diff --git a/cwa/src/peerSync.ts b/cwa/src/peerSync.ts
index 9fce9f33..8dc630e8 100644
--- a/cwa/src/peerSync.ts
+++ b/cwa/src/peerSync.ts
@@ -1,7 +1,7 @@
 import { importPKCS8, SignJWT } from "jose"
 import { type UserId } from "shared"
 
-export const alg = "EdDSA"
+export const alg = "ES512"
 
 export async function getPeerToken(userId: UserId, privateKeyString: string) {
   const privateKey = await importPKCS8(privateKeyString, alg)
diff --git a/design-decisions/example.pentive.secrets.sh b/design-decisions/example.pentive.secrets.sh
index 6a9ef8bd..b3678d50 100644
--- a/design-decisions/example.pentive.secrets.sh
+++ b/design-decisions/example.pentive.secrets.sh
@@ -35,8 +35,10 @@ export developmentGithubSecret=
 export productionGithubSecret=
 
 # generate via:
-#     openssl genpkey -algorithm ed25519 -out peerSyncPrivateKey.key
-#     openssl pkey -in peerSyncPrivateKey.key -pubout -out peerSyncPublicKey.pem
+#     openssl ecparam -name secp521r1 -genkey -noout -out private.ec.key
+#     openssl pkcs8 -topk8 -nocrypt -in private.ec.key -out private.pem
+#     openssl ec -in private.pem -pubout -out public.pem
+# use public.pem and private.pem
 export developmentPeerSyncPublicKey="-----BEGIN PUBLIC KEY-----
 foo
 -----END PUBLIC KEY-----"