diff --git a/jwt.go b/jwt.go
index fb077a5..2d854da 100644
--- a/jwt.go
+++ b/jwt.go
@@ -1,22 +1,67 @@
 package libshared
 
 import (
+	"crypto/rsa"
+	"log"
+	"os"
 	"time"
 
 	"github.com/golang-jwt/jwt/v5"
 )
 
+func LoadPrivateKey(path string) (*rsa.PrivateKey, error) {
+	keyData, err := os.ReadFile(path)
+	if err != nil {
+		log.Fatal("Error reading private key file:", err)
+		return nil, err
+	}
+
+	privateKey, err := jwt.ParseRSAPrivateKeyFromPEM(keyData)
+	if err != nil {
+		log.Fatal("Error parsing private key:", err)
+		return nil, err
+	}
+
+	return privateKey, nil
+
+}
+
+func LoadPublicKey(path string) (*rsa.PublicKey, error) {
+	keyData, err := os.ReadFile(path)
+	if err != nil {
+		log.Fatal("Error reading public key file:", err)
+		return nil, err
+	}
+
+	publicKey, err := jwt.ParseRSAPublicKeyFromPEM(keyData)
+	if err != nil {
+		log.Fatal("Error parsing public key:", err)
+		return nil, err
+	}
+
+	return publicKey, nil
+
+}
+
 // CreateJWT generates a signed JWT
-func CreateJWT(secret []byte, account string, user string, purpose string) (string, error) {
+func CreateJWT(privateKey *rsa.PrivateKey, account string, user string, purpose string) (string, error) {
+	now := time.Now()
+
 	claims := jwt.MapClaims{
-		"sub":     user,                             // subject (user id)
-		"exp":     time.Now().Add(time.Hour).Unix(), // expiration
-		"iat":     time.Now().Unix(),                // issued at
+		"sub":     user,                      // subject (user id)
+		"exp":     now.Add(time.Hour).Unix(), // expiration
+		"iat":     now.Unix(),                // issued at
 		"purpose": purpose,
 		"account": account,
 	}
 
-	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	token := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
 
-	return token.SignedString(secret)
+	signedToken, err := token.SignedString(privateKey)
+	if err != nil {
+		log.Println("Error signing token:", err)
+		return "", err
+	}
+
+	return signedToken, err
 }