nice stuff Justin!! really :) regards
antonio On Nov 4, 2014, at 3:44 PM, Justin Richer <[email protected]> wrote: > A while ago, I was fed up with creating self-signed X.509 certificates just > to manage the bare keys used in JOSE processing. There's a lot of extraneous > effort that goes into making fake certificate chains that are then dutifully > ignored by the application, especially when the JWK format can hold both > public and private keys natively already. So we switched our apps over to > reading the JWK format instead of X.509, but we still needed something to > securely generate the keys themselves. So I created a commandline Java > application to generate keys in JWK format (based on the NimbusDS JOSE > library): > > https://github.com/mitreid-connect/json-web-key-generator > > It's slightly unwieldy to compile and run but it gets the job done. Last > night, I wrapped that commandline application with a webapp and made it > publicly available: > > https://mkjwk.org/ > > This simple service will generate a JWK in RSA, EC, or Oct (shared secret) > format for you, using Java's cryptographic engine. You can add in the use, > kid, and alg parameters, and the results are formatted into easily-copyable > JSON. It will even wrap the key in a keyset and pull out the public key > separately for you, in case you need those. > > We don't log any of the keys being generated by the service, but to be extra > safe I would still recommend using a local generation mechanism (like the > commandline app above) for production systems. > > Finally, I put the code to the site online in the name of transparency: > > https://github.com/mitreid-connect/mkjwk.org > > I hope that people can find this useful, and we can start moving off of X.509 > for bare key storage in applications. Much thanks to MIT KIT for providing > hosting and support. > > -- Justin > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
