tamigoodall
commented
4 years ago Updated - thanks for the great information.
Closed vit100 closed 4 years ago
tamigoodall
commented
4 years ago Updated - thanks for the great information.
Description
Description of signature validation in case of RSA256 encryption is not correct - Validate JSON Web Tokens
Signature in RSA256 created from message hash by using private key.
In case of RSA following steps performed.
Calculate current Hash Value. In the first step, a hash-value of the signed message is calculated. For this calculation, the same hashing algorithm is used as was used during the signing process. The obtained hash-value is called the current hash-value because it is calculated from the current state of the message.
Calculate the Original Hash-Value. In the second step of the digital signature verification process, the digital signature is decrypted with the same encryption algorithm that was used during the signing process. The decryption is done by the public key that corresponds to the private key used during the signing of the message. As a result, we obtain the original hash-value that was calculated from the original message during the first step of the signing process (the original message digests).
Compare the Current and the Original Hash-Values. In the third step, we compare the current hash-value obtained in the first step with the original hash-value obtained in the second step. If the two values are identical, the verification if successful and proves that the message has been signed with the private key that corresponds to the public key used in the verification process. If the two values differ from onr another, this means that the digital signature is invalid and the verification is unsuccessful.