A small Go program using go-jose.v2 to generate an example JWS in the ACME V2 style.

keyidjws.go

package main

import (
	"crypto/rand"
	"crypto/rsa"
	"fmt"
	"os"

	"gopkg.in/square/go-jose.v2"
)

func die(farewell string, args ...interface{}) {
	fmt.Printf(farewell, args...)
	os.Exit(1)
}

func key() *rsa.PrivateKey {
	key, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		die("Failed to generate random RSA key: %q", err.Error())
	}
	return key
}

// dummyNonceSource implements go-jose's NonceSource interface but returns
// a static nonce all the time.
type dummyNonceSource struct{}

func (n dummyNonceSource) Nonce() (string, error) {
	return "1234", nil
}

const (
	keyID   = "http://localhost/reg/1234"
	url     = "http://localhost/some/acme/endpoint"
	payload = "{}"
)

func main() {
	jwk := &jose.JSONWebKey{
		Key:       key(),
		Algorithm: "RSA",
		KeyID:     keyID,
	}

	signerKey := jose.SigningKey{
		Key:       jwk,
		Algorithm: jose.RS256,
	}

	signer, err := jose.NewSigner(signerKey, &jose.SignerOptions{
		NonceSource: dummyNonceSource{},
		ExtraHeaders: map[jose.HeaderKey]interface{}{
			"url": url,
		},
	})
	if err != nil {
		die("Failed to create NewSigner: %q", err.Error())
	}

	jws, err := signer.Sign([]byte(payload))
	if err != nil {
		die("Failed to Sign with signer: %q", err.Error())
	}

	output := jws.FullSerialize()
	fmt.Printf("%s\n", string(output))
}