Layer7 API Management

  • Private Community
 View Only

  • 1.  Sign a JWT with a RSA private key

    Posted Sep 01, 2018 04:44 AM

    I have a RSA private key (-----BEGIN RSA PRIVATE KEY-----), part of a RSA private-public key set.

     

    I need to use that key to sign a JWT (using the 'encode Json web token' assertion i presume).

    Importing this key in the private key store doesn't work ("not a PKCS12 keystore").

    When i use openssl to create a PKCS12 keystore from this key (openssl pkcs12 -export -nocerts -inkey private.key -out keystore.p12) i get a "import failed: null".

     

    Should i be able to use such an RSA key with the gateway to sign a JWT?

    Should i create a private key? Which openssl command is needed to create a PKCS12 file that the api gateway accepts?

    Are there any other options?

     

    Any help is much appreciated!



  • 2.  Re: Sign a JWT with a RSA private key

    Broadcom Employee
    Posted Sep 02, 2018 08:53 PM

    Hello,

     

    We need to create a PKCS12 keystore from a key pair (private key and certificate(public key)). It isn't enough to import the private key alone.
    When an RSA private key is used for signing, its corresponding public key is used together.

     

    Cheers,
    Seiji



  • 3.  Re: Sign a JWT with a RSA private key
    Best Answer

    Posted Sep 03, 2018 03:48 AM

    Hello,

     

    for further reference if someone else read's this question.

    What I needed to do to create a PKCS12 (or .pfx) keystore from the given RSA Private and public key where these two openssl commands:

     

    openssl req -new -x509 -key private.key -out publickey.cer -days 365

    openssl pkcs12 -export -out public_privatekey.pfx -inkey private.key -in publickey.cer