JWK - nov/json-jwt GitHub Wiki
JSON Web Key (JWK)
Encoding
You can initiate JSON::JWK
instance from an instance of
String
Hash
OpenSSL::PKey::RSA
OpenSSL::PKey::EC
JSON::JWK
instance generated from String
is automatically detected as kty=oct
(shared key).
jwk = JSON::JWK.new 'shared-key'
jwk[:kty] # => :oct
jwk[:k] # => 'shared-key'
Hash
input is to specify each JWK element directly.
JSON::JWK.new(
kty: :RSA,
e: 'AQAB',
n: 'AK8ppaAGn6N3jDic2...'
) # => RSA public key
OpenSSL::PKey::RSA
and OpenSSL::PKey::EC
are for kty=RSA
and kty=EC
, and both public and private key are supported.
private_key = OpenSSL::PKey::RSA.generate(2048)
public_key = private_key.public_key
JSON::JWK.new(private_key) # => JWK including RSA private key components
JSON::JWK.new(public_key)
This gem also defines OpenSSL::PKey::RSA#to_jwk
and OpenSSL::PKey::EC#to_jwk
.
private_key = OpenSSL::PKey::RSA.generate(2048)
private_key.to_jwk
You can set kid
or any extensional attributes by passing option hash as 2nd argument.
If explicit kid
isn't given, this gem tries to caluculate JWK thumbprint value and set it as the default kid
.
JSON::JWK.new(
private_key,
kid: 'default'
)
If the input is a Hash
, put all extensional attributes in the 1st hash.
JSON::JWK.new(
kty: :RSA,
e: 'AQAB',
n: 'AK8ppaAGn6N3jDic2...',
kid: 'default'
)
Decoding
JSON::JWK.new(hash)
should works.
If you want convert an JSON::JWK
instance to OpenSSL::PKey::RSA
or OpenSSL::PKey::EC
instance, call JSON::JWK#to_key
.
jwk = JSON::JWK.new(
kty: :RSA,
e: 'AQAB',
n: 'AK8ppaAGn6N3jDic2...'
)
jwk.to_key # => OpenSSL::PKey::RSA`
JSON::JWK.decode
also does JSON::JWK.new(input).to_key
internally for backward compatibility.
Thumbprint
[RFC7638] JSON Web Key (JWK) Thumbprint is also supported.
Just call JSON::JWK#thumbprint
.
jwk = JSON::JWK.new public_key
jwk.thumbprint