Recommended way to rotate keys

[ndench]

Thanks for the great library!

Just looking for someone to point me in the right direction here. In version 4.2.0 a minor BC break was released if you're using a key length of less than 256 bits. This alerted me that I'm actually using key lengths of 248 bits in production. I currently use this library to generate magic login tokens for my users.

If I just start using a new key, all the existing login links will be invalidated. Which is not something I want to do (since these particular users cannot generate themselves another link, they receive (relatively) short lived login links from other users).

Do you have a recommended way to rotate keys such that old login links still work correctly (at least for a short period of time)?

[Ocramius]

What you could do (pre-4.2.0) is:

1. have an instance of this library with the old key
2. have an instance with the new key
3. When someone interacts with an old key, issue a new token with the new key