Readme: signing with public key #213
Comments
|
You might be misunderstanding the point of this library. The library is not signing anything with the pubkey. It is using the public key to validate an existing signature that was created using a private key. In essence it is validating if the JWT has been signed by the private counterpart of the provided public key, and that its contents have not changed after the signing process. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I was reading the documentation of the library and I found that in the examples there's only one about key pairs which uses the public key. This confuses me a bit and sorry if I'm wrong but would not using the private key be the most common usage in this scenario?
Using the public key I think that goes a bit against the JWT specification and I cannot think of a real use case for that because maybe someone not authorized has access to that public key.
Could you explain me the utility of using the key pair for signing in that way?
Thanks and great library btw!
The text was updated successfully, but these errors were encountered: