Sample code for 30+ languages & platforms
C

Compute JWK Thumbprint for RSA and EC Private Keys

See more ECC Examples

Demonstrates how to compute a JSON Web Key thumbprint for a private key (RSA or ECC).

Note: This example requires Chilkat v9.5.0.66 or greater.

Chilkat C Downloads

C
#include <C_CkPrivateKey.h>
#include <C_CkStringBuilder.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkPrivateKey privKey;
    HCkStringBuilder sbPem;
    BOOL bCrlf;

    success = FALSE;

    privKey = CkPrivateKey_Create();

    // A private key can be loaded from any format (binary DER, PEM, etc.)
    // This example will load the private keys from PEM format, 
    // and will then compute the JWK thumbprint.

    // First do it for this RSA private key...

    sbPem = CkStringBuilder_Create();
    bCrlf = TRUE;
    CkStringBuilder_AppendLine(sbPem,"-----BEGIN RSA PRIVATE KEY-----",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"Proc-Type: 4,ENCRYPTED",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"DEK-Info: DES-EDE3-CBC,2E65118E6C7B5207",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"7cYUTW4ZBdmVZ4ILB08hcTdm5ib0E0zcy+I7pHpNQfJHtI7BJ4omys5S19ufJPBJ",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"IzYjeO7oTVqI37F6EUmjZqG4WVE2UQbQDkosZbZN82O4Ipu1lFAPEbwjqePMKufz",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"snSQHKfnbyyDPEVNlJbs19NXC8v6g+pQay5rH/I6N2iBxgsTmuemZ54EhNQMZyEN",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"R/CiheArWEH9H8/4hd2gc9Tb2s0MwGHILL4kbbNm5tp3xw4ik7OYWNrj3m+nG6Xb",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"vKXh2xEanAZAyMXTqDJTHdn7/CEqusQPJjZGV+Mf1kjKu7p4qcXFnIXP5ILnTW7b",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"lHoWC4eweDzKOMRzXmbABEVSUvx2SmPl4TcoC5L1SCAHEmZaKbaY7S5l53u6gl0f",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"ULuQbt7Hr3THznlNFKkGT1/yVNt2QOm1emZd55LaNe8E7XsNSlhl0grYQ+Ue8Jba",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"x85OapltVjxM9wVCwbgFyi04ihdKHo9e+uYKeTGKv0hU5O7HEH1ev6t/s2u/UG6h",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"TqEsYrVp0CMHpt5uAF6nZyK6GZ/CHTxh/rz1hADMofem59+e6tVtjnPGA3EjnJT8",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"BMOw/D2QIDxjxj2GUzz+YJp50ENhWrL9oSDkG2nzv4NVL77QIy+T/2/f4PgokUDO",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"QJjIfxPWE40cHGHpnQtZvEPoxP0H3T0YhmEVwuJxX3uaWOY/8Fa1c7Ln0SwWdfV5",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"gYvJV8o6c3sumcq1O3agPDlHC5O4IxG7AZQ8CHRDyASogzfkY6P579ZOGYaO4al7",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"WA1YIpsHs3/1f4SByMuWe0NVkFfvXckjpqGrBQpTmqQzk6baa0VQ0cwU3XlkwHac",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"WB/fQ4jylwFzZDcp5JAo53n6aU72zgNvDlGTNKwdXXZI5U3JPocH0AiZgFFWYJLd",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"63PJLDnjyE3i6XMVlxifXKkXVv0RYSz+ByS7Oz9aCgnQhNU8ycv+UxtfkPQih5zE",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"/0Y2EEFknajmFJpNXczzF8OEzaswmR0AOjcCiklZKRf61rf5faJxJhhqKEEBJuL6",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"oodDVRk3OGU1yQSBazT8nK3V+e6FMo3tWkra2BXFCD+pKxTy014Cp59S1w6F1Fjt",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"WX7eMWSLWfQ56j2kLMBHq5gb2arqlqH3fsYOTD3TNjCYF3Sgx309kVPuOK5vw61P",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"pnL/LN3iGY42WR+9lfAyNN2qj9zvwKwscyYs5+DPQoPmcPcVGc3v/u66bLcOGbEU",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"OlGa/6gdD4GCp5E4fP/7GbnEY/PW2abquFhGB+pVdl3/4+1U/8kItlfWNZoG4FhE",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"gjMd7glmrdFiNJFFpf5ks1lVXGqJ4mZxqtEZrxUEwciZjm4V27a+E2KyV9NnksZ6",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"xF4tGPKIPsvNTV5o8ZqjiacxgbYmr2ywqDXKCgpU/RWSh1sLapqSQqbH/w0MquUj",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"VhVX0RMYH/foKtjagZf/KO1/mnCITl86treIdachGgR4wr/qqMjrpPUaPLCRY3JQ",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"00XUP1Mu6YPE0SnMYAVxZheqKHly3a1pg4Xp7YWlM671oUORs3+VENfnbIxgr+2D",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"TiJT9PxwpfK53Oh7RBSWHJZRuAdLUXE8DG+bl0N/QkJM6pFUxTI1AQ==",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"-----END RSA PRIVATE KEY-----",bCrlf);

    // The actual password for the above PEM is "passwd".
    success = CkPrivateKey_LoadEncryptedPem(privKey,CkStringBuilder_getAsString(sbPem),"passwd");
    if (success != TRUE) {
        printf("%s\n",CkPrivateKey_lastErrorText(privKey));
        CkPrivateKey_Dispose(privKey);
        CkStringBuilder_Dispose(sbPem);
        return;
    }

    // Generate the JWK thumbprint:
    printf("JWK thumbprint: %s\n",CkPrivateKey_getJwkThumbprint(privKey,"SHA256"));

    // Output:
    // JWK thumbprint: QzUpUAW1Y5iksGxq3r1o3JMROR6D7FLwvRlHmDQVg0I

    // --------------------------------------------------------------
    // Now let's do an EC private key.  The following is an unencrypted PEM containing a 384-bit EC key..
    CkStringBuilder_Clear(sbPem);
    CkStringBuilder_AppendLine(sbPem,"-----BEGIN PRIVATE KEY-----",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAamStb0Xep3y3sWw2u",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"SSAdUPkgQ9Rvhlnx8XEVOYy2teh69T0on77ja02m03n8t8WhZANiAARUNSar38Rz",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"lKPyZFsNSGUanzpNRth0C+MikVEH8FAlDHMMpAs34dyF4IK0uxgbiEe9bQ+ieLrl",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"6xwFR0yaTivuwoyXC+ScGUnwnpaXmid6UUgw4ypbneHsaKuZ9JLdMAo=",bCrlf);
    CkStringBuilder_AppendLine(sbPem,"-----END PRIVATE KEY-----",bCrlf);

    success = CkPrivateKey_LoadPem(privKey,CkStringBuilder_getAsString(sbPem));
    if (success != TRUE) {
        printf("%s\n",CkPrivateKey_lastErrorText(privKey));
        CkPrivateKey_Dispose(privKey);
        CkStringBuilder_Dispose(sbPem);
        return;
    }

    // Generate the JWK thumbprint:
    printf("JWK thumbprint: %s\n",CkPrivateKey_getJwkThumbprint(privKey,"SHA256"));

    // Output:
    // JWK thumbprint: ABAUUfNSONFsZYvZ_o_0bsPT3qeG3jttXB09VC_ETWQ


    CkPrivateKey_Dispose(privKey);
    CkStringBuilder_Dispose(sbPem);

    }