Understanding Hashing, Encryption, and JWT

Understanding Hashing, Encryption, and JWT

In this article, we’re going to explore three important tools that help keep our online world safe and secure. First, we’ll learn about ‘Hashing’, Next, we’ll discover ‘Encryption’, which is like a lock and key for your information. Finally, we’ll understand ‘JWT’ or ‘JSON Web Tokens’, which are like VIP passes that let you access different parts of a website. So, buckle up and let’s start this exciting journey!

Hashing 💡

Hashing is a technique in computer science and cryptography, which is used to converts the data such as password into a fixed-size string of characters, usually a mix of letters and numbers, called a hash or hash value.

💡
One-way process: Once data is turned into a hash, you can’t turn it back into the original data.

For example, when you first sign up, your password is converted into a hash and stored in the database. The next time you log in and provide your password, it is converted into a hash again and then compared with the hashed password stored in the database.

Encryption 💡

Encryption is the process of converting (encrypting) data into a coded format that can only be read by someone who has the appropriate decryption key, This transformation ensures that the data remains confidential and secure from unauthorized access, it is a two way process which mean encrypted data can be decrypted back into its original form using the appropriate decryption key.

💡
Two-way process: Data can be encrypted andcan be decrypted back using the appropriate decryption key.

JSON Web Token 💡

JWT, or JSON Web Token, is a mechanism for securely transmitting information between parties as a JSON object. It's comprised of three parts and is generated using a secret key when a user logs in. This token, which includes sensitive data such as user information, is then sent to the user's browser and can be stored there in a cookie or local storage. When the user tries to access protected routes or services, the token is sent back to the server in the request header. The server then decodes the token using the same secret key to validate the user's identity and permissions.

💡
Let's <Make> it more clear!
  1. Let's assume a user logs in using a username and password. JWT provides a method for generating a token, jwt.sign(), which accepts two values. The first value is the user credentials, such as the username, provided in the form of a JSON object. The second value is a secret key. This method then converts the JSON object into a string representation
const secret_key = 'anything';
const jwtToken = jwt.sign({username: "raunak"}, secret_key)
console.log(jwtToken)////fwerfqrfqwefwefxqfwefwegtfh5ry45tg54
  1. After the token is generated, it's sent to the user's browser where it can be stored in either the browser's cookie or local storage, depending on the implementation.

  2. When the user tries to access protected routes or services, the token is sent back to the server in the request header.

     fetch(serverUrl, {
         method: "POST",
         headers: {
             "Authorization": "Bearer " + token
         }
     })
    
  3. The server then decodes or verify the token using the same secret key to validate the user's identity and permissions.

     const token = req.headers.authorization;
         if (!token) {
             return res.status(401).json({ error: 'Unauthorized' });
         }
     const verifiedToken = jwt.verify(token, jwtKey)//verifies the token and retuen either json object or exception
    

Conclusion:

In conclusion, this article has shown us the basics of online security. We’ve looked at three key tools that help keep our digital interactions safe.

Hashing turns data into a fixed-size string of characters. This makes sure that even if someone gets the hash, they can't get the original data.

Encryption changes data so that only someone with the right key can see the original information. This keeps our data safe from unauthorized access.

Finally, we talked about JWT or JSON Web Tokens, which act like VIP passes, letting us access different parts of a website. These tokens, created with a secret key, carry important user information and are used to check a user’s identity and permissions.

Did you find this article valuable?

Support Raunak Mishra by becoming a sponsor. Any amount is appreciated!