Improve documentation for using elliptic curve keys

Question

Improve documentation for using elliptic curve keys

errhammr opened this issue a year ago · 1 comments

Summary

It took me quite a while to figure out how to create JWTs using jwt-cli with elliptic curve keys. OpenSSL appears to be generating EC private keys in SEC1 format and the jsonwebtoken library used by jwt-cli cannot read them in this format.

Steps to reproduce

Generate a P256 private key using OpenSSL

$ openssl ecparam -genkey -name prime256v1 -noout -out p256-private-key-sec1.pem

Attempt to create a JWT

$ jwt encode --secret @p256-private-key-sec1.pem --alg ES256
Something went awry creating the jwt

InvalidKeyFormat

Convert the SEC1 key to PKCS8 format

$ openssl pkcs8 -topk8 -nocrypt -in p256-private-key-sec1.pem -out p256-private-key-pkcs8.pem

Attempt to create a JWT with the PKCS8 key

$ jwt encode --secret @p256-private-key-pkcs8.pem --alg ES256
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJpYXQiOjE2ODk1MDM5MTZ9.14FXdg01av_6QdRWmb13aAKQwY21nXFuu8dFx8f6SGMbP_-oy2iSzTyXvIrT7DF4Hs3jcUV5ak7iK1da6GtZ3Q

OpenSSL version: OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023)
OS: openSUSE Tumbleweed

Expected behavior

This behavior is documented in the README of jsonwebtoken (v8.3.0 at the time of writing) and I think it's worth mentioning somewhere in the documentation of jwt-cli as well. I spent quite some time trying to figure this out and I'd rather have other people find the answer more quickly.

Answer 1 · 2023-08-13T12:33:25.000Z

Thanks @errhammr, added to the readme 😄