JWT and RSA/ECDSA Signatures with JavaScript
[Home]
Create trusted tokens with JSON Web Tokens (JWT). 3 fields: header; payload; and signature. The signature is used to sign for the data, and can either be with an HMAC method (with a shared secret) or with public key encryption (such as with RSA and ECDSA). With the ECDSA/RSA method, define a private key sign the token and the public key to verify it.
| Method |
RSA: RSA (PSS): ECDSA: |
|---|---|
| Issuer (ISS): | |
| Subject (sub): | |
| JWT ID (jti): | |
| Password (Use to sign) | |
| Keys | |
| JWT Signed Token |
Notes
For a JSON Web Token:
Methods that can provide a signature include HS256 (HMAC SHA-256), ES256 (ECDSA using P-256 and SHA-256), RS256 ( RSASSA-PKCS1-v1_5 with the SHA-256) and PS256 (RSA-PSS). HS256 uses a password to generate an encryption key for the signature, while ES256 and RS256 require a private key to sign the token and a public key to verify it. In this case, we will use public key encryption to sign the token, and where the private key signs the token, and the public key is used to verify it.
For ECDSA:
Generate ECC keys (such as with secp256k1 - as used in Bitcoin and Ethereum)