Introduction to EC and RSA signing algorithms in JWT

Learn the essentials of asymmetric encryption, and understand the pros and cons of the two popular JWT signing key algorithms - EC and RSA.
October 10, 20236 min read
Introduction to EC and RSA signing algorithms in JWT


In the digital world, the pursuit of enhanced data transmission security has remained constant and ever-evolving. Nowadays, JSON Web Tokens (JWT) have been widely adopted and play a crucial role in OAuth 2.0 and OIDC. But how does an authorization server verify and trust a JWT token sent from a client? How is the token issued and signed by the issuer? In this blog post, we'll talk about asymmetric encryption and delve into the pros and cons of different signing algorithms that Logto uses in its JWT tokens.

Understanding asymmetric encryption

Asymmetric encryption, also known as public-key cryptography, a foundational concept in computer security and cryptography, involves the use of a unique pair of related keys: a public key and a private key. The roles of these keys may seem counterintuitive at first, but they are essential for data security.

  • Public key: The public key, as the name suggests, is designed for open sharing. In the context of JWT and similar systems, the public key is used for signature verification, not encryption. When data is signed with the private key and the recipient possesses the corresponding public key, they can validate that the data was indeed signed by the private key holder and has not been tampered with during transmission. However, in traditional asymmetric encryption usage, such as HTTPS, the public key is used for encryption, and the encrypted data can only be decrypted by the target server that holds the paired private key.
  • Private key: In contrast, the private key is a closely guarded secret that should only be known to its rightful owner. In the context of JWT, the private key is used to create digital signatures that can be verified by anyone with access to the corresponding public key. Additionally, in the context of more traditional asymmetric encryption, the private key is indeed used for decryption, allowing access to data that has been securely encrypted with the public key.

This unique arrangement of keys, where the public key verifies or encrypts the data and the private key signs or decrypts it, forms the basis of secure data transmission and user authentication mechanisms in the digital world. Check this blog post for more details.

Asymmetric encryption algorithms: RSA vs EC

The RSA (Rivest-Shamir-Adelman) and EC (Elliptic Curve) algorithms are the two most commonly used “mathematical functions” in asymmetric encryption. As developers, we are often presented with a choice between these algorithms when dealing with an auth framework and its JWTs. But which one would be your choice? Let’s delve into the pros and cons of each.

RSA signing algorithm

  • Pros:
    1. Widespread support: RSA is widely supported across various platforms and libraries, ensuring compatibility in a wide range of environments.
    2. Long track record: RSA has a long history of reliable security, and its algorithms are well-understood by the cryptographic community.
  • Cons:
    1. Key sizes: RSA keys are longer to achieve the same level of security as EC, resulting in larger token sizes and increased computational overhead.
    2. Performance: RSA operations tend to be slower than EC, which can be a drawback in high-traffic applications.

EC signing algorithm

  • Pros:
    1. Efficiency: EC boasts superior performance compared to RSA, making it ideal for applications with resource constraints or high traffic loads.
    2. Compact key sizes: EC keys are way shorter than their RSA counterparts while offering equivalent security levels. This leads to reduced storage and network requirements and accelerated cryptographic operations.
    3. Security: EC is highly regarded for its robust security, fortified by the intricate mathematics behind elliptic curves, rendering it resilient against brute-force attacks.
  • Cons:
    1. Limited support: Some older systems and libraries may lack comprehensive EC support, potentially causing compatibility issues. E.g. Cloudflare Zero Trust does not support EC signed tokens.
    2. Complexity: Implementing EC can be more intricate due to the mathematical intricacies involved.

Logto's choice of JWT signing algorithms

Logto has always been committed to the highest standards of security and flexibility and tends to use the most modern and performant solutions at its core. EC offers a winning combination of robust security and computational efficiency, making it an ideal fit for modern authentication and authorization needs. Therefore, EC has been our default signing key algorithm since the early stage of our product.

However, we also received numerous feedback from our users, that the EC-signed tokens are not compatible with some third-party systems and frameworks, especially the legacy ones. Hence, we have been working on providing support for the RSA algorithm as well, ensuring that Logto remains adaptable and versatile for all your authentication requirements.

In the next coming release, Logto Cloud will introduce a “Private Key Rotation” feature, which allows you to create a new OIDC private key and cookie key in your tenant. (The private key is used to sign your JWT tokens and the cookie key is to sign your cookies.)

Console UI screenshot for rotate OIDC keys

This feature helps mitigate the risks associated with long-term key exposure or compromise. Regularly rotating private keys should be a fundamental practice in any organization's security strategy and is highly recommended by Logto.

Moreover, while rotating your JWT signing key, we will also provide an option to select the signing key algorithm from EC and RSA. So if you are facing the problem of not being able to connect to a third-party platform due to the unsupported JWT signing algorithm, now it's time to rotate and select the RSA algorithm for your new private key.

Since this setting resides in the tenant settings page, the UI will not be available to OSS users. But don't worry, you can still achieve this by upgrading to the latest release and executing the following CLI commands in the Logto root directory.

# Rotates JWK signing key. Option 'type' defaults to 'EC', case insensitive
npm run cli db config rotate oidc.privateKeys -- --type=rsa

# Rotates cookie signing key
npm run cli db config rotate oidc.cookieKeys

In a nutshell

Asymmetric encryption helps secure your JWT tokens in your auth system. Both EC and RSA algorithms are essential and popular algorithms in cryptography. Understanding the pros and cons and the mathematical principles behind these algorithms helps make better decisions for your application to work with an authentication and authorization framework.

Logto will continue to explore and offer you a more secure and robust user experience.