Generating JWK Thumbprints with Node.JS

Featured image for sharing metadata for article

As mentioned in How are Open Banking Key Ids (kid) Generated?, Open Banking use the JWK thumbprints as defined by RFC7638: JSON Web Key (JWK) Thumbprint.

But these may be used in other circumstances, so it's worth knowing how to generate them. Instead of hand-rolling the generation process, we can re-use the excellent node-jose:

const fs = require('fs');
const jose = require('node-jose');

const args = process.argv.slice(2);

const publicKey = fs.readFileSync(args[0]);
const hash = args[1] || 'SHA-256';

(async () => {
  const key = await jose.JWK.asKey(publicKey, 'pem');
    then(function(print) {

This allows us to run the following:

node thumb.js path/to/public.cer       # works with certificates
node thumb.js path/to/public.pem       # to use default hash algorithm
node thumb.js path/to/public.pem SHA-1 # to specify our own

Written by Jamie Tanna's profile image Jamie Tanna on , and last updated on .

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under the Apache License 2.0.

#blogumentation #nodejs #jwk.

This post was filed under articles.

Interactions with this post

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.