Generate ECDSA keys with the P-256 (secp256k1) curve

This procedure explains how to generate a pair of ECDSA keys with the P-256 (secp256k1) curve that you can use to sign and verify your JWTs.

How to

  1. Create a private key.
    openssl ecparam -name secp256k1 -genkey -noout -out ec-secp256k1-priv-key.pem
    Sample contents of the ec-secp256k1-priv-key.pem private key in PEM format:
    -----BEGIN EC PRIVATE KEY-----
    MHQCAQEEIEYgBlyQVsH7SpHUH7x4RErcckhu7ary/JjhP72Nk19EoAcGBSuBBAAK
    oUQDQgAE1MtHIxlGP5TARqBccrddNm1FnYH1Fp+onETz5KbXPSeG5FGwKMUXGfAm
    SZJq2gENULFewwymt+9bTXkjBZhh8A==
    -----END EC PRIVATE KEY-----
    
  2. Create a public key by extracting it from the private key.
    openssl ec -in ec-secp256k1-priv-key.pem -pubout > ec-secp256k1-pub-key.pem
    Sample contents of the ec-secp256k1-pub-key.pem public key in PEM format:
    -----BEGIN PUBLIC KEY-----
    MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE1MtHIxlGP5TARqBccrddNm1FnYH1Fp+o
    nETz5KbXPSeG5FGwKMUXGfAmSZJq2gENULFewwymt+9bTXkjBZhh8A==
    -----END PUBLIC KEY-----