xref: /aosp_15_r20/external/libwebsockets/minimal-examples/crypto/minimal-crypto-jwk/README.md (revision 1c60b9aca93fdbc9b5f19b2d2194c91294b22281) 
1# lws minimal example for JWK
2
3Demonstrates how to generate and format any kind of supported new random JWK keys.
4
5The full private key is output to stdout, a version of the key with the private
6part removed and some metadata adapted can be saved to a file at the same time
7using `--public <file>`.  In the public form, `key_ops` and `use` elements are
8adjusted to remove activities that require a private key.
9
10Key elements are output in strict RFC7638 lexicographic order as required by
11some applications.
12
13Keys produced with openssl and mbedtls backends are completely interchangeable.
14
15## build
16
17```
18 $ cmake . && make
19```
20
21## usage
22
23Commandline option|Meaning
24---|---
25-d <loglevel>|Debug verbosity in decimal, eg, -d15
26-t <type>|RSA, OCT or EC
27-b <bits>|For RSA and OCT, key size in bits
28-v <curve>|For EC keys, the curve, eg, "P-384"... this implies the key bits
29--kid "ID string"|Key identity string
30--use "use[ use]"|Key use restriction (mutually exclusive with --key-ops): sig, enc
31--alg <alg>|Specify the algorithm the key is designed for, eg "RSA1_5"
32--key-ops "op[ op]"|Key valid operations (mutually exclusive with --use): sign, verify, encrypt, decrypt, wrapKey, unwrapKey, deriveKey, deriveBits
33-c|Format the jwk as a linebroken C string
34--public <filepath>|Only output the full, private key, not the public version first
35
36For legibility the example uses -c, however this
37
38```
39 $ ./lws-crypto-jwk -t EC -v P-256 --key-ops "sign verify" --public mykey.pub
40[2018/12/18 20:19:29:6972] USER: LWS JWK example
41[2018/12/18 20:19:29:7200] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off
42[2018/12/18 20:19:29:7251] NOTICE: lws_jwk_generate: generating ECDSA key on curve P-256
43{"crv":"P-256","d":"eMKM_S4BTL2aiebZLqvxglufV2YX4b3_32DesgEUOaM","key_ops":["sign","verify"],"kty":"EC","x":"OWauiGGtJ60ZegtqlwETQlmO1exTZdWbT2VbUs4a1hg","y":"g_eNOlqPecbguVQArL6Fd4T5xZthBgipNCBypXubPos"}
44```
45
46The output in `mykey.pub` is:
47
48```
49{"crv":"P-256","key_ops":["verify"],"kty":"EC","x":"OWauiGGtJ60ZegtqlwETQlmO1exTZdWbT2VbUs4a1hg","y":"g_eNOlqPecbguVQArL6Fd4T5xZthBgipNCBypXubPos"}
50```
51
52Notice the logging goes out on stderr, the key data goes on stdout.
53