Re: [jose] JWK Generator

[<Axel.Nennker@telekom.de>]

EC key generation can be found in http://jsoncrypto.org/

ES512
https://code.google.com/p/jsoncrypto/source/browse/trunk/testsrc/org/jsoncrypto/JcBaseTest.java#2726

ES384
https://code.google.com/p/jsoncrypto/source/browse/trunk/testsrc/org/jsoncrypto/JcBaseTest.java#2685

ES256
https://code.google.com/p/jsoncrypto/source/browse/trunk/testsrc/org/jsoncrypto/JcBaseTest.java#2642

I guess that the println lines can be converted into JWKs.

-Axel

From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Justin Richer
Sent: Monday, March 25, 2013 9:36 PM
To: jose@ietf.org
Subject: [jose] JWK Generator

A while ago, several folks complained that there was no toolchain for creating bare keys in the JWK/JPSK format. Indeed, my team's been using Java's keytool program and making self-signed dummy certs and pulling them out of there. That was a bit of a pain, to be honest.

So now I've just written a utility program to generate JWK formatted keys from whole cloth given a set of parameters. It's a Java app built using the NimbusDS JWT-JOSE library, and at the moment it supports both RSA and oct keytypes, with an option to extract the public-only portion of the RSA as well. This is all based on the current JPSK format, which we plan to track with the aforementioned Nimbus library.

You can get the code here:

  https://github.com/mitreid-connect/json-web-key-generator

It's open sourced under an Apache 2.0 license, so feel free to pull it down and use it to your heart's content. It's a Java Maven project, so you build it with:

  mvn package

This will create a couple of .jar files in the target/ directory, one of which is an executable fat jar, usble from the commandline:

usage: java -jar json-web-key-generator.jar -t <keyType> -s <keySize> [-u

            <keyUsage> -a <algorithm> -i <keyId> -p]

 -a <arg>   Algorithm.

 -i <arg>   Key ID (optional)

 -p         Display public key separately

 -s <arg>   Key Size in bits, must be an integer, generally divisible by 8

 -t <arg>   Key Type, one of: RSA, oct

 -u <arg>   Usage, one of: enc, sig. Defaults to sig

For instance, to generate a 1024-bit RSA key with the algorithm of RS256, no key id, and display the public key separately, you would run (after doing a mvn package):

  java -jar target/json-web-key-generator-0.1-SNAPSHOT-jar-with-dependencies.jar -a RS256 -t RSA -s 1024 -p

This prints out (for example, your keys should vary):

Full key:

{

  "alg": "RS256",

  "d": "IXhRb4mXMOLlX1nEcv--CRX5WjGZdUTHzI2qIg-iX5QXY-noSZqit-BeWO0CTwBtryCU4DgNIjV4cvYHpWqkr8ES-FoH7DHDgt41lH5_YDv-MeeCU3hRSPbACLuWEbWQfjgLPgIL1cmh1q-eFOEpXWUtKy7DCFymMves7ojPxY0",

  "e": "AQAB",

  "n": "kWkuetDiodUI-0jZ2KpmwOMJ7jsnO8qG8ChMs7ax3xXKIr5g5K0axWtXm1HwA5OJRE-OyVHfJkda6xVgTFaV1AhWP8Zp7KL_Oq-moKRe5-BtahHpFJe7HZ1P6hxXAdhaygXen1lR0NAMNi4K4H5pn1KDCeRpuxAhJZsQnq5dxp0",

  "kty": "RSA",

  "use": "sig"

}



Public key:

{

  "alg": "RS256",

  "e": "AQAB",

  "n": "kWkuetDiodUI-0jZ2KpmwOMJ7jsnO8qG8ChMs7ax3xXKIr5g5K0axWtXm1HwA5OJRE-OyVHfJkda6xVgTFaV1AhWP8Zp7KL_Oq-moKRe5-BtahHpFJe7HZ1P6hxXAdhaygXen1lR0NAMNi4K4H5pn1KDCeRpuxAhJZsQnq5dxp0",

  "kty": "RSA",

  "use": "sig"

}

To create a 256-bit symmetric key with algorithm HS256 and key id of "myKey", you'd do:

  java -jar target/json-web-key-generator-0.1-SNAPSHOT-jar-with-dependencies.jar -t oct -s 256

Which outputs something like:

Full key:

{

  "kty": "oct",

  "use": "sig",

  "k": "CsoV5LeX6S3RRlLr-hk0_VyIuTOWyovMPbU2UmbphME"

}

It doesn't do EC keys yet because I don't know the Java Magic needed to make such a thing happen, but I'd be happy to have someone help out with that with a pull request.

Hopefully people find this utility useful. I've got a few features I'm planning to add (write output to files, Java GUI with dropdowns for options), but this is a minimally-useful set of functionality.

 -- Justin