RS256 is one of the most widely used JWT signing algorithms in production systems.

Unlike HS256, RS256 uses asymmetric cryptography, meaning it relies on two different keys:

This simple change fundamentally alters how JWT authentication works in distributed systems and is the reason why many identity providers—including Auth0, Okta, Keycloak, Azure AD, and Google Identity—default to RS256.


What Does RS256 Mean?

The name RS256 can be broken into two parts.

In practice:

RS256 = RSA + SHA-256

Unlike HS256, there is no shared secret.


Asymmetric Cryptography

RS256 uses a key pair.

        Private Key
             │
          Sign JWT
             │
             ▼
     ─────────────────
             ▲
             │
        Verify JWT
             │
         Public Key

The private key is secret.

The public key can be distributed to anyone.

This is the defining feature of asymmetric cryptography.