2

我尝试使用jose4j生成一个公钥/私钥对,用于 JWT 的数字签名。我使用椭圆曲线数字签名算法

我的问题是我不知道如何获取代表 edcsa 键含义的参数:

  • crv
  • X
  • 是的

  • d

     KeyPairGenerator g = KeyPairGenerator.getInstance("EC");
 ECGenParameterSpec kpgparams = new ECGenParameterSpec("secp256r1");
 g.initialize(kpgparams);

 KeyPair pair = g.generateKeyPair();
 // Instance of signature class with SHA256withECDSA algorithm
 Signature ecdsaSign = Signature.getInstance("SHA256withECDSA");
 ecdsaSign.initSign(pair.getPrivate());

 System.out.println("Private Keys is::" + pair.getPrivate());
 System.out.println("Public Keys is::" + pair.getPublic());

JsonWebKeySet jsonWebKeySet = new JsonWebKeySet();
PrivateKey privateKey = pair.getPrivate();
JsonWebKey webKey = new  JsonWebKey(privateKey) {

    @Override
    public String getKeyType() {
        // TODO Auto-generated method stub
        return "EC";
    }

    @Override
    protected void fillTypeSpecificParams(Map<String, Object> params,
            OutputControlLevel outputLevel) {
        params.put("use", "sig");
        params.put("key_ops", "sign");
        params.put("alg", "ES256");
        params.put("kid", "kukuPrivateKey");

    }
};
jsonWebKeySet.addJsonWebKey(webKey);
System.out.println("aaaa"+jsonWebKeySet.toJson());
4

2 回答 2

3

您可以使用生成的公钥直接创建 JsonWebKey,而 jose4j 将负责参数和编码。

    KeyPairGenerator g = KeyPairGenerator.getInstance("EC");
    ECGenParameterSpec kpgparams = new ECGenParameterSpec("secp256r1");
    g.initialize(kpgparams);

    KeyPair keyPair = g.generateKeyPair();

    PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(keyPair.getPublic());
    jwk.setPrivateKey(keyPair.getPrivate());
    jwk.setUse(Use.SIGNATURE);

    System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.PUBLIC_ONLY));
    System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE)); // to include the private key 'd'

您还可以使用 jose4j 中的EcJwkGenerator实用程序生成密钥对并将其包装在 JsonWebKey 中,

    EllipticCurveJsonWebKey jwk = EcJwkGenerator.generateJwk(EllipticCurves.P256);
    jwk.setUse(Use.SIGNATURE);

    System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.PUBLIC_ONLY));
    System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE)); // to include the private key 'd'
于 2015-08-03T15:35:16.503 回答
0

在挣扎了很长时间后,我得到了以下信息

    private static String createWebKeySet() throws NoSuchAlgorithmException,

        InvalidAlgorithmParameterException, InvalidKeyException {
    KeyPairGenerator g = KeyPairGenerator.getInstance("EC");
     ECGenParameterSpec kpgparams = new ECGenParameterSpec("secp256r1");
     g.initialize(kpgparams);

     KeyPair pair = g.generateKeyPair();
     // Instance of signature class with SHA256withECDSA algorithm
     Signature ecdsaSign = Signature.getInstance("SHA256withECDSA");
     ecdsaSign.initSign(pair.getPrivate());

     System.out.println("Private Keys is::" + pair.getPrivate());
     System.out.println("Public Keys is::" + pair.getPublic());

    JsonWebKeySet jsonWebKeySet = new JsonWebKeySet();

    final ECPrivateKey privateKey = (ECPrivateKey) pair.getPrivate();
    final ECPublicKey publicKey = (ECPublicKey) pair.getPublic();
    JsonWebKey privateWebKey = new  JsonWebKey(privateKey) {


        @Override
        public String getKeyType() {
            // TODO Auto-generated method stub
            return "EC";
        }

        @Override
        protected void fillTypeSpecificParams(Map<String, Object> params,
                OutputControlLevel outputLevel) {

            params.put("use", "sig");
            params.put("key_ops", "sign");
            //params.put("alg", "ES256");
            params.put("kid", "kukuPrivateKey");
            ECParameterSpec paramSpec = privateKey.getParams();
            params.put("crv", "P-"+paramSpec.getCurve().getField().getFieldSize());

            params.put("x",  Base64.encode(publicKey.getW().getAffineX().toByteArray()));
            params.put("y",  Base64.encode(publicKey.getW().getAffineY().toByteArray()));
            params.put("d",Base64.encode(privateKey.getS().toByteArray()));

        }
    };
    jsonWebKeySet.addJsonWebKey(privateWebKey);



     JsonWebKey publicWebKey = new  JsonWebKey(publicKey) {

            @Override
            public String getKeyType() {
                // TODO Auto-generated method stub
                return "EC";
            }

            @Override
            protected void fillTypeSpecificParams(Map<String, Object> params,
                    OutputControlLevel outputLevel) {

                params.put("use", "sig");
                params.put("key_ops", "verify");
                //params.put("alg", "ES256");
                params.put("kid", "kukuPublicKey");
                ECParameterSpec paramSpec = publicKey.getParams();
                params.put("crv", "P-"+paramSpec.getCurve().getField().getFieldSize());
                params.put("x",  Base64.encode(publicKey.getW().getAffineX().toByteArray()));
                params.put("y",  Base64.encode(publicKey.getW().getAffineY().toByteArray()));

            }
        };
        jsonWebKeySet.addJsonWebKey(publicWebKey);


    return jsonWebKeySet.toJson();
}
于 2015-07-01T06:48:14.547 回答