Is it just an absurdly unlikely coincidence that the first seven letters of the signature (30:40) are "POstGet?" Anyway, this series is awesome. Thank you!
Feels so much okay to use abstractions when you have somewhat of an idea of what is going on under the hood. Thank you for taking the time to go through it all!
This is awesome Zach!...I really like that you dive deep into the details. I haven't come across a tutorial that does so. Thank You so much and please keep it up.
Every time I see one of your videos, I remember that joke from the Simpsons, when Grandpa Simpson is on a course about eating oranges: Just Eat The Damn Oranges!!
That was amazing, it would be really good if we could get a playlist on 'Applied cryptography with nodejs' That will really be helpful because you have an art of putting things together and make it easy to understand. Thanks for the amazing video
That's a really good idea and I think creating that would be fun. Will add it to the idea list. In the meantime, I do have an intro to asymmetric cryptography if you hadn't already seen that - th-cam.com/video/ipQrwfKTH_4/w-d-xo.html
Awesome tutorial series!! I just have one doubt in 27:43 : Does crypto.createSign('RSA-SHA256') and crypto.createHash('sha256'); //which you used in previous video do the same thing, i.e. hashing the data?
Thank you very much for this tutorial. I was wondering though in production environment should I save the private and public key files in the application or I should save them elsewhere? Please help. Thanks.
Thanks Zack! I watched your whole playlist. It's great. I'm trying to push the jwt strategy api implementation to heroku but I'm having trouble with the keys. Do you have any thoughts on how would one generate a private key on heroku?
Hi Zach At 18:10 if anyone knows server public key , anyone can decrypyt the JWT Token and extract the payload information out of it . How is this secure ?
A JWT uses the "digital signature" use case of asymmetric cryptography. This does NOT protect data, but rather verifies that who you say you are is actually who you are. When using it for this use case, you never want to put sensitive information in the payload because yes, anyone with the public key can see it.
. bos why is that instead of just a public encrytion what you used on digitally signed crypto was a private key ? i havent tried it yet the vice versa but is it gonna work ? using a public encryption on DSC, just wandering
. 44 mins played this on high speed and took me less than 20 mins without being curious on some subjects so that i would go back in crypto curreny the last video and im going to put that in my editor with your toughts as my fingertips and my mind as your mind . im going to be eager on this fininishing these videos including that one in less time depending how i listen to every you say , in going to make you a god which will not be on shame coz you sounded here ranting not compared to ur 1st, 2nd and 3rd vid's . hope i will catch up on every thing your saying in this
This thing is just so much enlightening. It is definitely long and certainly not easy. Do you really need it to put your app together? I don't think so. Do you really want to understand what's going on? This is the only tutorial, which explains all the details. I think Zach did check the code of the jsonwebtoken library to be able to create this masterpiece for you. This is what almost no one does. He has gone farther than anyone of us, I think. I don't know how long it actually took for him, but I think it was months of work at least, which he actually put in a couple of hours of video here very well. You may need to watch some parts two times to understand fully and maybe code along with him, but as an end result, you will understand this topic better than after participating in a full-term university course about this topic. In Uni your instructor might not understand it the way he does, so you may end up confused and frustrated and you don't even know why. You may still be confused after watching him, but I guarantee you that if you watch it more times and code along you will have a perfect understanding and it won't take you as long as it took him even marginally. You not only going to understand what is going on in the code, but you will generally understand the cryptography basics too, which is just phenomenal as this topic is so notoriously difficult to understand. Well done Zach, it is just incredible.
This was sooo interesting to watch. Many of us fall into the pitfalls of not understanding libraries that we use. This helped a lot. Thanks
amazing, without a doubt the best tutorial about express session and JWT that i ever watch.
You make every magic look logical.
Thanks.
Is it just an absurdly unlikely coincidence that the first seven letters of the signature (30:40) are "POstGet?" Anyway, this series is awesome. Thank you!
you are the best i watch a lot of tutos and read much of articles and you are the only one who gives me all what i need thank you
Really amazing series man. Thanks to theOdinProject for linking me here.
Feels so much okay to use abstractions when you have somewhat of an idea of what is going on under the hood. Thank you for taking the time to go through it all!
This is just great tutorial on JWT I have ever came across, kudos to you!!!
Seen tons of videos, this explains the theory part the most interactive way, thank u so much! Subscribed.
I love the detailed insights before actually using libraries that abstract away all this. Doesn't feel like a 'black box' that way. 👍
This is awesome Zach!...I really like that you dive deep into the details. I haven't come across a tutorial that does so. Thank You so much and please keep it up.
Your content is simply awesome, the best on the topic I've seen! Thank you so much!
Hey Zach, this was an amazing video. Thanks for putting this together!
bruh this is way too good, I feel like I'm watching a paid course
Thanks for the comment really appreciate it!
Every time I see one of your videos, I remember that joke from the Simpsons, when Grandpa Simpson is on a course about eating oranges: Just Eat The Damn Oranges!!
Excellent explaining Zach, you're a life saver man.
Thanks for these videos man, they helped a lot.
very good explanation , Thank you
Hot damn, this is good! Amazing explanation.👏👏 I appreciate very much your hard work.
Thank you, Zach!
That was amazing, it would be really good if we could get a playlist on 'Applied cryptography with nodejs'
That will really be helpful because you have an art of putting things together and make it easy to understand.
Thanks for the amazing video
That's a really good idea and I think creating that would be fun. Will add it to the idea list. In the meantime, I do have an intro to asymmetric cryptography if you hadn't already seen that - th-cam.com/video/ipQrwfKTH_4/w-d-xo.html
Thanks a lot for this video!!!
amaziing mate
Awesome tutorial series!! I just have one doubt in 27:43 :
Does crypto.createSign('RSA-SHA256') and
crypto.createHash('sha256'); //which you used in previous video
do the same thing, i.e. hashing the data?
Thank you very much for this tutorial. I was wondering though in production environment should I save the private and public key files in the application or I should save them elsewhere? Please help. Thanks.
Thanks Zack! I watched your whole playlist. It's great.
I'm trying to push the jwt strategy api implementation to heroku but I'm having trouble with the keys. Do you have any thoughts on how would one generate a private key on heroku?
I'm still learning all this but why not just generate the file offline and upload it to the server?
Hi Zach
At 18:10 if anyone knows server public key , anyone can decrypyt the JWT Token and extract the payload information out of it . How is this secure ?
A JWT uses the "digital signature" use case of asymmetric cryptography. This does NOT protect data, but rather verifies that who you say you are is actually who you are. When using it for this use case, you never want to put sensitive information in the payload because yes, anyone with the public key can see it.
can you explain the private and public key way of usage elaborately and in file structure
Why do you save the private and public keys as files, instead of environment variables?
. bos why is that instead of just a public encrytion what you used on digitally signed crypto was a private key ? i havent tried it yet the vice versa but is it gonna work ? using a public encryption on DSC, just wandering
. nvm bos , not only might but i really feel it that i already seemed figure it out and im not gonna put the answers here , what might
is bcrypt module is good ?
Very good explanation.. Please create a udemy course. I will be your student.. Please don't stop teaching..
. 44 mins played this on high speed and took me less than 20 mins without being curious on some subjects so that i would go back in crypto curreny the last video and im going to put that in my editor with your toughts as my fingertips and my mind as your mind . im going to be eager on this fininishing these videos including that one in less time depending how i listen to every you say , in going to make you a god which will not be on shame coz you sounded here ranting not compared to ur 1st, 2nd and 3rd vid's . hope i will catch up on every thing your saying in this
I don't think we need a private and a public key for sign and verification, it's just 1 secret key
This thing is just so much enlightening. It is definitely long and certainly not easy. Do you really need it to put your app together? I don't think so. Do you really want to understand what's going on? This is the only tutorial, which explains all the details. I think Zach did check the code of the jsonwebtoken library to be able to create this masterpiece for you. This is what almost no one does. He has gone farther than anyone of us, I think. I don't know how long it actually took for him, but I think it was months of work at least, which he actually put in a couple of hours of video here very well. You may need to watch some parts two times to understand fully and maybe code along with him, but as an end result, you will understand this topic better than after participating in a full-term university course about this topic. In Uni your instructor might not understand it the way he does, so you may end up confused and frustrated and you don't even know why. You may still be confused after watching him, but I guarantee you that if you watch it more times and code along you will have a perfect understanding and it won't take you as long as it took him even marginally. You not only going to understand what is going on in the code, but you will generally understand the cryptography basics too, which is just phenomenal as this topic is so notoriously difficult to understand. Well done Zach, it is just incredible.
Thank you! I’m glad you appreciate this, it did take quite a long time to build out all the examples!