diff --git a/auth/access-token_test.go b/auth/access-token_test.go
index 15a5c94..c86de6c 100644
--- a/auth/access-token_test.go
+++ b/auth/access-token_test.go
@@ -2,6 +2,7 @@ package auth
 
 import (
 	"github.com/1f349/mjwt"
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
@@ -14,7 +15,7 @@ func TestCreateAccessToken(t *testing.T) {
 	ps.Set("mjwt:test2")
 
 	kStore := mjwt.NewKeyStore()
-	s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", kStore)
+	s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore)
 	assert.NoError(t, err)
 
 	accessToken, err := CreateAccessToken(s, "1", "test", nil, ps)
diff --git a/auth/pair_test.go b/auth/pair_test.go
index aa69704..e62d22c 100644
--- a/auth/pair_test.go
+++ b/auth/pair_test.go
@@ -2,6 +2,7 @@ package auth
 
 import (
 	"github.com/1f349/mjwt"
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
@@ -14,7 +15,7 @@ func TestCreateTokenPair(t *testing.T) {
 	ps.Set("mjwt:test2")
 
 	kStore := mjwt.NewKeyStore()
-	s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key2", kStore)
+	s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key2", jwt.SigningMethodRS512, kStore)
 	assert.NoError(t, err)
 
 	accessToken, refreshToken, err := CreateTokenPair(s, "1", "test", "test2", nil, nil, ps)
diff --git a/auth/refresh-token_test.go b/auth/refresh-token_test.go
index c932921..ec5a0bd 100644
--- a/auth/refresh-token_test.go
+++ b/auth/refresh-token_test.go
@@ -2,6 +2,7 @@ package auth
 
 import (
 	"github.com/1f349/mjwt"
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
@@ -10,7 +11,7 @@ func TestCreateRefreshToken(t *testing.T) {
 	t.Parallel()
 
 	kStore := mjwt.NewKeyStore()
-	s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", kStore)
+	s, err := mjwt.NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore)
 	assert.NoError(t, err)
 
 	refreshToken, err := CreateRefreshToken(s, "1", "test", "test2", nil)
diff --git a/claims_test.go b/claims_test.go
index f35610d..6c37d81 100644
--- a/claims_test.go
+++ b/claims_test.go
@@ -2,6 +2,7 @@ package mjwt
 
 import (
 	"fmt"
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/stretchr/testify/assert"
 	"testing"
 	"time"
@@ -35,7 +36,7 @@ func TestExtractClaims(t *testing.T) {
 
 	t.Run("TestNoKID", func(t *testing.T) {
 		t.Parallel()
-		s, err := NewIssuerWithKeyStore("mjwt.test", "key1", kStore)
+		s, err := NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore)
 		assert.NoError(t, err)
 		token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "hello"})
 		assert.NoError(t, err)
@@ -48,9 +49,9 @@ func TestExtractClaims(t *testing.T) {
 
 	t.Run("TestKID", func(t *testing.T) {
 		t.Parallel()
-		s, err := NewIssuerWithKeyStore("mjwt.test", "key2", kStore)
+		s, err := NewIssuerWithKeyStore("mjwt.test", "key2", jwt.SigningMethodRS512, kStore)
 		assert.NoError(t, err)
-		s2, err := NewIssuerWithKeyStore("mjwt.test", "key3", kStore)
+		s2, err := NewIssuerWithKeyStore("mjwt.test", "key3", jwt.SigningMethodRS512, kStore)
 		assert.NoError(t, err)
 
 		token1, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "hello"})
@@ -72,7 +73,7 @@ func TestExtractClaimsFail(t *testing.T) {
 
 	t.Run("TestInvalidClaims", func(t *testing.T) {
 		t.Parallel()
-		s, err := NewIssuerWithKeyStore("mjwt.test", "key1", kStore)
+		s, err := NewIssuerWithKeyStore("mjwt.test", "key1", jwt.SigningMethodRS512, kStore)
 		assert.NoError(t, err)
 		token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "test"})
 		assert.NoError(t, err)
@@ -85,7 +86,7 @@ func TestExtractClaimsFail(t *testing.T) {
 	t.Run("TestKIDNonExist", func(t *testing.T) {
 		t.Parallel()
 
-		s, err := NewIssuerWithKeyStore("mjwt.test", "key2", kStore)
+		s, err := NewIssuerWithKeyStore("mjwt.test", "key2", jwt.SigningMethodRS512, kStore)
 		assert.NoError(t, err)
 		token, err := s.GenerateJwt("1", "test", nil, 10*time.Minute, testClaims{TestValue: "test"})
 		assert.NoError(t, err)
diff --git a/cmd/mjwt/access.go b/cmd/mjwt/access.go
index 0f0efcb..0a6b5ce 100644
--- a/cmd/mjwt/access.go
+++ b/cmd/mjwt/access.go
@@ -70,7 +70,7 @@ func (s *accessCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 	kStore := mjwt.NewKeyStore()
 	kStore.LoadPrivateKey(s.kID, key)
 
-	issuer, err := mjwt.NewIssuerWithKeyStore(s.issuer, s.kID, kStore)
+	issuer, err := mjwt.NewIssuerWithKeyStore(s.issuer, s.kID, jwt.SigningMethodRS512, kStore)
 	if err != nil {
 		panic("this should not fail")
 	}
diff --git a/go.mod b/go.mod
index b012c9e..e82e0b1 100644
--- a/go.mod
+++ b/go.mod
@@ -21,6 +21,7 @@ require (
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
+	golang.org/x/crypto v0.25.0 // indirect
 	golang.org/x/text v0.16.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 )
diff --git a/go.sum b/go.sum
index 19e7eff..dc71b13 100644
--- a/go.sum
+++ b/go.sum
@@ -5,8 +5,12 @@ github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCist
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
+github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE=
 github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
@@ -28,6 +32,8 @@ github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
 github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
+golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
 golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
diff --git a/issuer.go b/issuer.go
index 02a1ee4..953f3b6 100644
--- a/issuer.go
+++ b/issuer.go
@@ -10,15 +10,16 @@ import (
 type Issuer struct {
 	issuer   string
 	kid      string
+	signing  jwt.SigningMethod
 	keystore *KeyStore
 }
 
-func NewIssuer(name, kid string) (*Issuer, error) {
-	return NewIssuerWithKeyStore(name, kid, NewKeyStore())
+func NewIssuer(name, kid string, signing jwt.SigningMethod) (*Issuer, error) {
+	return NewIssuerWithKeyStore(name, kid, signing, NewKeyStore())
 }
 
-func NewIssuerWithKeyStore(name, kid string, keystore *KeyStore) (*Issuer, error) {
-	i := &Issuer{name, kid, keystore}
+func NewIssuerWithKeyStore(name, kid string, signing jwt.SigningMethod, keystore *KeyStore) (*Issuer, error) {
+	i := &Issuer{name, kid, signing, keystore}
 	if i.keystore.HasPrivateKey(kid) {
 		return i, nil
 	}
@@ -39,7 +40,7 @@ func (i *Issuer) SignJwt(wrapped jwt.Claims) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	token := jwt.NewWithClaims(jwt.SigningMethodRS512, wrapped)
+	token := jwt.NewWithClaims(i.signing, wrapped)
 	token.Header["kid"] = i.kid
 	return token.SignedString(key)
 }
diff --git a/issuer_test.go b/issuer_test.go
index 7d89a44..d772a90 100644
--- a/issuer_test.go
+++ b/issuer_test.go
@@ -4,6 +4,7 @@ import (
 	"crypto/rand"
 	"crypto/rsa"
 	"github.com/1f349/rsa-helper/rsaprivate"
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"
 	"testing"
@@ -14,7 +15,7 @@ func TestNewIssuer(t *testing.T) {
 	t.Run("generate missing key for issuer", func(t *testing.T) {
 		t.Parallel()
 		kStore := NewKeyStore()
-		issuer, err := NewIssuerWithKeyStore("Test", "test", kStore)
+		issuer, err := NewIssuerWithKeyStore("Test", "test", jwt.SigningMethodRS512, kStore)
 		assert.NoError(t, err)
 		assert.True(t, kStore.HasPrivateKey("test"))
 		assert.True(t, kStore.HasPublicKey("test"))
@@ -27,7 +28,7 @@ func TestNewIssuer(t *testing.T) {
 		key, err := rsa.GenerateKey(rand.Reader, 2048)
 		assert.NoError(t, err)
 		kStore.LoadPrivateKey("test", key)
-		issuer, err := NewIssuerWithKeyStore("Test", "test", kStore)
+		issuer, err := NewIssuerWithKeyStore("Test", "test", jwt.SigningMethodRS512, kStore)
 		assert.NoError(t, err)
 		assert.True(t, kStore.HasPrivateKey("test"))
 		assert.True(t, kStore.HasPublicKey("test"))
@@ -41,7 +42,7 @@ func TestNewIssuer(t *testing.T) {
 		t.Parallel()
 		dir := afero.NewMemMapFs()
 		kStore := NewKeyStoreWithDir(dir)
-		issuer, err := NewIssuerWithKeyStore("Test", "test", kStore)
+		issuer, err := NewIssuerWithKeyStore("Test", "test", jwt.SigningMethodRS512, kStore)
 		assert.NoError(t, err)
 		assert.True(t, kStore.HasPrivateKey("test"))
 		assert.True(t, kStore.HasPublicKey("test"))