rsa-keygen-jwks

RSA Key generator (in PEM) with Json Web Keystore (JWKS) file

Usage no npm install needed!

<script type="module">
  import rsaKeygenJwks from 'https://cdn.skypack.dev/rsa-keygen-jwks';
</script>

README

rsa-keygen-jwks

This library helps you to generate a new set of RSA public and private keys (in PEM) format together with the JWKS (JSON Web Key Set) that are used for JWT authentication implementation.

In a common use-case:

  • the private PEM key would be used to sign the JWT token.
  • the JWKS would be used to authenticate incoming request containing the access (or refresh) JWT token.

NPM

Example of Use

const  generator = require('rsa-keygen-jwks');

/*
Step 1: Calling the generateNewKeySet() will generate a new set
of _<uuid>_ folder name with the following content:

- <uuid-xxx-xxx-xx folder>
  - [0]
    - private.key
    - public.key
  - [1]
    - private.key
    - public.key
  - jwks.json

Folder[0] and Folder[1] both represents 2 new sets of PEM keys.
This is recommended to allow rotation of signing keys
in case the other has been compromised.

The jwks.json contains the JWKS content which 
comprises of each JWK (JSON Web Key) 
corresponding to the (public keys of the) 2 new PEM key sets above.
*/

generator.generateNewKeySet();

/*
Step 2: Signing the JWT token
*/

const  jwt = require('jsonwebtoken');
const  payload = "any payload";

/*
Read the private key that have been generated in Step 1.
You can choose the key from folder[0] or folder[1] above.
Remember to encode it in utf-8 format.
*/
const  privateKey = <content-of-the-private-key>

/*
The kid (key identifier) value is being stored
in the generated jwks.json.
This kid must correspond to the private key used above.
*/
const kidRef = <kid-value>

/*
Use the jsonwebtoken library to sign the payload
with the private key to generate the JWT access/refresh token.
*/
const accessToken = jwt.sign(payload, privateKey, {
    header: { kid:  kidRef },
    issuer: <some-issuer>,
    audience: <some-audience>,
    expiresIn: <some-expiry>,
    subject: <some-subject>,
    algorithm: 'RS256'
});

/*
Step 3: Authenticating the JWT Token

You should have everything you need to perform the JWT authentication.
Please refer to the example in the library jwks-rsa (https://www.npmjs.com/package/jwks-rsa)
that describe how to reference the jwks.json for authentication (via the jwksUri property).
*/

References