Skip to content

UsingCertificates.md

Latest commit

 

History

History
118 lines (91 loc) · 3.03 KB

UsingCertificates.md

File metadata and controls

118 lines (91 loc) · 3.03 KB

Certificates generation

RSA Signatures - Certificates (without passphrase)

Certificates private.key and public.key are generated with http://travistidwell.com/jsencrypt/demo/ or with the following command

openssl genrsa -out private.key 1024
openssl rsa -in private.key -out public.key -outform PEM -pubout

Code example

const { readFileSync } = require('fs')
const fastify = require('fastify')()
const jwt = require('fastify-jwt')

fastify.register(jwt, {
  secret: {
    private: readFileSync('path/to/private.key', 'utf8'),
    public: readFileSync('path/to/public.key', 'utf8')
  },
  sign: { algorithm: 'RS256' }
})

RSA Signatures - Certificates (with passphrase)

Certificates private.pem and public.pem are generated with the following command lines

# generate a 2048-bit RSA key pair, and encrypts them with a passphrase
# the passphrase I choose for the demo files is: super secret passphrase
openssl genrsa -des3 -out private.pem 2048

# export the RSA public key to a file
openssl rsa -in private.pem -outform PEM -pubout -out public.pem

Code example

const { readFileSync } = require('fs')
const fastify = require('fastify')()
const jwt = require('fastify-jwt')

fastify.register(jwt, {
  secret: {
    private: {
      key: readFileSync('path/to/private.pem', 'utf8'),
      passphrase: 'super secret passphrase'
    },
    public: readFileSync('path/to/public.pem', 'utf8')
  },
  sign: { algorithm: 'RS256' }
})

ECDSA Signatures - Certificates (without passphrase)

Certificates privateECDSA.key and publicECDSA.key are generated with the following command lines

# generate a P-256 curve ECDSA key pair
openssl ecparam -genkey -name secp256k1 -out privateECDSA.key

# export the ECDSA public key to a file
openssl ec -in privateECDSA.key -pubout -out publicECDSA.key

Code example

const { readFileSync } = require('fs')
const fastify = require('fastify')()
const jwt = require('fastify-jwt')

fastify.register(jwt, {
  secret: {
    private: readFileSync('path/to/privateECDSA.key', 'utf8'),
    public: readFileSync('path/to/publicECDSA.key', 'utf8')
  },
  sign: { algorithm: 'RS256' }
})

ECDSA Signatures - Certificates (with passphrase)

Certificates privateECDSA.pem and publicECDSA.pem are generated with the following command lines

# generate a P-256 curve ECDSA key pair, and encrypts them with a passphrase
# the passphrase I choose for the demo files is: super secret passphrase
openssl ecparam -genkey -name secp256k1 | openssl ec -aes256 -out privateECDSA.pem

# export the ECDSA public key to a file
openssl ec -in privateECDSA.pem -pubout -out publicECDSA.pem

Code example

const { readFileSync } = require('fs')
const fastify = require('fastify')()
const jwt = require('fastify-jwt')

fastify.register(jwt, {
  secret: {
    private: {
      key: readFileSync('path/to/publicECDSA.pem', 'utf8'),
      passphrase: 'super secret passphrase'
    },
    public: readFileSync('path/to/publicECDSA.pem', 'utf8')
  },
  sign: { algorithm: 'RS256' }
})