1

I have received some keys from an external source and am trying to 'sign' them and send a post registration request to the endpoint and receive some information back.

So far I've tried all the different libraries like BouncyCastle and Identity Model, but cannot for the life of me figure out how to do this.

The information I am getting back looks like:

{"keys": [
    {
      "e": "GTYH",
      "n": "qiwydq-iqudhqiudhqiduhqwdiuq",
      "kty": "RSA",
      "kid": "FfJZEQ",
      "alg": "RS256",
      "use": "sig",
      "x5c": [
        "MIIGFTCCA/qiwyxgeiyxgqiweyd/qpwidjpqwidj/==",
        "MIIFbjCCA1agAwIBAgIED7pSYTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEqMCgGA1UEAwwhT1AgU2VydmljZXMgUFNEMiBBVFkgVGVzdCBSb290IENBMB4XDTE5MDIwMTEwMz="
      ],
      "x5t": "rBQ_Joaegat940fCKOdvNMsnHkA",
      "x5t#S256": "Mz3fuRYI6U55uRZ3-3vi9wQX615_N8M9QzQ_3c3wMRY"
    },
    {
      "crv": "P-256",
      "x": "ADttytfuytfILl_AO6vEtIJm-",
      "y": "Qououjoujuo",
      "kty": "EC",
      "kid": "iujoij",
      "alg": "ES256",
      "use": "sig",
      "x5c": [
        "MIICiTCCAi+iytdiytfiytfiytfitfytfytfytfu6gi7gh9i7hj="
      ],
      "x5t": "iouhouhohy",
      "x5t#S256": "Rtytuyfgiygiu-opipjpikpij"
    },
    {
      "e": "WERT",
      "n": "Auersdytfuiytg-oiphpugpijpimpihough-fQ729xKrTeBx7GcmxZW9I7EjeHK38YRsb43ZNwzOG31nTfokPWqhFwdYFLVcXyjLFJarQcfumQ-iouihouhouhouh-P1swFr4wWr-eV0X5EpD6gx57lRZPSG9G43VLWo0WBWp2Lco6eLqyxmsdHEF6C0XNZ8yf1EzkOJHsuU2hwRSrFZhfC6Bp41LHuzYg0VUPK_83nfpkXnDyJXdnHOyc6R9xMOcRQMgnfzWow48ui6MTc6ivLvxv3JE9iOovOWoeKu-opijpijpijpij-iaCGvuTd2QQw7zpbN-q3pbwjgeAt6dnbChTn8dkTfIPgwuDk9gGgYav2bsOfeHqaFZfY1-TAAbMqKHDdjIVxDLjDE6WxDACqSwPFj0NqXcJfEal_PEPfb6DSkuAp7mTQq317V6fM-oijpijpijpijpij",
      "kty": "RSA",
      "kid": "FFtrdyrtd",
      "alg": "PS256",
      "use": "sig",
      "x5c": [
        "MIIGFTCCA/2gAwIopijpijpijpijpijpij==",
        "MIIFbjCCA1ouhouhouhouhouhouhouh="
      ],
      "x5t": "oiygougougoughoug",
      "x5t#S256": "Mz3fuRYI6U55uRZ3--pijpijpijpij"
    }
  ]
}

I've found plenty of Java example to use and build a signed JWT but not so many .net examples so far I've just been successful in extracting the keys

Basically I need to take one of these keys and construct, sign and Post a request in the form of

POST /tpp-registration/register HTTPS/1.1
Host: somehost
Content-Type: application/jwt
Accept: application/json
x-api-key: <APP_API_KEY> (Only required in sandbox)
eyJraWQiOiJTYW9lMVEiLCJhbGciOiJFUzI1NiJ9.owuechoweuchwouecjnhweocu
Ibbylun
  • 73
  • 1
  • 10
  • your title "convert a jwk to a signed jwt" and text "received some keys ... and am trying to 'sign' them" are a bit confusing. Later you write "build a signed JWT", so I assume you want to take one of the given keys in JWK format and use it to sign a JWT. Is that correct? – jps Jan 18 '21 at 15:32
  • Yes thats correct. As you can probably tell I'm abit confused on what to do here lol – Ibbylun Jan 19 '21 at 09:26
  • Basically I've received these keys and I need to send back something in the form of . . POST /tpp-registration/register HTTPS/1.1 Host: somehost Content-Type: application/jwt Accept: application/json x-api-key: (Only required in sandbox) eyJraWQiOiJTYW9lMVEiLCJhbGciOiJFUzI1NiJ9.owuechoweuchwouecjnhweocuH – Ibbylun Jan 19 '21 at 09:39
  • I have edited the question slightly, maybe it makes more sense now – Ibbylun Jan 19 '21 at 09:42
  • 1
    I have an [answer](https://stackoverflow.com/questions/63299849/how-to-validate-jwt-using-jwk-for-es256-alg/63302597#63302597) that shows how to get a ES256 public key from a JWK and verify a JWT. For signing a token it would be very similar, but you need a private key for it. The given JWK seems to be a public key (only "x" and "y"), for a private key the "d" parameter is missing. – jps Jan 19 '21 at 12:48

0 Answers0