JWT Framework
v1.x
v1.x
  • Introduction
  • Components
    • Algorithm Management (JWA)
    • Key (JWK) and Key Set (JWKSet)
      • Key Management (JWK)
      • Key Set Management (JWKSet)
    • Header Checker
    • Claim Checker
    • Signed Tokens (JWS)
      • Signature Algorithms
      • JWS Creation
      • JWS Loading
    • Encrypted Tokens (JWE)
      • Encryption Algorithms
      • JWE Creation
      • JWE Loading
  • Symfony Bundle
    • Algorithm Management
    • Key and Key Set Management
      • Key Management (JWK)
      • Key Set Management (JWKSet)
    • Header and Claim Checker Management
    • Signed Tokens
      • JWS serializers
      • JWS creation
      • JWS verification
    • Encrypted Tokens
      • JWE serializers
      • JWE creation
      • JWE decryption
    • Configuration Helper
  • Console
    • Standalone Application
    • Symfony Console
    • PHAR Application
  • Security Recommendations
  • Advanced Topics
    • Nested Tokens
    • Serialization
    • Custom Algorithm
    • Signed tokens and
      • Unprotected Header
      • Multiple Signatures
      • Detached Payload
      • Unencoded Payload
    • Encrypted tokens and
      • Unprotected Headers
      • Multiple Recipients
      • Additional Authentication Data (AAD)
  • Benchmarks
    • Result table
  • Migration
    • From spomky-labs/jose
      • Keys (JWK)
      • Key Sets (JWKSet)
      • Signed Tokens (JWS)
      • Encrypted Tokens (JWE)
      • Header Checking
      • Claim Checking
Powered by GitBook
On this page
  • Key Management (JWK)
  • Keys As Services
  • From A Shared Secret
  • From A JWK Object
  • From A X509 Certificate File
  • From A X509 Certificate
  • From A PKCS#1/PKCS#8 Key File
  • From A Key In A Key Set
  • Custom Tags

Was this helpful?

Edit on GitHub
Export as PDF
  1. Symfony Bundle
  2. Key and Key Set Management

Key Management (JWK)

Key Management (JWK)

Keys As Services

When the component is installed, you will be able to define your keys in your application configuration and load your keys from several sources or formats. All these methods have the following option:

  • is_public: set the service public or private.

The key configuration will look like as follow:

jose: # Configuration of the JWT Framework
    keys: # Configuration of the keys
        key_name: # Unique key name
            method_name: # Name of the method
                ...
                is_public: true

The key will be available as a container service with the ID jose.key.key_name where key_name is the unique name of your key. Each key service will be an instance of the Jose\Component\Core\JWK class.

As any other configuration values, you can use environment variables.

From A Shared Secret

This feature was introduced in version 1.1.

This method will directly get a shared secret.

jose:
    keys:
        key_name:
            secret: # Method
                secret: 'This is my shared secret'
                additional_values:
                    use: 'sig'
                    alg: 'RS512'

From A JWK Object

This method will directly load a JWK object.

jose:
    keys:
        key_name:
            jwk: # Method
                value: '{"kty":"oct","k":"dzI6nbW4OcNF-AtfxGAmuyz7IpHRudBI0WgGjZWgaRJt6prBn3DARXgUR8NVwKhfL43QBIU2Un3AvCGCHRgY4TbEqhOi8-i98xxmCggNjde4oaW6wkJ2NgM3Ss9SOX9zS3lcVzdCMdum-RwVJ301kbin4UtGztuzJBeg5oVN00MGxjC2xWwyI0tgXVs-zJs5WlafCuGfX1HrVkIf5bvpE0MQCSjdJpSeVao6-RSTYDajZf7T88a2eVjeW31mMAg-jzAWfUrii61T_bYPJFOXW8kkRWoa1InLRdG6bKB9wQs9-VdXZP60Q4Yuj_WZ-lO7qV9AEFrUkkjpaDgZT86w2g"}'

From A X509 Certificate File

This method will load a X509 Certificate file.

jose:
    keys:
        key_name:
            certificate: # Method
                path: '/path/to/your/X509/certificate'
                additional_values: # Optional values
                    use: 'sig'
                    alg: 'RS256'

From A X509 Certificate

This method will load a key from a X509 Certificate.

jose:
    keys:
        key_name:
            x5c: # Method
                value: '-----BEGIN CERTIFICATE----- ....'
                additional_values: # Optional values.
                    use: 'sig'
                    alg: 'RS256'

From A PKCS#1/PKCS#8 Key File

This method will load a key from a PKCS#1 or PKCS#8 key file.

jose:
    keys:
        key_name:
            file: # Method
                path: '/path/to/your/key/file'
                password: 'secret' # Optional. Only if the key is encrypted
                additional_values: # Optional values.
                    use: 'sig'
                    alg: 'RS256'

From A Key In A Key Set

This method will retrieve a key from a JWKSet service.

jose:
    keys:
        key_name:
            jwkset: # Method
                key_set: 'jose.key_set.my_key_set' # JWKSet service
                index: 0 # Use key at index 0

Custom Tags

This feature was introduced in version 1.1.

You can add custom tags and attributes to the services you create.

jose:
    jwe:
        key_name:
            jwk: # Method
                value: '{"kty":"oct","k":"dzI6nbW4OcNF-AtfxGAmuyz7IpHRudBI0WgGjZWgaRJt6prBn3DARXgUR8NVwKhfL43QBIU2Un3AvCGCHRgY4TbEqhOi8-i98xxmCggNjde4oaW6wkJ2NgM3Ss9SOX9zS3lcVzdCMdum-RwVJ301kbin4UtGztuzJBeg5oVN00MGxjC2xWwyI0tgXVs-zJs5WlafCuGfX1HrVkIf5bvpE0MQCSjdJpSeVao6-RSTYDajZf7T88a2eVjeW31mMAg-jzAWfUrii61T_bYPJFOXW8kkRWoa1InLRdG6bKB9wQs9-VdXZP60Q4Yuj_WZ-lO7qV9AEFrUkkjpaDgZT86w2g"}'
                tags:
                    tag_name1: ~
                    tag_name2: {attribute1: 'foo'}
PreviousKey and Key Set ManagementNextKey Set Management (JWKSet)

Last updated 6 years ago

Was this helpful?