Automatically derive the kid from the key fingerprint if missing

Cargo.toml

@@ -474,7 +474,7 @@ features = ["std"]
 # PKCS#8 encoding
 [workspace.dependencies.pkcs8]
 version = "0.10.2"
-features = ["std", "pkcs5", "encryption"]
+features = ["alloc", "std", "pkcs5", "encryption"]
 
 # Public Suffix List
 [workspace.dependencies.psl]

crates/config/src/sections/secrets.rs

@@ -132,7 +132,12 @@ impl From<Key> for KeyRaw {
 #[serde_as]
 #[derive(JsonSchema, Serialize, Deserialize, Clone, Debug)]
 pub struct KeyConfig {
-    kid: String,
+    /// The key ID `kid` of the key as used by JWKs.
+    ///
+    /// If not given, `kid` will be derived from the key by hex-encoding the
+    /// first four bytes of the key’s fingerprint.
+    #[serde(skip_serializing_if = "Option::is_none")]
+    kid: Option<String>,
 
     #[schemars(with = "PasswordRaw")]
     #[serde_as(as = "serde_with::TryFromInto<PasswordRaw>")]
@@ -178,12 +183,24 @@ impl KeyConfig {
             None => PrivateKey::load(&key)?,
         };
 
+        let kid = match self.kid.clone() {
+            Some(kid) => kid,
+            None => kid_from_key(&private_key)?,
+        };
+
         Ok(JsonWebKey::new(private_key)
-            .with_kid(self.kid.clone())
+            .with_kid(kid)
             .with_use(mas_iana::jose::JsonWebKeyUse::Sig))
     }
 }
 
+/// Returns a kid derived from the given key.
+fn kid_from_key(private_key: &PrivateKey) -> anyhow::Result<String> {
+    let fingerprint = private_key.fingerprint()?;
+    let head = fingerprint.first_chunk::<4>().unwrap();
+    Ok(hex::encode(head))
+}
+
 /// Encryption config option.
 #[derive(Debug, Clone)]
 pub enum Encryption {
@@ -322,7 +339,7 @@ impl SecretsConfig {
         .await
         .context("could not join blocking task")?;
         let rsa_key = KeyConfig {
-            kid: Alphanumeric.sample_string(&mut rng, 10),
+            kid: Some(Alphanumeric.sample_string(&mut rng, 10)),
             password: None,
             key: Key::Value(rsa_key.to_pem(pem_rfc7468::LineEnding::LF)?.to_string()),
         };
@@ -338,7 +355,7 @@ impl SecretsConfig {
         .await
         .context("could not join blocking task")?;
         let ec_p256_key = KeyConfig {
-            kid: Alphanumeric.sample_string(&mut rng, 10),
+            kid: Some(Alphanumeric.sample_string(&mut rng, 10)),
             password: None,
             key: Key::Value(ec_p256_key.to_pem(pem_rfc7468::LineEnding::LF)?.to_string()),
         };
@@ -354,7 +371,7 @@ impl SecretsConfig {
         .await
         .context("could not join blocking task")?;
         let ec_p384_key = KeyConfig {
-            kid: Alphanumeric.sample_string(&mut rng, 10),
+            kid: Some(Alphanumeric.sample_string(&mut rng, 10)),
             password: None,
             key: Key::Value(ec_p384_key.to_pem(pem_rfc7468::LineEnding::LF)?.to_string()),
         };
@@ -370,7 +387,7 @@ impl SecretsConfig {
         .await
         .context("could not join blocking task")?;
         let ec_k256_key = KeyConfig {
-            kid: Alphanumeric.sample_string(&mut rng, 10),
+            kid: Some(Alphanumeric.sample_string(&mut rng, 10)),
             password: None,
             key: Key::Value(ec_k256_key.to_pem(pem_rfc7468::LineEnding::LF)?.to_string()),
         };
@@ -383,7 +400,7 @@ impl SecretsConfig {
 
     pub(crate) fn test() -> Self {
         let rsa_key = KeyConfig {
-            kid: "abcdef".to_owned(),
+            kid: Some("abcdef".to_owned()),
             password: None,
             key: Key::Value(
                 indoc::indoc! {r"
@@ -402,7 +419,7 @@ impl SecretsConfig {
             ),
         };
         let ecdsa_key = KeyConfig {
-            kid: "ghijkl".to_owned(),
+            kid: Some("ghijkl".to_owned()),
             password: None,
             key: Key::Value(
                 indoc::indoc! {r"
@@ -422,3 +439,68 @@ impl SecretsConfig {
         }
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use figment::{
+        Figment, Jail,
+        providers::{Format, Yaml},
+    };
+    use mas_jose::constraints::Constrainable;
+    use tokio::{runtime::Handle, task};
+
+    use super::*;
+
+    #[tokio::test]
+    async fn load_config_inline_secrets() {
+        task::spawn_blocking(|| {
+            Jail::expect_with(|jail| {
+                jail.create_file(
+                    "config.yaml",
+                    indoc::indoc! {r"
+                        secrets:
+                          encryption: >-
+                            0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff
+                          keys:
+                            - kid: lekid0
+                              key: |
+                                -----BEGIN EC PRIVATE KEY-----
+                                MHcCAQEEIOtZfDuXZr/NC0V3sisR4Chf7RZg6a2dpZesoXMlsPeRoAoGCCqGSM49
+                                AwEHoUQDQgAECfpqx64lrR85MOhdMxNmIgmz8IfmM5VY9ICX9aoaArnD9FjgkBIl
+                                fGmQWxxXDSWH6SQln9tROVZaduenJqDtDw==
+                                -----END EC PRIVATE KEY-----
+                            - key: |
+                                -----BEGIN EC PRIVATE KEY-----
+                                MHcCAQEEIKlZz/GnH0idVH1PnAF4HQNwRafgBaE2tmyN1wjfdOQqoAoGCCqGSM49
+                                AwEHoUQDQgAEHrgPeG+Mt8eahih1h4qaPjhl7jT25cdzBkg3dbVks6gBR2Rx4ug9
+                                h27LAir5RqxByHvua2XsP46rSTChof78uw==
+                                -----END EC PRIVATE KEY-----
+                    "},
+                )?;
+
+                let config = Figment::new()
+                    .merge(Yaml::file("config.yaml"))
+                    .extract_inner::<SecretsConfig>("secrets")?;
+
+                Handle::current().block_on(async move {
+                    assert_eq!(
+                        config.encryption().await.unwrap(),
+                        [
+                            0, 0, 17, 17, 34, 34, 51, 51, 68, 68, 85, 85, 102, 102, 119, 119, 136,
+                            136, 153, 153, 170, 170, 187, 187, 204, 204, 221, 221, 238, 238, 255,
+                            255
+                        ]
+                    );
+
+                    let key_store = config.key_store().await.unwrap();
+                    assert!(key_store.iter().any(|k| k.kid() == Some("lekid0")));
+                    assert!(key_store.iter().any(|k| k.kid() == Some("040b0ab8")));
+                });
+
+                Ok(())
+            });
+        })
+        .await
+        .unwrap();
+    }
+}

crates/keystore/src/lib.rs

@@ -9,7 +9,11 @@
 use std::{ops::Deref, sync::Arc};
 
 use der::{Decode, Encode, EncodePem, zeroize::Zeroizing};
-use elliptic_curve::{pkcs8::EncodePrivateKey, sec1::ToEncodedPoint};
+use elliptic_curve::{
+    pkcs8::{EncodePrivateKey, EncodePublicKey},
+    sec1::ToEncodedPoint,
+};
+use k256::sha2::{Digest, Sha256};
 use mas_iana::jose::{JsonWebKeyType, JsonWebSignatureAlg};
 pub use mas_jose::jwk::{JsonWebKey, JsonWebKeySet};
 use mas_jose::{
@@ -179,6 +183,24 @@ impl PrivateKey {
         }
     }
 
+    /// Returns the fingerprint of the private key.
+    ///
+    /// The fingerprint is calculated as the SHA256 sum over the PKCS#8 ASN.1
+    /// DER-encoded bytes of the private key’s corresponding public key.
+    ///
+    /// # Errors
+    ///
+    /// Errors if the DER representation of the public key can’t be derived.
+    pub fn fingerprint(&self) -> pkcs8::spki::Result<[u8; 32]> {
+        let bytes = match self {
+            PrivateKey::Rsa(key) => key.to_public_key().to_public_key_der()?,
+            PrivateKey::EcP256(key) => key.public_key().to_public_key_der()?,
+            PrivateKey::EcP384(key) => key.public_key().to_public_key_der()?,
+            PrivateKey::EcK256(key) => key.public_key().to_public_key_der()?,
+        };
+        Ok(Sha256::digest(bytes).into())
+    }
+
     /// Serialize the key as a DER document
     ///
     /// It will use the most common format depending on the key type: PKCS1 for

docs/config.schema.json

@@ -1553,11 +1553,9 @@
     "KeyConfig": {
       "description": "A single key with its key ID and optional password.",
       "type": "object",
-      "required": [
-        "kid"
-      ],
       "properties": {
         "kid": {
+          "description": "The key ID `kid` of the key as used by JWKs.\n\nIf not given, `kid` will be derived from the key by hex-encoding the first four bytes of the key’s fingerprint.",
           "type": "string"
         },
         "password_file": {

docs/reference/configuration.md

@@ -197,35 +197,7 @@ secrets:
   # Signing keys
   keys:
     # It needs at least an RSA key to work properly
-    - kid: "ahM2bien"
-      key: |
-        -----BEGIN RSA PRIVATE KEY-----
-        MIIEowIBAAKCAQEAuf28zPUp574jDRdX6uN0d7niZCIUpACFo+Po/13FuIGsrpze
-        yMX6CYWVPalgXW9FCrhxL+4toJRy5npjkgsLFsknL5/zXbWKFgt69cMwsWJ9Ra57
-        bonSlI7SoCuHhtw7j+sAlHAlqTOCAVz6P039Y/AGvO6xbC7f+9XftWlbbDcjKFcb
-        pQilkN9qtkdEH7TLayMAFOsgNvBlwF9+oj9w5PIk3veRTdBXI4GlHjhhzqGZKiRp
-        oP9HnycHHveyT+C33vuhQso5a3wcUNuvDVOixSqR4kvSt4UVWNK/KmEQmlWU1/m9
-        ClIwrs8Q79q0xkGaSa0iuG60nvm7tZez9TFkxwIDAQABAoIBAHA5YkppQ7fJSm0D
-        wNDCHeyABNJWng23IuwZAOXVNxB1bjSOAv8yNgS4zaw/Hx5BnW8yi1lYZb+W0x2u
-        i5X7g91j0nkyEi5g88kJdFAGTsM5ok0BUwkHsEBjTUPIACanjGjya48lfBP0OGWK
-        LJU2Acbjda1aeUPFpPDXw/w6bieEthQwroq3DHCMnk6i9bsxgIOXeN04ij9XBmsH
-        KPCP2hAUnZSlx5febYfHK7/W95aJp22qa//eHS8cKQZCJ0+dQuZwLhlGosTFqLUm
-        qhPlt/b1EvPPY0cq5rtUc2W31L0YayVEHVOQx1fQIkH2VIUNbAS+bfVy+o6WCRk6
-        s1XDhsECgYEA30tykVTN5LncY4eQIww2mW8v1j1EG6ngVShN3GuBTuXXaEOB8Duc
-        yT7yJt1ZhmaJwMk4agmZ1/f/ZXBtfLREGVzVvuwqRZ+LHbqIyhi0wQJA0aezPote
-        uTQnFn+IveHGtpQNDYGL/UgkexuCxbc2HOZG51JpunCK0TdtVfO/9OUCgYEA1TuS
-        2WAXzNudRG3xd/4OgtkLD9AvfSvyjw2LkwqCMb3A5UEqw7vubk/xgnRvqrAgJRWo
-        jndgRrRnikHCavDHBO0GAO/kzrFRfw+e+r4jcLl0Yadke8ndCc7VTnx4wQCrMi5H
-        7HEeRwaZONoj5PAPyA5X+N/gT0NNDA7KoQT45DsCgYBt+QWa6A5jaNpPNpPZfwlg
-        9e60cAYcLcUri6cVOOk9h1tYoW7cdy+XueWfGIMf+1460Z90MfhP8ncZaY6yzUGA
-        0EUBO+Tx10q3wIfgKNzU9hwgZZyU4CUtx668mOEqy4iHoVDwZu4gNyiobPsyDzKa
-        dxtSkDc8OHNV6RtzKpJOtQKBgFoRGcwbnLH5KYqX7eDDPRnj15pMU2LJx2DJVeU8
-        ERY1kl7Dke6vWNzbg6WYzPoJ/unrJhFXNyFmXj213QsSvN3FyD1pFvp/R28mB/7d
-        hVa93vzImdb3wxe7d7n5NYBAag9+IP8sIJ/bl6i9619uTxwvgtUqqzKPuOGY9dnh
-        oce1AoGBAKZyZc/NVgqV2KgAnnYlcwNn7sRSkM8dcq0/gBMNuSZkfZSuEd4wwUzR
-        iFlYp23O2nHWggTkzimuBPtD7Kq4jBey3ZkyGye+sAdmnKkOjNILNbpIZlT6gK3z
-        fBaFmJGRJinKA+BJeH79WFpYN6SBZ/c3s5BusAbEU7kE5eInyazP
-        -----END RSA PRIVATE KEY-----
+    - key_file: keys/rsa_key
     - kid: "iv1aShae"
       key: |
         -----BEGIN EC PRIVATE KEY-----
@@ -260,9 +232,7 @@ The following key types are supported:
 - ECDSA with the P-384 (`secp384r1`) curve
 - ECDSA with the K-256 (`secp256k1`) curve
 
-Each entry must have a unique `kid`, plus the key itself.
-The `kid` can be any case-sensitive string value as long as it is unique to this list;
-a key’s `kid` value must be stable across restarts.
+Each entry in the list corresponds to one signing key used by MAS.
 The key can either be specified inline (with the `key` property),
 or loaded from a file (with the `key_file` property).
 The following key formats are supported:
@@ -271,8 +241,15 @@ The following key formats are supported:
 - PKCS#8 PEM or DER-encoded RSA or ECDSA private key, encrypted or not
 - SEC1 PEM or DER-encoded ECDSA private key
 
+A [JWK Key ID] is automatically derived from each key.
+To override this default, set `kid` to a custom value.
+The `kid` can be any case-sensitive string value as long as it is unique to this list;
+a key’s `kid` value must be stable across restarts.
+
 For PKCS#8 encoded keys, the `password` or `password_file` properties can be used to decrypt the key.
 
+[JWK Key ID]: <https://datatracker.ietf.org/doc/html/rfc7517#section-4.5>
+
 ## `passwords`
 
 Settings related to the local password database