 When you're learning about JWTs, some terms as you hear a lot are signatures and signing. If tutorials are creating JWTs, you may see them select an algorithm to create the signature. But what are signing algorithms and how do they work? Watch this video and learn the difference between the two most common JWT signing algorithms and which one you should use. When you create JSON web tokens, they are signed. Signing the token allows its recipient to validate that the content of the token wasn't changed and verify the original issuer of the token created the signature. Heads up! Signatures are not encryptions. Signing JWTs doesn't make the data unreadable. Signatures only allow verification that the content of the JWT hasn't changed. RS256 and HS256 are the two most common algorithms used for signing JWTs. This video will go over some of the differences between RS256 and HS256, but it will not cover the other JWT signing algorithms such as ES256 or PS256. But first, what are JWT signatures? Signatures are created by combining encoded versions of the header and the payload of a JWT, passing them and the secret as parameters into the algorithm that's actually defined in the header. This code here on the screen is an example of code that can be used to create a JWT signature. And this here on the screen is an example of what the output of a signed JWT looks like. You can decode JWTs on jwt.io here's an example of a decoded JWT with the signature highlighted. JWTs are commonly signed with one of two algorithms HS256 or RS256. A lot of times that leaves you with the question What's the difference between RS256 and HS256 signing algorithms? Let's start with HS256 or HMAC with SHA256. It's a symmetric keyed hashing algorithm that uses one secret key. Symmetric means two parties share the secret key. The key is used for both generating the signature and validating the signature. Be mindful when using the shared key. It can open up potential vulnerabilities if the verifiers which can be applications are not appropriately secured. Next let's cover the RS256 algorithm. RS256 or RSA signature with SHA256 is an asymmetric algorithm that uses a public and private key pair. The identity provider has a private key to generate the signature. Then the receiver of the JWT uses a public key to validate the JWT signature. The public key used to verify and the private key used to sign the token are linked since they are generated as a pair. I do want to note in both cases a third party could potentially find your secret key and generate a JWT that will be considered valid to your applications. The applications that verify the tokens have the same key that signs a JWT which increases the risk of being exposed to a third party. You will need to take caution to protect the key from being compromised such as putting the secret in a secure secret store limiting access to the secret etc etc. Now that you know the difference between RS256 and HS256 you probably want to know which one should you use. While HS256 and RS256 can be used to allow the verification of the integrity of JWTs the recommended algorithm at this time is RS256. A signature must ensure authenticity which means that the JWT content is the same as that generated by the sender. Both HS256 and RS256 the algorithms ensure JWT authenticity. However RS256 also ensures non-repudiation which means it guarantees that the sender has generated the signature. With RS256 you are sure only the holder of the private key and no one else can sign the tokens. In addition if the secret key is compromised you can rotate signing keys without redeploying your application with a new secret as you would have to do with HS256. Keep in mind that regularly rotating keys is good even when your keys haven't been compromised. Rotating your keys reduces the chance of a compromise. For example off-zero notifies you if you haven't rotated your key in more than 365 days. Now you might be wondering is there any scenario where you would choose HS256? Great question and guess there are a couple of scenarios where you may use HS256. You may consider using HS256 when you're working on a legacy application that can support RS256. Another possible use case for HS256 instead of RS256 is when your application makes a very large number of requests because HS256 is more efficient than RS256. So just to summarize in this video you learn the key differences between HS256 and RS256 for JWT signing algorithms and those differences are as follows. HS256 is a symmetric algorithm that shares one secret key between the identity provider and your application. The same key is used to sign the JWT and allows verification of that signature. RS256 is an asymmetric algorithm that uses a private key to sign the JWT and a public key to verify that signature. RS256 is the recommended algorithm when you're signing JWTs. It's more secure and you can rotate your keys quickly if they are compromised. In this aside you know off-zero signs JWTs in our applications with RS256 by default. If you want to learn more about JWTs, authentication, authorization, and any web identity topics subscribe to our YouTube channel. Thanks for watching.