Just looked at the video here RS256 vs HS256 What's the difference? and it says that for RS256 algorythm a private key is used to create a JWT signature and a public key is used to veirfy the signature. This makes total sense.
Why does jwt.io ask for my private key to verify the signature?
If I need to share the private key, then this is no different from HS256 where the same key is used to both create and verify the signature?
6 posts - 3 participants