Sample code for 30+ languages & platforms
Delphi DLL

Compute JWK Thumbprint for RSA and EC Private Keys

See more ECC Examples

Demonstrates how to compute a JSON Web Key thumbprint for a private key (RSA or ECC).

Note: This example requires Chilkat v9.5.0.66 or greater.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, PrivateKey, StringBuilder;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
privKey: HCkPrivateKey;
sbPem: HCkStringBuilder;
bCrlf: Boolean;

begin
success := False;

privKey := CkPrivateKey_Create();

// A private key can be loaded from any format (binary DER, PEM, etc.)
// This example will load the private keys from PEM format, 
// and will then compute the JWK thumbprint.

// First do it for this RSA private key...

sbPem := CkStringBuilder_Create();
bCrlf := True;
CkStringBuilder_AppendLine(sbPem,'-----BEGIN RSA PRIVATE KEY-----',bCrlf);
CkStringBuilder_AppendLine(sbPem,'Proc-Type: 4,ENCRYPTED',bCrlf);
CkStringBuilder_AppendLine(sbPem,'DEK-Info: DES-EDE3-CBC,2E65118E6C7B5207',bCrlf);
CkStringBuilder_AppendLine(sbPem,'',bCrlf);
CkStringBuilder_AppendLine(sbPem,'7cYUTW4ZBdmVZ4ILB08hcTdm5ib0E0zcy+I7pHpNQfJHtI7BJ4omys5S19ufJPBJ',bCrlf);
CkStringBuilder_AppendLine(sbPem,'IzYjeO7oTVqI37F6EUmjZqG4WVE2UQbQDkosZbZN82O4Ipu1lFAPEbwjqePMKufz',bCrlf);
CkStringBuilder_AppendLine(sbPem,'snSQHKfnbyyDPEVNlJbs19NXC8v6g+pQay5rH/I6N2iBxgsTmuemZ54EhNQMZyEN',bCrlf);
CkStringBuilder_AppendLine(sbPem,'R/CiheArWEH9H8/4hd2gc9Tb2s0MwGHILL4kbbNm5tp3xw4ik7OYWNrj3m+nG6Xb',bCrlf);
CkStringBuilder_AppendLine(sbPem,'vKXh2xEanAZAyMXTqDJTHdn7/CEqusQPJjZGV+Mf1kjKu7p4qcXFnIXP5ILnTW7b',bCrlf);
CkStringBuilder_AppendLine(sbPem,'lHoWC4eweDzKOMRzXmbABEVSUvx2SmPl4TcoC5L1SCAHEmZaKbaY7S5l53u6gl0f',bCrlf);
CkStringBuilder_AppendLine(sbPem,'ULuQbt7Hr3THznlNFKkGT1/yVNt2QOm1emZd55LaNe8E7XsNSlhl0grYQ+Ue8Jba',bCrlf);
CkStringBuilder_AppendLine(sbPem,'x85OapltVjxM9wVCwbgFyi04ihdKHo9e+uYKeTGKv0hU5O7HEH1ev6t/s2u/UG6h',bCrlf);
CkStringBuilder_AppendLine(sbPem,'TqEsYrVp0CMHpt5uAF6nZyK6GZ/CHTxh/rz1hADMofem59+e6tVtjnPGA3EjnJT8',bCrlf);
CkStringBuilder_AppendLine(sbPem,'BMOw/D2QIDxjxj2GUzz+YJp50ENhWrL9oSDkG2nzv4NVL77QIy+T/2/f4PgokUDO',bCrlf);
CkStringBuilder_AppendLine(sbPem,'QJjIfxPWE40cHGHpnQtZvEPoxP0H3T0YhmEVwuJxX3uaWOY/8Fa1c7Ln0SwWdfV5',bCrlf);
CkStringBuilder_AppendLine(sbPem,'gYvJV8o6c3sumcq1O3agPDlHC5O4IxG7AZQ8CHRDyASogzfkY6P579ZOGYaO4al7',bCrlf);
CkStringBuilder_AppendLine(sbPem,'WA1YIpsHs3/1f4SByMuWe0NVkFfvXckjpqGrBQpTmqQzk6baa0VQ0cwU3XlkwHac',bCrlf);
CkStringBuilder_AppendLine(sbPem,'WB/fQ4jylwFzZDcp5JAo53n6aU72zgNvDlGTNKwdXXZI5U3JPocH0AiZgFFWYJLd',bCrlf);
CkStringBuilder_AppendLine(sbPem,'63PJLDnjyE3i6XMVlxifXKkXVv0RYSz+ByS7Oz9aCgnQhNU8ycv+UxtfkPQih5zE',bCrlf);
CkStringBuilder_AppendLine(sbPem,'/0Y2EEFknajmFJpNXczzF8OEzaswmR0AOjcCiklZKRf61rf5faJxJhhqKEEBJuL6',bCrlf);
CkStringBuilder_AppendLine(sbPem,'oodDVRk3OGU1yQSBazT8nK3V+e6FMo3tWkra2BXFCD+pKxTy014Cp59S1w6F1Fjt',bCrlf);
CkStringBuilder_AppendLine(sbPem,'WX7eMWSLWfQ56j2kLMBHq5gb2arqlqH3fsYOTD3TNjCYF3Sgx309kVPuOK5vw61P',bCrlf);
CkStringBuilder_AppendLine(sbPem,'pnL/LN3iGY42WR+9lfAyNN2qj9zvwKwscyYs5+DPQoPmcPcVGc3v/u66bLcOGbEU',bCrlf);
CkStringBuilder_AppendLine(sbPem,'OlGa/6gdD4GCp5E4fP/7GbnEY/PW2abquFhGB+pVdl3/4+1U/8kItlfWNZoG4FhE',bCrlf);
CkStringBuilder_AppendLine(sbPem,'gjMd7glmrdFiNJFFpf5ks1lVXGqJ4mZxqtEZrxUEwciZjm4V27a+E2KyV9NnksZ6',bCrlf);
CkStringBuilder_AppendLine(sbPem,'xF4tGPKIPsvNTV5o8ZqjiacxgbYmr2ywqDXKCgpU/RWSh1sLapqSQqbH/w0MquUj',bCrlf);
CkStringBuilder_AppendLine(sbPem,'VhVX0RMYH/foKtjagZf/KO1/mnCITl86treIdachGgR4wr/qqMjrpPUaPLCRY3JQ',bCrlf);
CkStringBuilder_AppendLine(sbPem,'00XUP1Mu6YPE0SnMYAVxZheqKHly3a1pg4Xp7YWlM671oUORs3+VENfnbIxgr+2D',bCrlf);
CkStringBuilder_AppendLine(sbPem,'TiJT9PxwpfK53Oh7RBSWHJZRuAdLUXE8DG+bl0N/QkJM6pFUxTI1AQ==',bCrlf);
CkStringBuilder_AppendLine(sbPem,'-----END RSA PRIVATE KEY-----',bCrlf);

// The actual password for the above PEM is "passwd".
success := CkPrivateKey_LoadEncryptedPem(privKey,CkStringBuilder__getAsString(sbPem),'passwd');
if (success <> True) then
  begin
    Memo1.Lines.Add(CkPrivateKey__lastErrorText(privKey));
    Exit;
  end;

// Generate the JWK thumbprint:
Memo1.Lines.Add('JWK thumbprint: ' + CkPrivateKey__getJwkThumbprint(privKey,'SHA256'));

// Output:
// JWK thumbprint: QzUpUAW1Y5iksGxq3r1o3JMROR6D7FLwvRlHmDQVg0I

// --------------------------------------------------------------
// Now let's do an EC private key.  The following is an unencrypted PEM containing a 384-bit EC key..
CkStringBuilder_Clear(sbPem);
CkStringBuilder_AppendLine(sbPem,'-----BEGIN PRIVATE KEY-----',bCrlf);
CkStringBuilder_AppendLine(sbPem,'MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAamStb0Xep3y3sWw2u',bCrlf);
CkStringBuilder_AppendLine(sbPem,'SSAdUPkgQ9Rvhlnx8XEVOYy2teh69T0on77ja02m03n8t8WhZANiAARUNSar38Rz',bCrlf);
CkStringBuilder_AppendLine(sbPem,'lKPyZFsNSGUanzpNRth0C+MikVEH8FAlDHMMpAs34dyF4IK0uxgbiEe9bQ+ieLrl',bCrlf);
CkStringBuilder_AppendLine(sbPem,'6xwFR0yaTivuwoyXC+ScGUnwnpaXmid6UUgw4ypbneHsaKuZ9JLdMAo=',bCrlf);
CkStringBuilder_AppendLine(sbPem,'-----END PRIVATE KEY-----',bCrlf);

success := CkPrivateKey_LoadPem(privKey,CkStringBuilder__getAsString(sbPem));
if (success <> True) then
  begin
    Memo1.Lines.Add(CkPrivateKey__lastErrorText(privKey));
    Exit;
  end;

// Generate the JWK thumbprint:
Memo1.Lines.Add('JWK thumbprint: ' + CkPrivateKey__getJwkThumbprint(privKey,'SHA256'));

// Output:
// JWK thumbprint: ABAUUfNSONFsZYvZ_o_0bsPT3qeG3jttXB09VC_ETWQ

CkPrivateKey_Dispose(privKey);
CkStringBuilder_Dispose(sbPem);

end;