Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue on production. #1

Open
aqshah20 opened this issue Sep 15, 2023 · 1 comment
Open

Issue on production. #1

aqshah20 opened this issue Sep 15, 2023 · 1 comment

Comments

@aqshah20
Copy link

aqshah20 commented Sep 15, 2023
edited
Loading

How to create pem format from json for the production? I have keys in json format.
@jwwb681232
Copy link

@aqshah20
我的方法是在app.js文件里写一个gen-jwksGET方法路由,然后在terminal中得到类似以下字符串

-----BEGIN EC PRIVATE KEY-----                                  
MHcCAQEEIFttQW8HLog4gPR90X6zUxvpqzIc+ATJNZbsfxFCJZ68oAoGCCqGSM49
AwEHoUQDQgAEAFXSiTqDjEHwwdgQRksLo3s+Mzwo/dr6OwAwtfCjFWbc2CaG0Kjw
Fp7N3wmP4b+kyuC5c/I4S25umND91FLRKg==                            
-----END EC PRIVATE KEY-----                                    

-----BEGIN EC PRIVATE KEY-----
MHcCAQEEINFBzXnzZj3moZ3JEgequtezB0Z1czKNHKfAjpXYi30GoAoGCCqGSM49
AwEHoUQDQgAEuSX/hH3tIIa2Hm29C28s4+pzCeQHS1PrKcJ0l1qHX/fc2sfqFZW8
sgquaRjctanK7hFxUUHBVAKe7OJ4TNlhHw==
-----END EC PRIVATE KEY-----

{"keys":[{"kty":"EC","kid":"inCo96FXYYPKC0e3eOWqunNAbkPhuQ6Oc1dJjlIUWXk","crv":"P-256","x":"AFXSiTqDjEHwwdgQRksLo3s-Mzwo_dr6OwAwtfCjFWY","y":"3NgmhtCo8Baezd8Jj-G_pMrguXPyOEtubpjQ_dRS0So","use":"sig","alg":"ES256"},{"kty":"EC","kid":"6qYAQ96uSN2eyx5P086PyFVxTV3lN
EzTRwKCODraMQw","crv":"P-256","x":"uSX_hH3tIIa2Hm29C28s4-pzCeQHS1PrKcJ0l1qHX_c","y":"3NrH6hWVvLIKrmkY3LWpyu4RcVFBwVQCnuzieEzZYR8","use":"enc","alg":"ECDH-ES+A256KW"}]}

以上字符串第一个区块为签名秘钥,第二个区块为加密秘钥。你需要将这两个区块分别存储为相应的pem文件。第三个区块为JWKS。你需要将第三个区块的内容放在公开可访问的URL地址里(Singpass后台的JWKS Endpoint)。

生成以上字符串的代码如下:

只需在terminal里运行npm start,然后浏览器访问http://localhost:3001/gen-jwks就可得到

app.get("/gen-jwks", function (req, res) {
  async function generateKey(){
    let key = crypto.generateKeyPairSync('ec', {
      namedCurve: 'prime256v1',
      publicKeyEncoding: {
        type: 'spki',
        format: 'pem',
      },
      privateKeyEncoding: {
        type: 'pkcs8',
        format: 'pem',
      },
    });
    let cryptoKey = await jose.JWK.asKey(key.privateKey, 'pem');
    console.log(cryptoKey.toPEM(true)); //!important
    return cryptoKey;
  }

  async function generateJwks() {
    //Creating Signing Key
    let signingKey = await generateKey();
    let publicSigningKeyJSON = signingKey.toJSON();

    //Creating Encryption Key
    let encryptionKey = await generateKey();
    let publicEncryptionKeyJSON = encryptionKey.toJSON();

    let jwks = {
      keys: [{...publicSigningKeyJSON,
        ...{use: 'sig'},
        ...{crv: 'P-256'},
        ...{alg: 'ES256'},
      },
        {...publicEncryptionKeyJSON,
          ...{use: 'enc'},
          ...{crv: 'P-256'},
          ...{alg: 'ECDH-ES+A256KW'},
        }]};

    console.log(JSON.stringify(jwks));
  }

  generateJwks();
});

注意

config/config.js 文件里的AUTHORIZE_JWKS_URLMYINFO_JWKS_URL请保持demo里的值不变

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jwwb681232 @aqshah20