How to generate a JWK representing a self-signed certificate

1. Create a private key

openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 > private_key.pem

2. Extract the public key from the private key

openssl pkey -pubout -in private_key.pem > public_key.pem

3. Generate a self-signed certificate for the key pair

openssl req -x509 -key private_key.pem -subj /CN=client.example.com -days 1000 > certificate.pem

4. Convert the format of the public key from PEM to JWK

npm install -g eckleseckles public_key.pem > public_key.jwk

5. Generate a JWK including the certificate

CERT=$(sed /-/d certificate.pem | tr -d \\n)jq ".+{\"x5c\":[\"$CERT\"]}" public_key.jwk > pub+cert.jwk

Output: pub+cert.jwk

{
"kty": "EC",
"crv": "P-256",
"x": "btjiy3sbUjxc4LKyDujKCzgh0Nv0WiVgY5k61-ZRUkI",
"y": "Gck9a3RVmUADrHp2XPBOFxb31QIzUk6KtiWU320Qc2s",
"x5c": [
"MIIBjzCCATWgAwIBAgIUeaASdMyJhml/k/PQ46j9f2XJzPQwCgYIKoZIzj0EAwIwHTEbMBkGA1UEAwwSY2xpZW50LmV4YW1wbGUuY29tMB4XDTIyMDYwOTA0MTE1OVoXDTI1MDMwNTA0MTE1OVowHTEbMBkGA1UEAwwSY2xpZW50LmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbtjiy3sbUjxc4LKyDujKCzgh0Nv0WiVgY5k61+ZRUkIZyT1rdFWZQAOsenZc8E4XFvfVAjNSToq2JZTfbRBza6NTMFEwHQYDVR0OBBYEFO4bTj08bx2Xk4SCXcndo4QaMi+yMB8GA1UdIwQYMBaAFO4bTj08bx2Xk4SCXcndo4QaMi+yMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKcCvn43iBxdVzE1JrEfXcEbF9TX6vxwPWyAvCzEHsQjAiBCxSFx59KDRAJys0umzxmpJkWRX1EcJkR1h9tYD8Dn1g=="
]
}

References

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Takahiko Kawasaki

Takahiko Kawasaki

Co-founder and representative director of Authlete, Inc., working as a software engineer since 1997. https://www.authlete.com/