Skip to content

Sample Node Tool jwssign

Kenji Urushima edited this page Nov 6, 2016 · 2 revisions

TOP | Wiki | DOWNLOADS | TUTORIALS | API REFERENCE | Online Tool | DEMO | NODE TOOL


CODE

Script source code is here.

DESCRIPTION

This script signs JWS(JSON Web Signature) by specified header and payload file or string. This can be also sign JWT(JSON Web Token) by specifying proper header and payload.

USAGE

To generate JWS file 'aaa.jws' with specified PKCS#8 RSA private key 'rsa1.prv', header and payload, type following at the command line:

% jwssign -k rsa1.prv '{"typ":"jws","alg":"RS256"}' \
                      '{"product":"orange","quantity":100}' aaa.jws

Generated file will be following: eyJ0eXAiOiJqd3MiLCJhbGciOiJSUzI1NiJ9.eyJuYW1lIjoib...

You can also specify header and payload by files respectively:

% jwssign -k rsa1.prv header.txt payload.txt aaa.jws

To output JWS signature to standard output not to a file, you can specify "-" as output:

% jwssign -k rsa1.prv header.txt payload.txt -
eyJ0eXAiOiJqd3MiLCJhbGciOiJSUzI1NiJ9.eyJuYW1lIjoib...

To force specifying signature algorithm as though whatever algorithm specified in a header, use "-f" option:

% jwssign -k rsa1.prv -f PS384 '{"typ":"jws","alg":"RS256"}' payload.txt aaa.jws

For RSA private key, you can specify RS* and PS* signature algorithms.

To generate ES256 signature with ECC private key, type following:

% jwssign -k ec1.prv '{"typ":"jws","alg":"ES256"}' payload.txt aaa.jws

To generate HS* hmac JWS signature, there are four ways to specify hmac password using password type '-t' and password '-p' option.

  • -t utf8 -p aaa (specify password 'aaa' by UTF-8 string)
  • -t hex -p 616161 (specify password '616161' (i.e. aaa) by hexadecimal string
  • -t b64 -p YWFh (specify password 'YWFh' (i.e. aaa) by Base64 encoded string
  • -t b64u -p YWFh (specify password 'YWFh' (i.e. aaa) by Base64URL encoded string

For example, to generate HS256 JWS signature with password 'passwd', command will be following:

% jwssign -t utf8 -p passwd '{"typ":"jws","alg":"HS256"}' payload.txt' aaa.jws

COMMAND LINE HELP

With '-h' or '--help' option, script shows command line help:

% jwssign -h

Usage: jwssign [options] <JWS Header file/string> \
                         <JWS payload file/string> <output JWS file>

sign JWS by header/payload file or string

Options:

  -h, --help                          output usage information
  -V, --version                       output the version number
  -t, --passtype <utf8|hex|b64|b64u>  Hmac(HS*) pass type
  -p, --pass <pass>                   Hmac(HS*) password in specfied type
  -k, --prvkey <file>                 private key file (ex. PKCS#8 PEM)
  -f, --forcealg <sigalg>             overwrite alg in header (ex. HS512)
Clone this wiki locally