA256 算法生成 JWT 签名?

jwt+nest.js,实现登录挤出功能