RSA Cryptography

RSA (Rivest–Shamir–Adleman) is a widely deployed asymmetric cryptosystem using public/private key pairs. JWT algorithms RS256 and PS256 sign with the private key; verifiers use the public key. Production deployments use 2048-bit or 4096-bit moduli. Private keys are stored in PEM or HSM; public keys publish via JWKS for distributed verification without sharing signing material. Implementations across Node.js, Python, Go, Ruby, and Java follow the same RFC standards, so concepts transfer directly between stacks. Security reviews should treat this as part of your full authentication threat model, not an isolated configuration detail. Document expected behavior for client teams so tokens are issued, stored, and validated consistently across services.

Why It Matters

RSA underpins most enterprise asymmetric JWT deployments. Understanding RSA key sizes, padding modes (PKCS#1 v1.5 vs PSS), and public key distribution explains why RS256 differs from symmetric HS256 and when to migrate signing to dedicated KMS hardware. Getting this wrong often surfaces only after an incident, when forged or replayed tokens expose gaps in validation or secret handling. Platform teams should encode these rules in libraries, linting, and deployment checklists so individual services cannot drift silently. Pair technical controls with monitoring: log verification failures, track unusual token lifetimes, and alert on spikes in 401 responses.

Related Terms

Related Comparisons

Algorithm Guides

Related Tools

Related Articles

Frequently Asked Questions

What RSA key size for JWT?

Minimum 2048 bits for new deployments; 4096 bits for high-security or long-lived roots. Avoid 1024-bit keys. Consult your JWT library documentation for exact option names, defaults, and error types. When in doubt, prefer stricter validation and shorter token lifetimes over permissive shortcuts.

RSA vs ECDSA for JWT?

RSA has broader support; ECDSA (ES256) yields smaller keys and signatures. Both are valid asymmetric choices. Consult your JWT library documentation for exact option names, defaults, and error types. When in doubt, prefer stricter validation and shorter token lifetimes over permissive shortcuts.

Can RSA public keys sign JWTs?

No. Only the private key signs. Public keys verify signatures only. Consult your JWT library documentation for exact option names, defaults, and error types. When in doubt, prefer stricter validation and shorter token lifetimes over permissive shortcuts. Test edge cases with expired, malformed, and wrong-algorithm tokens in CI before shipping auth changes.