1 changed files with 45 additions and 0 deletions
			
			
		| @ -0,0 +1,45 @@ | |||
| You can create a JWT using a library or by encoding the header and payload base64Url and signing it with a secret using a ES256K algorithm. Here is an example of how you can create a JWT using the jq and openssl command line utilities: | |||
| 
 | |||
| Here is an example of how you can use openssl to sign a JWT with the ES256K algorithm: | |||
| 
 | |||
|     Generate an ECDSA key pair using the secp256k1 curve: | |||
| 
 | |||
| openssl ecparam -name secp256k1 -genkey -noout -out private.pem | |||
| openssl ec -in private.pem -pubout -out public.pem | |||
| 
 | |||
|     First, create a header object as a JSON object containing the alg (algorithm) and typ (type) fields. For example: | |||
| 
 | |||
| header='{"alg":"ES256K", "issuer": "", "typ":"JWT"}' | |||
| 
 | |||
|     Next, create a payload object as a JSON object containing the claims you want to include in the JWT. For example schema.org : | |||
| 
 | |||
| payload='{"@context": "http://schema.org", "@type": "PlanAction", "identifier": "did:ethr:0xb86913f83A867b5Ef04902419614A6FF67466c12", "name": "Test", "description": "Me"}' | |||
| 
 | |||
|     Encode the header and payload objects as base64Url strings. You can use the jq command line utility to do this: | |||
| 
 | |||
| header_b64=$(echo -n "$header" | jq -c -M . | tr -d '\n') | |||
| payload_b64=$(echo -n "$payload" | jq -c -M . | tr -d '\n') | |||
| 
 | |||
|     Concatenate the encoded header, payload, and a secret to create the signing input: | |||
| 
 | |||
| signing_input="$header_b64.$payload_b64" | |||
| 
 | |||
|     Create the signature by signing the signing input with a ES256K algorithm and your secret. You can use the openssl command line utility to do this: | |||
| 
 | |||
| signature=$(echo -n "$signing_input" | openssl dgst -sha256 -sign private.pem) | |||
| 
 | |||
|     Finally, encode the signature as a base64Url string and concatenate it with the signing input to create the JWT: | |||
| 
 | |||
| signature_b64=$(echo -n "$signature" | base64 | tr -d '=' | tr '+' '-' | tr '/' '_') | |||
| jwt="$signing_input.$signature_b64" | |||
| 
 | |||
|     This JWT can then be passed in the Authorization header of a HTTP request as a bearer token, for example: | |||
| 
 | |||
| Authorization: Bearer $jwt | |||
| 
 | |||
|     To verify the JWT, you can use the openssl utility with the public key: | |||
| 
 | |||
| openssl dgst -sha256 -verify public.pem -signature <(echo -n "$signature") "$signing_input" | |||
| 
 | |||
|     This will verify the signature and output Verified OK if the signature is valid. If the signature is not valid, it will output an error. | |||
| 
 | |||
					Loading…
					
					
				
		Reference in new issue