diff --git a/lib/sign-stream.js b/lib/sign-stream.js
index e24576f..0e732ff 100644
--- a/lib/sign-stream.js
+++ b/lib/sign-stream.js
@@ -31,6 +31,7 @@ function SignStream(opts) {
   this.header = opts.header;
   this.encoding = opts.encoding;
   this.secret = this.privateKey = this.key = secretStream;
+  if (this.secret == undefined) return;
   this.payload = new DataStream(opts.payload);
   this.secret.once('close', function () {
     if (!this.payload.writable && this.readable)
diff --git a/test/jws.test.js b/test/jws.test.js
index 7f53d6f..6bfa86a 100644
--- a/test/jws.test.js
+++ b/test/jws.test.js
@@ -20,6 +20,7 @@ const rsaPrivateKeyEncrypted = readfile('rsa-private-encrypted.pem');
 const encryptedPassphrase = readfile('encrypted-key-passphrase');
 const rsaPublicKey = readfile('rsa-public.pem');
 const rsaWrongPublicKey = readfile('rsa-wrong-public.pem');
+const undefinedKey = undefined;
 const ecdsaPrivateKey = {
   '256': readfile('ec256-private.pem'),
   '384': readfile('ec384-private.pem'),
@@ -69,6 +70,24 @@ BITS.forEach(function (bits) {
   });
 });
 
+BITS.forEach(function (bits) {
+  test('HMAC using SHA-'+bits+' hash algorithm undefined key test', function (t) {
+    const alg = 'HS'+bits;
+    const header = { alg: alg, typ: 'JWT' };
+    const secret = undefinedKey;
+    var parts;
+    t.throws(function () {
+      parts = jws.sign({
+      header: header,
+      payload: payload,
+      secret: secret,
+      encoding: 'utf8',
+      });
+    })
+    t.end();
+  });
+});
+
 BITS.forEach(function (bits) {
   test('RSASSA using SHA-'+bits+' hash algorithm', function (t) {
     const alg = 'RS'+bits;
@@ -317,7 +336,6 @@ test('jws.verify: missing or invalid algorithm', function (t) {
   t.end();
 });
 
-
 test('jws.isValid', function (t) {
   const valid = jws.sign({ header: { alg: 'hs256' }, payload: 'hi', secret: 'shhh' });
   const invalid = (function(){