Distributing Keys
This is not a bug or enhancement. But i can't stop my self from asking here. I am developing a backend application where I am in a position to provide SDKs to developers to use my service. JWT is really helpful and this library is really cool. But what i could not figure out is if create RSA key per client, how can i distribute the private/public key with the developers? Ofcourse i have an admin panel where they could come and get their private key, but i could see the only way to convert RSA key into sting is base64 encoded. Is there a better way i could convert RSA keys and share with the developers?
One more way just came in my mind is, can I write SDK in a way that it make an handshake with the server and get the private key over HTTPS? Please advice.
Comments (8)
-
repo owner -
reporter This is really helpful and this is what I am looking for. Thanks a lot.
-
repo owner Glad it was helpful.
-
Thanks for example, it's extremely helpful. The only thing which is not yet clear to me is following: how can I generate correct key for particular algorithmId? For example, if I'm going to use HS256 for signing and verification of JWS with alg set to "HS256", I need key which will be suitable for this purpose. How can I generate such key? Some kind of factory class would be extremely convenient for such a purpose.
-
repo owner OctetSequenceJsonWebKey.generateJwk(256) should do it
-
Sorry, I've found no such method. And I did mean something like
PublicJsonWebKey jwk = JwkGenerator.generateJwk(AlgorithmIdentifiers.HMAC_SHA256);
-
repo owner Sorry, I messed up that reply. The generateJwk is on OctJwkGenerator not OctetSequenceJsonWebKey. i.e.:
OctetSequenceJsonWebKey jwk = OctJwkGenerator.generateJwk(256); // (both in org.jose4j.jwk package)
OctetSequenceJsonWebKey is the subclass of JsonWebKey that's for symmetric keys. See https://tools.ietf.org/html/rfc7518#section-6.4
BTW, HMAC is a symmetric algorithm (shared secret) so something that produces a PublicJsonWebKey like that wouldn't make sense.
-
I see. Thanks for help.
- Log in to comment
I don't think I'm really in a position to design key distribution for your situation.
I will say that JSON Web Key (JWK) provides a nice way to represent keys as strings using JSON. And the library has support for working with JWKs. Some quick examples: