Aarunya AppsAarunya Apps

RS512 JWT Algorithm

RS512 uses SHA-512 with RSA PKCS#1 signing — the strongest of the RSA-family JWT algorithms. Suitable for long-lived tokens or environments where maximum asymmetric signature strength is a compliance requirement.

Family
RSA
Hash
SHA-512
Key type
asymmetric
Performance
Slow (1–10ms)

Key Requirements

RSA key pair of at least 4096 bits recommended to match SHA-512 security level. RSA-2048 is accepted but creates a security level mismatch with SHA-512.

JWT Header

Every JWT using RS512 has this header (base64url-encoded as the first segment):

{
  "alg": "RS512",
  "typ": "JWT"
}

Code Examples

Node.js — Sign (jose library)
import { SignJWT, importPKCS8 } from 'jose'

const privateKey = await importPKCS8(process.env.RSA_PRIVATE_KEY!, 'RS512')

export async function signToken(payload: Record<string, unknown>) {
  return new SignJWT(payload)
    .setProtectedHeader({ alg: 'RS512' })
    .setIssuedAt()
    .setExpirationTime('1h')
    .sign(privateKey)
}
Node.js — Verify (jose library)
import { jwtVerify, importSPKI } from 'jose'

const publicKey = await importSPKI(process.env.RSA_PUBLIC_KEY!, 'RS512')

export async function verifyToken(token: string) {
  const { payload } = await jwtVerify(token, publicKey, { algorithms: ['RS512'] })
  return payload
}
Python — PyJWT
import jwt
from cryptography.hazmat.primitives import serialization

with open("private.pem", "rb") as f:
    private_key = serialization.load_pem_private_key(f.read(), password=None)
with open("public.pem", "rb") as f:
    public_key = serialization.load_pem_public_key(f.read())

token = jwt.encode({"sub": "1234"}, private_key, algorithm="RS512")
payload = jwt.decode(token, public_key, algorithms=["RS512"])

When to Use RS512

High-security and FIPS-compliance environments requiring maximum RSA strength. For typical API authentication, RS256 or ES256 provides adequate security with better performance.

Security Considerations

PKCS#1 v1.5 padding concern applies — PS512 (RSA-PSS with SHA-512) is preferred for new high-security systems. RSA-4096 key generation is slow (10–60 s) but only done once.

Related Algorithms

Standardised in RFC 7518 §3.3 — JSON Web Algorithms (JWA).

Decode a real JWT

Paste any JWT into the debugger to inspect the header, payload, and verify an RS512 signature.

Open JWT Debugger

Frequently Asked Questions

Can the same RSA key pair be used for both RS256 and PS256?

Yes. RS256 and PS256 use the same RSA key format (PKCS#8 PEM for private keys, SPKI PEM for public keys). The difference is in the padding scheme applied during signing — PKCS#1 v1.5 for RS256, PSS for PS256. You can reuse existing RSA keys when migrating from RS256 to PS256.

What minimum key size should I use for RSA JWT signing?

2048-bit RSA minimum. 3072-bit is recommended for new systems as it provides a higher security margin at modest performance cost. 4096-bit if using RS512 or PS512 to match the SHA-512 security level. RSA-1024 is insecure and rejected by modern JWT libraries.

How do I expose my public key for token verification?

Publish your public key as a JWKS (JSON Web Key Set) at a well-known URL, typically /.well-known/jwks.json. Clients use createRemoteJWKSet() (jose library) or similar to fetch and cache the public keys, automatically handling key rotation.