mirror of
https://github.com/Luzifer/nginx-sso.git
synced 2025-01-06 13:06:01 +00:00
36 lines
1.1 KiB
Markdown
36 lines
1.1 KiB
Markdown
|
# JWK Key Generator
|
||
|
|
||
|
The `jwk-keygen` command line utility generates keypairs used for asymmetric
|
||
|
encryption and signing algorithms in JSON Web Key (JWK) format.
|
||
|
|
||
|
## Usage
|
||
|
|
||
|
The utility requires specification of both desired algorithm (`alg`) and key
|
||
|
usage (`use`) to remind that same keypair should never be used both for
|
||
|
encryption and signing.
|
||
|
|
||
|
Algorithms are selected via the `--alg` flag, which influence the `alg` header.
|
||
|
For JWE (`--use=enc`), `--alg` specifies the key management algorithm (e.g.
|
||
|
`RSA-OAEP`). For JWS (`--use=sig`), `--alg` specifies the signature algorithm
|
||
|
(e.g. `PS256`).
|
||
|
|
||
|
Output file is determined by specified usage, algorithm and Key ID, e.g.
|
||
|
`jwk-keygen --use=sig --alg=RS512 --kid=test` produces files
|
||
|
`jwk_sig_RS512_test` and `jwk_sig_RS512_test.pub`. Keys are sent to stdout when
|
||
|
no Key ID is specified: neither pre-defined nor random one.
|
||
|
|
||
|
## Examples
|
||
|
|
||
|
### RSA 2048
|
||
|
|
||
|
Generate RSA/2048 key for encryption and output to stdout.
|
||
|
|
||
|
jwk-keygen --use enc --alg RSA-OAEP
|
||
|
|
||
|
### Custom key length
|
||
|
|
||
|
Generate RSA/4096 key for signing and store to files.
|
||
|
|
||
|
jwk-keygen --use sig --alg RS256 --bits 4096 --kid test
|
||
|
|