Table of Contents

Construct JSON Web Key Set

Summary

This document describes how to create JSON Web Key Set for your keystore.

System Requirements

  • Public certificate of keystore, in PEM format

Instruction

  1. Get public certificate for signing JWT Token (in PEM format).

  2. Go to https://8gwifi.org/jwkconvertfunctions.jsp and upload the pem content and generate.

  3. Copy the resulting json. Example:

    {
  "kty": "RSA",
  "e": "AQAB",
  "kid": "7bd27b3f-651f-4d76-83ea-22f15e4564ae",
  "n": "vMlaMKpqX3iqbbooKhR43igvwlYgDHsZ24AmHW6PWrSHNPG9-ZVd-uLk6ZGn7qYAHsU4vV9RjrihDOCioAEEPdbEjyXrs-6-mORDeRzv3RF7bkF29U8GdhRrwxBGnhYoEMjQC8Z1K4Vsn8EnHlN3r-I_kGxqUbl-zH2E-gWW5q1sldPo_5iB6vXXy3KePMH0z4elV6NYhwmEFbZ92RRz-6BbW_8ciYutnbxaq7JxGxZH5kTfrEZoHybQvdI4z724zLFB2ipmIffRaytuntTdk_HMWbB_918doaRNYy_U6Ja1fmEOV3RXyUR3gKBtM1-67be9tpDDgCavnjQaUV13ow"
}

  4. Open the crt and copy the certificate data (without begin and end row). Remove all linebreaks. Make sure there are no spaces.

    Result:

    MIIDxzCCAq+gAwIBAgIQGFAIcaBkJo5KzHO4gNTxsjANBgkqhkiG9w0BAQUFADBuMQswCQYDVQQGEwJTRTEPMA0GA1UECAwGTWFsbcO2MQ8wDQYDVQQHDAZNYWxtw7YxGzAZBgNVBAoMElR1bnN0YWxsIE5vcmRpYyBBQjEMMAoGA1UECwwDVEVTMRIwEAYDVQQDDAlURVMgU2FtbDIwHhcNMTgxMDIzMTEwMTQ0WhcNMzgxMDIzMTExMTQ0WjBuMQswCQYDVQQGEwJTRTEPMA0GA1UECAwGTWFsbcO2MQ8wDQYDVQQHDAZNYWxtw7YxGzAZBgNVBAoMElR1bnN0YWxsIE5vcmRpYyBBQjEMMAoGA1UECwwDVEVTMRIwEAYDVQQDDAlURVMgU2FtbDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpE7Qj+pmxelH0+e4vUxh1hmxe1E4eX6fWnUP3HvCPPE2Q50hIQpcPVIkEnTt6i/cjeQ6naXSCw7KMTD+Q9uoIUj1nS0JRK6PYzPbWmPAej4JC+aO6/vvMVJ26xXCLrHRXT5dCk3KSnimdbBIro1dOZv97fn27eUDxtg/CtR1ws69af0cuyUjn3/fiXBRDh8KMvhYJNgvZ+HzRo197yn0v1ETLUOqQCN8oJgUvuPmtXWil0vv9Ty7OKKuVBbBvAAHl9pYlD9T1NgRsHfYehVwKBmnfDxer8wlAjqld932EIQLSfZB+OStZVPXfGQGdwBBEk6i0ToBDDRFm76SfXl0RAgMBAAGjYTBfMA4GA1UdDwEB/wQEAwIEkDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUS1F2kEKYhSbzsYuZmd3c2VOg+FswDQYJKoZIhvcNAQEFBQADggEBAHMqL25Ee2vEP1WFIZtsJViPFinu9/91CGA0GPwvgdBJISzVI24NaTJAYQ8Tc8tiJz6PD2cDTr6juG9G0Y6P3nGAZNH/c1ur2xiZ0JWpP65C2+p7pU39KUgbpl7q8tzv8mcp4BKmu8HElqFXRUbm8c7fJQcwHNMu4Tu4vG4/iwd/ITuZA/t9d80eTnl1LzzHGse2yK9CgkPnMaV/9QeZLxDGwb2yM1tE/St8GVNynTvSo7tBcwph6hUGhfKnbHM0OMEbxzO6QoPYXYEuLzvSLSTbOcVenG1LXQkDwbD8XzPm6L9rGBc4ukz3uWdUMV/EvromeV5z92xF9BhRDUX0VsU=

    This will be used as the x5c[0] value in the keys file.

  5. Edit the json from point 3.

    Add these params:

      "alg": "RS256",
  "use": "sig",
  "x5c": [
    "<content_from_point_4_above>"
  ]

  6. Validate the resulting json syntax using online tool (such as jsonlint).

OIDC (OpenID Connect)