DEV Community 👩‍💻👨‍💻

Discussion on: JWT Authentication with Asymmetric Encryption using certificates in ASP.NET Core

eduardstefanescu profile image
Eduard Stefanescu Author

The idea behind using asymmetric encryption for a JWT token is that the API will generate and sign a token using the private API's key. The key for the public API might be known internally or by a CA. The client or other services then send the received JWT token to the API, which validates it with the public key.

This does not happen in typical circumstances (for example, while sending an email), because the API uses both keys. And not by the client and the API separately.

Thanks for pointing this out. The article has now been updated in order to make it easier to understand this topic.

weiming80 profile image

your example code not agreed with the diagram above. You code signed with private key when user login successfully and return back to browser. and validated with public key after that. may I know the reason?