Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-23 00:00:06 +01:00
Code Issues Releases Wiki Activity
libwebsockets/minimal-examples/crypto/minimal-crypto-jwk
History
Andy Green b3131fdfdd cmakelist: Augean Stables refactor 
Establish a new distributed CMake architecture with CMake code related to
a source directory moving to be in the subdir in its own CMakeLists.txt.
In particular, there's now one in ./lib which calls through to ones
further down the directory tree like ./lib/plat/xxx, ./lib/roles/xxx etc.

This cuts the main CMakelists.txt from 98KB -> 33KB, about a 66% reduction,
and it's much easier to maintain sub-CMakeLists.txt that are in the same
directory as the sources they manage, and conceal all the details that that
level.

Child CMakelists.txt become responsible for:

 - include_directories() definition (this is not supported by CMake
   directly, it passes it back up via PARENT_SCOPE vars in helper
   macros)

 - Addition child CMakeLists.txt inclusion, for example toplevel ->
   role -> role subdir

 - Source file addition to the build

 - Dependent library path resolution... this is now a private thing
   in the child CMakeLists.txt, it just passes back any adaptations
   to include_directories() and the LIB_LIST without filling the
   parent namespace with the details
2020-05-27 08:40:12 +01:00
..
CMakeLists.txt cmakelist: Augean Stables refactor 2020-05-27 08:40:12 +01:00
main.c gencrypto: windows: warnings 2020-04-12 08:39:27 +01:00
README.md jwk: crypto tool: add --alg commandline arg 2019-01-27 16:08:34 +08:00

README.md

lws minimal example for JWK

Demonstrates how to generate and format any kind of supported new random JWK keys.

The full private key is output to stdout, a version of the key with the private part removed and some metadata adapted can be saved to a file at the same time using --public <file>. In the public form, key_ops and use elements are adjusted to remove activities that require a private key.

Key elements are output in strict RFC7638 lexicographic order as required by some applications.

Keys produced with openssl and mbedtls backends are completely interchangeable.

build

 $ cmake . && make

usage

Commandline option Meaning
-d Debug verbosity in decimal, eg, -d15
-t RSA, OCT or EC
-b For RSA and OCT, key size in bits
-v For EC keys, the curve, eg, "P-384"... this implies the key bits
--kid "ID string" Key identity string
--use "use[ use]" Key use restriction (mutually exclusive with --key-ops): sig, enc
--alg Specify the algorithm the key is designed for, eg "RSA1_5"
--key-ops "op[ op]" Key valid operations (mutually exclusive with --use): sign, verify, encrypt, decrypt, wrapKey, unwrapKey, deriveKey, deriveBits
-c Format the jwk as a linebroken C string
--public Only output the full, private key, not the public version first

For legibility the example uses -c, however this

 $ ./lws-crypto-jwk -t EC -v P-256 --key-ops "sign verify" --public mykey.pub
[2018/12/18 20:19:29:6972] USER: LWS JWK example
[2018/12/18 20:19:29:7200] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off
[2018/12/18 20:19:29:7251] NOTICE: lws_jwk_generate: generating ECDSA key on curve P-256
{"crv":"P-256","d":"eMKM_S4BTL2aiebZLqvxglufV2YX4b3_32DesgEUOaM","key_ops":["sign","verify"],"kty":"EC","x":"OWauiGGtJ60ZegtqlwETQlmO1exTZdWbT2VbUs4a1hg","y":"g_eNOlqPecbguVQArL6Fd4T5xZthBgipNCBypXubPos"}

The output in mykey.pub is:

{"crv":"P-256","key_ops":["verify"],"kty":"EC","x":"OWauiGGtJ60ZegtqlwETQlmO1exTZdWbT2VbUs4a1hg","y":"g_eNOlqPecbguVQArL6Fd4T5xZthBgipNCBypXubPos"}

Notice the logging goes out on stderr, the key data goes on stdout.