David Michael Gang
Reputation: 7299
how to populate a jsonwebkey from a generated ecdsa key
I try to generate a public/private key pair which i will use for digital signature of a JWT with jose4j. I use Elliptic Curve Digital Signature Algorithm
My problem is that i don't know how to get the parameters representing the edcsa key meaning:
- crv
- x
- y
d
KeyPairGenerator g = KeyPairGenerator.getInstance("EC"); ECGenParameterSpec kpgparams = new ECGenParameterSpec("secp256r1"); g.initialize(kpgparams); KeyPair pair = g.generateKeyPair(); // Instance of signature class with SHA256withECDSA algorithm Signature ecdsaSign = Signature.getInstance("SHA256withECDSA"); ecdsaSign.initSign(pair.getPrivate()); System.out.println("Private Keys is::" + pair.getPrivate()); System.out.println("Public Keys is::" + pair.getPublic()); JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(); PrivateKey privateKey = pair.getPrivate(); JsonWebKey webKey = new JsonWebKey(privateKey) { @Override public String getKeyType() { // TODO Auto-generated method stub return "EC"; } @Override protected void fillTypeSpecificParams(Map<String, Object> params, OutputControlLevel outputLevel) { params.put("use", "sig"); params.put("key_ops", "sign"); params.put("alg", "ES256"); params.put("kid", "kukuPrivateKey"); } }; jsonWebKeySet.addJsonWebKey(webKey); System.out.println("aaaa"+jsonWebKeySet.toJson());
Upvotes: 2
Views: 3725
Answers (2)
Brian Campbell
Reputation: 2461
You can create a JsonWebKey directly with the public key you generated and jose4j will take care of the parameters and encoding.
KeyPairGenerator g = KeyPairGenerator.getInstance("EC");
ECGenParameterSpec kpgparams = new ECGenParameterSpec("secp256r1");
g.initialize(kpgparams);
KeyPair keyPair = g.generateKeyPair();
PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(keyPair.getPublic());
jwk.setPrivateKey(keyPair.getPrivate());
jwk.setUse(Use.SIGNATURE);
System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.PUBLIC_ONLY));
System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE)); // to include the private key 'd'
You can also use the EcJwkGenerator utility in jose4j to generate the key pair and wrap it in a JsonWebKey,
EllipticCurveJsonWebKey jwk = EcJwkGenerator.generateJwk(EllipticCurves.P256);
jwk.setUse(Use.SIGNATURE);
System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.PUBLIC_ONLY));
System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE)); // to include the private key 'd'
Upvotes: 4
David Michael Gang
Reputation: 7299
After struggling with it a long time i got the following
private static String createWebKeySet() throws NoSuchAlgorithmException,
InvalidAlgorithmParameterException, InvalidKeyException {
KeyPairGenerator g = KeyPairGenerator.getInstance("EC");
ECGenParameterSpec kpgparams = new ECGenParameterSpec("secp256r1");
g.initialize(kpgparams);
KeyPair pair = g.generateKeyPair();
// Instance of signature class with SHA256withECDSA algorithm
Signature ecdsaSign = Signature.getInstance("SHA256withECDSA");
ecdsaSign.initSign(pair.getPrivate());
System.out.println("Private Keys is::" + pair.getPrivate());
System.out.println("Public Keys is::" + pair.getPublic());
JsonWebKeySet jsonWebKeySet = new JsonWebKeySet();
final ECPrivateKey privateKey = (ECPrivateKey) pair.getPrivate();
final ECPublicKey publicKey = (ECPublicKey) pair.getPublic();
JsonWebKey privateWebKey = new JsonWebKey(privateKey) {
@Override
public String getKeyType() {
// TODO Auto-generated method stub
return "EC";
}
@Override
protected void fillTypeSpecificParams(Map<String, Object> params,
OutputControlLevel outputLevel) {
params.put("use", "sig");
params.put("key_ops", "sign");
//params.put("alg", "ES256");
params.put("kid", "kukuPrivateKey");
ECParameterSpec paramSpec = privateKey.getParams();
params.put("crv", "P-"+paramSpec.getCurve().getField().getFieldSize());
params.put("x", Base64.encode(publicKey.getW().getAffineX().toByteArray()));
params.put("y", Base64.encode(publicKey.getW().getAffineY().toByteArray()));
params.put("d",Base64.encode(privateKey.getS().toByteArray()));
}
};
jsonWebKeySet.addJsonWebKey(privateWebKey);
JsonWebKey publicWebKey = new JsonWebKey(publicKey) {
@Override
public String getKeyType() {
// TODO Auto-generated method stub
return "EC";
}
@Override
protected void fillTypeSpecificParams(Map<String, Object> params,
OutputControlLevel outputLevel) {
params.put("use", "sig");
params.put("key_ops", "verify");
//params.put("alg", "ES256");
params.put("kid", "kukuPublicKey");
ECParameterSpec paramSpec = publicKey.getParams();
params.put("crv", "P-"+paramSpec.getCurve().getField().getFieldSize());
params.put("x", Base64.encode(publicKey.getW().getAffineX().toByteArray()));
params.put("y", Base64.encode(publicKey.getW().getAffineY().toByteArray()));
}
};
jsonWebKeySet.addJsonWebKey(publicWebKey);
return jsonWebKeySet.toJson();
}
Upvotes: 1
Related Questions
- Create JWT (Json Web Token) with RSA encryption using Java library
- How to generate a JSON Web Key (JWK) in C#
- Decrypting JSONWebToken Using JSONWebKey or JSONWebKeySet in C#
- Failing to create a RS256 jwt key using jsonwebtoken
- Generate JSON web token (JWT) with a private key
- How to convert raw representations of ECDH key pair into a JSON Web Key?
- How do I use Json web key in the instantation of an RSA instance
- Why does my Jose4j JSON Web Key cause this InvalidKeyException?
- Parsing crypto ECDH public key into JWK format to use it with WebCrypto
- Get EllipticCurveJsonWebKey from JSON in Jose4J