Generate x5c certificate chain from JWK

守給你的承諾、 提交于 2021-01-28 10:52:42

问题


I am using nimbus-jose-jwt 5.14 and I generated RSA key pair with the following code

    KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
    gen.initialize(2048);
    KeyPair keyPair = gen.generateKeyPair();
    JWK jwk = new RSAKey.Builder((RSAPublicKey)keyPair.getPublic())
        .privateKey((RSAPrivateKey)keyPair.getPrivate())
        .keyUse(KeyUse.SIGNATURE)
        .keyID(UUID.randomUUID().toString())
        .build();

Now I need to expone some "metadata" about the public key:

  • e
  • kid
  • kty
  • n
  • use
  • x5c

How can I obtain x5c ? Is it possible to generate X509 certificate with this library? This field is null:

if (jwk.getX509CertChain() == null)

回答1:


You have generated a key pair, not a certificate. A certificate contains a public key but it is not derived from it, so you can't get a certificate directly from the public key.

To verify a JWT the recipient only needs the public key, so publishing the x5c is in fact unnecesary for this purpose


If you really want to publish a certificate, I suggest to generate it with OpenSSL and import the public key in your code to get the JWK parameters

openssl req -x509 -newkey rsa:2048 -keyout key.pem  -days 365 -out certificate.pem


来源:https://stackoverflow.com/questions/56475619/generate-x5c-certificate-chain-from-jwk

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!