Node-jsonwebtoken: How to use when private key was created with a password?

Created on 15 Nov 2015  路  1Comment  路  Source: auth0/node-jsonwebtoken

Is it recommended to create private keys with a password, for added security? If the private key was created with a password, how can it be used with jwt.sign? I can't get it to work.

Also, in the README in the section for jwt.verify(token, secretOrPublicKey, [options, callback]), it should be documented that the secret or public _or private_ key can be used to verify. The private key can be used for both signing and verifying.

question

Most helpful comment

var cert = fs.readFileSync('privatekey'));
jwt.sign({ foo: 'bar' }, { key: cert, passphrase: 'yourpassword' }, { algorithm: 'RS256'});

>All comments

var cert = fs.readFileSync('privatekey'));
jwt.sign({ foo: 'bar' }, { key: cert, passphrase: 'yourpassword' }, { algorithm: 'RS256'});
Was this page helpful?
0 / 5 - 0 ratings