Topanoe Topanoe - 9 months ago 47
ASP.NET (C#) Question

Which to use between RS256 and HS256 for ASP.NET web client?

I'm developing an ASP.Net Core web application and will be using Auth0 for user authentication.

I'm having a hard time figuring out if my JSON Web Token Signature Algorithm should be


From the information that I have found, I still can't make heads or tails of it. Any ideas?

Answer Source

Even though both algorithms make use of SHA-256, they are fundamentally different:

  • RS256 (RSASSA-PKCS1-v1_5 using SHA-256) relies on generating a digital signature with a specific private key.
  • HS256 (HMAC using SHA-256) relies on a shared secret plus the cryptographic hash function (SHA-256) to generate a message authentication code (MAC).

Validating tokens issued with each of the previous algorithms implies that for RS256 the entity doing the validation knows the public key associated with the private key used for signing, while for HS256 it implies that the entity knows the shared secret.

Choosing between one versus the other is then usually motivated by the characteristics of the applications that will validate the issued tokens.

If you want to validate a token on a browser-based application, the use of HS256 is automatically ruled out because that would imply you would have to include the shared secret in a place anyone would have access, making it completely useless because now anyone with access to the code could issue their own signed tokens.

In conclusion, if token validation is done on a controlled environment (server-side) you may go with HS256 because it's simpler to get started. However, if token validation is done on hostile environment you need to go with an algorithm based on asymmetric cryptography; in this case that would be RS256.