Do you have an example of creating keys in the correct format?

[aboodman]

On OSX, I am generating my key file using:

ssh-keygen -t ecdsa -b 256 -m PEM

Then if I test it like this:

$ echo {\"foo\":\"bar\"} | jwt -key test_ecdsa -alg ES256 -sign - | jwt -key test_ecdsa.pub -verify -
Error: Couldn't parse token: key is of invalid type

Looking at the code, I believe this is because jwt-go is relying on pem.Decode, which is expecting header lines, and ssh-keygen -m PEM only includes those for the private key. However (a) I haven't had trouble manually adding these lines, and (b) I want something easy to tell my own users about how to generate these keys.

Do you have an example of how to property create the key pairs, for EC256?

[t2wu]

Any update on this?

[t2wu]

I end up using the following two commands:

openssl genrsa -des3 -out private.pem 4096
openssl rsa -in private.pem -outform PEM -pubout -out public.pem

This is according to this.

However his third command is not needed here.

Use jwt.ParseRSAPrivateKeyFromPEMWithPassword() and jwt.ParseRSAPublicKeyFromPEM()

[Napas]

I end up using the following two commands:

openssl genrsa -des3 -out private.pem 4096
openssl rsa -in private.pem -outform PEM -pubout -out public.pem

This is according to this.

However his third command is not needed here.

Use jwt.ParseRSAPrivateKeyFromPEMWithPassword() and jwt.ParseRSAPublicKeyFromPEM()

IMHO that should be in the documentation