# Generating keypairs for JWT

# RS256

# Using OpenSSL

openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -pubout -out public.pem

Source: https://gist.github.com/ygotthilf/baa58da5c3dd1f69fae9?permalink_comment_id=2932501#gistcomment-2932501(opens new window)

# Using Node.js with jose npm package

import { generateKeyPair } from 'jose'
const { publicKey, privateKey } = await generateKeyPair('RS256')
console.log(publicKey.export({ format: 'pem', type: 'spki' }))
console.log(privateKey.export({ format: 'pem', type: 'pkcs1' }))

# Ed25519

Ed25519 keys are shorter.

import { generateKeyPair } from 'jose'
const { publicKey, privateKey } = await generateKeyPair('EdDSA')
console.log(publicKey.export({ format: 'pem', type: 'spki' }))
console.log(privateKey.export({ format: 'pem', type: 'pkcs8' }))