forked from jsnbuchanan/crowd-funder-for-time-pwa
chore: update capacitor config and script paths
- Update capacitor.config.json: - Change appId from com.brownspank.timesafari to app.timesafari - Add server configuration with cleartext enabled - Add plugins configuration for App URL handling - Update script documentation paths: - Change ./openssl_signing_console.sh to /scripts/openssl_signing_console.sh - Change ./openssl_signing_console.rst to /doc/openssl_signing_console.rst This change standardizes the app identifier and adds necessary capacitor configurations for development, while also fixing script documentation paths to use absolute references.
This commit is contained in:
Matt Raymer
54
doc/openssl_signing_console.rst
Normal file
54
doc/openssl_signing_console.rst
Normal file
@@ -0,0 +1,54 @@
|
||||
JWT Creation & Verification
|
||||
|
||||
To run this in a script, see /scripts/openssl_signing_console.sh
|
||||
|
||||
Prerequisites: openssl, jq
|
||||
|
||||
You can create a JWT using a library or by encoding the header and payload base64Url and signing it with a secret using
|
||||
a ES256K algorithm. Here is an example of how you can create a JWT using the jq and openssl command line utilities:
|
||||
|
||||
Here is an example of how you can use openssl to sign a JWT with the ES256K algorithm:
|
||||
|
||||
Generate an ECDSA key pair using the secp256k1 curve:
|
||||
|
||||
openssl ecparam -name secp256k1 -genkey -noout -out private.pem
|
||||
openssl ec -in private.pem -pubout -out public.pem
|
||||
|
||||
First, create a header object as a JSON object containing the alg (algorithm) and typ (type) fields. For example:
|
||||
|
||||
header='{"alg":"ES256K", "issuer": "", "typ":"JWT"}'
|
||||
|
||||
Next, create a payload object as a JSON object containing the claims you want to include in the JWT.
|
||||
For example schema.org :
|
||||
|
||||
payload='{"@context": "http://schema.org", "@type": "PlanAction", "identifier": "did:ethr:0xb86913f83A867b5Ef04902419614A6FF67466c12", "name": "Test", "description": "Me"}'
|
||||
|
||||
Encode the header and payload objects as base64Url strings. You can use the jq command line utility to do this:
|
||||
|
||||
header_b64=$(echo -n "$header" | jq -c -M . | tr -d '\n' | base64 | tr -d '=' | tr '+' '-' | tr '/' '_')
|
||||
payload_b64=$(echo -n "$payload" | jq -c -M . | tr -d '\n' | base64 | tr -d '=' | tr '+' '-' | tr '/' '_')
|
||||
|
||||
Concatenate the encoded header, payload, and a secret to create the signing input:
|
||||
|
||||
signing_input="$header_b64.$payload_b64"
|
||||
|
||||
Create the signature by signing the signing input with a ES256K algorithm and your secret.
|
||||
You can use the openssl command line utility to do this:
|
||||
|
||||
signature=$(echo -n "$signing_input" | openssl dgst -sha256 -sign private.pem)
|
||||
|
||||
Finally, encode the signature as a base64Url string and concatenate it with the signing input to create the JWT:
|
||||
|
||||
signature_b64=$(echo -n "$signature" | base64 | tr -d '=' | tr '+' '-' | tr '/' '_')
|
||||
jwt="$signing_input.$signature_b64"
|
||||
|
||||
This JWT can then be passed in the Authorization header of a HTTP request as a bearer token, for example:
|
||||
|
||||
Authorization: Bearer $jwt
|
||||
|
||||
To verify the JWT, you can use the openssl utility with the public key:
|
||||
|
||||
echo -n "$signing_input" | openssl dgst -sha256 -verify public.pem -signature <(echo -n "$signature")
|
||||
|
||||
This will verify the signature and output "Verified OK" if the signature is valid.
|
||||
If the signature is not valid, it will give an error response and output "Verification failure".
|
||||
Reference in New Issue
Block a user