There are many tiny utilities to generate jwk from a private.key. It would be great to use only openssl for this purpose. Is there any plan to have this feature?
barbarosalp
All 4 comments
There are no plans, but we are open to PRs.
mattcaswell
on 14 Feb 2019
@noloader did a really comprehensive write-up on this SO question:
https://stackoverflow.com/questions/24093272/how-to-load-a-private-key-from-a-jwk-into-openssl
Just dropping this here in case a future person wants to make said PR
nwhatt
on 4 Apr 2019
I need a way to verify JWT signature by JWK with openssl i.e.:
openssl dgst -sha256 -verify ${PUB_KEY_PEM} -signature ${SIG_FILE}
Currently I can do this only with PEM key but most OIDC providers returns JWK on cert call e.g. https://www.googleapis.com/oauth2/v3/certs
So it would be really nice if the openssl provide a tool like jwk-to-pem or even accepted JWK file into the openssl dgst -sha256 -verify ${PUB_KEY_JWK} without converting it to PEM.
stokito
on 30 Jan 2020
OpenSSL 3.0 will have a foundation for deserializing arbitrary objects, based on provider backends.
I suppose that when that foundation is in place, writing backends that parse JWK files should hopefully be relatively easy.
That could be done as a separate project, even.
But, the foundation needs to get in place first...
levitte
on 31 Jan 2020
Related issues
richsalz
路
3Comments
lzsiga
路
4Comments
372979131
路
3Comments
nmtitov
路
3Comments
phongpro1996
路
4Comments
Most helpful comment
OpenSSL 3.0 will have a foundation for deserializing arbitrary objects, based on provider backends.
I suppose that when that foundation is in place, writing backends that parse JWK files should hopefully be relatively easy.
That could be done as a separate project, even.
But, the foundation needs to get in place first...