从JWK生成x5c证书链 [英] Generate x5c certificate chain from JWK
问题描述
我正在使用nimbus-jose-jwt 5.14,并使用以下代码生成了RSA密钥对
I am using nimbus-jose-jwt 5.14 and I generated RSA key pair with the following code
KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
gen.initialize(2048);
KeyPair keyPair = gen.generateKeyPair();
JWK jwk = new RSAKey.Builder((RSAPublicKey)keyPair.getPublic())
.privateKey((RSAPrivateKey)keyPair.getPrivate())
.keyUse(KeyUse.SIGNATURE)
.keyID(UUID.randomUUID().toString())
.build();
现在,我需要讨论一些有关公钥的元数据":
Now I need to expone some "metadata" about the public key:
- e
- 孩子
- kty
- n
- 使用
- x5c
如何获得x5c?是否可以使用此库生成X509证书?此字段为空:
How can I obtain x5c ? Is it possible to generate X509 certificate with this library? This field is null:
if (jwk.getX509CertChain() == null)
推荐答案
您已生成密钥对,而不是证书.证书包含公钥,但它不是从公钥派生的,因此您不能直接从公钥中获取证书.
You have generated a key pair, not a certificate. A certificate contains a public key but it is not derived from it, so you can't get a certificate directly from the public key.
要验证JWT,接收者只需要公用密钥,因此实际上不需要为此发布x5c
To verify a JWT the recipient only needs the public key, so publishing the x5c
is in fact unnecesary for this purpose
如果您真的要发布证书,建议您使用OpenSSL生成该证书,然后将公钥导入代码中以获取JWK参数
If you really want to publish a certificate, I suggest to generate it with OpenSSL and import the public key in your code to get the JWK parameters
openssl req -x509 -newkey rsa:2048 -keyout key.pem -days 365 -out certificate.pem
这篇关于从JWK生成x5c证书链的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!