Skip to content
Connect2id

Command line JSON Web Key (JWK) generator

A simple Java command-line utility created by Justin Richer can be used to generate keys in JWK format. It supports these key types:

  • RSA key
  • EC key
  • Octet string (symmetric) key

Usage

Invoking the utility without arguments will print its usage message:

usage: java -jar json-web-key-generator.jar -t <keyType> [options]
 -a <arg>   Algorithm (optional)
 -c <arg>   Key Curve, required for EC key type. Must be one of P-256,
            P-384, P-521
 -i <arg>   Key ID (optional)
 -p         Display public key separately
 -s <arg>   Key Size in bits, required for RSA and OCT key types. Must be
            an integer divisible by 8
 -S         Wrap the generated key in a KeySet
 -t <arg>   Key Type, one of: RSA, oct, EC
 -u <arg>   Usage, one of: enc, sig (optional)

Example

To generate a 4096-bit RSA public / private key pair, with a specified key ID and use, wrapped in a standard JWK set:

java -jar json-web-key-generator.jar -t RSA -s 4096 -i 1 -u sig -S -p

The JWK generator will then output two JSON objects:

A JWK set with the generated public / private key pair, for example:

{
  "keys": [
    {
      "kty": "RSA",
      "d": "ODmllzSTMXk_87Avq1ZCB9lQN5XPc1rCl-TcmBtVG4WSYeib-vGvSyUp0K2qZvvJPj1kR3AK78uRFJq8DnwiFj81UXHXerNb0Lq1hmXZY63EowZdYUB9_UIY4BFuxkxWKcPuG75kyMZMxgdXJ3iUrJFmFRPhSBY9Jc_WGz3R0FbaJZNjI_
9MOTjua5a0noF14g1UjzN49oun0HoWr_Sli0PiHSuEhDuVBtdl3GZl_HHlosICaY4-Oxlcz5NopidtK-NPfnBJqjSVnGkxtnqHtcJLaP7POOwhHEssnzJQr9IdrWLW_E4f-qYh2x99B0aUMiTJzRGEMjSSsuBNFRsAQ05DNpUVxOblrwOFe3XKIm47JbCq
D7IIjtbGrODIu7TNmRfbmuJcd1ixWqJk0IXUQtusRc0L8zkxoIP7oCd0cI4l4rvkGLfwuAtY-7miCyeV5EMmxzv_V8mitmErE80ErbE52FWVmCBYj6aO6uAHcfKYmNsSdYWO60P-1Bi86BUoNtkdsIXlZNk2zeDeigqmlQO0vMlTBKYFeQbxHh-8x-sCsr
bdEO7XWD2Q5BI8TpHfVhUX-dBadUA33o1YKYtu4qSiea2_FW8aJTu2-ASifbSySJW8FK0_CR8SZDDmQlQvdFSbWWOboa9ZDikLtMu3y0-_kioOAmtx6rK6mYHAuAs",
      "e": "AQAB",
      "use": "sig",
      "kid": "1",
      "n": "jGYGjaPleC3bouOfwwlVVZmcwuLhLwV-81Q8YxS5fcy91AxT-mDerHJEsj2RgK6jhuZd1RNXT9PDn8PD8kmjkIYYL8li5ZHfPKuigilnZKsR1VD3q9I-_74LXXYielsd-uZIPr4zDeo7-xrFk4XIezvBOkF2hCworMX8qjUfATsKiJ7XjH
8s7WfI1g3N08QiJ2iQhW-Nx7wigtmEWSpBKnzqAo_NCtozYPRdihX1y7UW8-qIcfkGFcHgJIV1B50gV7aQweiP4Ikt4M38v6tlKr9HVE-xVzgjyDCpgnH5l8koZrwXTcjm8ctXwTxsRwZyeIpZ19r8ZyWYl4d6gA_Qn6OXSZs_mfRzg_ewl3qRqlTqGuU1
9BRVikQmvf0elSB5-2uZvAgSN7fxLFjdNAfUIVesfJ51Cn_aFfUNd9eaqUjmfFX8fEuNdM0_UIiPFij5gLyqw3bQsIbiCgjAeYUcgkwue8qf8dsiGCccmPrviPcaMT14l_EWseHgo6hjFICkWJ_fQuvOzI6dSot0kHKathSvlKW7L4b4syIVeD1uX_2SYw
nmKDmI7SnZmN20l3HtVve8iwf66mPg2CtvgMM4lfQ_npURcK5Juf1E-JQ249HoAxosRJGkb6ZBpcyCpbbmV0xgOz4sT-HRHWJr2OSLSlkvI1dWcgy7SkxshBdJu90"
    }
  ]
}

The above JWK set, but reduced to contain only public parameters, so it can be published at a URL or to used to register an OAuth 2.0 client for private_key_jwt authentication:

{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "1",
      "n": "jGYGjaPleC3bouOfwwlVVZmcwuLhLwV-81Q8YxS5fcy91AxT-mDerHJEsj2RgK6jhuZd1RNXT9PDn8PD8kmjkIYYL8li5ZHfPKuigilnZKsR1VD3q9I-_74LXXYielsd-uZIPr4zDeo7-xrFk4XIezvBOkF2hCworMX8qjUfATsKiJ7XjH
8s7WfI1g3N08QiJ2iQhW-Nx7wigtmEWSpBKnzqAo_NCtozYPRdihX1y7UW8-qIcfkGFcHgJIV1B50gV7aQweiP4Ikt4M38v6tlKr9HVE-xVzgjyDCpgnH5l8koZrwXTcjm8ctXwTxsRwZyeIpZ19r8ZyWYl4d6gA_Qn6OXSZs_mfRzg_ewl3qRqlTqGuU1
9BRVikQmvf0elSB5-2uZvAgSN7fxLFjdNAfUIVesfJ51Cn_aFfUNd9eaqUjmfFX8fEuNdM0_UIiPFij5gLyqw3bQsIbiCgjAeYUcgkwue8qf8dsiGCccmPrviPcaMT14l_EWseHgo6hjFICkWJ_fQuvOzI6dSot0kHKathSvlKW7L4b4syIVeD1uX_2SYw
nmKDmI7SnZmN20l3HtVve8iwf66mPg2CtvgMM4lfQ_npURcK5Juf1E-JQ249HoAxosRJGkb6ZBpcyCpbbmV0xgOz4sT-HRHWJr2OSLSlkvI1dWcgy7SkxshBdJu90"
    }
  ]
}

Download

The JWK generator sources can be obtained from its Github repo at

https://github.com/mitreid-connect/json-web-key-generator

We also provide a ready compiled JAR for the JWK generator:

Download JWK generator JAR