Generate keypair:
import { generateKeyPair } from "jose/util/generate_key_pair";
import fs from "fs";
import { KeyObject } from "crypto";
(async () => {
const { publicKey, privateKey } = await generateKeyPair("EdDSA", {
crv: "Ed25519",
});
if (publicKey instanceof KeyObject && privateKey instanceof KeyObject) {
const pubKey = publicKey.export({
format: "pem",
type: "spki",
});
const priKey = privateKey.export({
format: "pem",
type: "pkcs8",
});
fs.writeFileSync(`ed25519-priv.pem`, priKey);
fs.writeFileSync(`ed25519-pub.pem`, pubKey);
}
})();
My test:
import { generateKeyPair } from "jose/util/generate_key_pair";
import { SignJWT } from "jose/jwt/sign";
import { jwtVerify } from "jose/jwt/verify";
import fs from "fs";
import crypto, { KeyObject } from "crypto";
(async () => {
const privateKey = crypto.createPrivateKey({
key: fs.readFileSync(`${__dirname}/ed25519-priv.pem`),
format: "pem",
type: "pkcs8",
});
const publicKey = crypto.createPublicKey({
key: fs.readFileSync(`${__dirname}/ed25519-pub.pem`),
format: "pem",
type: "spki",
});
const jwt = await new SignJWT({
// "urn:example:claim": true,
userId: 1,
})
.setProtectedHeader({ alg: "EdDSA" })
.setIssuedAt()
.setIssuer("urn:example:issuer")
.setAudience("urn:example:audience")
.setExpirationTime("30d")
.sign(privateKey);
console.log(jwt);
const { payload, protectedHeader } = await jwtVerify(jwt, publicKey, {
issuer: "urn:example:issuer",
audience: "urn:example:audience",
});
console.log(protectedHeader);
console.log(payload);
})();