Keys and signatures
By default, the OIDC Manager creates an RSA key for RS256 token signatures on first startup. On subsequent startups, the same key will be used again.
If you want to enforce a certain key or key type for token signatures, you may use the config
command, providing the key management functions of the SSI Kit to create a key.
The following key and token signature types are currently supported:
Signature | Key | Hash |
---|---|---|
RS256 | RSA 2048 | SHA256 |
EdDSA | EdDSA_Ed25519 | SHA256 |
ES256K | ECDSA_Secp256k1 | SHA256 |
The chosen key type implicitely defines the signature and hash type, according to the table above.
Generate key
In the following example, I will show how to manually create an RSA key for the OIDC manager using the config command of the IDP Kit:
This command will generate an RSA key, save it in the key store, in the context of the OIDC manager, and prints the key ID:
Output:
List available keys
To list all the available keys in the OIDC Manager context, you can type:
Output:
Configure key
Now, to configure the key generated above, copy the key ID printed by the command, and paste it into the configuration file, like so:
Last updated