[Openid-specs-ab] Fwd: [jose] JWK Generator
Justin Richer
jricher at mitre.org
Mon Mar 25 20:54:35 UTC 2013
FYI, I made a JWK generator utility this afternoon, part of the MITREid
Connect app suite. Details in the post to the JOSE list, below.
-- Justin
-------- Original Message --------
Subject: [jose] JWK Generator
Date: Mon, 25 Mar 2013 16:36:03 -0400
From: Justin Richer <jricher at mitre.org>
To: jose at ietf.org <jose at ietf.org>
A while ago, several folks complained that there was no toolchain for
creating bare keys in the JWK/JPSK format. Indeed, my team's been using
Java's keytool program and making self-signed dummy certs and pulling
them out of there. That was a bit of a pain, to be honest.
So now I've just written a utility program to generate JWK formatted
keys from whole cloth given a set of parameters. It's a Java app built
using the NimbusDS JWT-JOSE library, and at the moment it supports both
RSA and oct keytypes, with an option to extract the public-only portion
of the RSA as well. This is all based on the current JPSK format, which
we plan to track with the aforementioned Nimbus library.
You can get the code here:
https://github.com/mitreid-connect/json-web-key-generator
It's open sourced under an Apache 2.0 license, so feel free to pull it
down and use it to your heart's content. It's a Java Maven project, so
you build it with:
mvn package
This will create a couple of .jar files in the target/ directory, one of
which is an executable fat jar, usble from the commandline:
usage: java -jar json-web-key-generator.jar -t <keyType> -s <keySize> [-u
<keyUsage> -a <algorithm> -i <keyId> -p]
-a <arg> Algorithm.
-i <arg> Key ID (optional)
-p Display public key separately
-s <arg> Key Size in bits, must be an integer, generally divisible by 8
-t <arg> Key Type, one of: RSA, oct
-u <arg> Usage, one of: enc, sig. Defaults to sig
For instance, to generate a 1024-bit RSA key with the algorithm of
RS256, no key id, and display the public key separately, you would run
(after doing a mvn package):
java -jar
target/json-web-key-generator-0.1-SNAPSHOT-jar-with-dependencies.jar -a
RS256 -t RSA -s 1024 -p
This prints out (for example, your keys should vary):
Full key:
{
"alg": "RS256",
"d": "IXhRb4mXMOLlX1nEcv--CRX5WjGZdUTHzI2qIg-iX5QXY-noSZqit-BeWO0CTwBtryCU4DgNIjV4cvYHpWqkr8ES-FoH7DHDgt41lH5_YDv-MeeCU3hRSPbACLuWEbWQfjgLPgIL1cmh1q-eFOEpXWUtKy7DCFymMves7ojPxY0",
"e": "AQAB",
"n": "kWkuetDiodUI-0jZ2KpmwOMJ7jsnO8qG8ChMs7ax3xXKIr5g5K0axWtXm1HwA5OJRE-OyVHfJkda6xVgTFaV1AhWP8Zp7KL_Oq-moKRe5-BtahHpFJe7HZ1P6hxXAdhaygXen1lR0NAMNi4K4H5pn1KDCeRpuxAhJZsQnq5dxp0",
"kty": "RSA",
"use": "sig"
}
Public key:
{
"alg": "RS256",
"e": "AQAB",
"n": "kWkuetDiodUI-0jZ2KpmwOMJ7jsnO8qG8ChMs7ax3xXKIr5g5K0axWtXm1HwA5OJRE-OyVHfJkda6xVgTFaV1AhWP8Zp7KL_Oq-moKRe5-BtahHpFJe7HZ1P6hxXAdhaygXen1lR0NAMNi4K4H5pn1KDCeRpuxAhJZsQnq5dxp0",
"kty": "RSA",
"use": "sig"
}
To create a 256-bit symmetric key with algorithm HS256 and key id of
"myKey", you'd do:
java -jar
target/json-web-key-generator-0.1-SNAPSHOT-jar-with-dependencies.jar -t
oct -s 256
Which outputs something like:
Full key:
{
"kty": "oct",
"use": "sig",
"k": "CsoV5LeX6S3RRlLr-hk0_VyIuTOWyovMPbU2UmbphME"
}
It doesn't do EC keys yet because I don't know the Java Magic needed to
make such a thing happen, but I'd be happy to have someone help out with
that with a pull request.
Hopefully people find this utility useful. I've got a few features I'm
planning to add (write output to files, Java GUI with dropdowns for
options), but this is a minimally-useful set of functionality.
-- Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130325/f5597c9c/attachment.html>
-------------- next part --------------
_______________________________________________
jose mailing list
jose at ietf.org
https://www.ietf.org/mailman/listinfo/jose
More information about the Openid-specs-ab
mailing list