I need a JSON Web Key for my client to access the IRS E-services system.
The following fields are required in the JWK: kid, kty, use, n, e, x5t, x5c.
The kty field should be equal to "RSA".
I want to do self-signed. I get an error exception with everything I have tried.
I was in the same boat but I got it working now.
Go to https://mkjwk.org/ make an RSA key with
Size: 2048,
Key Use: Signature
Algorithm: RS256: RSA
Key ID: Specify : 20190607
Show X.509 : Yes
Hit generate.
Take the "Public and Private Keypair Set" json remove all but kty, kid, use, n, e
Take contents of "Self-Signed Certificate"
Remove -----BEGIN CERTIFICATE-----
Remove -----END CERTIFICATE-----
Remove all Whitespace
add this to the json as x5c:["cert_code_here"]
add the sha1("cert_code_here") to the json as x5t (Note this is NOT base 64 encoded like it should be according to other JWK consumers)
Should end up with something like this
{
"keys": [
{
"kty": "RSA",
"kid": "20190607",
"use": "sig",
"n": "z2f8T5IoWF9g5PjitDKswQy6o4ohIWspl_dO6iRNBl4MHxBetqBdkRDGJJjcLHzbPj5pOh_-WMo3r3P8kuTrc0dZLzqWhgCx7TCyvQKTDJuwV_lgrGAlO47OrnZgkhJpgRmZTXxfszmtRjKhkGJh4hPU7v-EamVABt7MuAWPkkuEl2hoZKY8z_NwMQgMj6hDcvTNYDp7v3KLwoZO9w_VzWp02RnEkeX7P3yVnXlHntenQsaEDFW20GjU4bsCqAlkA-QRQA9ZrUKABspG6yVvWoulimqdCoqb0msEPeOm9qfseFRK9cqh3_TxTbb63zOiwYD0Hjp3meaC9GqLEjpAVw",
"e": "AQAB",
"x5c": [
"MIICpDCCAYygAwIBAgIGAX3oe21MMA0GCSqGSIb3DQEBCwUAMBMxETAPBgNVBAMMCDIwMTkwNjA3MB4XDTIxMTIyMzE4MDkwMloXDTIyMTAxOTE4MDkwMlowEzERMA8GA1UEAwwIMjAxOTA2MDcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPZ\/xPkihYX2Dk+OK0MqzBDLqjiiEhaymX907qJE0GXgwfEF62oF2REMYkmNwsfNs+Pmk6H\/5Yyjevc\/yS5OtzR1kvOpaGALHtMLK9ApMMm7BX+WCsYCU7js6udmCSEmmBGZlNfF+zOa1GMqGQYmHiE9Tu\/4RqZUAG3sy4BY+SS4SXaGhkpjzP83AxCAyPqENy9M1gOnu\/covChk73D9XNanTZGcSR5fs\/fJWdeUee16dCxoQMVbbQaNThuwKoCWQD5BFAD1mtQoAGykbrJW9ai6WKap0KipvSawQ946b2p+x4VEr1yqHf9PFNtvrfM6LBgPQeOneZ5oL0aosSOkBXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGJ6NAfjvRxg58KOKzMWZGEWi0F16EsnYhKyCQ3ntzQc5iiviUxigwT0C3TJQDtk6CJJKNEpK2cw4KuB2pQfMEWrxAKssNMwNZ0XOO+mvlEYQU8tKfWOQ7YYw1xlgc5lGVKS1cHeC7caXFr0eGaklLENp59k34pnQXyD\/IZBUjjaxcJlvmJ35\/Y+JoeSYx\/AJAcxEYqUEetqkcLyrZjd+dkQjH8Zk9LEOrrPTLdNe\/IlrGkJXmquRe0smBtsAkHiSe0RNgUOf\/jQbgliSfd80cV50r+dgJuv1FcrCEH+RzbVYWp7aV\/ilxWEJ2F3Ma8MHR3Zw4DQraZKixHji9uZGYk="
],
"x5t": "e692b7ac2080e0ec363aa83aa8f6e2c7e164b985"
}
]
}
OR use this PHP I wrote
<?php
if ( isset( $_POST[ 'ppk' ] ) ) {
$ppk = $_POST[ 'ppk' ];
} else {
$ppk = '';
}
if ( isset( $_POST[ 'ssc' ] ) ) {
$ssc = $_POST[ 'ssc' ];
} else {
$ssc = '';
}
echo "<form method='post'>";
echo "Public and Private Keypair<br>";
echo "<textarea cols=90 rows=10 id='ppk' name='ppk'>" . $ppk . '</textarea>';
echo "<hr>";
echo "Self-Signed Certificate<br>";
echo "<textarea cols=90 rows=10 id='ssc' name='ssc'>" . $ssc . '</textarea>';
echo "<br><button type='submit' />Go</button>";
echo "</form>";
if ( isset( $_POST[ 'ppk' ] ) && isset( $_POST[ 'ssc' ] ) ) {
$ja = json_decode( $ppk, true );
$ssc = str_replace( "-----BEGIN CERTIFICATE-----", '', $ssc );
$ssc = str_replace( "-----END CERTIFICATE-----", '', $ssc );
$ssc = str_replace( "\n", '', $ssc );
$ssc = str_replace( "\r", '', $ssc );
$ssc = trim( $ssc );
$jaoo = array( );
$jaoo[ 'keys' ] = array( );
$jaoo[ 'keys' ][ 'kty' ] = $ja[ 'kty' ];
$jaoo[ 'keys' ][ 'kid' ] = $ja[ 'kid' ];
$jaoo[ 'keys' ][ 'use' ] = $ja[ 'use' ];
$jaoo[ 'keys' ][ 'n' ] = $ja[ 'n' ];
$jaoo[ 'keys' ][ 'e' ] = $ja[ 'e' ];
$jaoo[ 'keys' ][ 'x5c' ] = array(
$ssc
);
$jaoo[ 'keys' ][ 'x5t' ] = sha1( $ssc );
$jaoo[ 'keys' ] = array(
$jaoo[ 'keys' ]
);
$rawo = json_encode( $jaoo, JSON_PRETTY_PRINT );
echo "<textarea cols=250 rows=20>";
echo print_r( $rawo, true );
echo "</textarea>";
}
