DEV Community

Robertino
Robertino

Posted on • Originally published at auth0.com

RS256 vs. HS256 What's the difference?

Learn the difference between RS256 and HS256 JWT signing algorithms.


When learning about JWTs, some terms you hear a lot are signatures and signing. If the tutorials are creating JWTs, you may see them select an algorithm to create the signature. But what are signing algorithms, and how do they work? Read further and learn about JWT signing algorithms and the two most common algorithms used.

When you create JSON Web Tokens, they are signed. Signing the token allows its recipient to validate that the content of the token wasn't changed and verify the original issuer of the token created signature.

Heads up! Signatures are not encryptions!

Signing JWTs doesn't make their data unreadable. Signatures only allow verification that the content of the JWT was not changed.

The signature is the part of a JWT that verifies the content of the JWT hasn't changed since the moment it has been issued (as it would happen, for example, in person in the middle attacks).

RS256 and HS256 are the most common algorithms used for signing JWTs. This article will go over some differences between RS256 and HS256. This post will not cover the other JWT signing algorithms, such as ES256 or PS256.

To view more signing algorithms view the specs that lists all the signing algorithms.

What are JWT signatures?

Signatures are created by combining encoded versions of the header and payload of a JWT, passing them and the secret as parameters into the algorithm defined in the header.

The following is an example code that can be used to create a JWT signature.

HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  secret)
Enter fullscreen mode Exit fullscreen mode

The following is an example output of what the signed JWT looks like:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Enter fullscreen mode Exit fullscreen mode

Each section (header, payload, and signature) is separated by a period (.).

The following picture highlights the signature part of a JWT decoded via jwt.io:

jwt.io

JWTs are commonly signed using one of two algorithms: HS256 (HMAC using SHA256) and RS256 (RSA using SHA256).

That leaves you with the question:

What's the difference between RS256 and HS256 signing algorithms?

Read more...

Discussion (0)