jwt.sign() i get error:0909006C:PEM routines:get_name:no start line depending on the options

Question

const jwt = require("jsonwebtoken");  

jwt.sign(user.dataValues, process.env.JWT_SECRET, {
    algorithm: "RS256",
    expiresIn: "14 days",
  });

leads to Error: error:0909006C:PEM routines:get_name:no start line at Sign.sign (node:internal/crypto/sig:131:29)

jwt.sign(user.dataValues, process.env.JWT_SECRET, {
    //algorithm: "RS256",
    expiresIn: "14 days",
  });

works perfectly fine

the setup:
Operating System: Mac OS
Node v17.0.1

"dependencies": {
  "apollo-server": "^3.4.0",
  "apollo-server-core": "^3.4.0",
  "dotenv": "^10.0.0",
  "fs": "^0.0.1-security",
  "google-auth-library": "^7.10.1",
  "graphql": "^15.6.1",
  "jsonwebtoken": "^8.5.1",
  "nodemon": "^2.0.14",
  "pg": "^8.7.1",
  "sequelize": "^6.7.0"
},

Answer 1

RS256 stands for RSASSA-PKCS1-v1_5 using SHA-256, that means it uses a digital signature generated using a private RSA key. Your process.env.JWT_SECRET is either a string or a buffer that is not a private RSA key in PEM format, ergo Node's crypto module fails to parse it as such. That's the error you're seeing.

When you remove the algorithm option the library automatically chooses an algorithm based on your "secret" input, in this case - a symmetric secret, HS256 will be used instead (and is the documented default).