-----BEGIN ENCRYPTED PRIVATE KEY-----
A .... MANY LINES LIKE THAT ....
-----END ENCRYPTED PRIVATE KEY-----
... JWKs are the same, but formatted using JSON:
"kid":"HMAC key used in JWS spec Appendix A.1 example"}
Ory OAuth2 & OpenID Connect offers an API for generating and managing JWKs, the JSON Web Keys API. When
using persistent storage backends, the keys are encrypted at rest using AES256-GCM and the system secret. The system secret is
generated by default and overridden by the environment variable
JWKs are well supported amongst all languages. This endpoint helps you managing certificates, private, public and symmetric keys. It's important to never transport keys over insecure channels such as http.
The REST API Documentation will give you details on the various endpoints.
Ory OAuth2 & OpenID Connect doesn't support signing JWTs using symmetric keys. Doing so will make anyone, having the secret, able to forge the tokens.
Hydra generates a couple of JSON Web Keys in order to operate:
http://localhost:4445/keys/hydra.openid.id-token: A RSA public/private key pair for signing and validating OpenID Connect ID Tokens.
http://localhost:4445/keys/https-tls: A RSA public/private key pair and a certificate for signing HTTP over TLS.