JWT or RSA Signing Key issue

What kind of Signing key/secret key needs to be assigned for JWT or RSA SHA256 hashing ?

I have tried providing a string, raw pem RSA key but nothing works and I always get an error rpc error: code = Internal desc = Error: could not parse private key: no valid blocks found at rpcEndTournament (index.js:339:11(193))

Please provide some examples on how to use the signing key here.

Hello @venkatesh16031999,

Are you using the jwtGenerate function? If yes, the string should be a key in PEM format.

Yes, I am using a jwtGenerate function. I am using a string in this format

-----BEGIN PRIVATE KEY-----
random_string_here
-----END PRIVATE KEY-----

This should be valid right? But I am getting an error for this as well

I just tried to create a jwt using a PEM key like so:

  let key = 
`
-----BEGIN PRIVATE KEY-----
(...)
-----END PRIVATE KEY-----
`
  nk.jwtGenerate('RS256', key, {foo: 'bar'})

and had no issue.

Perhaps you’re handling the string in a way that breaks the expected format?

I am doing the same and fails always

I find it very odd that you’re building your private key string yourself, I’d expect the PEM format string to be provided as is - it’s likely you’re building the string incorrectly or to an invalid PEM format.

The private key should have nothing to do with a client secret. Can you elaborate on what you’re trying to achieve?

I am just trying to keep a dynamic private key linked to some game for authentication in other servers.

I’m not sure I understand what you mean with “dynamic private key”, if you’re trying to generate JWTs that can be validated in other servers, you should generate the private key once and share it between the servers.

PEM expects the string between BEGIN/END lines to be in a very specific format, you can’t use arbitrary strings of your choosing.

I think what you’re looking for is to use HS256 instead of RS256, which allows the key to be a symmetric shared secret instead of an asymmetric key - in this case, the key doesn’t need to be in PEM format so you can skip the BEGIN/END lines altogether.

HS256 works for me, thanks for the help. By the way, I tried a PEM key generated online but it never worked and I am not sure of the reason. But HS256 is enough for me now