JSON Web Tokens (JWT) are used everywhere (especially in financial IT which requires highly secure environment). This article will cover the basic example of JWT.
openssl genrsa -out medium-private-key.pem 2048
openssl rsa -in medium-private-key.pem -pubout -out medium-public-key.pem
=> convert to private key with PCKS8 format
openssl pkcs8 -topk8 -inform PEM -in medium-private-key.pem -out medium-private-key-pkcs8.pem -nocrypt
below code will generate private key and public key from string
the genPrivateKey function use PCKS8 format, that is why we need to convert it at step 1
In the real word case, sender and receiver will exchange their public key only, that said, sender knows sender_private key and receiver_public key while receiver has receiver_private key and sender_public key.
sender will encrypt message with receiver_public key, and sign the message with sender_private key.
when receiver receives the encrypted message. It should use receiver_private key to decrypt the message via so called the RSA asymmetric encryption mechanism. And use the sender_public key to verify the signature.
with the dummy key pairs(sender and receiver use same key pair) generated at step 1, write a test code:
this is a very good article about JWT:
https://medium.facilelogin.com/jwt-jws-and-jwe-for-not-so-dummies-b63310d201a3
Happy Coding!
