How to generate a HS512 secret key to use with JWT

The signing key is a byte array of any value or length you wish. Most JWT libraries allow you to use any string as key, which is converted to byte array.

To generate a secure 20 byte key, bs64 encoded

dd if=/dev/random bs=20 count=1 status=none | base64

You need to run this command on a Linux machine with OpenSSL library installed:

echo -n "somevalue" | openssl sha512 -hmac "somekey"

The output of this command is the HS512 (HMAC SHA512) which you can use as the signing key with any JWT library.

openssl rand -base64 172 | tr -d '\n'

OpenSSL generates a secret of 129 bytes ((172 * 6) / 8). 129 bytes is good for HS512 (see https://github.com/ueberauth/guardian/issues/152).

tr removes newlines.

In case anyone visits this now: Guardian added a mix task for that.

mix guardian.gen.secret

https://hexdocs.pm/guardian/Mix.Tasks.Guardian.Gen.Secret.html#content

How to generate a HS512 secret key to use with JWT

Tags:

Encryption

Jwt

Elixir

Related

Recent Posts