Generating JWK Thumbprints with Node.JS

As mentioned in How are Open Banking Key Ids (kid) Generated?, Open Banking use the JWK thumbprints as defined by RFC7638: JSON Web Key (JWK) Thumbprint.

But these may be used in other circumstances, so it's worth knowing how to generate them. Instead of hand-rolling the generation process, we can re-use the excellent node-jose:

const fs = require('fs');
const jose = require('node-jose');

const args = process.argv.slice(2);

const publicKey = fs.readFileSync(args[0]);
const hash = args[1] || 'SHA-256';

(async () => {
  const key = await jose.JWK.asKey(publicKey, 'pem');
    then(function(print) {

This allows us to run the following:

node thumb.js path/to/public.cer       # works with certificates
node thumb.js path/to/public.pem       # to use default hash algorithm
node thumb.js path/to/public.pem SHA-1 # to specify our own

Written by Jamie Tanna's profile image Jamie Tanna on , and last updated on .

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under the Apache License 2.0.

#blogumentation #nodejs #jwk.

This post was filed under articles.

Related Posts

Other posts you may be interested in:

Interactions with this post

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.