Generate x5c certificate chain from JWK

About

Asked 6/6, 2019 at 10:23 Answered 6/6, 2019 at 14:38

I am using nimbus-jose-jwt 5.14 and I generated RSA key pair with the following code

    KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
    gen.initialize(2048);
    KeyPair keyPair = gen.generateKeyPair();
    JWK jwk = new RSAKey.Builder((RSAPublicKey)keyPair.getPublic())
        .privateKey((RSAPrivateKey)keyPair.getPrivate())
        .keyUse(KeyUse.SIGNATURE)
        .keyID(UUID.randomUUID().toString())
        .build();

Now I need to expone some "metadata" about the public key:

How can I obtain x5c ? Is it possible to generate X509 certificate with this library? This field is null:

if (jwk.getX509CertChain() == null)

Benco answered 6/6, 2019 at 10:23 Comment(1)

Related #74537770 – Cinerarium 13/7, 2023 at 18:41

You have generated a key pair, not a certificate. A certificate contains a public key but it is not derived from it, so you can't get a certificate directly from the public key.

To verify a JWT the recipient only needs the public key, so publishing the x5c is in fact unnecesary for this purpose

If you really want to publish a certificate, I suggest to generate it with OpenSSL and import the public key in your code to get the JWK parameters

openssl req -x509 -newkey rsa:2048 -keyout key.pem  -days 365 -out certificate.pem

Schultz answered 6/6, 2019 at 14:38 Comment(1)

How can I generate a certificate with other tools? – Benco 6/6, 2019 at 14:51

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags