Tcl
Tcl
Compute JWK Thumbprint for RSA and EC Private Keys
See more ECC Examples
Demonstrates how to compute a JSON Web Key thumbprint for a private key (RSA or ECC).Note: This example requires Chilkat v9.5.0.66 or greater.
Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
set privKey [new_CkPrivateKey]
# A private key can be loaded from any format (binary DER, PEM, etc.)
# This example will load the private keys from PEM format,
# and will then compute the JWK thumbprint.
# First do it for this RSA private key...
set sbPem [new_CkStringBuilder]
set bCrlf 1
CkStringBuilder_AppendLine $sbPem "-----BEGIN RSA PRIVATE KEY-----" $bCrlf
CkStringBuilder_AppendLine $sbPem "Proc-Type: 4,ENCRYPTED" $bCrlf
CkStringBuilder_AppendLine $sbPem "DEK-Info: DES-EDE3-CBC,2E65118E6C7B5207" $bCrlf
CkStringBuilder_AppendLine $sbPem "" $bCrlf
CkStringBuilder_AppendLine $sbPem "7cYUTW4ZBdmVZ4ILB08hcTdm5ib0E0zcy+I7pHpNQfJHtI7BJ4omys5S19ufJPBJ" $bCrlf
CkStringBuilder_AppendLine $sbPem "IzYjeO7oTVqI37F6EUmjZqG4WVE2UQbQDkosZbZN82O4Ipu1lFAPEbwjqePMKufz" $bCrlf
CkStringBuilder_AppendLine $sbPem "snSQHKfnbyyDPEVNlJbs19NXC8v6g+pQay5rH/I6N2iBxgsTmuemZ54EhNQMZyEN" $bCrlf
CkStringBuilder_AppendLine $sbPem "R/CiheArWEH9H8/4hd2gc9Tb2s0MwGHILL4kbbNm5tp3xw4ik7OYWNrj3m+nG6Xb" $bCrlf
CkStringBuilder_AppendLine $sbPem "vKXh2xEanAZAyMXTqDJTHdn7/CEqusQPJjZGV+Mf1kjKu7p4qcXFnIXP5ILnTW7b" $bCrlf
CkStringBuilder_AppendLine $sbPem "lHoWC4eweDzKOMRzXmbABEVSUvx2SmPl4TcoC5L1SCAHEmZaKbaY7S5l53u6gl0f" $bCrlf
CkStringBuilder_AppendLine $sbPem "ULuQbt7Hr3THznlNFKkGT1/yVNt2QOm1emZd55LaNe8E7XsNSlhl0grYQ+Ue8Jba" $bCrlf
CkStringBuilder_AppendLine $sbPem "x85OapltVjxM9wVCwbgFyi04ihdKHo9e+uYKeTGKv0hU5O7HEH1ev6t/s2u/UG6h" $bCrlf
CkStringBuilder_AppendLine $sbPem "TqEsYrVp0CMHpt5uAF6nZyK6GZ/CHTxh/rz1hADMofem59+e6tVtjnPGA3EjnJT8" $bCrlf
CkStringBuilder_AppendLine $sbPem "BMOw/D2QIDxjxj2GUzz+YJp50ENhWrL9oSDkG2nzv4NVL77QIy+T/2/f4PgokUDO" $bCrlf
CkStringBuilder_AppendLine $sbPem "QJjIfxPWE40cHGHpnQtZvEPoxP0H3T0YhmEVwuJxX3uaWOY/8Fa1c7Ln0SwWdfV5" $bCrlf
CkStringBuilder_AppendLine $sbPem "gYvJV8o6c3sumcq1O3agPDlHC5O4IxG7AZQ8CHRDyASogzfkY6P579ZOGYaO4al7" $bCrlf
CkStringBuilder_AppendLine $sbPem "WA1YIpsHs3/1f4SByMuWe0NVkFfvXckjpqGrBQpTmqQzk6baa0VQ0cwU3XlkwHac" $bCrlf
CkStringBuilder_AppendLine $sbPem "WB/fQ4jylwFzZDcp5JAo53n6aU72zgNvDlGTNKwdXXZI5U3JPocH0AiZgFFWYJLd" $bCrlf
CkStringBuilder_AppendLine $sbPem "63PJLDnjyE3i6XMVlxifXKkXVv0RYSz+ByS7Oz9aCgnQhNU8ycv+UxtfkPQih5zE" $bCrlf
CkStringBuilder_AppendLine $sbPem "/0Y2EEFknajmFJpNXczzF8OEzaswmR0AOjcCiklZKRf61rf5faJxJhhqKEEBJuL6" $bCrlf
CkStringBuilder_AppendLine $sbPem "oodDVRk3OGU1yQSBazT8nK3V+e6FMo3tWkra2BXFCD+pKxTy014Cp59S1w6F1Fjt" $bCrlf
CkStringBuilder_AppendLine $sbPem "WX7eMWSLWfQ56j2kLMBHq5gb2arqlqH3fsYOTD3TNjCYF3Sgx309kVPuOK5vw61P" $bCrlf
CkStringBuilder_AppendLine $sbPem "pnL/LN3iGY42WR+9lfAyNN2qj9zvwKwscyYs5+DPQoPmcPcVGc3v/u66bLcOGbEU" $bCrlf
CkStringBuilder_AppendLine $sbPem "OlGa/6gdD4GCp5E4fP/7GbnEY/PW2abquFhGB+pVdl3/4+1U/8kItlfWNZoG4FhE" $bCrlf
CkStringBuilder_AppendLine $sbPem "gjMd7glmrdFiNJFFpf5ks1lVXGqJ4mZxqtEZrxUEwciZjm4V27a+E2KyV9NnksZ6" $bCrlf
CkStringBuilder_AppendLine $sbPem "xF4tGPKIPsvNTV5o8ZqjiacxgbYmr2ywqDXKCgpU/RWSh1sLapqSQqbH/w0MquUj" $bCrlf
CkStringBuilder_AppendLine $sbPem "VhVX0RMYH/foKtjagZf/KO1/mnCITl86treIdachGgR4wr/qqMjrpPUaPLCRY3JQ" $bCrlf
CkStringBuilder_AppendLine $sbPem "00XUP1Mu6YPE0SnMYAVxZheqKHly3a1pg4Xp7YWlM671oUORs3+VENfnbIxgr+2D" $bCrlf
CkStringBuilder_AppendLine $sbPem "TiJT9PxwpfK53Oh7RBSWHJZRuAdLUXE8DG+bl0N/QkJM6pFUxTI1AQ==" $bCrlf
CkStringBuilder_AppendLine $sbPem "-----END RSA PRIVATE KEY-----" $bCrlf
# The actual password for the above PEM is "passwd".
set success [CkPrivateKey_LoadEncryptedPem $privKey [CkStringBuilder_getAsString $sbPem] "passwd"]
if {$success != 1} then {
puts [CkPrivateKey_lastErrorText $privKey]
delete_CkPrivateKey $privKey
delete_CkStringBuilder $sbPem
exit
}
# Generate the JWK thumbprint:
puts "JWK thumbprint: [CkPrivateKey_getJwkThumbprint $privKey SHA256]"
# Output:
# JWK thumbprint: QzUpUAW1Y5iksGxq3r1o3JMROR6D7FLwvRlHmDQVg0I
# --------------------------------------------------------------
# Now let's do an EC private key. The following is an unencrypted PEM containing a 384-bit EC key..
CkStringBuilder_Clear $sbPem
CkStringBuilder_AppendLine $sbPem "-----BEGIN PRIVATE KEY-----" $bCrlf
CkStringBuilder_AppendLine $sbPem "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAamStb0Xep3y3sWw2u" $bCrlf
CkStringBuilder_AppendLine $sbPem "SSAdUPkgQ9Rvhlnx8XEVOYy2teh69T0on77ja02m03n8t8WhZANiAARUNSar38Rz" $bCrlf
CkStringBuilder_AppendLine $sbPem "lKPyZFsNSGUanzpNRth0C+MikVEH8FAlDHMMpAs34dyF4IK0uxgbiEe9bQ+ieLrl" $bCrlf
CkStringBuilder_AppendLine $sbPem "6xwFR0yaTivuwoyXC+ScGUnwnpaXmid6UUgw4ypbneHsaKuZ9JLdMAo=" $bCrlf
CkStringBuilder_AppendLine $sbPem "-----END PRIVATE KEY-----" $bCrlf
set success [CkPrivateKey_LoadPem $privKey [CkStringBuilder_getAsString $sbPem]]
if {$success != 1} then {
puts [CkPrivateKey_lastErrorText $privKey]
delete_CkPrivateKey $privKey
delete_CkStringBuilder $sbPem
exit
}
# Generate the JWK thumbprint:
puts "JWK thumbprint: [CkPrivateKey_getJwkThumbprint $privKey SHA256]"
# Output:
# JWK thumbprint: ABAUUfNSONFsZYvZ_o_0bsPT3qeG3jttXB09VC_ETWQ
delete_CkPrivateKey $privKey
delete_CkStringBuilder $sbPem