CODEWITHSUNDEEP
javacryptographyrsajwt
Ryan Leach
Ryan Leach

Reputation: 4470

How can I generate a RSA key for use with com.auth0 java-jwt?

https://github.com/auth0/java-jwt

States that setting up the algorithm for JWT should be as simple as

//RSA
RSAPublicKey publicKey = //Get the key instance
RSAPrivateKey privateKey = //Get the key instance
Algorithm algorithmRS = Algorithm.RSA256(publicKey, privateKey);

The problem is I can't work out how to create an RSAPublicKey and RSAPrivateKey instance without touching the filesystem.

  1. It should be secure.
  2. It shouldn't create the key on the file system, as I plan on storing it via another method.

Normally this is the sort of thing I'd guess at until I get right, but considering it's cryptography I want to do the right thing.

keygen = KeyPairGenerator.getInstance("RSA");
        RSAKeyGenParameterSpec spec = new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4); //What does F4 mean vs F0?
            keygen.initialize(spec);
            KeyPair keypair = keygen.generateKeyPair();
            PublicKey pub = keypair.getPublic(); //Wrong type, need RSAPublicKey
            PrivateKey priv = keypair.getPrivate(); //Wrong type, need RSAPrivateKey

Upvotes: 5

Views: 3104

Answers (1)

pedrofb
pedrofb

Reputation: 39241

You can directly cast the public and private keys to RSAPublicKey and RSAPrivateKey because you are using a RSA KeyPairGenerator

RSAPublicKey rsaPublicKey = (RSAPublicKey) keypair.getPublic();
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keypair.getPrivate();

You can get the key content using key.getEncoded(); (no cast needed) and store it as a byte array any way you like

Upvotes: 4

Related Questions