node-jose
node-jose copied to clipboard
cisco
Generate key with embedded signature
When I run the following:
const jose = require('node-jose');
async function initialize() {
const keystore = jose.JWK.createKeyStore();
const props = {
use: 'sig',
alg: 'RS256',
};
const publicKey = await keystore.generate("RSA", 2048, props)
console.log(publicKey);
}
initialize();
I end up with an output similar to the following:
JWKBaseKeyObject {
keystore: JWKStore {},
length: 2048,
kty: 'RSA',
kid: 'ONTcoIyZb10-HNvag6r1kYUKo6YYbzRj438W_6YvIjo',
use: 'sig',
alg: 'RS256'
}
However, what I would like to generate is something similar to the items in this jwks file.
Is it possible to generate keys with embedded signatures?
The referenced jwks file has embedded X.509 certificates. node-jose does not support creating X.509 certificates itself, but it is possible to get there. Unfortunately, it is very involved:
- Generate the (private) key (like your example)
- Export private key in PEM encoding (
pubkey = key.toPEM(false); privkey = key.toPEM(true)) - Obtain a certificate for the above public key (various mechanisms, depends on your CA)
- Copy cert, stripping whitespace and leading/trailing markers (e.g.,
-----BEGIN CERTIFICATE-----) - re-import public key from (unmodified) cert, and specifying the "x5c" extra:
let publicKey = await jose.JWK.asKey(cert, "pem", { x5c: [certStripped] });
Can you describe the procedure in more detail, I have a code example:
const jose = require('node-jose');
async function initialize() { const keystore = jose.JWK.createKeyStore();
const props = { use: 'sig', alg: 'RS256', }; const key = await keystore.generate("RSA", 2048, props);
const pubkey = key.toPEM(false); const privkey = key.toPEM(true) console.log('key', key, 'pubkey', pubkey, 'privkey', privkey); }
initialize();
How can I get the certificate for the above public key?
