Written by Jamie Tanna
on June 3, 2020
CC-BY-NC-SA-4.0 Apache-2.0
1 mins

Generating JWK Thumbprints with Ruby

Featured image for sharing metadata for article

As mentioned in How are Open Banking Key Ids (kid) Generated?, Open Banking use the JWK thumbprints as defined by RFC7638: JSON Web Key (JWK) Thumbprint.

But these may be used in other circumstances, so it's worth knowing how to generate them. Instead of hand-rolling the generation process, we can re-use the excellent json-jwt:

#!/usr/bin/env ruby
require 'json/jwt'

def read_key(fname)
  contents = File.read fname

  begin
    return OpenSSL::X509::Certificate.new(contents).public_key
  rescue
    # ignore
  end

  begin
    return OpenSSL::PKey.read contents
  rescue
    # ignore
  end

  raise "#{fname} could not be parsed as a certificate, public or private key"
end

hash = ARGV[1] || 'sha256'

key = read_key(ARGV[0])
key = key.public_key unless key.public?

jwk = JSON::JWK.new(key)
puts jwk.thumbprint(hash)

This allows us to run the following:

ruby thumb.rb path/to/private.pem      # works with private key or public key
ruby thumb.rb path/to/public.cer       # works with certificates
ruby thumb.rb path/to/public.pem       # to use default hash algorithm
ruby thumb.rb path/to/public.pem SHA-1 # to specify our own

Written by Jamie Tanna on Wed, 03 Jun 2020 09:00:07+01:00, and last updated on Mon, 14 Feb 2022 11:24:33+00:00.

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under the Apache License 2.0.

#blogumentation #ruby #jwk.

This post was filed under articles.

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.

← → Top