Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Code Issues Releases Wiki Activity
libwebsockets/minimal-examples/crypto/minimal-crypto-jwk
History
Andy Green f7149e90c2 cc0: align dedication to CC0 FAQ recommended format 
https://libwebsockets.org/pipermail/libwebsockets/2019-April/007937.html

thanks to Bruce Perens for noting it.

This doesn't change the intention or status of the CC0 files, they were
pure CC0 before (ie, public domain) and they are pure CC0 now.  It just
gets rid of the (C) part at the top of the dedication which may be read
to be a bit contradictory since the purpose is to make it public domain.
2019-05-02 09:29:01 +01:00
..
CMakeLists.txt jwe 2018-12-27 06:45:32 +08:00
main.c cc0: align dedication to CC0 FAQ recommended format 2019-05-02 09:29:01 +01:00
README.md jwk: crypto tool: add --alg commandline arg 2019-01-27 16:08:34 +08:00

README.md

lws minimal example for JWK

Demonstrates how to generate and format any kind of supported new random JWK keys.

The full private key is output to stdout, a version of the key with the private part removed and some metadata adapted can be saved to a file at the same time using --public <file>. In the public form, key_ops and use elements are adjusted to remove activities that require a private key.

Key elements are output in strict RFC7638 lexicographic order as required by some applications.

Keys produced with openssl and mbedtls backends are completely interchangeable.

build

 $ cmake . && make

usage

Commandline option Meaning
-d Debug verbosity in decimal, eg, -d15
-t RSA, OCT or EC
-b For RSA and OCT, key size in bits
-v For EC keys, the curve, eg, "P-384"... this implies the key bits
--kid "ID string" Key identity string
--use "use[ use]" Key use restriction (mutually exclusive with --key-ops): sig, enc
--alg Specify the algorithm the key is designed for, eg "RSA1_5"
--key-ops "op[ op]" Key valid operations (mutually exclusive with --use): sign, verify, encrypt, decrypt, wrapKey, unwrapKey, deriveKey, deriveBits
-c Format the jwk as a linebroken C string
--public Only output the full, private key, not the public version first

For legibility the example uses -c, however this

 $ ./lws-crypto-jwk -t EC -v P-256 --key-ops "sign verify" --public mykey.pub
[2018/12/18 20:19:29:6972] USER: LWS JWK example
[2018/12/18 20:19:29:7200] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off
[2018/12/18 20:19:29:7251] NOTICE: lws_jwk_generate: generating ECDSA key on curve P-256
{"crv":"P-256","d":"eMKM_S4BTL2aiebZLqvxglufV2YX4b3_32DesgEUOaM","key_ops":["sign","verify"],"kty":"EC","x":"OWauiGGtJ60ZegtqlwETQlmO1exTZdWbT2VbUs4a1hg","y":"g_eNOlqPecbguVQArL6Fd4T5xZthBgipNCBypXubPos"}

The output in mykey.pub is:

{"crv":"P-256","key_ops":["verify"],"kty":"EC","x":"OWauiGGtJ60ZegtqlwETQlmO1exTZdWbT2VbUs4a1hg","y":"g_eNOlqPecbguVQArL6Fd4T5xZthBgipNCBypXubPos"}

Notice the logging goes out on stderr, the key data goes on stdout.