Swiftpack.co - Package - gtaban/JWKTransform

JWKTransform

Library to convert keys of JWK format to more popular formats such as PEM. Right now only works for RSA and outputs PEM PKCS#8 format.

Build Instructions

swift build -Xlinker -L/usr/local/opt/openssl/lib -Xcc -I/usr/local/opt/openssl/include

To build in Xcode:

swift package generate-xcodeproj

Go to targets -> build settings -> search for user paths add to Header Search Paths /usr/local/opt/openssl/include add to Library Search Paths /usr/local/opt/openssl/lib

✨ Build magic ✨

Usage

Can use either the JWK string or the JWK RSA components as initializer input.

let key = try RSAKey(jwk: token)

where

init(jwk: String) throws

or

let key = try RSAKey(n: mod, e: expE, d: expD)

where

init(n: String, e: String, d: String? = nil,
			p: String? = nil, q: String? = nil,
			dp: String? = nil, dq: String? = nil,
			qi: String? = nil) throws


- parameter n: Base64 URL encoded string representing the `modulus` of the RSA Key.
- parameter e: Base64 URL encoded string representing the `public exponent` of the RSA Key.
- parameter d: Base64 URL encoded string representing the `private exponent` of the RSA Key.
- parameter p: Base64 URL encoded string representing the `secret prime factor` of the RSA Key.
- parameter q: Base64 URL encoded string representing the `secret prime factor` of the RSA Key.
- parameter dp: Base64 URL encoded string representing the `first factor CRT exponent` of the RSA Key. `d mod (p-1)`
- parameter dq: Base64 URL encoded string representing the `second factor CRT exponent` of the RSA Key. `d mod (q-1)`
- parameter qi: Base64 URL encoded string representing the `first CRT coefficient` of the RSA Key. `q^-1 mod p`

Once initialized, can extract public and private keys as PEM format using PKCS#8 encoding.

let key = try RSAKey(jwk: token)

let publicPem = try key.getPublicKey(certEncoding.pemPkcs8)
let privatePem = try key.getPublicKey(certEncoding.pemPkcs8)

Comparing with OpenSSL generated RSA keys

public key: This library should produce the public key that OpenSSL generates.

private key: RSA private key only requires q but RSA operations are generally much faster when the rest of the values above are provided. The OpenSSL generated RSA private key files includes these values. Therefore if not all private paramters are provided, then the produced private key might not be an exact match to the original OpenSSL generated.

What's a JWK

JSON Web Key (JWK) defined in https://tools.ietf.org/html/rfc7517

Example JWK:

{
	"kty": "RSA",			// key type
	"alg": "RS256",     	// algorithm for the key
	"use": "sig",        	// how the key is meant to be used. For this example, sig represents signature.
	"x5c": [            	// x.509 certificate chain
	"MIIC+DCCAe..="
	],
	// n = modulus and e = exponent for a standard PEM. Both are base64url encoded
    "n": "AJ+E8O4KJ...ltU=",
	"e": "AQAB",
	"kid": "NjVB...TM2Qg",    		// unique identifier for the key
	"x5t": "NjVB...TM2Qg"        	// thumbprint of x.509 cert (SHA-1 thumbprint)
}

Github

link
Stars: 0
Help us keep the lights on

Used By

Total: 0