All pages
Powered by GitBook
1 of 7

JWS/JWE Integration

JWS Workflow

The steps of the JWS workflow are as follows:

  1. The client signs with the client private key.

  2. digiRunner verifies with the client public key.

  3. digiRunner signs with the digiRunner’s private key.

  4. The client verifies with the digiRunner’s public key.

JWE Workflow

The steps of the JWE workflow are as follows:

  1. The client encrypts with the digiRunner’s public key.

  2. digiRunner decrypts with the digiRunner’s private key.

  3. digiRunner encrypts with the client public key.

  4. The client decrypts with the client private key.

Exchanging Public Keys

  1. The two parties prepare their key pair (public key and private key).

  2. The two parties exchange their respective public keys.

Generating Certificate

Replace example-pwd123 with your custom password and example-comp with your custom certificate name in the commands below.

  1. Issue the command to create a jks file using keytool.

keytool -genkey -alias example-comp -keystore example-comp.jks -keypass example-pwd123 -storepass example-pwd123 -keyalg RSA -keysize 2048 -validity 365 -v -dname "CN=www.example.com, OU=dgr, O=tpi, L=taipei, ST=taiwan, C=tw" -ext "SAN=DNS: www.example.com,IP:127.0.0.1"

  1. Query the content of the jks file.

keytool -list -v -keystore example-comp.jks -storepass example-pwd123

  1. Generate a keystore in p12 format, and provide a password.

keytool -importkeystore -srckeystore example-comp.jks -destkeystore example-comp.p12 -srcstoretype jks -deststoretype pkcs12 -keypass example-pwd123 -storepass example-pwd123

  1. Convert the file online, from P12 to PEM:

  • Go to SSL Shopper.

  • In the Certificate File to Convert field, click Choose File to select and upload the *.p12 file.

  • In the PFX Password field, enter your password.

  • Click Convert Certificate to finish the conversion.

The generated PEM file, such as example-comp.pem, contains both the private key and the certificate (including the public key). The content is as follows:

Bag Attributes
    friendlyName: example-comp
    localKeyID: 54 69 6D 65 20 31 36 38 38 36 32 32 38 33 31 36 31 35 
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDH7L/+gfoj4cDT
1OXSxlNaasm9FFr8A904A1NISKVU2MQN8+JfEpnyId0jHmqypTN1RBvQ0ET326Gg
HPsYbIulQ+5viT5IObCwaBf8IsVs+ej30ao5F4oI4GIpirsPzAmrLD3Z2Q/f6y2T
drlg3HxO9QDGbsO5WME+1rRuG5V6MHP4XxzJFumSlaxVYungghYnyNdy1qq0Xb37
JSPbhqYBC00J6uK66CH9qpN5o3j/ObFvaENreDTAtfWM9md9W44thPU6ERwjFpW5
NB9P3et3ZRgA8TYPwKN6OP84Vt9dEKIM1RjZMO4wDz2SbuugZimDIXox2DfFhKfC
zDYtdDVhAgMBAAECggEBAL5wy0LI1VowxdoDRxlMSkIqzxkJttGxbJzarg6BBNyZ
z8fqtYwS0ApSL7AwXTrnGultg4GZotjnokI+2QEfBLbcytf8SBPMwH6J6a8IAEAa
nszSL/BKd/aUp20i9aXKmrsvXYuStQh7oeKCiXu3C8K6p45eHJsF7K7LHvxz0iOd
LHeS/Dkl+NRYh+h46hoX4BLxNlTByzmz7Jm/ujtTNd/Qfe2E8N6mHXXuXol+2xV5
5fyUr3Ru0qijD1OYbM+mncdztATF7Vdp4VipgxyndtU7a/H3NLes4Hvat0Gg50Pl
UCdrOMNpnw6tWoHMJ4FJcmMaSPLBhkrSHBCqNXRFv3ECgYEA7taRQN6YPgEnuKaJ
toXEA9E06BNPe3HvTJPxpIZuBGpnqk8ojMTu+BghuTu0oYzacNzz2rYkZb5VMDpY
NJ33VNqexviNAcQrC4oQJHhRqtavmpyEAx4DK3IG7Cad1cejbi9xp7rR5xmEabHo
vDxDn9tI4D3Wg7NdvOM9yMoZiccCgYEA1kpe6SLc0JBCYn8x1M/u3II8swCe0j2g
/L0mp2zK4GYs41Dd3c+xbu+sGbSNke4P8kmMnpqIODg88m+rI5GDTTIWV32oT9rp
qq8rehY2d6gY74z+kR4vd+XVtqMzDg70CMFGxNQGA/QxZOo5SHLo9wLx7V+/RHKh
2GicENlkh5cCgYEApDpWVsy40qnorkeVmjQQvK82Of5NQQzvBzETj5YAQHkKH0mf
EGy6BU5SohQz+IHqEoFcDKACFxPxb+Aulr+oOmi5lQeDrhs9ngmpX+p7/YTx6taE
z7/rXgxiRi+niEBmWHW3KSaE/uvE6Qi0h/rIZTtbuRXMU3Mama+H5HFTbjECgYEA
yQdB3IIpFruOm2pprBRZJ6JCIUcet2q7YP5tiblE5ZjU2XdefBzAfqr3D7JS8Sic
6xXWhl/AFMWlX2Yk7ZwvyjaHwRIP2MIsXUQxjDnUZRJcOjZSBn+D1n3VrJ2TYsfi
ZWgz5Khm8ESgJeSZUn8CT+ACZ0ZgX20Oqb8RUbkvVwcCgYAykFnVF4xf842XONao
rSEWhdXARC6vZ3UySZpiqjSVxpxY2KLVL0HM37XBMsrhyaNji7OZiPGq3FSMunFD
3TOICYfcfl0dVKxcxEEv50UMSPREq2ixDOL5kpl5KA7ogkWA+/5gvl+BA1pcWArg
9H1ux9hYncY/2DzIpBUDfhczpA==
-----END PRIVATE KEY-----
Bag Attributes
    friendlyName: example-comp
    localKeyID: 54 69 6D 65 20 31 36 38 38 36 32 32 38 33 31 36 31 35 
subject=C = tw, ST = taiwan, L = taipei, O = tpi, OU = dgr, CN = www.tpisoftware.com

issuer=C = tw, ST = taiwan, L = taipei, O = tpi, OU = dgr, CN = www.tpisoftware.com

-----BEGIN CERTIFICATE-----
MIIDlzCCAn+gAwIBAgIEXP/F+TANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJ0
dzEPMA0GA1UECBMGdGFpd2FuMQ8wDQYDVQQHEwZ0YWlwZWkxDDAKBgNVBAoTA3Rw
aTEMMAoGA1UECxMDZGdyMRwwGgYDVQQDExN3d3cudHBpc29mdHdhcmUuY29tMB4X
DTIzMDcwNjA1NTI0NloXDTI0MDcwNTA1NTI0NlowaTELMAkGA1UEBhMCdHcxDzAN
BgNVBAgTBnRhaXdhbjEPMA0GA1UEBxMGdGFpcGVpMQwwCgYDVQQKEwN0cGkxDDAK
BgNVBAsTA2RncjEcMBoGA1UEAxMTd3d3LnRwaXNvZnR3YXJlLmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfsv/6B+iPhwNPU5dLGU1pqyb0UWvwD
3TgDU0hIpVTYxA3z4l8SmfIh3SMearKlM3VEG9DQRPfboaAc+xhsi6VD7m+JPkg5
sLBoF/wixWz56PfRqjkXigjgYimKuw/MCassPdnZD9/rLZN2uWDcfE71AMZuw7lY
wT7WtG4blXowc/hfHMkW6ZKVrFVi6eCCFifI13LWqrRdvfslI9uGpgELTQnq4rro
If2qk3mjeP85sW9oQ2t4NMC19Yz2Z31bji2E9ToRHCMWlbk0H0/d63dlGADxNg/A
o3o4/zhW310QogzVGNkw7jAPPZJu66BmKYMhejHYN8WEp8LMNi10NWECAwEAAaNH
MEUwHQYDVR0OBBYEFDL9HFUZpU4Safo/x+cx7Vr+e56ZMCQGA1UdEQQdMBuCE3d3
dy50cGlzb2Z0d2FyZS5jb22HBH8AAAEwDQYJKoZIhvcNAQELBQADggEBAINtFte3
dH+9tQ+4Zo4FGR2Jr3ZE1b2Q9qhb9K9213CldbY+8I1kZVXz5qvIZkj9UPr9B+19
2JDIGyH5GtjnFtp/qWAFph+c5QIJm8nRYcKzSW89SkpELQNAzNvNUP0vKctahaD8
pZKC0NA2NpzDmioXXJf3n1Q0QWzOtsGC6KwzPtkDLNCrDoSEbgBTqhG+XcfSNaFC
i9xiT9Beukk9vPscEEi+fBw4e9HAMjeGYgnoW0w3QhZRSP8kRwMss6RFvZR4lTPs
GnLGx5h95DWngAJ3msHFB5hhLpUCcPUJQuF9q0tLWtKF5Ezkf1wVx2k7ZUZCqvAo
wl9DpYtP+eXmnA8=
-----END CERTIFICATE-----

  1. Retain only the data of the certificate (including the public key), such as example-comp-pub.pem. The content is as follows:

-----BEGIN CERTIFICATE-----
MIIDlzCCAn+gAwIBAgIEXP/F+TANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJ0
dzEPMA0GA1UECBMGdGFpd2FuMQ8wDQYDVQQHEwZ0YWlwZWkxDDAKBgNVBAoTA3Rw
aTEMMAoGA1UECxMDZGdyMRwwGgYDVQQDExN3d3cudHBpc29mdHdhcmUuY29tMB4X
DTIzMDcwNjA1NTI0NloXDTI0MDcwNTA1NTI0NlowaTELMAkGA1UEBhMCdHcxDzAN
BgNVBAgTBnRhaXdhbjEPMA0GA1UEBxMGdGFpcGVpMQwwCgYDVQQKEwN0cGkxDDAK
BgNVBAsTA2RncjEcMBoGA1UEAxMTd3d3LnRwaXNvZnR3YXJlLmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfsv/6B+iPhwNPU5dLGU1pqyb0UWvwD
3TgDU0hIpVTYxA3z4l8SmfIh3SMearKlM3VEG9DQRPfboaAc+xhsi6VD7m+JPkg5
sLBoF/wixWz56PfRqjkXigjgYimKuw/MCassPdnZD9/rLZN2uWDcfE71AMZuw7lY
wT7WtG4blXowc/hfHMkW6ZKVrFVi6eCCFifI13LWqrRdvfslI9uGpgELTQnq4rro
If2qk3mjeP85sW9oQ2t4NMC19Yz2Z31bji2E9ToRHCMWlbk0H0/d63dlGADxNg/A
o3o4/zhW310QogzVGNkw7jAPPZJu66BmKYMhejHYN8WEp8LMNi10NWECAwEAAaNH
MEUwHQYDVR0OBBYEFDL9HFUZpU4Safo/x+cx7Vr+e56ZMCQGA1UdEQQdMBuCE3d3
dy50cGlzb2Z0d2FyZS5jb22HBH8AAAEwDQYJKoZIhvcNAQELBQADggEBAINtFte3
dH+9tQ+4Zo4FGR2Jr3ZE1b2Q9qhb9K9213CldbY+8I1kZVXz5qvIZkj9UPr9B+19
2JDIGyH5GtjnFtp/qWAFph+c5QIJm8nRYcKzSW89SkpELQNAzNvNUP0vKctahaD8
pZKC0NA2NpzDmioXXJf3n1Q0QWzOtsGC6KwzPtkDLNCrDoSEbgBTqhG+XcfSNaFC
i9xiT9Beukk9vPscEEi+fBw4e9HAMjeGYgnoW0w3QhZRSP8kRwMss6RFvZR4lTPs
GnLGx5h95DWngAJ3msHFB5hhLpUCcPUJQuF9q0tLWtKF5Ezkf1wVx2k7ZUZCqvAo
wl9DpYtP+eXmnA8=
-----END CERTIFICATE-----

  1. Upload the data of the certificate (including the public key), such as example-comp-pub.pem. to digiRunner.

Operating with JWS

API Request in JWS Format

The client signs the plain request with the client private key, resulting in a signed request (JWS).

API Response in JWS Format

The client verifies the signature of the received response (JWS) with the digiRunner’s public key.

Once the signature is verified, decode the payload of the JWS with Base64 to obtain the plain response.

Operating with JWE

API Request in JWE Format

The client encrypts the plain request with the digiRunner’s public key, resulting in an encrypted request (JWS).

API Response in JWE Format

The client decrypts the received response (JWE) with the client private key.

Once the response is decrypted, the client will obtain the plain response.