Last active
February 21, 2019 20:17
-
-
Save bencmbrook/3612cf7056728d25215b1ccd2d5e6217 to your computer and use it in GitHub Desktop.
Generate ECDSA JWKs in JWKS keystore using ES384
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Generates an elliptic curve keypair for the purpose of signing JWTs with ECDSA. | |
const jose = require('node-jose'); | |
const fs = require('fs'); | |
const keystore = jose.JWK.createKeyStore(); | |
async function addNewECDSAKey(kid, keystore) { | |
const kty = "EC"; | |
const crv = "P-384"; | |
// https://tools.ietf.org/html/rfc7517#section-4 | |
const options = { | |
kid, | |
alg: 'ES384', | |
use: 'sig' | |
}; | |
await keystore.generate(kty, crv, options); | |
} | |
function writeKeysToFile(keystore) { | |
fs.existsSync('output/') || fs.mkdirSync('output/'); | |
const pub = 'output/jwks.json'; // host this file at https://my-website.com/.well-known/jwks.json | |
fs.writeFileSync(pub, JSON.stringify(keystore.toJSON())); | |
const priv = 'output/jwks-secret.json'; | |
fs.writeFileSync(priv, JSON.stringify(keystore.toJSON(true))); | |
} | |
(async function generateABunchOfKeys() { | |
await addNewECDSAKey('my-first-key', keystore); | |
await addNewECDSAKey('my-second-key', keystore); | |
await addNewECDSAKey('my-third-key', keystore); | |
writeKeysToFile(keystore); | |
})(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment