Creating a Json Web Key

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Creating a Json Web Key

Angus Robertson - Magenta Systems Ltd
I need to create a Jose JWK from the public part of a private key in a
PEVP_PKEY, with 1.1.0.  

I've done it using the old struct rsa_st from 1.0.2 and
EVP_PKEY_get1_RSA, and then converting the n and e BIGNUMs to binary
(and then to Base64Url).  

This still works in 1.1.0 although rsa_st has more stuff after n and e,
but obviously is not ideal.  I've not yet found any helpers for getting
n and e any other way.  

Is there a better way to build a JWK?

Now need to handle elliptic curve keys as well.

Angus


 

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Creating a Json Web Key

Matt Caswell-2


On 08/02/18 18:17, Angus Robertson - Magenta Systems Ltd wrote:

> I need to create a Jose JWK from the public part of a private key in a
> PEVP_PKEY, with 1.1.0.  
>
> I've done it using the old struct rsa_st from 1.0.2 and
> EVP_PKEY_get1_RSA, and then converting the n and e BIGNUMs to binary
> (and then to Base64Url).  
>
> This still works in 1.1.0 although rsa_st has more stuff after n and e,
> but obviously is not ideal.  I've not yet found any helpers for getting
> n and e any other way.

RSA_get0_key()?

https://www.openssl.org/docs/man1.1.0/crypto/RSA_get0_key.html

Matt


>
> Is there a better way to build a JWK?
>
> Now need to handle elliptic curve keys as well.
>
> Angus
>
>
>  
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Creating a Json Web Key

Angus Robertson - Magenta Systems Ltd
>> I've not yet found any helpers for getting n and e any other way.
> RSA_get0_key()?

Perfect, should have been able to find that myself...

If there an equivalent for EC_GROUP to get x and y?

Angus

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Creating a Json Web Key

Matt Caswell-2


On 08/02/18 19:42, Angus Robertson - Magenta Systems Ltd wrote:
>>> I've not yet found any helpers for getting n and e any other way.
>> RSA_get0_key()?
>
> Perfect, should have been able to find that myself...
>
> If there an equivalent for EC_GROUP to get x and y?

Do you mean for an EC_POINT? If so then:

EC_POINT_get_affine_coordinates_GFp() or
EC_POINT_get_affine_coordinates_GF2m() depending on whether you are
using a prime or binary field based curve.

Matt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Creating a Json Web Key

Angus Robertson - Magenta Systems Ltd
> > If there an equivalent for EC_GROUP to get x and y?
>
> Do you mean for an EC_POINT? If so then:
> EC_POINT_get_affine_coordinates_GFp() or

Thanks, JKW now built for both key types in 1.1.0.  

I guess my function would be useful to others as EVP_PKEY_to_JWK_bio or
something, unfortunately it's not written in C, but pascal.  

Angus

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users