JWK - nov/json-jwt GitHub Wiki
JSON Web Key (JWK)
Encoding
You can initiate JSON::JWK instance from an instance of
StringHashOpenSSL::PKey::RSAOpenSSL::PKey::EC
JSON::JWK instance generated from String is automatically detected as kty=oct (shared key).
jwk = JSON::JWK.new 'shared-key'
jwk[:kty] # => :oct
jwk[:k] # => 'shared-key'
Hash input is to specify each JWK element directly.
JSON::JWK.new(
kty: :RSA,
e: 'AQAB',
n: 'AK8ppaAGn6N3jDic2...'
) # => RSA public key
OpenSSL::PKey::RSA and OpenSSL::PKey::EC are for kty=RSA and kty=EC, and both public and private key are supported.
private_key = OpenSSL::PKey::RSA.generate(2048)
public_key = private_key.public_key
JSON::JWK.new(private_key) # => JWK including RSA private key components
JSON::JWK.new(public_key)
This gem also defines OpenSSL::PKey::RSA#to_jwk and OpenSSL::PKey::EC#to_jwk.
private_key = OpenSSL::PKey::RSA.generate(2048)
private_key.to_jwk
You can set kid or any extensional attributes by passing option hash as 2nd argument.
If explicit kid isn't given, this gem tries to caluculate JWK thumbprint value and set it as the default kid.
JSON::JWK.new(
private_key,
kid: 'default'
)
If the input is a Hash, put all extensional attributes in the 1st hash.
JSON::JWK.new(
kty: :RSA,
e: 'AQAB',
n: 'AK8ppaAGn6N3jDic2...',
kid: 'default'
)
Decoding
JSON::JWK.new(hash) should works.
If you want convert an JSON::JWK instance to OpenSSL::PKey::RSA or OpenSSL::PKey::EC instance, call JSON::JWK#to_key.
jwk = JSON::JWK.new(
kty: :RSA,
e: 'AQAB',
n: 'AK8ppaAGn6N3jDic2...'
)
jwk.to_key # => OpenSSL::PKey::RSA`
JSON::JWK.decode also does JSON::JWK.new(input).to_key internally for backward compatibility.
Thumbprint
[RFC7638] JSON Web Key (JWK) Thumbprint is also supported.
Just call JSON::JWK#thumbprint.
jwk = JSON::JWK.new public_key
jwk.thumbprint