Products » Nimbus JOSE + JWT »

Command line JSON Web Key (JWK) generator

A simple Java command-line utility created by Justin Richer can be used to generate keys in JWK format. It supports these key types:

  • RSA key
  • EC key
  • Octet string (symmetric) key

The tool is also available online.

Usage

Invoking the utility without arguments will print its usage message:

usage: java -jar json-web-key-generator.jar -t <keyType> [options]
 -a <arg>   Algorithm (optional)
 -c <arg>   Key Curve, required for EC key type. Must be one of P-256,
            P-384, P-521
 -i <arg>   Key ID (optional)
 -p         Display public key separately
 -s <arg>   Key Size in bits, required for RSA and OCT key types. Must be
            an integer divisible by 8
 -S         Wrap the generated key in a KeySet
 -t <arg>   Key Type, one of: RSA, oct, EC
 -u <arg>   Usage, one of: enc, sig (optional)

Example

To generate a 2048-bit RSA public / private key pair, with a specified key ID and use, and wrapped in a standard JWK set:

java -jar json-web-key-generator.jar -t RSA -s 2048 -i 1 -u sig -S

The JWK generator will then output a JSON object similar to this:

{
  "keys": [
    {
      "d": "Y5ULK-bLRqKAg6FcuDx4HCQmnMYUv67IQ394KBmw6F-LbdbMhNyn6UH2RAr4Wkg-TL0QXZbfuOdvvE8ZlGeWJxCGx2XOzO1wQT12mhNTD1S9NtrD_wQMc34sE6Qy5JK2CE-tWzPRT_cKzWXEJGsR0FWHphUjZOg7-vfAgPYZaZ7rptdgtq3mEs45MiURVx7DBgu5AH2x0R-s37wtR1Xw9Vx1tD6ScGl7sMu7RWerDbkkfuAUSnON_8lHzHt_GvWYI3za4KiWRH5HeYVACQ3nBrnKju_kMp9lLEGC6pgbLkthnvjf0KjMcUoKrRMKKbENhyzwFcZ6pZAtdUg-Ec3AYQ",
      "e": "AQAB",
      "n": "j37Y-Fmx2Pr9xCHXhBWvDRaXobvpikF2Nd2J_FoK8U5SlMebmqrEwddegw4OoWbBcTfcK9UMiK7mOYH7xpIxPmXyUl_ByMLT-0gTLhq-KhzsZ3SxoUqVThF6-x8XJ8DiBYO3RUSfZ3xwQwHtlXdhg6hk-iUaArYBEKGhp8R75d4w6gFHXnSzgY_llxwU7dBFUgk6H1CbBK1ozmOP5xzgnSovYt5PEetwfHjbSm_q1yFd9AuwT5QgFQhmB2jJH9rdL_W4zf8U71a3tuN-fG3LmXc2jtuDMg5LAVjzaXtPX0kQKH8_88qER1UeNfa3ceJgCfvr_EVt8PkIkh8mhB4AbQ",
      "kty": "RSA",
      "use": "sig",
      "kid": "1"
    }
  ]
}

You can use the above JWK set file to configure your OpenID Connect server, client, or other application that needs to use or publish a JWK.

Download

The JWK generator sources can be obtained from its Github repo at

https://github.com/mitreid-connect/json-web-key-generator

We also provide a ready compiled JAR for the JWK generator:

Download JWK generator JAR