1

I have the following code, utilising the node-jose library from Cisco:

const jose = require('node-jose');

async function initialize() {
  // 1
  const keystore = jose.JWK.createKeyStore();

  // 2
  const props = {
    use: 'sig',
    alg: 'RS256',
  };
  const publicKey = await keystore.generate("RSA", 2048, props);
  console.log(publicKey);

  // 3
  const payload = Buffer.from(JSON.stringify({
    "sub": "1234567890",
    "name": "Nick",
    "role": "role",
    "iat": 1516239022
  }));
  const signOpts = {
    format: 'compact'
  };

  const token = await jose.JWS.createSign({
      alg: 'RS256',
      format: 'flattened',
    }, publicKey)
    .update(payload)
    .final();

  console.log(token);
}

initialize();

Quick explanation of how I believe the above to work:

  1. Creates a keystore,
  2. Creates the key,
  3. Signs the key.

However, the output I'm getting at step 2 is as follows:

JWKBaseKeyObject {
  keystore: JWKStore {},
  length: 2048,
  kty: 'RSA',
  kid: 'pbYnpbZf5l6u5TohyLN4Ofs0BB8xvSDYUjI3Z_ITenI',
  use: 'sig',
  alg: 'RS256'
}

And at step 3, it outputs the following:

{
  payload: 'eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ik5pY2siLCJyb2xlIjoicm9sZSIsImlhdCI6MTUxNjIzOTAyMn0',
  signatures: [
    {
      protected: 'eyJhbGciOiJSUzI1NiIsImtpZCI6Ik9OVGNvSXlaYjEwLUhOdmFnNnIxa1lVS282WVlielJqNDM4V182WXZJam8ifQ',
      signature: 'vwUT7iohRYFSde5WQin-86yKjgu5BCVdoKXydNR-X5vsWebk5IUoPvufb6ZJdWcK2zipVGtmOFJhKoslpUfZo4qNqYYMKEfzNwaiFNbUmoF8oCGfMtXIbjhKVnlQIKZCErGTbuB2EF63ifscJtvzmpRKfoPqeR10dOGkX0ME7x0rhior4b9p2p8ZU5ZUuvwlUe3u-iac5HDMC4gMTmUm13Rgbu05f25teZsqBSkCItoJAaeIrhZGQKvi-UeeuK8E1DIvhxOf_7She-E4lo_Umzyxm9JOptaFI6C8foTUGlyHVj0dyLbDE3-JhOe7P75Xgrfembg8JD2E5IHrRnlNdg'
    }
  ]
}

I'll be honest, at this point I'm rather lost. What I was expecting was something similar to this example JWKS as a final output, but I don't really understand how to use the output from step 3 to get to something similar to the example.

Can anybody explain what I should do to finally get the x5c and x5t properties?

Just in case the above is an XY problem, what I'm trying to do is create a JWKS file from scratch, so that I can use the jwksUri, as shown in the example for the jwks-rsa package. Ideally, I'd like to either produce the certificates using node-jose or something else that could be extended in the future for programmatic key rotation in Node.js

Nick Bull
  • 9,518
  • 6
  • 36
  • 58

0 Answers0