我需要一个 JSON 网络密钥供我的客户访问 IRS 电子服务系统。
JWK 中需要以下字段:kid, kty, use, n, e, x5t, x5c.
该kty字段应等于“RSA”。
我想做自签名。我尝试过的所有操作都出现错误异常。
问问题
105 次
1 回答
1
我在同一条船上,但我现在开始工作了。
尺寸:2048,
密钥用途:签名
算法:RS256:RSA
密钥 ID:指定:20190607
显示 X.509:是
点击生成。
取“公钥和私钥对集”json 删除除 kty、kid、use、n、e 之外的所有内容
取“自签名证书”的内容
删除 -----BEGIN CERTIFICATE-----
删除 -----END CERTIFICATE-----
删除所有空格
将此添加到 json 为 x5c:["cert_code_here"]
将 sha1("cert_code_here") 作为 x5t 添加到 json 中(注意这不是 base 64 编码,就像其他 JWK 消费者应该采用的那样)
最终应该是这样的
{
"keys": [
{
"kty": "RSA",
"kid": "20190607",
"use": "sig",
"n": "z2f8T5IoWF9g5PjitDKswQy6o4ohIWspl_dO6iRNBl4MHxBetqBdkRDGJJjcLHzbPj5pOh_-WMo3r3P8kuTrc0dZLzqWhgCx7TCyvQKTDJuwV_lgrGAlO47OrnZgkhJpgRmZTXxfszmtRjKhkGJh4hPU7v-EamVABt7MuAWPkkuEl2hoZKY8z_NwMQgMj6hDcvTNYDp7v3KLwoZO9w_VzWp02RnEkeX7P3yVnXlHntenQsaEDFW20GjU4bsCqAlkA-QRQA9ZrUKABspG6yVvWoulimqdCoqb0msEPeOm9qfseFRK9cqh3_TxTbb63zOiwYD0Hjp3meaC9GqLEjpAVw",
"e": "AQAB",
"x5c": [
"MIICpDCCAYygAwIBAgIGAX3oe21MMA0GCSqGSIb3DQEBCwUAMBMxETAPBgNVBAMMCDIwMTkwNjA3MB4XDTIxMTIyMzE4MDkwMloXDTIyMTAxOTE4MDkwMlowEzERMA8GA1UEAwwIMjAxOTA2MDcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPZ\/xPkihYX2Dk+OK0MqzBDLqjiiEhaymX907qJE0GXgwfEF62oF2REMYkmNwsfNs+Pmk6H\/5Yyjevc\/yS5OtzR1kvOpaGALHtMLK9ApMMm7BX+WCsYCU7js6udmCSEmmBGZlNfF+zOa1GMqGQYmHiE9Tu\/4RqZUAG3sy4BY+SS4SXaGhkpjzP83AxCAyPqENy9M1gOnu\/covChk73D9XNanTZGcSR5fs\/fJWdeUee16dCxoQMVbbQaNThuwKoCWQD5BFAD1mtQoAGykbrJW9ai6WKap0KipvSawQ946b2p+x4VEr1yqHf9PFNtvrfM6LBgPQeOneZ5oL0aosSOkBXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGJ6NAfjvRxg58KOKzMWZGEWi0F16EsnYhKyCQ3ntzQc5iiviUxigwT0C3TJQDtk6CJJKNEpK2cw4KuB2pQfMEWrxAKssNMwNZ0XOO+mvlEYQU8tKfWOQ7YYw1xlgc5lGVKS1cHeC7caXFr0eGaklLENp59k34pnQXyD\/IZBUjjaxcJlvmJ35\/Y+JoeSYx\/AJAcxEYqUEetqkcLyrZjd+dkQjH8Zk9LEOrrPTLdNe\/IlrGkJXmquRe0smBtsAkHiSe0RNgUOf\/jQbgliSfd80cV50r+dgJuv1FcrCEH+RzbVYWp7aV\/ilxWEJ2F3Ma8MHR3Zw4DQraZKixHji9uZGYk="
],
"x5t": "e692b7ac2080e0ec363aa83aa8f6e2c7e164b985"
}
]
}
或者使用我写的这个 PHP
<?php
if ( isset( $_POST[ 'ppk' ] ) ) {
$ppk = $_POST[ 'ppk' ];
} else {
$ppk = '';
}
if ( isset( $_POST[ 'ssc' ] ) ) {
$ssc = $_POST[ 'ssc' ];
} else {
$ssc = '';
}
echo "<form method='post'>";
echo "Public and Private Keypair<br>";
echo "<textarea cols=90 rows=10 id='ppk' name='ppk'>" . $ppk . '</textarea>';
echo "<hr>";
echo "Self-Signed Certificate<br>";
echo "<textarea cols=90 rows=10 id='ssc' name='ssc'>" . $ssc . '</textarea>';
echo "<br><button type='submit' />Go</button>";
echo "</form>";
if ( isset( $_POST[ 'ppk' ] ) && isset( $_POST[ 'ssc' ] ) ) {
$ja = json_decode( $ppk, true );
$ssc = str_replace( "-----BEGIN CERTIFICATE-----", '', $ssc );
$ssc = str_replace( "-----END CERTIFICATE-----", '', $ssc );
$ssc = str_replace( "\n", '', $ssc );
$ssc = str_replace( "\r", '', $ssc );
$ssc = trim( $ssc );
$jaoo = array( );
$jaoo[ 'keys' ] = array( );
$jaoo[ 'keys' ][ 'kty' ] = $ja[ 'kty' ];
$jaoo[ 'keys' ][ 'kid' ] = $ja[ 'kid' ];
$jaoo[ 'keys' ][ 'use' ] = $ja[ 'use' ];
$jaoo[ 'keys' ][ 'n' ] = $ja[ 'n' ];
$jaoo[ 'keys' ][ 'e' ] = $ja[ 'e' ];
$jaoo[ 'keys' ][ 'x5c' ] = array(
$ssc
);
$jaoo[ 'keys' ][ 'x5t' ] = sha1( $ssc );
$jaoo[ 'keys' ] = array(
$jaoo[ 'keys' ]
);
$rawo = json_encode( $jaoo, JSON_PRETTY_PRINT );
echo "<textarea cols=250 rows=20>";
echo print_r( $rawo, true );
echo "</textarea>";
}
于 2021-12-23T18:19:38.817 回答