Skip to content

sign

Parse an existing JWT and re-sign it with a new algorithm and/or key. The original claims are preserved. Use --alg none to strip the signature entirely.

Terminal window
jwtop sign <token> --alg <alg> (--secret <secret> | --key <pem-file>)
FlagDescription
--algTarget signing algorithm, or none (required)
--secretHMAC secret string
--keyPath or URL to a PEM-encoded private key file

Change the signing key (same algorithm)

Terminal window
jwtop sign $TOKEN --alg HS256 --secret newsecret

Switch to an asymmetric algorithm

Terminal window
jwtop sign $TOKEN --alg RS256 --key /path/to/private.pem

Strip the signature (alg=none)

Terminal window
jwtop sign $TOKEN --alg none
  • The input token’s claims and registered claim values are kept unchanged.
  • --alg none does not require a key. The resulting token has an empty signature segment and its header alg is set to "none".
  • See Strip or remove a token signature for context on when this is useful.