Command line JSON Web Key (JWK) generator
A simple Java command-line utility created by Justin Richer can be used to generate keys in JWK format. It supports these key types:
- RSA key
- EC key
- Octet string (symmetric) key
Usage
Invoking the utility without arguments will print its usage message:
usage: java -jar json-web-key-generator.jar -t <keyType> [options]
-a <arg> Algorithm (optional)
-c <arg> Key Curve, required for EC key type. Must be one of P-256,
P-384, P-521
-i <arg> Key ID (optional)
-p Display public key separately
-s <arg> Key Size in bits, required for RSA and OCT key types. Must be
an integer divisible by 8
-S Wrap the generated key in a KeySet
-t <arg> Key Type, one of: RSA, oct, EC
-u <arg> Usage, one of: enc, sig (optional)
Example
To generate a 4096-bit RSA public / private key pair, with a specified key ID and use, wrapped in a standard JWK set:
java -jar json-web-key-generator.jar -t RSA -s 4096 -i 1 -u sig -S -p
The JWK generator will then output two JSON objects:
A JWK set with the generated public / private key pair, for example:
{
"keys": [
{
"kty": "RSA",
"d": "ODmllzSTMXk_87Avq1ZCB9lQN5XPc1rCl-TcmBtVG4WSYeib-vGvSyUp0K2qZvvJPj1kR3AK78uRFJq8DnwiFj81UXHXerNb0Lq1hmXZY63EowZdYUB9_UIY4BFuxkxWKcPuG75kyMZMxgdXJ3iUrJFmFRPhSBY9Jc_WGz3R0FbaJZNjI_
9MOTjua5a0noF14g1UjzN49oun0HoWr_Sli0PiHSuEhDuVBtdl3GZl_HHlosICaY4-Oxlcz5NopidtK-NPfnBJqjSVnGkxtnqHtcJLaP7POOwhHEssnzJQr9IdrWLW_E4f-qYh2x99B0aUMiTJzRGEMjSSsuBNFRsAQ05DNpUVxOblrwOFe3XKIm47JbCq
D7IIjtbGrODIu7TNmRfbmuJcd1ixWqJk0IXUQtusRc0L8zkxoIP7oCd0cI4l4rvkGLfwuAtY-7miCyeV5EMmxzv_V8mitmErE80ErbE52FWVmCBYj6aO6uAHcfKYmNsSdYWO60P-1Bi86BUoNtkdsIXlZNk2zeDeigqmlQO0vMlTBKYFeQbxHh-8x-sCsr
bdEO7XWD2Q5BI8TpHfVhUX-dBadUA33o1YKYtu4qSiea2_FW8aJTu2-ASifbSySJW8FK0_CR8SZDDmQlQvdFSbWWOboa9ZDikLtMu3y0-_kioOAmtx6rK6mYHAuAs",
"e": "AQAB",
"use": "sig",
"kid": "1",
"n": "jGYGjaPleC3bouOfwwlVVZmcwuLhLwV-81Q8YxS5fcy91AxT-mDerHJEsj2RgK6jhuZd1RNXT9PDn8PD8kmjkIYYL8li5ZHfPKuigilnZKsR1VD3q9I-_74LXXYielsd-uZIPr4zDeo7-xrFk4XIezvBOkF2hCworMX8qjUfATsKiJ7XjH
8s7WfI1g3N08QiJ2iQhW-Nx7wigtmEWSpBKnzqAo_NCtozYPRdihX1y7UW8-qIcfkGFcHgJIV1B50gV7aQweiP4Ikt4M38v6tlKr9HVE-xVzgjyDCpgnH5l8koZrwXTcjm8ctXwTxsRwZyeIpZ19r8ZyWYl4d6gA_Qn6OXSZs_mfRzg_ewl3qRqlTqGuU1
9BRVikQmvf0elSB5-2uZvAgSN7fxLFjdNAfUIVesfJ51Cn_aFfUNd9eaqUjmfFX8fEuNdM0_UIiPFij5gLyqw3bQsIbiCgjAeYUcgkwue8qf8dsiGCccmPrviPcaMT14l_EWseHgo6hjFICkWJ_fQuvOzI6dSot0kHKathSvlKW7L4b4syIVeD1uX_2SYw
nmKDmI7SnZmN20l3HtVve8iwf66mPg2CtvgMM4lfQ_npURcK5Juf1E-JQ249HoAxosRJGkb6ZBpcyCpbbmV0xgOz4sT-HRHWJr2OSLSlkvI1dWcgy7SkxshBdJu90"
}
]
}
The above JWK set, but reduced to contain only public parameters, so it can be
published at a URL or to used to
register an OAuth
2.0 client for private_key_jwt authentication:
{
"keys": [
{
"kty": "RSA",
"e": "AQAB",
"use": "sig",
"kid": "1",
"n": "jGYGjaPleC3bouOfwwlVVZmcwuLhLwV-81Q8YxS5fcy91AxT-mDerHJEsj2RgK6jhuZd1RNXT9PDn8PD8kmjkIYYL8li5ZHfPKuigilnZKsR1VD3q9I-_74LXXYielsd-uZIPr4zDeo7-xrFk4XIezvBOkF2hCworMX8qjUfATsKiJ7XjH
8s7WfI1g3N08QiJ2iQhW-Nx7wigtmEWSpBKnzqAo_NCtozYPRdihX1y7UW8-qIcfkGFcHgJIV1B50gV7aQweiP4Ikt4M38v6tlKr9HVE-xVzgjyDCpgnH5l8koZrwXTcjm8ctXwTxsRwZyeIpZ19r8ZyWYl4d6gA_Qn6OXSZs_mfRzg_ewl3qRqlTqGuU1
9BRVikQmvf0elSB5-2uZvAgSN7fxLFjdNAfUIVesfJ51Cn_aFfUNd9eaqUjmfFX8fEuNdM0_UIiPFij5gLyqw3bQsIbiCgjAeYUcgkwue8qf8dsiGCccmPrviPcaMT14l_EWseHgo6hjFICkWJ_fQuvOzI6dSot0kHKathSvlKW7L4b4syIVeD1uX_2SYw
nmKDmI7SnZmN20l3HtVve8iwf66mPg2CtvgMM4lfQ_npURcK5Juf1E-JQ249HoAxosRJGkb6ZBpcyCpbbmV0xgOz4sT-HRHWJr2OSLSlkvI1dWcgy7SkxshBdJu90"
}
]
}
Download
The JWK generator sources can be obtained from its Github repo at
https://github.com/mitreid-connect/json-web-key-generator
We also provide a ready compiled JAR for the JWK generator: