YoavKlein
Reputation: 2715
Why jwt.io gives me the private key part to fill?
I have a slight confusion regarding the online JWT validator jwt.io. As far as I understand, a JWT that is signed with the RS256 algorithm is signed with a private key, and all is needed to verify it is the corresponding public key.
If so, why is it that jwt.io lets you fill in the private key part?
Upvotes: 0
Views: 196
Answers (1)
jps
Reputation: 22585
jwt.io works in both directions, you can also add or modify values on the right side (the Decoded column) in the header and payload and then get a new signed token if you provide the private key.
As long as you only want to verify an asymmetric signed token, you only need to provide the public key.
Upvotes: 0
Related Questions
- How to sign a JWT using RS256 with RSA private key
- Verifying JWT signed with the RS256 algorithm using public key in C#
- JWT Private / Public Key Confusion
- Where to store JWT in browser? How to protect against CSRF?
- jwt.io says Signature Verified even when key is not provided
- How to read a PEM RSA private key from .NET
- Where does jwt.io get the public key from JWT token?
- Can't generate a JWT token in jwt.io with Private key