Skip to content

Instantly share code, notes, and snippets.

@Kshitij09

Kshitij09/generate_PKCS8-X509_keypair.md

Last active November 8, 2021 21:17
Show Gist options
  • Save Kshitij09/b885dd8d5ed200d1260191e28b95b723 to your computer and use it in GitHub Desktop.
Save Kshitij09/b885dd8d5ed200d1260191e28b95b723 to your computer and use it in GitHub Desktop.
Download ZIP
Guide to generate public-private keypair to be used for Asymmetric JWT Signing with Java
Raw
generate_PKCS8-X509_keypair.md

  1. Generate a 2048-bit RSA private key

    openssl genrsa -out private_key.pem 2048

  2. Convert private Key to PKCS#8 format (so Java can read it)

    openssl pkcs8 -topk8 -inform pem -in private_key.pem -outform der -nocrypt -out private_key.der.pkcs8

  3. Generate self-signed X.509 Certificate using initially generated RSA Private Key (so Java can read it)

    openssl req -new -x509 -key private_key.pem -out public_key.cer -days 1024 -subj '/CN=localhost'

This Certificate file should act as the Public Key that you'll use to validate the JWT tokens; It's a recommended way of storing and communicating the public key.

References

  • Generate PKCS8 key and read it in Java [link]
  • Key storage file format guide [link]
  • Generate X.509 certificate from private key [link]
  • Read Public Key from X.509 Certificate [link]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment