nakwa/jose_cheatsheet.rb

## jose_cheatsheet.rb
#_____________________________________________________________________
#_________(_)_________________ ___________ ____________ _____________
#________  /_  __ \_  ___/  _ \______/ __ `/  _ \_  __ `__ \________
#_______  / / /_/ /(__  )/  __/_____/ /_/ //  __/  / / / / /_______
#______  /  \____//____/ \___/______\__, / \___//_/ /_/ /_/_______
#___/___/__________________________/____/________________________
#################################################################
########################## GENERATE KEY #########################
#################################################################

## PRIVATE Key Creation
private_key = JOSE::JWK.generate_key([:ec, 'P-384'])
# => #<struct JOSE::JWK keys=nil, kty=#<struct JOSE::JWK::KTY_EC key=#<OpenSSL::PKey::EC:0x007fc5d6393c00>>, fields=JOSE::Map[]>

## PRIVATE key to JWK
private_key_jwk = private_key.to_binary
# => "{\"crv\":\"P-384\",\"d\":\"Ox54RnalYpeTLflyKS50las_9IuVsHTiSiVySg2J_tvAIjUjhqz4GvAGtbe8dsx1\",\"kty\":\"EC\",\"x\":\"jWg5K00KIg0nZFmVZO1YiCyN56HIpTrJIPogp6CE5afrQj76TG97-DVxbKwfDWHe\",\"y\":\"6N78OQ_E-kdlyPkGsq6FpBeMKqQs_3VZaQ4yyr3eRWUxvehWKoWCz8OUu5ABdIex\"}"

## PRIVATE Key Fingerprint
private_key_jwk_fingerprint = Digest::SHA256.hexdigest(private_key_jwk)
# => "004acd251aeb5ed7b34b69fb075b74ed9c2e37df551a5121128edd76ee0d60c5"

## PUBLIC Key Export
public_key = private_key.to_public
# => #<struct JOSE::JWK keys=nil, kty=#<struct JOSE::JWK::KTY_EC key=#<OpenSSL::PKey::EC:0x007fc5d72906b8>>, fields=JOSE::Map[]>

## PUBLIC Key JWK
public_key_jwk = public_key.to_binary
# => "{\"crv\":\"P-384\",\"kty\":\"EC\",\"x\":\"jWg5K00KIg0nZFmVZO1YiCyN56HIpTrJIPogp6CE5afrQj76TG97-DVxbKwfDWHe\",\"y\":\"6N78OQ_E-kdlyPkGsq6FpBeMKqQs_3VZaQ4yyr3eRWUxvehWKoWCz8OUu5ABdIex\"}"

## PUBLIC Key Export and Base64 Encode
public_key_jwk_encoded = Base64.urlsafe_encode64(public_key_jwk)
# => "eyJjcnYiOiJQLTM4NCIsImt0eSI6IkVDIiwieCI6ImpXZzVLMDBLSWcwblpGbVZaTzFZaUN5TjU2SElwVHJKSVBvZ3A2Q0U1YWZyUWo3NlRHOTctRFZ4Ykt3ZkRXSGUiLCJ5IjoiNk43OE9RX0Uta2RseVBrR3NxNkZwQmVNS3FRc18zVlphUTR5eXIzZVJXVXh2ZWhXS29XQ3o4T1V1NUFCZElleCJ9"

#################################################################
############################## SIGN #############################
#################################################################

## Identifier (identity) exemple (Base64("identity-1"))
identifier = "aWRlbnRpdHkx"
# => "aWRlbnRpdHkx"

## Signature of the identifier
signature = private_key.sign(identifier)
# => JOSE::SignedMap["payload" => "YVdSbGJuUnBkSGt4", "signature" => "VcBWK-jKiBDAas_e1v36DLzS5DZoUUirMoZZ_WjfEHHbNbZzcuijEnwXJeNwS5AbCJgTOsTpgqclvajgjiKxEgncIxX5hsNJN0TFid_9przi-UTxLD6eaPzk-tM_wnMy", "protected" => "eyJhbGciOiJFUzM4NCJ9"]

## Signature to JSON
signature_json = signature.to_json
# => "[[\"payload\",\"YVdSbGJuUnBkSGt4\"],[\"signature\",\"VcBWK-jKiBDAas_e1v36DLzS5DZoUUirMoZZ_WjfEHHbNbZzcuijEnwXJeNwS5AbCJgTOsTpgqclvajgjiKxEgncIxX5hsNJN0TFid_9przi-UTxLD6eaPzk-tM_wnMy\"],[\"protected\",\"eyJhbGciOiJFUzM4NCJ9\"]]"

## Signature encoding (Base64)
signature_encoded = Base64.urlsafe_encode64(signature_json)
# => "W1sicGF5bG9hZCIsIllWZFNiR0p1VW5Ca1NHdDQiXSxbInNpZ25hdHVyZSIsIlZjQldLLWpLaUJEQWFzX2UxdjM2REx6UzVEWm9VVWlyTW9aWl9XamZFSEhiTmJaemN1aWpFbndYSmVOd1M1QWJDSmdUT3NUcGdxY2x2YWpnamlLeEVnbmNJeFg1aHNOSk4wVEZpZF85cHJ6aS1VVHhMRDZlYVB6ay10TV93bk15Il0sWyJwcm90ZWN0ZWQiLCJleUpoYkdjaU9pSkZVek00TkNKOSJdXQ=="

#################################################################
############################# VERIFY ############################
#################################################################

## PUBLIC KEY Base64 Decode
public_key_jwk = Base64.urlsafe_decode64(public_key_jwk_encoded)
# => "{\"crv\":\"P-384\",\"kty\":\"EC\",\"x\":\"jWg5K00KIg0nZFmVZO1YiCyN56HIpTrJIPogp6CE5afrQj76TG97-DVxbKwfDWHe\",\"y\":\"6N78OQ_E-kdlyPkGsq6FpBeMKqQs_3VZaQ4yyr3eRWUxvehWKoWCz8OUu5ABdIex\"}"

## Import Key in Jose / JWK Object
public_key = JOSE::JWK.from(public_key_jwk)
# => #<struct JOSE::JWK keys=nil, kty=#<struct JOSE::JWK::KTY_EC key=#<OpenSSL::PKey::EC:0x007fc5d633ace0>>, fields=JOSE::Map[]>

## Signature Base64 Decode
signature_decoded = Base64.urlsafe_decode64(signature_encoded)
# => "[[\"payload\",\"YVdSbGJuUnBkSGt4\"],[\"signature\",\"HkKbeKXk43X8SODN2Cn3z3pi2OblR2NlNF27BsKsSfrFEf99zXTd2f5rwiWulYcGLqdfVCrYH2aqc5y4HPlvPZBCCzEJgz34XjXB7KG3YcEYsNRQiUJr48PS3CTXraag\"],[\"protected\",\"eyJhbGciOiJFUzM4NCJ9\"]]"

## Signature to JSON
signature_json = JSON.parse(signature_decoded)
# => [["payload", "YVdSbGJuUnBkSGt4"], ["signature", "VcBWK-jKiBDAas_e1v36DLzS5DZoUUirMoZZ_WjfEHHbNbZzcuijEnwXJeNwS5AbCJgTOsTpgqclvajgjiKxEgncIxX5hsNJN0TFid_9przi-UTxLD6eaPzk-tM_wnMy"], ["protected", "eyJhbGciOiJFUzM4NCJ9"]]

## Verify signature
public_key.verify(signature)
# => [true, "aWRlbnRpdHkx", #<struct JOSE::JWS alg=#<struct JOSE::JWS::ALG_ECDSA digest=OpenSSL::Digest::SHA384>, b64=nil, fields=JOSE::Map[]>]
	#_____________________________________________________________________
	#_________(_)_________________ ___________ ____________ _____________
	#________ /_ __ \_ ___/ _ \______/ __ `/ _ \_ __ `__ \________
	#_______ / / /_/ /(__ )/ __/_____/ /_/ // __/ / / / / /_______
	#______ / \____//____/ \___/______\__, / \___//_/ /_/ /_/_______
	#___/___/__________________________/____/________________________
	#################################################################
	########################## GENERATE KEY #########################
	#################################################################

	## PRIVATE Key Creation
	private_key = JOSE::JWK.generate_key([:ec, 'P-384'])
	# => #<struct JOSE::JWK keys=nil, kty=#<struct JOSE::JWK::KTY_EC key=#<OpenSSL::PKey::EC:0x007fc5d6393c00>>, fields=JOSE::Map[]>

	## PRIVATE key to JWK
	private_key_jwk = private_key.to_binary
	# => "{\"crv\":\"P-384\",\"d\":\"Ox54RnalYpeTLflyKS50las_9IuVsHTiSiVySg2J_tvAIjUjhqz4GvAGtbe8dsx1\",\"kty\":\"EC\",\"x\":\"jWg5K00KIg0nZFmVZO1YiCyN56HIpTrJIPogp6CE5afrQj76TG97-DVxbKwfDWHe\",\"y\":\"6N78OQ_E-kdlyPkGsq6FpBeMKqQs_3VZaQ4yyr3eRWUxvehWKoWCz8OUu5ABdIex\"}"

	## PRIVATE Key Fingerprint
	private_key_jwk_fingerprint = Digest::SHA256.hexdigest(private_key_jwk)
	# => "004acd251aeb5ed7b34b69fb075b74ed9c2e37df551a5121128edd76ee0d60c5"

	## PUBLIC Key Export
	public_key = private_key.to_public
	# => #<struct JOSE::JWK keys=nil, kty=#<struct JOSE::JWK::KTY_EC key=#<OpenSSL::PKey::EC:0x007fc5d72906b8>>, fields=JOSE::Map[]>

	## PUBLIC Key JWK
	public_key_jwk = public_key.to_binary
	# => "{\"crv\":\"P-384\",\"kty\":\"EC\",\"x\":\"jWg5K00KIg0nZFmVZO1YiCyN56HIpTrJIPogp6CE5afrQj76TG97-DVxbKwfDWHe\",\"y\":\"6N78OQ_E-kdlyPkGsq6FpBeMKqQs_3VZaQ4yyr3eRWUxvehWKoWCz8OUu5ABdIex\"}"

	## PUBLIC Key Export and Base64 Encode
	public_key_jwk_encoded = Base64.urlsafe_encode64(public_key_jwk)
	# => "eyJjcnYiOiJQLTM4NCIsImt0eSI6IkVDIiwieCI6ImpXZzVLMDBLSWcwblpGbVZaTzFZaUN5TjU2SElwVHJKSVBvZ3A2Q0U1YWZyUWo3NlRHOTctRFZ4Ykt3ZkRXSGUiLCJ5IjoiNk43OE9RX0Uta2RseVBrR3NxNkZwQmVNS3FRc18zVlphUTR5eXIzZVJXVXh2ZWhXS29XQ3o4T1V1NUFCZElleCJ9"

	#################################################################
	############################## SIGN #############################
	#################################################################

	## Identifier (identity) exemple (Base64("identity-1"))
	identifier = "aWRlbnRpdHkx"
	# => "aWRlbnRpdHkx"

	## Signature of the identifier
	signature = private_key.sign(identifier)
	# => JOSE::SignedMap["payload" => "YVdSbGJuUnBkSGt4", "signature" => "VcBWK-jKiBDAas_e1v36DLzS5DZoUUirMoZZ_WjfEHHbNbZzcuijEnwXJeNwS5AbCJgTOsTpgqclvajgjiKxEgncIxX5hsNJN0TFid_9przi-UTxLD6eaPzk-tM_wnMy", "protected" => "eyJhbGciOiJFUzM4NCJ9"]

	## Signature to JSON
	signature_json = signature.to_json
	# => "[[\"payload\",\"YVdSbGJuUnBkSGt4\"],[\"signature\",\"VcBWK-jKiBDAas_e1v36DLzS5DZoUUirMoZZ_WjfEHHbNbZzcuijEnwXJeNwS5AbCJgTOsTpgqclvajgjiKxEgncIxX5hsNJN0TFid_9przi-UTxLD6eaPzk-tM_wnMy\"],[\"protected\",\"eyJhbGciOiJFUzM4NCJ9\"]]"

	## Signature encoding (Base64)
	signature_encoded = Base64.urlsafe_encode64(signature_json)
	# => "W1sicGF5bG9hZCIsIllWZFNiR0p1VW5Ca1NHdDQiXSxbInNpZ25hdHVyZSIsIlZjQldLLWpLaUJEQWFzX2UxdjM2REx6UzVEWm9VVWlyTW9aWl9XamZFSEhiTmJaemN1aWpFbndYSmVOd1M1QWJDSmdUT3NUcGdxY2x2YWpnamlLeEVnbmNJeFg1aHNOSk4wVEZpZF85cHJ6aS1VVHhMRDZlYVB6ay10TV93bk15Il0sWyJwcm90ZWN0ZWQiLCJleUpoYkdjaU9pSkZVek00TkNKOSJdXQ=="

	#################################################################
	############################# VERIFY ############################
	#################################################################

	## PUBLIC KEY Base64 Decode
	public_key_jwk = Base64.urlsafe_decode64(public_key_jwk_encoded)
	# => "{\"crv\":\"P-384\",\"kty\":\"EC\",\"x\":\"jWg5K00KIg0nZFmVZO1YiCyN56HIpTrJIPogp6CE5afrQj76TG97-DVxbKwfDWHe\",\"y\":\"6N78OQ_E-kdlyPkGsq6FpBeMKqQs_3VZaQ4yyr3eRWUxvehWKoWCz8OUu5ABdIex\"}"

	## Import Key in Jose / JWK Object
	public_key = JOSE::JWK.from(public_key_jwk)
	# => #<struct JOSE::JWK keys=nil, kty=#<struct JOSE::JWK::KTY_EC key=#<OpenSSL::PKey::EC:0x007fc5d633ace0>>, fields=JOSE::Map[]>

	## Signature Base64 Decode
	signature_decoded = Base64.urlsafe_decode64(signature_encoded)
	# => "[[\"payload\",\"YVdSbGJuUnBkSGt4\"],[\"signature\",\"HkKbeKXk43X8SODN2Cn3z3pi2OblR2NlNF27BsKsSfrFEf99zXTd2f5rwiWulYcGLqdfVCrYH2aqc5y4HPlvPZBCCzEJgz34XjXB7KG3YcEYsNRQiUJr48PS3CTXraag\"],[\"protected\",\"eyJhbGciOiJFUzM4NCJ9\"]]"

	## Signature to JSON
	signature_json = JSON.parse(signature_decoded)
	# => [["payload", "YVdSbGJuUnBkSGt4"], ["signature", "VcBWK-jKiBDAas_e1v36DLzS5DZoUUirMoZZ_WjfEHHbNbZzcuijEnwXJeNwS5AbCJgTOsTpgqclvajgjiKxEgncIxX5hsNJN0TFid_9przi-UTxLD6eaPzk-tM_wnMy"], ["protected", "eyJhbGciOiJFUzM4NCJ9"]]

	## Verify signature
	public_key.verify(signature)
	# => [true, "aWRlbnRpdHkx", #<struct JOSE::JWS alg=#<struct JOSE::JWS::ALG_ECDSA digest=OpenSSL::Digest::SHA384>, b64=nil, fields=JOSE::Map[]>]