0

Hi I like to send FCM push notifications from erlang server app. When user subscribe to FCM notification in browser. swRegistration.pushManager.subscribe() need a public key (applicationServerKey).

so to get this key I use openssl and I generate two PEM files private and public keys.

openssl ecparam -name prime256v1 -genkey -noout -out es_private_key.pem   
openssl ec -in es_private_key.pem -pubout -out es_public_key.pem

I know thet you can get private and public keys from firebase console. But the provided keys are not in PEM format and the erlang library that sign JWT this one use PEM file to sign and verify.

{ok, PrivtPem} = file:read_file("path/to/es_private_key.pem"),
Jwt = jwerl:sign([{name, <<"bob">>}], es256, PrivtPem).

So from generated private PEM key I can sign JWT but I need the applicationServerKey in base64 String format to add it in headers and also to subscribe user in browser.

I should convert keys in firebase console to PEMs or convert PEMS to firebase keys format.

I spend two days to try to do this with Erlang.

I found haw to do this in Python I need some thing equivalent in erlang.

raw_pub = vapid.public_key.public_bytes(
                serialization.Encoding.X962,
                serialization.PublicFormat.UncompressedPoint
            )
        print("Application Server Key = {}\n\n".format(
            b64urlencode(raw_pub)))
Gaddour Mohamed
  • 119
  • 2
  • 9

1 Answers1

1

Afters days I found how to do this en Erlang.

First I used a library called base64Url from someone called Vladimir.

Then I used the code used by authors of JWERL and at the end I do base64Url encode of the ECPoint bin content.

Below the erlang code:

pem_to_string()->
{ok, key} = file:read_file("/home/keys/es_public_key.pem"),
 [SPKI] = public_key:pem_decode(Key),
  #'SubjectPublicKeyInfo'{algorithm = Der} = SPKI,
  RealSPKI = public_key:der_decode('SubjectPublicKeyInfo', Der),
  #'SubjectPublicKeyInfo'{
     subjectPublicKey = Octets,
     algorithm = #'AlgorithmIdentifier'{ parameters = Params}
    } = RealSPKI,
  ECPoint = #'ECPoint'{point = Octets}, 
{'ECPoint', Bin} = ECPoint,
base64url:encode(Bin).

I'm not specialist in cryptographic and curved keys I want only to sign push content because Google want this. So this code Gives me the 64 octets base64 encoded public key . I can use this public key in push FCM.

I hope this is useful for someone.

2240
  • 1,547
  • 2
  • 12
  • 30
Gaddour Mohamed
  • 119
  • 2
  • 9