Generate Private key from Certificate using password for JWT

Google Cloud Apigee
1

Hi All,

I’m generating PrivateKey and PublicKey using certificate but it’s failing when I tried to generate JWT.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<GenerateJWT async="false" continueOnError="false" enabled="true" name="Generate-JWT">
    <DisplayName>Generate JWT</DisplayName>
    <Algorithm>RS256</Algorithm>
    <PrivateKey>
        <Id ref="config.target.privateid"/>
        <Password ref="private.password"/>
        <Value ref="private.privatekey"/>
    </PrivateKey>
    <Subject ref="config.target.subject"/>
    <Issuer ref="config.target.issuer"/>
    <Audience ref="config.target.audience"/>
    <ExpiresIn ref="config.target.expiry"/>
    <AdditionalClaims>
        <Claim name="memberInfo" type="map" ref="jsonMemberInfo"/>
    </AdditionalClaims>
    <OutputVariable>private.token.jwt</OutputVariable>
</GenerateJWT>

Format of my PrivateKey is as per below;

-----BEGIN ENCRYPTED PRIVATE KEY-----
encoded data
-----END ENCRYPTED PRIVATE KEY-----

Error Message :-

{"fault":{"faultstring":"Failed to parse key: policy(Generate-JWT) ","detail":{"errorcode":"steps.jwt.KeyParsingFailed"}}}

Is any other way to generate JWT using private key which is generated by certificate ?

Thanks in advance.

2

Hi @Dino-at-Google

I’ve read your article(Very helpful) on Private key encryption for JWT token generation and found that encryption uses “TripleDES” and it’s working fine when I do use this. Is fix for different encryption is applied on public cloud? Thanks in advance.

3

Sorry, Siddesh, just catching up. The fix for different encryption is still pending release.

You’ll see it in the release notes, I guess.

I don’t have an expected time of release for that.

reference b/79526748

4

The fix for different encryption is still pending release.

You’ll see it in the release notes, I guess.

I don’t have an expected time of release for that.

reference b/79526748