-
Install OpenSSL:
- Linux:
- If you haven't already, install OpenSSL on your Linux system using your package manager. Here are the commands for various package managers:
sudo apt-get update && sudo apt-get install opensslsudo yum install openssl # Red Hat-based systemssudo pacman -S openssl # Arch Linux
- If you haven't already, install OpenSSL on your Linux system using your package manager. Here are the commands for various package managers:
- macOS:
- OpenSSL is typically pre-installed on macOS. If it's not available or you need a newer version, you can install it using Homebrew:
brew install openssl
- OpenSSL is typically pre-installed on macOS. If it's not available or you need a newer version, you can install it using Homebrew:
- Linux:
-
Install jq:
- Linux:
- If you haven't already, install jq on your Linux system using your package manager. Here are the commands for various package managers:
sudo apt-get update && sudo apt-get install jqsudo yum install jq # Red Hat-based systemssudo pacman -S jq # Arch Linux
- If you haven't already, install jq on your Linux system using your package manager. Here are the commands for various package managers:
- macOS:
- If you haven't already, install jq on your macOS system using Homebrew:
brew install jq
- If you haven't already, install jq on your macOS system using Homebrew:
- Linux:
-
Generate X25519 Key (for KEY_AGREEMENT):
- Run the following command to generate the X25519 key:
openssl genpkey -algorithm X25519 -out private_key_x25519.pem
-
Format X25519 Key into JWK:
- Run the following command to format the X25519 key into JWK format:
jq -nR --arg d "$(openssl pkey -inform pem -in private_key_x25519.pem -noout -text | awk '/priv:/{flag=1; next} /pub:/{flag=0} flag' | sed 's/[^0-9A-Fa-f]//g' | xxd -r -p | base64 | tr -d '\n' | tr '+/' '-_' | sed 's/=*$//')" --arg x "$(openssl pkey -inform pem -in private_key_x25519.pem -noout -text | awk '/pub:/{flag=1; next} /priv:/{flag=0} flag' | sed 's/[^0-9A-Fa-f]//g' | xxd -r -p | base64 | tr -d '\n' | tr '+/' '-_' | sed 's/=*$//')" '{kty: "OKP", crv: "X25519", x: $x, d: $d}'
- Run the following command to format the X25519 key into JWK format:
-
Generate Ed25519 Key (for KEY_AUTHENTICATION):
- Run the following command to generate the Ed25519 key:
openssl genpkey -algorithm Ed25519 -out private_key_ed25519.pem
- Run the following command to generate the Ed25519 key:
-
Format Ed25519 Key into JWK:
- Run the following command to format the Ed25519 key into JWK format:
jq -nR --arg d "$(openssl pkey -inform pem -in private_key_ed25519.pem -noout -text | awk '/priv:/{flag=1; next} /pub:/{flag=0} flag' | sed 's/[^0-9A-Fa-f]//g' | xxd -r -p | base64 | tr -d '\n' | tr '+/' '-_' | sed 's/=*$//')" --arg x "$(openssl pkey -inform pem -in private_key_ed25519.pem -noout -text | awk '/pub:/{flag=1; next} /priv:/{flag=0} flag' | sed 's/[^0-9A-Fa-f]//g' | xxd -r -p | base64 | tr -d '\n' | tr '+/' '-_' | sed 's/=*$//')" '{kty: "OKP", crv: "Ed25519", x: $x, d: $d}'
- Run the following command to format the Ed25519 key into JWK format:
These commands will guide you to generate X25519 and Ed25519 keys using OpenSSL and format them into JWK format suitable for use as KEY_AGREEMENT and KEY_AUTHENTICATION keys, respectively.