如何从生成的 ecdsa 密钥填充 jsonwebkey
how to populate a jsonwebkey from a generated ecdsa key
我尝试生成一个 public/private 密钥对,我将用它来对具有 jose4j. I use Elliptic Curve Digital Signature Algorithm
的 JWT 进行数字签名
我的问题是我不知道如何获取表示 edcsa 密钥含义的参数:
- crv
- x
- y
d
KeyPairGenerator g = KeyPairGenerator.getInstance("EC");
ECGenParameterSpec kpgparams = new ECGenParameterSpec("secp256r1");
g.initialize(kpgparams);
KeyPair pair = g.generateKeyPair();
// Instance of signature class with SHA256withECDSA algorithm
Signature ecdsaSign = Signature.getInstance("SHA256withECDSA");
ecdsaSign.initSign(pair.getPrivate());
System.out.println("Private Keys is::" + pair.getPrivate());
System.out.println("Public Keys is::" + pair.getPublic());
JsonWebKeySet jsonWebKeySet = new JsonWebKeySet();
PrivateKey privateKey = pair.getPrivate();
JsonWebKey webKey = new JsonWebKey(privateKey) {
@Override
public String getKeyType() {
// TODO Auto-generated method stub
return "EC";
}
@Override
protected void fillTypeSpecificParams(Map<String, Object> params,
OutputControlLevel outputLevel) {
params.put("use", "sig");
params.put("key_ops", "sign");
params.put("alg", "ES256");
params.put("kid", "kukuPrivateKey");
}
};
jsonWebKeySet.addJsonWebKey(webKey);
System.out.println("aaaa"+jsonWebKeySet.toJson());
经过长时间的努力,我得到了以下结果
private static String createWebKeySet() throws NoSuchAlgorithmException,
InvalidAlgorithmParameterException, InvalidKeyException {
KeyPairGenerator g = KeyPairGenerator.getInstance("EC");
ECGenParameterSpec kpgparams = new ECGenParameterSpec("secp256r1");
g.initialize(kpgparams);
KeyPair pair = g.generateKeyPair();
// Instance of signature class with SHA256withECDSA algorithm
Signature ecdsaSign = Signature.getInstance("SHA256withECDSA");
ecdsaSign.initSign(pair.getPrivate());
System.out.println("Private Keys is::" + pair.getPrivate());
System.out.println("Public Keys is::" + pair.getPublic());
JsonWebKeySet jsonWebKeySet = new JsonWebKeySet();
final ECPrivateKey privateKey = (ECPrivateKey) pair.getPrivate();
final ECPublicKey publicKey = (ECPublicKey) pair.getPublic();
JsonWebKey privateWebKey = new JsonWebKey(privateKey) {
@Override
public String getKeyType() {
// TODO Auto-generated method stub
return "EC";
}
@Override
protected void fillTypeSpecificParams(Map<String, Object> params,
OutputControlLevel outputLevel) {
params.put("use", "sig");
params.put("key_ops", "sign");
//params.put("alg", "ES256");
params.put("kid", "kukuPrivateKey");
ECParameterSpec paramSpec = privateKey.getParams();
params.put("crv", "P-"+paramSpec.getCurve().getField().getFieldSize());
params.put("x", Base64.encode(publicKey.getW().getAffineX().toByteArray()));
params.put("y", Base64.encode(publicKey.getW().getAffineY().toByteArray()));
params.put("d",Base64.encode(privateKey.getS().toByteArray()));
}
};
jsonWebKeySet.addJsonWebKey(privateWebKey);
JsonWebKey publicWebKey = new JsonWebKey(publicKey) {
@Override
public String getKeyType() {
// TODO Auto-generated method stub
return "EC";
}
@Override
protected void fillTypeSpecificParams(Map<String, Object> params,
OutputControlLevel outputLevel) {
params.put("use", "sig");
params.put("key_ops", "verify");
//params.put("alg", "ES256");
params.put("kid", "kukuPublicKey");
ECParameterSpec paramSpec = publicKey.getParams();
params.put("crv", "P-"+paramSpec.getCurve().getField().getFieldSize());
params.put("x", Base64.encode(publicKey.getW().getAffineX().toByteArray()));
params.put("y", Base64.encode(publicKey.getW().getAffineY().toByteArray()));
}
};
jsonWebKeySet.addJsonWebKey(publicWebKey);
return jsonWebKeySet.toJson();
}
您可以直接使用您生成的 public 密钥创建 JsonWebKey,jose4j 将负责参数和编码。
KeyPairGenerator g = KeyPairGenerator.getInstance("EC");
ECGenParameterSpec kpgparams = new ECGenParameterSpec("secp256r1");
g.initialize(kpgparams);
KeyPair keyPair = g.generateKeyPair();
PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(keyPair.getPublic());
jwk.setPrivateKey(keyPair.getPrivate());
jwk.setUse(Use.SIGNATURE);
System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.PUBLIC_ONLY));
System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE)); // to include the private key 'd'
您还可以使用 jose4j 中的 EcJwkGenerator 实用程序生成密钥对并将其包装在 JsonWebKey 中,
EllipticCurveJsonWebKey jwk = EcJwkGenerator.generateJwk(EllipticCurves.P256);
jwk.setUse(Use.SIGNATURE);
System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.PUBLIC_ONLY));
System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE)); // to include the private key 'd'
我尝试生成一个 public/private 密钥对,我将用它来对具有 jose4j. I use Elliptic Curve Digital Signature Algorithm
的 JWT 进行数字签名我的问题是我不知道如何获取表示 edcsa 密钥含义的参数:
- crv
- x
- y
d
KeyPairGenerator g = KeyPairGenerator.getInstance("EC"); ECGenParameterSpec kpgparams = new ECGenParameterSpec("secp256r1"); g.initialize(kpgparams); KeyPair pair = g.generateKeyPair(); // Instance of signature class with SHA256withECDSA algorithm Signature ecdsaSign = Signature.getInstance("SHA256withECDSA"); ecdsaSign.initSign(pair.getPrivate()); System.out.println("Private Keys is::" + pair.getPrivate()); System.out.println("Public Keys is::" + pair.getPublic()); JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(); PrivateKey privateKey = pair.getPrivate(); JsonWebKey webKey = new JsonWebKey(privateKey) { @Override public String getKeyType() { // TODO Auto-generated method stub return "EC"; } @Override protected void fillTypeSpecificParams(Map<String, Object> params, OutputControlLevel outputLevel) { params.put("use", "sig"); params.put("key_ops", "sign"); params.put("alg", "ES256"); params.put("kid", "kukuPrivateKey"); } }; jsonWebKeySet.addJsonWebKey(webKey); System.out.println("aaaa"+jsonWebKeySet.toJson());
经过长时间的努力,我得到了以下结果
private static String createWebKeySet() throws NoSuchAlgorithmException,
InvalidAlgorithmParameterException, InvalidKeyException {
KeyPairGenerator g = KeyPairGenerator.getInstance("EC");
ECGenParameterSpec kpgparams = new ECGenParameterSpec("secp256r1");
g.initialize(kpgparams);
KeyPair pair = g.generateKeyPair();
// Instance of signature class with SHA256withECDSA algorithm
Signature ecdsaSign = Signature.getInstance("SHA256withECDSA");
ecdsaSign.initSign(pair.getPrivate());
System.out.println("Private Keys is::" + pair.getPrivate());
System.out.println("Public Keys is::" + pair.getPublic());
JsonWebKeySet jsonWebKeySet = new JsonWebKeySet();
final ECPrivateKey privateKey = (ECPrivateKey) pair.getPrivate();
final ECPublicKey publicKey = (ECPublicKey) pair.getPublic();
JsonWebKey privateWebKey = new JsonWebKey(privateKey) {
@Override
public String getKeyType() {
// TODO Auto-generated method stub
return "EC";
}
@Override
protected void fillTypeSpecificParams(Map<String, Object> params,
OutputControlLevel outputLevel) {
params.put("use", "sig");
params.put("key_ops", "sign");
//params.put("alg", "ES256");
params.put("kid", "kukuPrivateKey");
ECParameterSpec paramSpec = privateKey.getParams();
params.put("crv", "P-"+paramSpec.getCurve().getField().getFieldSize());
params.put("x", Base64.encode(publicKey.getW().getAffineX().toByteArray()));
params.put("y", Base64.encode(publicKey.getW().getAffineY().toByteArray()));
params.put("d",Base64.encode(privateKey.getS().toByteArray()));
}
};
jsonWebKeySet.addJsonWebKey(privateWebKey);
JsonWebKey publicWebKey = new JsonWebKey(publicKey) {
@Override
public String getKeyType() {
// TODO Auto-generated method stub
return "EC";
}
@Override
protected void fillTypeSpecificParams(Map<String, Object> params,
OutputControlLevel outputLevel) {
params.put("use", "sig");
params.put("key_ops", "verify");
//params.put("alg", "ES256");
params.put("kid", "kukuPublicKey");
ECParameterSpec paramSpec = publicKey.getParams();
params.put("crv", "P-"+paramSpec.getCurve().getField().getFieldSize());
params.put("x", Base64.encode(publicKey.getW().getAffineX().toByteArray()));
params.put("y", Base64.encode(publicKey.getW().getAffineY().toByteArray()));
}
};
jsonWebKeySet.addJsonWebKey(publicWebKey);
return jsonWebKeySet.toJson();
}
您可以直接使用您生成的 public 密钥创建 JsonWebKey,jose4j 将负责参数和编码。
KeyPairGenerator g = KeyPairGenerator.getInstance("EC");
ECGenParameterSpec kpgparams = new ECGenParameterSpec("secp256r1");
g.initialize(kpgparams);
KeyPair keyPair = g.generateKeyPair();
PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(keyPair.getPublic());
jwk.setPrivateKey(keyPair.getPrivate());
jwk.setUse(Use.SIGNATURE);
System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.PUBLIC_ONLY));
System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE)); // to include the private key 'd'
您还可以使用 jose4j 中的 EcJwkGenerator 实用程序生成密钥对并将其包装在 JsonWebKey 中,
EllipticCurveJsonWebKey jwk = EcJwkGenerator.generateJwk(EllipticCurves.P256);
jwk.setUse(Use.SIGNATURE);
System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.PUBLIC_ONLY));
System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE)); // to include the private key 'd'