Suggestion: throw an error if you call create with string as signing key instead of a Buffer

[pingvinen]

Today I spent more time than I care to admit chasing down a bug in my authentication mechanism. I kept getting correctly looking JWTs, but they would not be accepted by my other services (that are not running on node).

In the end, it turned out to be a simple mistake of me providing create with string as signing key instead of a Buffer.

Is there a specific reason that create does not raise an error saying that I am doing something dumb?