Is it recommended to create private keys with a password, for added security? If the private key was created with a password, how can it be used with jwt.sign? I can't get it to work.
Also, in the README in the section for jwt.verify(token, secretOrPublicKey, [options, callback]), it should be documented that the secret or public _or private_ key can be used to verify. The private key can be used for both signing and verifying.
var cert = fs.readFileSync('privatekey'));
jwt.sign({ foo: 'bar' }, { key: cert, passphrase: 'yourpassword' }, { algorithm: 'RS256'});
Most helpful comment