(Classic ASP) How to Generate a JSON Web Key (JWK)

Demonstrates how to generate the following types of JSON Web Keys:

• RSA key pair
• EC key pair
• Octet sequence key (HMAC-256)
• 192-bit AES GCM key

Note: This example requires Chilkat v9.5.0.66 or later.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
' This requires the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.

' ----------------------------------------------
' Generate an RSA key pair in JWK format.
' (Examples for generating other key types are shown below...)
' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Rsa")
set rsa = Server.CreateObject("Chilkat.Rsa")
success = rsa.GenerateKey(2048)
' rsaKey is a Chilkat.PrivateKey
Set rsaKey = rsa.ExportPrivateKeyObj()
rsaJwkStr = rsaKey.GetJwk()

' The string returned is the most compact possible, and therefore it is not
' very readable.  To pretty-print, load into a JSON object and emit..
' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.JsonObject")
set json = Server.CreateObject("Chilkat.JsonObject")
json.EmitCompact = 0
success = json.Load(rsaJwkStr)
Response.Write "<pre>" & Server.HTMLEncode( json.Emit()) & "</pre>"

' Sample RSA JWK:

' { 
'   "kty": "RSA",
'   "n": "6w1Xpof7gKmytJ3yc_yjI5_K3MvVXnBYBDy5Oh2W6Xqu_fOl3W18SjS2AU5xJrTHlB_j84yQjPyXJh_ixjACK4K4dCSYqlLmn3R7QJ84vnHLIEkqwUICqOHdCBjK5xhMrdZxIhuNlJzbARY-3u9RqjsT3HYTjA6JNHUWTYBBRou4gYGm4cJgvX4uexdikqxnze014RmZMaOV_4MR--WL4G8QfNJ2pRBEXQeKyije89H6M5oTSK7KZqFTIqu9hwNtx2oGpGAIcS0Jv5xVl-hDtwXZNwQJaOxMzLw1nwnb2kMliJa67EabQFrQY_xthQNsfzcHJJlpqYiMprW8wRkzmQ",
'   "e": "AQAB",
'   "d": "1_bnXMw-SeYhmxAwb19lqVqtMpdaES5ZwHLmoT4EpbsiQ5T1BfENrMSnoaWoEy8w3Kk8cU7qlY-TdOUBIKWFqOKvhY8GciA_Y6zLfgGNSnYVczGmxfBXr0HvKvxUmWZbNbH9OqBkQnKoSmRdGcp7l1Q2mG4o4ZuNdxRJjKXV0_DTrNLUJzst0hsfoZ6mWUrQcn39XGvvLjz9ySS-DYGI1vli3ayx8jVNuw0rU8UXVs9WmPQLvZO_ZDMhoLEeKsdejnNkUNPAUjqxcSOZRojt4BfCmbt-_1slFb0NsoaqnDVZGezd9J9ocxGuyIWHAJu9GGZEcdaFyiDDs_WA1IS_fQ",
'   "p": "9dU8f6yOklRcpV6ayVMKpyQ6AMuBTF3rZmB498eAvvTkVG1-upm8IkikTVNpPjEalc82Sxuq8oF4N5x1-F33sgVEoCZG-1WFZTn-rnPnXSALES9hqSaVYEwnh61EiY8ckjBVr9jD2nL1JKdbfgVVeo69-9PdjnKYYDVL8eLNPwM",
'   "q": "9MX2sW0GyaOsZ86AYe3eG2ZgcgKHvhJa573gih5Jvi2e-Nv-L0EVK29_DA7n0Pjm-gl9zVAsGsMMkphJyEF9QgyUlJ-59XLqWnECS5gO6WZdtHrJxVvcO-_AOrLIxeYnYcwhmaVaxs_UEpqGzupKHCWgf4cfXe49lrIsqGKH4jM",
'   "dp": "IQgj9uvSxGq9gCL0HXUhC1Bc0tqFZyN_i-QOnQybig0R2R5VVvFtTBYCrbk1fPvQHK0ZGIKBN9CZvK8zUsodjDgU_ofmJcNaBz4BsKM2RVcW5Zo-PyJGFAhnj12CxhEKv8Hq4ZP4zROBSQmLy6Uf1TX05S-Up51SSCshJ0FYXs0",
'   "dq": "RijsMiUfGfL5OvP85pUI4e-xW1yQThHyzpQlZVGTL5jiBVEBhcfw6ndWAj3Pgp2ljyvjTFNboPwhgW93Tpg-8AytFgDGi605sVzNHJ_kPlBiMZY0eYaAFQn-npSaaecziJu7UdAMugneLsruMycCwRij7Ynsmr7sFmLR3B4J9vM",
'   "qi": "jZE-a1pa8YjflpCSH5oqp1f6f6I6-hpZcLdamLCoAcjVSIPk86gtXtOFES4411-DqYzYIZM6B_g_SRYY6JpKAOuZ40mmMTlnIEoVf8BHiGl3g6bBAiN1yQGXrwXJsg2OYnocyRA-xWNdcMSSFA52SwEdar2Mmw29qVzxtC1QbpA"
' }

' ----------------------------------------------
' Generate an EC P-256 key pair in JWK format

' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Prng")
set prng = Server.CreateObject("Chilkat.Prng")
' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Ecc")
set ecc = Server.CreateObject("Chilkat.Ecc")
' ecKey is a Chilkat.PrivateKey
Set ecKey = ecc.GenEccKey("P-256",prng)
If (ecc.LastMethodSuccess <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( ecc.LastErrorText) & "</pre>"
    Response.End
End If

ecJwkStr = ecKey.GetJwk()
success = json.Load(ecJwkStr)
Response.Write "<pre>" & Server.HTMLEncode( json.Emit()) & "</pre>"

' Sample EC JWK Key:
' { 
'   "kty": "EC",
'   "crv": "P-256",
'   "x": "tDeeYABgKEAbWicYPCEEI8sP4SRIhHKcHDW7VqrB4LA",
'   "y": "J08HOoIZ0rX2Me3bNFZUltfxIk1Hrc8FsLu8VaSxsMI",
'   "d": "-bqt1T0wNAN8sP5ruycQZRVlMlt3V_dSwlJ60xAX5io"
' }

' ----------------------------------------------
' Octet sequence keys are intended for representing secret keys, such as HMAC keys and AES keys.

' We'll use crypt to generate a random UUID..
' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Crypt2")
set crypt = Server.CreateObject("Chilkat.Crypt2")

' AES and HMAC keys are simply random arrays of bytes
' For these, we can just build the JSON directly,
' with the help of the PRNG object.

' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.JsonObject")
set jwkHmac = Server.CreateObject("Chilkat.JsonObject")
jwkHmac.EmitCompact = 0

' Generate a 256-bit HMAK key (32 bytes)
success = jwkHmac.AppendString("kty","oct")
' Give the key an optional ID, which can be anything, even strings as simple as "1", "2", etc.
success = jwkHmac.AppendString("kid",crypt.GenerateUuid())
' Indicate the intended key alg (optional)
success = jwkHmac.AppendString("alg","HS256")
' Generate the actual key bytes
success = jwkHmac.AppendString("k",prng.GenRandom(32,"base64url"))

Response.Write "<pre>" & Server.HTMLEncode( jwkHmac.Emit()) & "</pre>"

' Sample HMAC-256 JWK:

' { 
'   "kty": "oct",
'   "kid": "06c2515d-41fb-e436-e405-3abb361f5f7a",
'   "alg": "HS256",
'   "k": "wR32w7yiMe5Lhb1vkW2koBpoMxpXTFYuxOYCCIEKjdE"
' }

' ----------------------------------------------
' Now generate a 192-bit (24 byte) key that could be used with AES192GCM

' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.JsonObject")
set jwkAes = Server.CreateObject("Chilkat.JsonObject")
jwkAes.EmitCompact = 0

success = jwkAes.AppendString("kty","oct")
success = jwkAes.AppendString("kid","2")
success = jwkAes.AppendString("k",prng.GenRandom(24,"base64url"))

Response.Write "<pre>" & Server.HTMLEncode( jwkAes.Emit()) & "</pre>"

' Sample AES key:
' { 
'   "kty": "oct",
'   "kid": "2",
'   "k": "akAkq-L_ZTZ6-tEIhDUMtU2ENhsEgL-p"
' }

%>
</body>
</html>