Key (JWK)
You can create a JWK object using two static methods:
new JWK(array $values)
: creates a JWK using direct values.JWK::createFromJson(string $json)
: creates a JWK using a JSON object.
Hereafter all methods available for a JWK object. The variable $jwk
is a valid JWK object.
Please note a JWK object is an immutable object. If you change a value using a setter, it will return a new object.
Generate A New Key
This framework is able to create private and public keys on the fly using the JWKFactory
. 4 types of keys are supported:
Symmetric Key:
oct
: octet string
Asymmetric Key:
RSA
: RSA key pairEC
: Elliptic Curve key pairOKP
: Octet key pair
The none
algorithm needs a key of type none
. This is a specific key type that must only be used with this algorithm.
Octet String
The following example will show you how to create an oct
key.
Additional parameters will be set to limit the scope of this key (e.g. signature/verification only with the HS256
algorithm).
If you already have a shared secret, you can use it to create an oct
key:
RSA Key Pair
The following example will show you how to create a RSA
key.
The key size must be of 384 bits at least, but nowadays the recommended size is 2048 bits.
Elliptic Curve Key Pair
The following example will show you how to create a EC
key.
The supported curves are:
P-256
P-384
P-521
(note that this is 521 and not 512)
Octet Key Pair
The following example will show you how to create a OKP
key.
The supported curves are:
Ed25519
for signature/verification onlyX25519
for encryption/decryption only
None Key
The none
key type is a special type used only for the none
algorithm.
Create Key From External Sources
From Values
In case you already have key values, you can create a key by passing those values as an argument:
From A Key File
You can convert a PKCS#1 or PKCS#8 key file into a JWK. The following method supports PEM and DER formats. Encrypted keys are also supported.
From A PKCS#12 Certificate
You can convert a PKCS#12 Certificate into a JWK. Encrypted certificates are also supported.
From A X.509 Certificate
You can convert a X.509 Certificate into a JWK.
Please note that X.509 certificates only contains public keys.
Last updated