nakwa · November 3, 2016 15:38
diff --git a/jose_cheatsheet.rb b/jose_cheatsheet.rb
 #_____________________________________________________________________
 #_________(_)_________________ ___________ ____________ _____________
 #________  /_  __ \_  ___/  _ \______/ __ `/  _ \_  __ `__ \________
 #_______  / / /_/ /(__  )/  __/_____/ /_/ //  __/  / / / / /_______
 #______  /  \____//____/ \___/______\__, / \___//_/ /_/ /_/_______
 #___/___/__________________________/____/________________________
 #################################################################
 ########################## GENERATE KEY #########################
 #################################################################

 ## PRIVATE Key Creation
 private_key = JOSE::JWK.generate_key([:ec, 'P-384'])
 # => #<struct JOSE::JWK keys=nil, kty=#<struct JOSE::JWK::KTY_EC key=#<OpenSSL::PKey::EC:0x007fc5d6393c00>>, fields=JOSE::Map[]>

 ## PRIVATE key to JWK
 private_key_jwk = private_key.to_binary
 # => "{\"crv\":\"P-384\",\"d\":\"Ox54RnalYpeTLflyKS50las_9IuVsHTiSiVySg2J_tvAIjUjhqz4GvAGtbe8dsx1\",\"kty\":\"EC\",\"x\":\"jWg5K00KIg0nZFmVZO1YiCyN56HIpTrJIPogp6CE5afrQj76TG97-DVxbKwfDWHe\",\"y\":\"6N78OQ_E-kdlyPkGsq6FpBeMKqQs_3VZaQ4yyr3eRWUxvehWKoWCz8OUu5ABdIex\"}"

 ## PRIVATE Key Fingerprint
 private_key_jwk_fingerprint = Digest::SHA256.hexdigest(private_key_jwk)
 # => "004acd251aeb5ed7b34b69fb075b74ed9c2e37df551a5121128edd76ee0d60c5"

 ## PUBLIC Key Export
 public_key = private_key.to_public
 # => #<struct JOSE::JWK keys=nil, kty=#<struct JOSE::JWK::KTY_EC key=#<OpenSSL::PKey::EC:0x007fc5d72906b8>>, fields=JOSE::Map[]>

 ## PUBLIC Key JWK
 public_key_jwk = public_key.to_binary
 # => "{\"crv\":\"P-384\",\"kty\":\"EC\",\"x\":\"jWg5K00KIg0nZFmVZO1YiCyN56HIpTrJIPogp6CE5afrQj76TG97-DVxbKwfDWHe\",\"y\":\"6N78OQ_E-kdlyPkGsq6FpBeMKqQs_3VZaQ4yyr3eRWUxvehWKoWCz8OUu5ABdIex\"}"

 ## PUBLIC Key Export and Base64 Encode
 public_key_jwk_encoded = Base64.urlsafe_encode64(public_key_jwk)
 # => "eyJjcnYiOiJQLTM4NCIsImt0eSI6IkVDIiwieCI6ImpXZzVLMDBLSWcwblpGbVZaTzFZaUN5TjU2SElwVHJKSVBvZ3A2Q0U1YWZyUWo3NlRHOTctRFZ4Ykt3ZkRXSGUiLCJ5IjoiNk43OE9RX0Uta2RseVBrR3NxNkZwQmVNS3FRc18zVlphUTR5eXIzZVJXVXh2ZWhXS29XQ3o4T1V1NUFCZElleCJ9"

 #################################################################
 ############################## SIGN #############################
 #################################################################

 ## Identifier (identity) exemple (Base64("identity-1"))
 identifier = "aWRlbnRpdHkx"
 # => "aWRlbnRpdHkx"

 ## Signature of the identifier
 signature = private_key.sign(identifier)
 # => JOSE::SignedMap["payload" => "YVdSbGJuUnBkSGt4", "signature" => "VcBWK-jKiBDAas_e1v36DLzS5DZoUUirMoZZ_WjfEHHbNbZzcuijEnwXJeNwS5AbCJgTOsTpgqclvajgjiKxEgncIxX5hsNJN0TFid_9przi-UTxLD6eaPzk-tM_wnMy", "protected" => "eyJhbGciOiJFUzM4NCJ9"]

 ## Signature to JSON
 signature_json = signature.to_json
 # => "[[\"payload\",\"YVdSbGJuUnBkSGt4\"],[\"signature\",\"VcBWK-jKiBDAas_e1v36DLzS5DZoUUirMoZZ_WjfEHHbNbZzcuijEnwXJeNwS5AbCJgTOsTpgqclvajgjiKxEgncIxX5hsNJN0TFid_9przi-UTxLD6eaPzk-tM_wnMy\"],[\"protected\",\"eyJhbGciOiJFUzM4NCJ9\"]]"

 ## Signature encoding (Base64)
 signature_encoded = Base64.urlsafe_encode64(signature_json)
 # => "W1sicGF5bG9hZCIsIllWZFNiR0p1VW5Ca1NHdDQiXSxbInNpZ25hdHVyZSIsIlZjQldLLWpLaUJEQWFzX2UxdjM2REx6UzVEWm9VVWlyTW9aWl9XamZFSEhiTmJaemN1aWpFbndYSmVOd1M1QWJDSmdUT3NUcGdxY2x2YWpnamlLeEVnbmNJeFg1aHNOSk4wVEZpZF85cHJ6aS1VVHhMRDZlYVB6ay10TV93bk15Il0sWyJwcm90ZWN0ZWQiLCJleUpoYkdjaU9pSkZVek00TkNKOSJdXQ=="

 #################################################################
 ############################# VERIFY ############################
 #################################################################

 ## PUBLIC KEY Base64 Decode
 public_key_jwk = Base64.urlsafe_decode64(public_key_jwk_encoded)
 # => "{\"crv\":\"P-384\",\"kty\":\"EC\",\"x\":\"jWg5K00KIg0nZFmVZO1YiCyN56HIpTrJIPogp6CE5afrQj76TG97-DVxbKwfDWHe\",\"y\":\"6N78OQ_E-kdlyPkGsq6FpBeMKqQs_3VZaQ4yyr3eRWUxvehWKoWCz8OUu5ABdIex\"}"

 ## Import Key in Jose / JWK Object
 public_key = JOSE::JWK.from(public_key_jwk)
 # => #<struct JOSE::JWK keys=nil, kty=#<struct JOSE::JWK::KTY_EC key=#<OpenSSL::PKey::EC:0x007fc5d633ace0>>, fields=JOSE::Map[]>

 ## Signature Base64 Decode
 signature_decoded = Base64.urlsafe_decode64(signature_encoded)
 # => "[[\"payload\",\"YVdSbGJuUnBkSGt4\"],[\"signature\",\"HkKbeKXk43X8SODN2Cn3z3pi2OblR2NlNF27BsKsSfrFEf99zXTd2f5rwiWulYcGLqdfVCrYH2aqc5y4HPlvPZBCCzEJgz34XjXB7KG3YcEYsNRQiUJr48PS3CTXraag\"],[\"protected\",\"eyJhbGciOiJFUzM4NCJ9\"]]"

 ## Signature to JSON
 signature_json = JSON.parse(signature_decoded)
 # => [["payload", "YVdSbGJuUnBkSGt4"], ["signature", "VcBWK-jKiBDAas_e1v36DLzS5DZoUUirMoZZ_WjfEHHbNbZzcuijEnwXJeNwS5AbCJgTOsTpgqclvajgjiKxEgncIxX5hsNJN0TFid_9przi-UTxLD6eaPzk-tM_wnMy"], ["protected", "eyJhbGciOiJFUzM4NCJ9"]]

 ## Verify signature
 public_key.verify(signature)
 # => [true, "aWRlbnRpdHkx", #<struct JOSE::JWS alg=#<struct JOSE::JWS::ALG_ECDSA digest=OpenSSL::Digest::SHA384>, b64=nil, fields=JOSE::Map[]>]
	#_____________________________________________________________________
	#_________(_)_________________ ___________ ____________ _____________
	#________ /_ __ \_ ___/ _ \______/ __ `/ _ \_ __ `__ \________
	#_______ / / /_/ /(__ )/ __/_____/ /_/ // __/ / / / / /_______
	#______ / \____//____/ \___/______\__, / \___//_/ /_/ /_/_______
	#___/___/__________________________/____/________________________
	#################################################################
	########################## GENERATE KEY #########################
	#################################################################

	## PRIVATE Key Creation
	private_key = JOSE::JWK.generate_key([:ec, 'P-384'])
	# => #<struct JOSE::JWK keys=nil, kty=#<struct JOSE::JWK::KTY_EC key=#<OpenSSL::PKey::EC:0x007fc5d6393c00>>, fields=JOSE::Map[]>

	## PRIVATE key to JWK
	private_key_jwk = private_key.to_binary
	# => "{\"crv\":\"P-384\",\"d\":\"Ox54RnalYpeTLflyKS50las_9IuVsHTiSiVySg2J_tvAIjUjhqz4GvAGtbe8dsx1\",\"kty\":\"EC\",\"x\":\"jWg5K00KIg0nZFmVZO1YiCyN56HIpTrJIPogp6CE5afrQj76TG97-DVxbKwfDWHe\",\"y\":\"6N78OQ_E-kdlyPkGsq6FpBeMKqQs_3VZaQ4yyr3eRWUxvehWKoWCz8OUu5ABdIex\"}"

	## PRIVATE Key Fingerprint
	private_key_jwk_fingerprint = Digest::SHA256.hexdigest(private_key_jwk)
	# => "004acd251aeb5ed7b34b69fb075b74ed9c2e37df551a5121128edd76ee0d60c5"

	## PUBLIC Key Export
	public_key = private_key.to_public
	# => #<struct JOSE::JWK keys=nil, kty=#<struct JOSE::JWK::KTY_EC key=#<OpenSSL::PKey::EC:0x007fc5d72906b8>>, fields=JOSE::Map[]>

	## PUBLIC Key JWK
	public_key_jwk = public_key.to_binary
	# => "{\"crv\":\"P-384\",\"kty\":\"EC\",\"x\":\"jWg5K00KIg0nZFmVZO1YiCyN56HIpTrJIPogp6CE5afrQj76TG97-DVxbKwfDWHe\",\"y\":\"6N78OQ_E-kdlyPkGsq6FpBeMKqQs_3VZaQ4yyr3eRWUxvehWKoWCz8OUu5ABdIex\"}"

	## PUBLIC Key Export and Base64 Encode
	public_key_jwk_encoded = Base64.urlsafe_encode64(public_key_jwk)
	# => "eyJjcnYiOiJQLTM4NCIsImt0eSI6IkVDIiwieCI6ImpXZzVLMDBLSWcwblpGbVZaTzFZaUN5TjU2SElwVHJKSVBvZ3A2Q0U1YWZyUWo3NlRHOTctRFZ4Ykt3ZkRXSGUiLCJ5IjoiNk43OE9RX0Uta2RseVBrR3NxNkZwQmVNS3FRc18zVlphUTR5eXIzZVJXVXh2ZWhXS29XQ3o4T1V1NUFCZElleCJ9"

	#################################################################
	############################## SIGN #############################
	#################################################################

	## Identifier (identity) exemple (Base64("identity-1"))
	identifier = "aWRlbnRpdHkx"
	# => "aWRlbnRpdHkx"

	## Signature of the identifier
	signature = private_key.sign(identifier)
	# => JOSE::SignedMap["payload" => "YVdSbGJuUnBkSGt4", "signature" => "VcBWK-jKiBDAas_e1v36DLzS5DZoUUirMoZZ_WjfEHHbNbZzcuijEnwXJeNwS5AbCJgTOsTpgqclvajgjiKxEgncIxX5hsNJN0TFid_9przi-UTxLD6eaPzk-tM_wnMy", "protected" => "eyJhbGciOiJFUzM4NCJ9"]

	## Signature to JSON
	signature_json = signature.to_json
	# => "[[\"payload\",\"YVdSbGJuUnBkSGt4\"],[\"signature\",\"VcBWK-jKiBDAas_e1v36DLzS5DZoUUirMoZZ_WjfEHHbNbZzcuijEnwXJeNwS5AbCJgTOsTpgqclvajgjiKxEgncIxX5hsNJN0TFid_9przi-UTxLD6eaPzk-tM_wnMy\"],[\"protected\",\"eyJhbGciOiJFUzM4NCJ9\"]]"

	## Signature encoding (Base64)
	signature_encoded = Base64.urlsafe_encode64(signature_json)
	# => "W1sicGF5bG9hZCIsIllWZFNiR0p1VW5Ca1NHdDQiXSxbInNpZ25hdHVyZSIsIlZjQldLLWpLaUJEQWFzX2UxdjM2REx6UzVEWm9VVWlyTW9aWl9XamZFSEhiTmJaemN1aWpFbndYSmVOd1M1QWJDSmdUT3NUcGdxY2x2YWpnamlLeEVnbmNJeFg1aHNOSk4wVEZpZF85cHJ6aS1VVHhMRDZlYVB6ay10TV93bk15Il0sWyJwcm90ZWN0ZWQiLCJleUpoYkdjaU9pSkZVek00TkNKOSJdXQ=="

	#################################################################
	############################# VERIFY ############################
	#################################################################

	## PUBLIC KEY Base64 Decode
	public_key_jwk = Base64.urlsafe_decode64(public_key_jwk_encoded)
	# => "{\"crv\":\"P-384\",\"kty\":\"EC\",\"x\":\"jWg5K00KIg0nZFmVZO1YiCyN56HIpTrJIPogp6CE5afrQj76TG97-DVxbKwfDWHe\",\"y\":\"6N78OQ_E-kdlyPkGsq6FpBeMKqQs_3VZaQ4yyr3eRWUxvehWKoWCz8OUu5ABdIex\"}"

	## Import Key in Jose / JWK Object
	public_key = JOSE::JWK.from(public_key_jwk)
	# => #<struct JOSE::JWK keys=nil, kty=#<struct JOSE::JWK::KTY_EC key=#<OpenSSL::PKey::EC:0x007fc5d633ace0>>, fields=JOSE::Map[]>

	## Signature Base64 Decode
	signature_decoded = Base64.urlsafe_decode64(signature_encoded)
	# => "[[\"payload\",\"YVdSbGJuUnBkSGt4\"],[\"signature\",\"HkKbeKXk43X8SODN2Cn3z3pi2OblR2NlNF27BsKsSfrFEf99zXTd2f5rwiWulYcGLqdfVCrYH2aqc5y4HPlvPZBCCzEJgz34XjXB7KG3YcEYsNRQiUJr48PS3CTXraag\"],[\"protected\",\"eyJhbGciOiJFUzM4NCJ9\"]]"

	## Signature to JSON
	signature_json = JSON.parse(signature_decoded)
	# => [["payload", "YVdSbGJuUnBkSGt4"], ["signature", "VcBWK-jKiBDAas_e1v36DLzS5DZoUUirMoZZ_WjfEHHbNbZzcuijEnwXJeNwS5AbCJgTOsTpgqclvajgjiKxEgncIxX5hsNJN0TFid_9przi-UTxLD6eaPzk-tM_wnMy"], ["protected", "eyJhbGciOiJFUzM4NCJ9"]]

	## Verify signature
	public_key.verify(signature)
	# => [true, "aWRlbnRpdHkx", #<struct JOSE::JWS alg=#<struct JOSE::JWS::ALG_ECDSA digest=OpenSSL::Digest::SHA384>, b64=nil, fields=JOSE::Map[]>]