Topic: Json WEB Key (JWK) RFC7517

IS there any support for converting between the wolf native keys and signatures and the formats
documented in this RFC?


Re: Json WEB Key (JWK) RFC7517

Hi pbreed,

We do not directly support generating a JSON web key, but we do support generating keys, exporting their components and encoding them as base64.  After following these steps, you will need to handle creating the JSON and adding the base64-encoded components to this JSON.

For RSA:
1)  Generate an RSA key using wc_MakeRsaKey: … makersakey
2)  Export the RSA key using wc_RsaFlattenPublicKey (n/e only for public key) or wc_RsaExportKey (all components for public + private key): … npublickey

For ECC:
1)  Generate an ECC key using wc_ecc_make_key: … c_make_key
2)  Export the ECC key using wc_ecc_export_public_raw/wc_ecc_export_private_raw.

Now base64 encode each component using Base64_Encode_NoNl: … ncode_nonl

Then you will need to create the appropriate JSON and add these components.



Re: Json WEB Key (JWK) RFC7517

I've already done that in ECDSA with:

        wc_ecc_export_public_raw(& AccountKey, qx, &qxlen,qy, &qylen);

and the signature with:

     mp_int ri; // destination for r component of signature.
     mp_int si; // destination for s component of signature.
     mp_init(&ri); // initialize r component
     mp_init(&si); // initialize s component
     wc_ret |= wc_ecc_sign_hash_ex(hash, hash_len,&rng, &AccountKey,&ri,&si);

     uint8_t dbuf[64];
     uint32_t rsiz=32;
     uint32_t ssiz=32;

     wc_export_int(&ri,dbuf,(word32 *)&rsiz,32,WC_TYPE_UNSIGNED_BIN);
     wc_export_int(&si,dbuf+32,(word32 *)&ssiz,32,WC_TYPE_UNSIGNED_BIN);

Just did not want to duplicate work if you guys were going to build a library...
Making an ACME client work... its mostly working, just have to clean it up...