The jwk-keygen command line utility generates keypairs used for asymmetric
encryption and signing algorithms in JSON Web Key (JWK) format.
This code is forked from jwk-keygen in github.com/square/go-jose and added some special options which we want for our purpose.
The utility requires specification of both desired algorithm (alg) and key
usage (use) to remind that same keypair should never be used both for
encryption and signing.
Algorithms are selected via the --alg flag, which influence the alg header.
For JWE (--use=enc), --alg specifies the key management algorithm (e.g.
RSA-OAEP). For JWS (--use=sig), --alg specifies the signature algorithm
(e.g. PS256).
Output file is determined by specified usage, algorithm and Key ID, e.g.
jwk-keygen --use=sig --alg=RS512 --kid=test produces files
jwk_sig_RS512_test and jwk_sig_RS512_test.pub. Keys are sent to stdout when
no Key ID is specified: neither pre-defined nor random one.
--format: Out JSON with format--jwks: Generate as JWKS too--pem: Generate as PEM too--pem-body: Generate as PEM too (only body without LF)--pem-one-line: Generate as PEM too (with one-line style)
Generate RSA/2048 key for encryption and output to stdout.
jwk-keygen --use enc --alg RSA-OAEP
Generate RSA/4096 key for signing and store to files.
jwk-keygen --use sig --alg RS256 --bits 4096 --kid test