diff --git a/.gitignore b/.gitignore index 8bfa23615..e0a77459d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,13 +1,16 @@ .DS_Store node_modules /dist +signature.bin +*.pem +verified.txt *~ # local env files .env.local .env.*.local -# Log files +# Log filesopenssl dgst -sha256 -verify public.pem -signature <(echo -n "$signature") "$signing_input" npm-debug.log* yarn-debug.log* yarn-error.log* diff --git a/openssl_signing_console.rst b/openssl_signing_console.rst index db13f041b..83139ef5b 100644 --- a/openssl_signing_console.rst +++ b/openssl_signing_console.rst @@ -1,3 +1,7 @@ +Prerequisits: + +jq + You can create a JWT using a library or by encoding the header and payload base64Url and signing it with a secret using a ES256K algorithm. Here is an example of how you can create a JWT using the jq and openssl command line utilities: Here is an example of how you can use openssl to sign a JWT with the ES256K algorithm: diff --git a/openssl_signing_console.sh b/openssl_signing_console.sh new file mode 100755 index 000000000..acdda6893 --- /dev/null +++ b/openssl_signing_console.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +openssl ecparam -name secp256k1 -genkey -noout -out private.pem +openssl ec -in private.pem -pubout -out public.pem + +header='{"alg":"ES256K", "issuer": "", "typ":"JWT"}' + +payload='{"@context": "http://schema.org", "@type": "PlanAction", "identifier": "did:ethr:0xb86913f83A867b5Ef04902419614A6FF67466c12", "name": "Test", "description": "Me"}' + +header_b64=$(echo -n "$header" | jq -c -M . | tr -d '\n') +payload_b64=$(echo -n "$payload" | jq -c -M . | tr -d '\n') + +signing_input="$header_b64.$payload_b64" + +echo -n "$signing_input" | openssl dgst -sha256 -sign private.pem -out signature.bin + +# Read binary signature from file and encode it to Base64 URL-Safe format +signature_b64=$(base64 -w 0 < signature.bin | tr -d '=' | tr '+' '-' | tr '/' '_') + +# Construct the JWT +jwt="$signing_input.$signature_b64" + +openssl dgst -sha256 -verify public.pem -signature signature.bin -out verified.txt <(echo -n "$signing_input") + +