diff --git a/DigitalData.Core.Abstractions/Security/IJwtSignatureHandler.cs b/DigitalData.Core.Abstractions/Security/IJwtSignatureHandler.cs
index 0c20989..3f9739f 100644
--- a/DigitalData.Core.Abstractions/Security/IJwtSignatureHandler.cs
+++ b/DigitalData.Core.Abstractions/Security/IJwtSignatureHandler.cs
@@ -6,6 +6,8 @@ namespace DigitalData.Core.Abstractions.Security
     {
         SecurityToken CreateToken(SecurityTokenDescriptor tokenDescriptor);
 
+        SecurityToken CreateToken(TPrincipal subject, IAsymmetricTokenDescriptor descriptor);
+
         SecurityToken CreateToken(TPrincipal subject, string issuer, string audience);
 
         SecurityToken CreateToken(TPrincipal subject, string apiRoute);
@@ -14,6 +16,8 @@ namespace DigitalData.Core.Abstractions.Security
 
         string WriteToken(SecurityTokenDescriptor descriptor);
 
+        string WriteToken(TPrincipal subject, IAsymmetricTokenDescriptor descriptor);
+
         string WriteToken(TPrincipal subject, string issuer, string audience);
 
         string WriteToken(TPrincipal subject, string apiRoute);
diff --git a/DigitalData.Core.Security/JwtSignatureHandler.cs b/DigitalData.Core.Security/JwtSignatureHandler.cs
index 5ae3aea..cfaa009 100644
--- a/DigitalData.Core.Security/JwtSignatureHandler.cs
+++ b/DigitalData.Core.Security/JwtSignatureHandler.cs
@@ -1,7 +1,6 @@
 using AutoMapper;
 using DigitalData.Core.Abstractions.Security;
 using DigitalData.Core.Security.Config;
-using DigitalData.Core.Security.RSAKey;
 using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Tokens;
 using System.IdentityModel.Tokens.Jwt;
@@ -23,36 +22,36 @@ namespace DigitalData.Core.Security
             _cryptograph = cryptograph;
         }
 
-        public SecurityToken CreateToken(TPrincipal subject, RSAPrivateKey key)
+        public SecurityToken CreateToken(TPrincipal subject, IAsymmetricTokenDescriptor descriptor)
         {
-            if(key.TokenDescriptor is null)
-                throw new InvalidOperationException($"No descriptor found for issuer '{key.Issuer}' and audience '{key.Audience}'.");
-            var descriptor = _mapper.Map(key.TokenDescriptor);
-            descriptor.Claims = _claimDescriptor.CreateClaims?.Invoke(subject);
-            descriptor.Subject = _claimDescriptor.CreateSubject?.Invoke(subject);
-            return CreateToken(descriptor);
+            var sDescriptor = _mapper.Map(descriptor);
+            sDescriptor.Claims = _claimDescriptor.CreateClaims?.Invoke(subject);
+            sDescriptor.Subject = _claimDescriptor.CreateSubject?.Invoke(subject);
+            return CreateToken(sDescriptor);
         }
 
         public SecurityToken CreateToken(TPrincipal subject, string issuer, string audience)
         {
-            var key = _cryptograph.Decryptors?.Get(issuer: issuer, audience: audience)
+            var descriptor = _cryptograph.TokenDescriptors.Get(issuer: issuer, audience: audience)
                 ?? throw new InvalidOperationException($"No or multiple token description found for issuer '{issuer}' and audience '{audience}'.");
-            return CreateToken(subject: subject, key: (RSAPrivateKey)key);
+            return CreateToken(subject: subject, descriptor: descriptor);
         }
 
         public SecurityToken CreateToken(TPrincipal subject, string apiRoute)
         {
-            var key = _cryptograph.Decryptors.SingleOrDefault(key => ((RSAPrivateKey)key).TokenDescriptor?.ApiRoute == apiRoute)
+            var desc = _cryptograph.TokenDescriptors.SingleOrDefault(desc => desc.ApiRoute == apiRoute)
                 ?? throw new InvalidOperationException($"No or multiple token description found for api route '{apiRoute}'.");
 
-            return CreateToken(subject: subject, key: (RSAPrivateKey)key);
+            return CreateToken(subject: subject, descriptor: desc);
         }
 
         public string WriteToken(SecurityTokenDescriptor descriptor) => WriteToken(CreateToken(descriptor));
 
-        public string WriteToken(TPrincipal subject, RSAPrivateKey key) => WriteToken(CreateToken(subject: subject, key: key));
+        public string WriteToken(TPrincipal subject, IAsymmetricTokenDescriptor descriptor)
+            => WriteToken(CreateToken(subject: subject, descriptor: descriptor));
 
-        public string WriteToken(TPrincipal subject, string issuer, string audience) => WriteToken(CreateToken(subject: subject, issuer: issuer, audience: audience));
+        public string WriteToken(TPrincipal subject, string issuer, string audience)
+            => WriteToken(CreateToken(subject: subject, issuer: issuer, audience: audience));
 
         public string WriteToken(TPrincipal subject, string apiRoute) => WriteToken(CreateToken(subject: subject, apiRoute: apiRoute));
     }