Skip to content

Instantly share code, notes, and snippets.

Last active September 9, 2024 08:35
Show Gist options
  • Save shu-yusa/213901a5a0902de5ad3f62a61036f4ce to your computer and use it in GitHub Desktop.
Save shu-yusa/213901a5a0902de5ad3f62a61036f4ce to your computer and use it in GitHub Desktop.
Generate private and public keys, and create JWT and JWKs
## Requires openssl, nodejs, jq
"kid": "12345",
"alg": "RS256"
"iss": "",
"sub": "user-id-123",
"aud": "client-app-id-123",
"exp": 1735689600,
"iat": 1563980400
function pack() {
# Remove line breaks and spaces
echo $1 | sed -e "s/[\r\n]\+//g" | sed -e "s/ //g"
if [ ! -f private-key.pem ]; then
# Private and Public keys
openssl genrsa 2048 > private-key.pem
openssl rsa -in private-key.pem -pubout -out public-key.pem
# Base64 Encoding
b64_header=$(pack "$header" | openssl enc -e -A -base64)
b64_payload=$(pack "$payload" | openssl enc -e -A -base64)
signature=$(echo -n $b64_header.$b64_payload | openssl dgst -sha256 -sign private-key.pem | openssl enc -e -A -base64)
# Export JWT
echo $b64_header.$b64_payload.$signature > jwt.txt
# Create JWK from public key
if [ ! -d ./node_modules/pem-jwk ]; then
# A tool to convert PEM to JWK
npm install pem-jwk
jwk=$(./node_modules/.bin/pem-jwk public-key.pem)
# Add additional fields
jwk=$(echo '{"use":"sig"}' $jwk $header | jq -cs add)
# Export JWK
echo '{"keys":['$jwk']}'| jq . > jwks.json
echo "--- JWT ---"
cat jwt.txt
echo -e "\n--- JWK ---"
jq . jwks.json
Copy link

Thanks a lot... I was searching similar script to generate jwks.json. :)

Copy link

@iamcrypticcoder oh, nice to hear my script was helpful to you

Copy link

Thank you so much, this was EXACTLY what I needed <3

Copy link

shu-yusa commented Jul 6, 2022

@whitecyberduck glad to hear that!

Copy link

This script was a perfect starting point, but unfortunately it is not compliant with Adjustments i made were 1) using base64url encoding and 2) adding the -n option for echo in the pack function. Here is the full compliant example:

## Requires openssl, nodejs, jq
## FIXES for compliance
# use base64Url encoding
# use echo -n in pack function

  "kid": "12345",
  "alg": "RS256"
  "iss": "",
  "sub": "user-id-123",
  "aud": "client-app-id-123",
  "exp": 1735689600,
  "iat": 1563980400

function pack() {
  # Remove line breaks and spaces
  echo $1 | sed -e "s/[\r\n]\+//g" | sed -e "s/ //g"

function base64url_encode {
  (if [ -z "$1" ]; then cat -; else echo -n "$1"; fi) |
    openssl base64 -e -A |
      sed s/\\+/-/g |
      sed s/\\//_/g |
      sed -E s/=+$//

# just for debugging
function base64url_decode {
  INPUT=$(if [ -z "$1" ]; then echo -n $(cat -); else echo -n "$1"; fi)
  MOD=$(($(echo -n "$INPUT" | wc -c) % 4))
  PADDING=$(if [ $MOD -eq 2 ]; then echo -n '=='; elif [ $MOD -eq 3 ]; then echo -n '=' ; fi)
  echo -n "$INPUT$PADDING" |
    sed s/-/+/g |
    sed s/_/\\//g |
    openssl base64 -d -A

if [ ! -f private-key.pem ]; then
  # Private and Public keys
  openssl genrsa 2048 > private-key.pem
  openssl rsa -in private-key.pem -pubout -out public-key.pem

# Base64 Encoding
b64_header=$(pack "$header" | base64url_encode)
b64_payload=$(pack "$payload" | base64url_encode)
signature=$(echo -n $b64_header.$b64_payload | openssl dgst -sha256 -sign private-key.pem | base64url_encode)
# Export JWT
echo $b64_header.$b64_payload.$signature > jwt.txt
# Create JWK from public key
if [ ! -d ./node_modules/pem-jwk ]; then
  # A tool to convert PEM to JWK
  npm install pem-jwk
jwk=$(./node_modules/.bin/pem-jwk public-key.pem)
# Add additional fields
jwk=$(echo '{"use":"sig"}' $jwk $header | jq -cs add)
# Export JWK
echo '{"keys":['$jwk']}'| jq . > jwks.json

echo "--- JWT ---"
cat jwt.txt
echo -e "\n--- JWK ---"
jq . jwks.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment