How to generate a JSON Web Key (JWK)

JSON Web Keys (JWK) can be easily generated with the help of the Nimbus JOSE+JWT library:

Cryptographic keys can also be generated in some other environment and then converted into JWK format. Here is an example how to import a key generated with OpenSSL.

You can also check out the command line JWK generator by Justin Richer built with this library.

RSA key pair

The only required parameter to generate an RSA key pair is the key length, which should be at least 2048 bits. There is an alternative constructor in case you need to generate weak keys.

The JWK format allows the key to be decorated with metadata. An important piece of metadata is the key ID ("kid"), for key identification in databases and enabling key rollover. The usage parameter ("use") indicates the key's intended purpose - signing or encryption.

import java.util.*;

import com.nimbusds.jose.jwk.*;
import com.nimbusds.jose.jwk.gen.*;

// Generate 2048-bit RSA key pair in JWK format, attach some metadata
RSAKey jwk = new RSAKeyGenerator(2048)
    .keyUse(KeyUse.SIGNATURE) // indicate the intended use of the key
    .keyID(UUID.randomUUID().toString()) // give the key a unique ID
    .generate();

// Output the private and public RSA JWK parameters
System.out.println(jwk);

// Output the public RSA JWK parameters only
System.out.println(jwk.toPublicJWK());

An RSA key pair can also be generated with the standard Java cryptographic facilities and then converted to JWK format:

import java.security.*;
import java.security.interfaces.*;
import java.util.*;

import com.nimbusds.jose.jwk.*;
import com.nimbusds.jose.jwk.gen.*;

// Generate the RSA key pair
KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
gen.initialize(2048);
KeyPair keyPair = gen.generateKeyPair();

// Convert to JWK format
JWK jwk = new RSAKey.Builder((RSAPublicKey)keyPair.getPublic())
    .privateKey((RSAPrivateKey)keyPair.getPrivate())
    .keyUse(KeyUse.SIGNATURE)
    .keyID(UUID.randomUUID().toString())
    .build();

A generated RSA key pair in JWK format:

{
  "kty" : "RSA",
  "kid" : "cc34c0a0-bd5a-4a3c-a50d-a2a7db7643df",
  "use" : "sig",
  "n"   : "pjdss8ZaDfEH6K6U7GeW2nxDqR4IP049fk1fK0lndimbMMVBdPv_hSpm8T8EtBDxrUdi1OHZfMhUixGaut-3nQ4GG9nM249oxhCtxqqNvEXrmQRGqczyLxuh-fKn9Fg--hS9UpazHpfVAFnB5aCfXoNhPuI8oByyFKMKaOVgHNqP5NBEqabiLftZD3W_lsFCPGuzr4Vp0YS7zS2hDYScC2oOMu4rGU1LcMZf39p3153Cq7bS2Xh6Y-vw5pwzFYZdjQxDn8x8BG3fJ6j8TGLXQsbKH1218_HcUJRvMwdpbUQG5nvA2GXVqLqdwp054Lzk9_B_f1lVrmOKuHjTNHq48w",
  "e"   : "AQAB",
  "d"   : "ksDmucdMJXkFGZxiomNHnroOZxe8AmDLDGO1vhs-POa5PZM7mtUPonxwjVmthmpbZzla-kg55OFfO7YcXhg-Hm2OWTKwm73_rLh3JavaHjvBqsVKuorX3V3RYkSro6HyYIzFJ1Ek7sLxbjDRcDOj4ievSX0oN9l-JZhaDYlPlci5uJsoqro_YrE0PRRWVhtGynd-_aWgQv1YzkfZuMD-hJtDi1Im2humOWxA4eZrFs9eG-whXcOvaSwO4sSGbS99ecQZHM2TcdXeAs1PvjVgQ_dKnZlGN3lTWoWfQP55Z7Tgt8Nf1q4ZAKd-NlMe-7iqCFfsnFwXjSiaOa2CRGZn-Q",
  "p"   : "4A5nU4ahEww7B65yuzmGeCUUi8ikWzv1C81pSyUKvKzu8CX41hp9J6oRaLGesKImYiuVQK47FhZ--wwfpRwHvSxtNU9qXb8ewo-BvadyO1eVrIk4tNV543QlSe7pQAoJGkxCia5rfznAE3InKF4JvIlchyqs0RQ8wx7lULqwnn0",
  "q"   : "ven83GM6SfrmO-TBHbjTk6JhP_3CMsIvmSdo4KrbQNvp4vHO3w1_0zJ3URkmkYGhz2tgPlfd7v1l2I6QkIh4Bumdj6FyFZEBpxjE4MpfdNVcNINvVj87cLyTRmIcaGxmfylY7QErP8GFA-k4UoH_eQmGKGK44TRzYj5hZYGWIC8",
  "dp"  : "lmmU_AG5SGxBhJqb8wxfNXDPJjf__i92BgJT2Vp4pskBbr5PGoyV0HbfUQVMnw977RONEurkR6O6gxZUeCclGt4kQlGZ-m0_XSWx13v9t9DIbheAtgVJ2mQyVDvK4m7aRYlEceFh0PsX8vYDS5o1txgPwb3oXkPTtrmbAGMUBpE",
  "dq"  : "mxRTU3QDyR2EnCv0Nl0TCF90oliJGAHR9HJmBe__EjuCBbwHfcT8OG3hWOv8vpzokQPRl5cQt3NckzX3fs6xlJN4Ai2Hh2zduKFVQ2p-AF2p6Yfahscjtq-GY9cB85NxLy2IXCC0PF--Sq9LOrTE9QV988SJy_yUrAjcZ5MmECk",
  "qi"  : "ldHXIrEmMZVaNwGzDF9WG8sHj2mOZmQpw9yrjLK9hAsmsNr5LTyqWAqJIYZSwPTYWhY4nu2O0EY9G9uYiqewXfCKw_UngrJt8Xwfq1Zruz0YY869zPN4GiE9-9rzdZB33RBw8kIOquY3MK74FMwCihYx_LiU2YTHkaoJ3ncvtvg"
}

EC key pair

Elliptic Curve (EC) keys are based on curves with specific mathematical properties. The JOSE WG adopted three standard curves for EC keys and EC operations with the following designations: P-256, P-384 and P-521.

EC signature algorithm Requires EC JWK with curve
ES256 P-256
ES384 P-384
ES512 P-521

To generate an EC key pair specify its curve:

import com.nimbusds.jose.jwk.*;
import com.nimbusds.jose.jwk.gen.*;

// Generate EC key pair in JWK format
ECKey jwk = new ECKeyGenerator(Curve.P_256)
    .keyUse(KeyUse.SIGNATURE) // indicate the intended use of the key
    .keyID(UUID.randomUUID().toString()) // give the key a unique ID
    .generate();

// Output the private and public EC JWK parameters
System.out.println(jwk);

// Output the public EC JWK parameters only
System.out.println(jwk.toPublicJWK());

To generate an EC key pair with the standard Java facilities and convert it to JWK format:

import java.security.*;
import java.security.interfaces.*;
import java.util.*;

import com.nimbusds.jose.jwk.*;
import com.nimbusds.jose.jwk.gen.*;

// Generate EC key pair with P-256 curve
KeyPairGenerator gen = KeyPairGenerator.getInstance("EC");
gen.initialize(Curve.P_256.toECParameterSpec());
KeyPair keyPair = gen.generateKeyPair();

// Convert to JWK format
JWK jwk = new ECKey.Builder(Curve.P_256, (ECPublicKey) keyPair.getPublic())
    .privateKey((ECPrivateKey) keyPair.getPrivate())
    .build();

A generated EC P-256 key pair in JWK format:

{
  "kty" : "EC",
  "crv" : "P-256",
  "x"   : "SVqB4JcUD6lsfvqMr-OKUNUphdNn64Eay60978ZlL74",
  "y"   : "lf0u0pMj4lGAzZix5u4Cm5CMQIgMNpkwy163wtKYVKI",
  "d"   : "0g5vAEKzugrXaRbgKG0Tj2qJ5lMP4Bezds1_sTybkfk"
}

Octet key pair

Octet key pairs are used to represent Edwards curve keys. They bear the JWK type designation "OKP" and are used for JSON Web Signatures (JWS) with Ed25519 / Ed448 and JSON Web Encryption (JWE) with ECDH with X25519 / X448.

Starting with v6.0 the Nimbus JOSE+JWT library can generate OKP JWKs with an Ed25519 or X25519 curve with help of the optional Tink dependency. Edwards curve cryptography is not supported by the standard Java JCA yet. For v6.0 of Nimbus JOSE+JWT the Maven dependency for Tink would be

<dependency>
    <groupId>com.google.crypto.tink</groupId>
    <artifactId>tink</artifactId>
    <version>1.2.0-rc2</version>
</dependency>

To generate an OKP JWK just specify the name of the Edwards curve and any key metadata required by your application:

import java.util.*;

import com.nimbusds.jose.jwk.*;
import com.nimbusds.jose.jwk.gen.*;

// Generate Ed25519 Octet key pair in JWK format, attach some metadata
OctetKeyPair jwk = new OctetKeyPairGenerator(Curve.Ed25519)
    .keyUse(KeyUse.SIGNATURE) // indicate the intended use of the key
    .keyID(UUID.randomUUID().toString()) // give the key a unique ID
    .generate();

// Output the private and public OKP JWK parameters
System.out.println(jwk);

// Output the public OKP JWK parameters only
System.out.println(jwk.toPublicJWK());

Example Ed25519 key in JWK format:

{
  "kty" : "OKP",
  "crv" : "Ed25519",
  "x"   : "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo",
  "d"   : "nWGxne_9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A",
  "use" : "sig",
  "kid" : "FdFYFzERwC2uCBB46pZQi4GG85LujR8obt-KWRBICVQ"
}

Octet sequence key

The octet sequence JWK format is intended for representing secret keys, such as keys for use in HMAC and AES. A secret key is essentially a random array of bytes that cannot be practically guessed.

HMAC key

HMAC computation requires a secret key which length must match the size of the output hash. You can also use longer keys, but they will be truncated.

HMAC algorithm Required key size
HS256 256 bits
HS384 384 bits
HS512 512 bits

To a generate a secret 256-bit JWK for HS216:

import java.util.*;

import com.nimbusds.jose.*;
import com.nimbusds.jose.jwk.*;
import com.nimbusds.jose.jwk.gen.*;

OctetSequenceKey jwk = new OctetSequenceKeyGenerator(256)
    .keyID(UUID.randomUUID().toString()) // give the key some ID (optional)
    .algorithm(JWSAlgorithm.HS256) // indicate the intended key alg (optional)
    .generate();

// Output
System.out.println(jwk);

You can also use Java's SecureRandom or the dedicated KeyGenerator to generate the key bytes and then use the bytes to create a JWK:

import javax.crypto.*;

import com.nimbusds.jose.*;
import com.nimbusds.jose.jwk.*;

// Generate a secret key with 256 bits
SecretKey hmacKey = KeyGenerator.getInstance("HmacSha256").generateKey();

// Convert to JWK format
JWK jwk = new OctetSequenceKey.Builder(hmacKey)
    .keyID(UUID.randomUUID().toString()) // give the key some ID (optional)
    .algorithm(JWSAlgorithm.HS256) // indicate the intended key alg (optional)
    .build();

Example secret key in JWK format:

{ 
  "kty" : "oct",
  "kid" : "0afee142-a0af-4410-abcc-9f2d44ff45b5",
  "alg" : "HS256",
  "k"   : "FdFYFzERwC2uCBB46pZQi4GG85LujR8obt-KWRBICVQ"
}

AES key

Symmetric JWE requires an AES key. For example, direct encryption with A128GCM requires a 128 bit AES key.

As with HMAC above, you can use the provided the OctetSequenceKeyGenerator or Java's standard KeyGenerator.

To generate a 128-bit AES JWK directly:

import java.util.*;

import com.nimbusds.jose.*;
import com.nimbusds.jose.jwk.*;
import com.nimbusds.jose.jwk.gen.*;

OctetSequenceKey jwk = new OctetSequenceKeyGenerator(128)
    .keyID(UUID.randomUUID().toString()) // give the key some ID (optional)
    .algorithm(EncryptionMethod.A128GCM) // indicate the intended key alg (optional)
    .generate();

// Output
System.out.println(jwk);

To generate the AES key using Java's standard facility, then convert to JWK format:

import javax.crypto.*;

import com.nimbusds.jose.*;
import com.nimbusds.jose.jwk.*;

// Generate a secret AES key with 128 bits
KeyGenerator gen = KeyGenerator.getInstance("AES");
gen.init(128);
SecretKey aesKey = gen.generateKey();

// Convert to JWK format
JWK jwk = new OctetSequenceKey.Builder(aesKey)
    .keyID(UUID.randomUUID().toString()) // give the key some ID (optional)
    .algorithm(EncryptionMethod.A128GCM) // indicate the intended key alg (optional)
    .build();

Example 128 bit AES key as JWK:

{
  "kty" : "oct",
  "kid" : "283e6c58-7962-411a-8468-8b26d6f8e89a",
  "k"   : "c7WsUB6msAgIdDxTnT13Yw"
}