Flushot · April 23, 2019 05:05
diff --git a/generate_keypair.sh b/generate_keypair.sh
 #!/bin/sh
 set -e
 openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:4096
 openssl rsa -pubout -in private.pem -out public.pem
diff --git a/jwt_create.py b/jwt_create.py
 #!/usr/bin/env python
 from __future__ import print_function, with_statement, unicode_literals
 import getpass
 import socket
 import datetime
 import json

 import jwt


 def read_key(file_name):
    with open(file_name, 'r') as f:
        return f.read()


 def generate_token(subject, expires=None):
    payload = {
        # Reserved claims
        'iss': '{}@{}'.format(getpass.getuser(), socket.gethostname()),  # issuer
        'nbf': datetime.datetime.now(),  # not before
        'sub': subject  # subject
    }
    
    if expires is not None:
        payload['exp'] = expires

    return jwt.encode(payload,
                      read_key('private.pem'),
                      algorithm='RS256')


 def get_token_payload(token):
    return jwt.decode(token,
               read_key('public.pem'),
               algorithms=['RS256'])
diff --git a/openssl_sign.php b/openssl_sign.php
 <?php
 $private_key = openssl_pkey_get_private('file://./private.pem');
 $public_key = openssl_pkey_get_public('file://./public.pem');
 $algo = OPENSSL_ALGO_SHA256;
 try {
    $message = 'foo bar';

    // Sign
    $signature = null;
    if (!openssl_sign($message, $signature, $private_key, $algo)) {
        throw new Exception('OpenSSL failed to sign message: ' . openssl_error_string());
    }

    echo 'Message: ' . $message . PHP_EOL;
    echo 'Signature: ' . base64_encode($signature) . PHP_EOL;

    // Verify
    $verify_result = openssl_verify($message, $signature, $public_key, $algo);
    if ($verify_result === -1) {
        throw new Exception('OpenSSL failed to verify message: ' . openssl_error_string());
    }
    echo 'Verified: ' . ($verify_result === 1 ? 'Yes' : 'No') . PHP_EOL;
 } finally {
    openssl_pkey_free($private_key);
    openssl_pkey_free($public_key);
 }
	#!/bin/sh
	set -e
	openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:4096
	openssl rsa -pubout -in private.pem -out public.pem
	#!/usr/bin/env python
	from __future__ import print_function, with_statement, unicode_literals
	import getpass
	import socket
	import datetime
	import json

	import jwt


	def read_key(file_name):
	with open(file_name, 'r') as f:
	return f.read()


	def generate_token(subject, expires=None):
	payload = {
	# Reserved claims
	'iss': '{}@{}'.format(getpass.getuser(), socket.gethostname()), # issuer
	'nbf': datetime.datetime.now(), # not before
	'sub': subject # subject
	}

	if expires is not None:
	payload['exp'] = expires

	return jwt.encode(payload,
	read_key('private.pem'),
	algorithm='RS256')


	def get_token_payload(token):
	return jwt.decode(token,
	read_key('public.pem'),
	algorithms=['RS256'])
	<?php
	$private_key = openssl_pkey_get_private('file://./private.pem');
	$public_key = openssl_pkey_get_public('file://./public.pem');
	$algo = OPENSSL_ALGO_SHA256;
	try {
	$message = 'foo bar';

	// Sign
	$signature = null;
	if (!openssl_sign($message, $signature, $private_key, $algo)) {
	throw new Exception('OpenSSL failed to sign message: ' . openssl_error_string());
	}

	echo 'Message: ' . $message . PHP_EOL;
	echo 'Signature: ' . base64_encode($signature) . PHP_EOL;

	// Verify
	$verify_result = openssl_verify($message, $signature, $public_key, $algo);
	if ($verify_result === -1) {
	throw new Exception('OpenSSL failed to verify message: ' . openssl_error_string());
	}
	echo 'Verified: ' . ($verify_result === 1 ? 'Yes' : 'No') . PHP_EOL;
	} finally {
	openssl_pkey_free($private_key);
	openssl_pkey_free($public_key);
	}