1*1c60b9acSAndroid Build Coastguard Worker# lws minimal example for JWK 2*1c60b9acSAndroid Build Coastguard Worker 3*1c60b9acSAndroid Build Coastguard WorkerDemonstrates how to generate and format any kind of supported new random JWK keys. 4*1c60b9acSAndroid Build Coastguard Worker 5*1c60b9acSAndroid Build Coastguard WorkerThe full private key is output to stdout, a version of the key with the private 6*1c60b9acSAndroid Build Coastguard Workerpart removed and some metadata adapted can be saved to a file at the same time 7*1c60b9acSAndroid Build Coastguard Workerusing `--public <file>`. In the public form, `key_ops` and `use` elements are 8*1c60b9acSAndroid Build Coastguard Workeradjusted to remove activities that require a private key. 9*1c60b9acSAndroid Build Coastguard Worker 10*1c60b9acSAndroid Build Coastguard WorkerKey elements are output in strict RFC7638 lexicographic order as required by 11*1c60b9acSAndroid Build Coastguard Workersome applications. 12*1c60b9acSAndroid Build Coastguard Worker 13*1c60b9acSAndroid Build Coastguard WorkerKeys produced with openssl and mbedtls backends are completely interchangeable. 14*1c60b9acSAndroid Build Coastguard Worker 15*1c60b9acSAndroid Build Coastguard Worker## build 16*1c60b9acSAndroid Build Coastguard Worker 17*1c60b9acSAndroid Build Coastguard Worker``` 18*1c60b9acSAndroid Build Coastguard Worker $ cmake . && make 19*1c60b9acSAndroid Build Coastguard Worker``` 20*1c60b9acSAndroid Build Coastguard Worker 21*1c60b9acSAndroid Build Coastguard Worker## usage 22*1c60b9acSAndroid Build Coastguard Worker 23*1c60b9acSAndroid Build Coastguard WorkerCommandline option|Meaning 24*1c60b9acSAndroid Build Coastguard Worker---|--- 25*1c60b9acSAndroid Build Coastguard Worker-d <loglevel>|Debug verbosity in decimal, eg, -d15 26*1c60b9acSAndroid Build Coastguard Worker-t <type>|RSA, OCT or EC 27*1c60b9acSAndroid Build Coastguard Worker-b <bits>|For RSA and OCT, key size in bits 28*1c60b9acSAndroid Build Coastguard Worker-v <curve>|For EC keys, the curve, eg, "P-384"... this implies the key bits 29*1c60b9acSAndroid Build Coastguard Worker--kid "ID string"|Key identity string 30*1c60b9acSAndroid Build Coastguard Worker--use "use[ use]"|Key use restriction (mutually exclusive with --key-ops): sig, enc 31*1c60b9acSAndroid Build Coastguard Worker--alg <alg>|Specify the algorithm the key is designed for, eg "RSA1_5" 32*1c60b9acSAndroid Build Coastguard Worker--key-ops "op[ op]"|Key valid operations (mutually exclusive with --use): sign, verify, encrypt, decrypt, wrapKey, unwrapKey, deriveKey, deriveBits 33*1c60b9acSAndroid Build Coastguard Worker-c|Format the jwk as a linebroken C string 34*1c60b9acSAndroid Build Coastguard Worker--public <filepath>|Only output the full, private key, not the public version first 35*1c60b9acSAndroid Build Coastguard Worker 36*1c60b9acSAndroid Build Coastguard WorkerFor legibility the example uses -c, however this 37*1c60b9acSAndroid Build Coastguard Worker 38*1c60b9acSAndroid Build Coastguard Worker``` 39*1c60b9acSAndroid Build Coastguard Worker $ ./lws-crypto-jwk -t EC -v P-256 --key-ops "sign verify" --public mykey.pub 40*1c60b9acSAndroid Build Coastguard Worker[2018/12/18 20:19:29:6972] USER: LWS JWK example 41*1c60b9acSAndroid Build Coastguard Worker[2018/12/18 20:19:29:7200] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off 42*1c60b9acSAndroid Build Coastguard Worker[2018/12/18 20:19:29:7251] NOTICE: lws_jwk_generate: generating ECDSA key on curve P-256 43*1c60b9acSAndroid Build Coastguard Worker{"crv":"P-256","d":"eMKM_S4BTL2aiebZLqvxglufV2YX4b3_32DesgEUOaM","key_ops":["sign","verify"],"kty":"EC","x":"OWauiGGtJ60ZegtqlwETQlmO1exTZdWbT2VbUs4a1hg","y":"g_eNOlqPecbguVQArL6Fd4T5xZthBgipNCBypXubPos"} 44*1c60b9acSAndroid Build Coastguard Worker``` 45*1c60b9acSAndroid Build Coastguard Worker 46*1c60b9acSAndroid Build Coastguard WorkerThe output in `mykey.pub` is: 47*1c60b9acSAndroid Build Coastguard Worker 48*1c60b9acSAndroid Build Coastguard Worker``` 49*1c60b9acSAndroid Build Coastguard Worker{"crv":"P-256","key_ops":["verify"],"kty":"EC","x":"OWauiGGtJ60ZegtqlwETQlmO1exTZdWbT2VbUs4a1hg","y":"g_eNOlqPecbguVQArL6Fd4T5xZthBgipNCBypXubPos"} 50*1c60b9acSAndroid Build Coastguard Worker``` 51*1c60b9acSAndroid Build Coastguard Worker 52*1c60b9acSAndroid Build Coastguard WorkerNotice the logging goes out on stderr, the key data goes on stdout. 53