Sample code for 30+ languages & platforms
DataFlex

How to Generate a JSON Web Key (JWK)

See more JSON Web Signatures (JWS) Examples

Demonstrates how to generate the following types of JSON Web Keys:
  • RSA key pair
  • EC key pair
  • Octet sequence key (HMAC-256)
  • 192-bit AES GCM key

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Handle hoRsa
Key    Handle hoRsaKey
    String sRsaJwkStr
    Handle hoJson
    Variant vPrng
    Handle hoPrng
    Handle hoEcc
    Variant vEcKey
    Handle hoEcKey
    String sEcJwkStr
    Handle hoCrypt
    Handle hoJwkHmac
    Handle hoJwkAes
    String sTemp1

    Move False To iSuccess

    // This requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // ----------------------------------------------
    // Generate an RSA key pair in JWK format.
    // (Examples for generating other key types are shown below...)
    Get Create (RefClass(cComChilkatRsa)) To hoRsa
    If (Not(IsComObjectCreated(hoRsa))) Begin
        Send CreateComObject of hoRsa
    End
    Get Create (RefClass(cComChilkatPrivateKey)) To hoRsaKey
    If (Not(IsComObjectCreated(hoRsaKey))) Begin
        Send CreateComObject of hoRsaKey
    End
    Get pvComObject of hoRsaKey to vRsaKey
    Get ComGenKey Of hoRsa 2048 vRsaKey To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoRsa To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Get ComGetJwk Of hoRsaKey To sRsaJwkStr

    // The string returned is the most compact possible, and therefore it is not
    // very readable.  To pretty-print, load into a JSON object and emit..
    Get Create (RefClass(cComChilkatJsonObject)) To hoJson
    If (Not(IsComObjectCreated(hoJson))) Begin
        Send CreateComObject of hoJson
    End
    Set ComEmitCompact Of hoJson To False
    Get ComLoad Of hoJson sRsaJwkStr To iSuccess
    Get ComEmit Of hoJson To sTemp1
    Showln sTemp1

    // Sample RSA JWK:

    // { 
    //   "kty": "RSA",
    //   "n": "6w1Xpof7gKmytJ3yc_yjI5_K3MvVXnBYBDy5Oh2W6Xqu_fOl3W18SjS2AU5xJrTHlB_j84yQjPyXJh_ixjACK4K4dCSYqlLmn3R7QJ84vnHLIEkqwUICqOHdCBjK5xhMrdZxIhuNlJzbARY-3u9RqjsT3HYTjA6JNHUWTYBBRou4gYGm4cJgvX4uexdikqxnze014RmZMaOV_4MR--WL4G8QfNJ2pRBEXQeKyije89H6M5oTSK7KZqFTIqu9hwNtx2oGpGAIcS0Jv5xVl-hDtwXZNwQJaOxMzLw1nwnb2kMliJa67EabQFrQY_xthQNsfzcHJJlpqYiMprW8wRkzmQ",
    //   "e": "AQAB",
    //   "d": "1_bnXMw-SeYhmxAwb19lqVqtMpdaES5ZwHLmoT4EpbsiQ5T1BfENrMSnoaWoEy8w3Kk8cU7qlY-TdOUBIKWFqOKvhY8GciA_Y6zLfgGNSnYVczGmxfBXr0HvKvxUmWZbNbH9OqBkQnKoSmRdGcp7l1Q2mG4o4ZuNdxRJjKXV0_DTrNLUJzst0hsfoZ6mWUrQcn39XGvvLjz9ySS-DYGI1vli3ayx8jVNuw0rU8UXVs9WmPQLvZO_ZDMhoLEeKsdejnNkUNPAUjqxcSOZRojt4BfCmbt-_1slFb0NsoaqnDVZGezd9J9ocxGuyIWHAJu9GGZEcdaFyiDDs_WA1IS_fQ",
    //   "p": "9dU8f6yOklRcpV6ayVMKpyQ6AMuBTF3rZmB498eAvvTkVG1-upm8IkikTVNpPjEalc82Sxuq8oF4N5x1-F33sgVEoCZG-1WFZTn-rnPnXSALES9hqSaVYEwnh61EiY8ckjBVr9jD2nL1JKdbfgVVeo69-9PdjnKYYDVL8eLNPwM",
    //   "q": "9MX2sW0GyaOsZ86AYe3eG2ZgcgKHvhJa573gih5Jvi2e-Nv-L0EVK29_DA7n0Pjm-gl9zVAsGsMMkphJyEF9QgyUlJ-59XLqWnECS5gO6WZdtHrJxVvcO-_AOrLIxeYnYcwhmaVaxs_UEpqGzupKHCWgf4cfXe49lrIsqGKH4jM",
    //   "dp": "IQgj9uvSxGq9gCL0HXUhC1Bc0tqFZyN_i-QOnQybig0R2R5VVvFtTBYCrbk1fPvQHK0ZGIKBN9CZvK8zUsodjDgU_ofmJcNaBz4BsKM2RVcW5Zo-PyJGFAhnj12CxhEKv8Hq4ZP4zROBSQmLy6Uf1TX05S-Up51SSCshJ0FYXs0",
    //   "dq": "RijsMiUfGfL5OvP85pUI4e-xW1yQThHyzpQlZVGTL5jiBVEBhcfw6ndWAj3Pgp2ljyvjTFNboPwhgW93Tpg-8AytFgDGi605sVzNHJ_kPlBiMZY0eYaAFQn-npSaaecziJu7UdAMugneLsruMycCwRij7Ynsmr7sFmLR3B4J9vM",
    //   "qi": "jZE-a1pa8YjflpCSH5oqp1f6f6I6-hpZcLdamLCoAcjVSIPk86gtXtOFES4411-DqYzYIZM6B_g_SRYY6JpKAOuZ40mmMTlnIEoVf8BHiGl3g6bBAiN1yQGXrwXJsg2OYnocyRA-xWNdcMSSFA52SwEdar2Mmw29qVzxtC1QbpA"
    // }

    // ----------------------------------------------
    // Generate an EC P-256 key pair in JWK format

    Get Create (RefClass(cComChilkatPrng)) To hoPrng
    If (Not(IsComObjectCreated(hoPrng))) Begin
        Send CreateComObject of hoPrng
    End
    Get Create (RefClass(cComChilkatEcc)) To hoEcc
    If (Not(IsComObjectCreated(hoEcc))) Begin
        Send CreateComObject of hoEcc
    End
    Get Create (RefClass(cComChilkatPrivateKey)) To hoEcKey
    If (Not(IsComObjectCreated(hoEcKey))) Begin
        Send CreateComObject of hoEcKey
    End
    Get pvComObject of hoPrng to vPrng
    Get pvComObject of hoEcKey to vEcKey
    Get ComGenKey Of hoEcc "P-256" vPrng vEcKey To iSuccess

    Get ComGetJwk Of hoEcKey To sEcJwkStr
    Get ComLoad Of hoJson sEcJwkStr To iSuccess
    Get ComEmit Of hoJson To sTemp1
    Showln sTemp1

    // Sample EC JWK Key:
    // { 
    //   "kty": "EC",
    //   "crv": "P-256",
    //   "x": "tDeeYABgKEAbWicYPCEEI8sP4SRIhHKcHDW7VqrB4LA",
    //   "y": "J08HOoIZ0rX2Me3bNFZUltfxIk1Hrc8FsLu8VaSxsMI",
    //   "d": "-bqt1T0wNAN8sP5ruycQZRVlMlt3V_dSwlJ60xAX5io"
    // }

    // ----------------------------------------------
    // Octet sequence keys are intended for representing secret keys, such as HMAC keys and AES keys.

    // We'll use crypt to generate a random UUID..
    Get Create (RefClass(cComChilkatCrypt2)) To hoCrypt
    If (Not(IsComObjectCreated(hoCrypt))) Begin
        Send CreateComObject of hoCrypt
    End

    // AES and HMAC keys are simply random arrays of bytes
    // For these, we can just build the JSON directly,
    // with the help of the PRNG object.

    Get Create (RefClass(cComChilkatJsonObject)) To hoJwkHmac
    If (Not(IsComObjectCreated(hoJwkHmac))) Begin
        Send CreateComObject of hoJwkHmac
    End
    Set ComEmitCompact Of hoJwkHmac To False

    // Generate a 256-bit HMAK key (32 bytes)
    Get ComAppendString Of hoJwkHmac "kty" "oct" To iSuccess
    // Give the key an optional ID, which can be anything, even strings as simple as "1", "2", etc.
    Get ComGenerateUuid Of hoCrypt To sTemp1
    Get ComAppendString Of hoJwkHmac "kid" sTemp1 To iSuccess
    // Indicate the intended key alg (optional)
    Get ComAppendString Of hoJwkHmac "alg" "HS256" To iSuccess
    // Generate the actual key bytes
    Get ComGenRandom Of hoPrng 32 "base64url" To sTemp1
    Get ComAppendString Of hoJwkHmac "k" sTemp1 To iSuccess

    Get ComEmit Of hoJwkHmac To sTemp1
    Showln sTemp1

    // Sample HMAC-256 JWK:

    // { 
    //   "kty": "oct",
    //   "kid": "06c2515d-41fb-e436-e405-3abb361f5f7a",
    //   "alg": "HS256",
    //   "k": "wR32w7yiMe5Lhb1vkW2koBpoMxpXTFYuxOYCCIEKjdE"
    // }

    // ----------------------------------------------
    // Now generate a 192-bit (24 byte) key that could be used with AES192GCM

    Get Create (RefClass(cComChilkatJsonObject)) To hoJwkAes
    If (Not(IsComObjectCreated(hoJwkAes))) Begin
        Send CreateComObject of hoJwkAes
    End
    Set ComEmitCompact Of hoJwkAes To False

    Get ComAppendString Of hoJwkAes "kty" "oct" To iSuccess
    Get ComAppendString Of hoJwkAes "kid" "2" To iSuccess
    Get ComGenRandom Of hoPrng 24 "base64url" To sTemp1
    Get ComAppendString Of hoJwkAes "k" sTemp1 To iSuccess

    Get ComEmit Of hoJwkAes To sTemp1
    Showln sTemp1

    // Sample AES key:
    // { 
    //   "kty": "oct",
    //   "kid": "2",
    //   "k": "akAkq-L_ZTZ6-tEIhDUMtU2ENhsEgL-p"
    // }


End_Procedure