The jwk-keygen command line utility generates keypairs used for asymmetric encryption and signing algorithms in JSON Web Key (JWK) format.
The utility requires specification of both desired algorithm (alg) and key usage (use) to remind that same keypair should never be used both for encryption and signing.
Algorithms are selected via the --alg flag, which influence the alg header. For JWE (--use=enc), --alg specifies the key management algorithm (e.g. RSA-OAEP). For JWS (--use=sig), --alg specifies the signature algorithm (e.g. PS256).
Output file is determined by specified usage, algorithm and Key ID, e.g. jwk-keygen --use=sig --alg=RS512 --kid=test produces files jwk_sig_RS512_test and jwk_sig_RS512_test.pub. Keys are sent to stdout when no Key ID is specified: neither pre-defined nor random one.
Generate RSA/2048 key for encryption and output to stdout.
jwk-keygen --use enc --alg RSA-OAEP
Generate RSA/4096 key for signing and store to files.
jwk-keygen --use sig --alg RS256 --bits 4096 --kid test