Reading/Writing JSON Web Keys (JWK) in R

2025-05-29

Source: vignettes/jwk.Rmd

RSA / ECDSA keys

JSON Web Keys (JWK) is a format specified in RFC7517 for storing RSA/EC/AES keys in a JSON based format. It can be used to import/export such keys in the browser using the new W3C WebCryptoAPI.

The jose package makes it easy to read/write such keys in R for use with JWT or any other functionality from the openssl package.

Linking to: OpenSSL 3.0.2 15 Mar 2022
library(jose)

# Generate a ECDSA key
key <- openssl::ec_keygen()
jsonlite::prettify(write_jwk(key))
{
    "kty": "EC",
    "crv": "P-256",
    "x": "aztDeUYJ_kGTWMdMip-RcIuOVMBSh4hCbfR3hVkzzn0",
    "y": "Wisw79q2LRUKRVwPQVj1svLmMWKOh-bdFWLKVT-y90I",
    "d": "9l3rJ5gwQYQ1RA-TurJVc6NPWxJpMqH8PQRNLqglROY"
}
 
# Use public key
pubkey <- as.list(key)$pubkey
json <- write_jwk(pubkey)
jsonlite::prettify(json)
{
    "kty": "EC",
    "crv": "P-256",
    "x": "aztDeUYJ_kGTWMdMip-RcIuOVMBSh4hCbfR3hVkzzn0",
    "y": "Wisw79q2LRUKRVwPQVj1svLmMWKOh-bdFWLKVT-y90I"
}
 
# Read JWK key
(out <- read_jwk(json))
[256-bit ecdsa public key]
md5: 4ec20f84cbf16a118b70d5b0a565fdfb
sha256: 2392df64833759c0ba289171e7ef618d88344a42819e0524724e5269d04805e6
identical(pubkey, out)
[1] TRUE

AES/HMAC keys

JWT also specifies a format for encoding AES/HMAC secrets. Such secret keys are simply raw bytes.

# Random secret
(key <- rand_bytes(16))
 [1] ae 62 64 cf 61 37 33 06 d0 f1 a3 7c a3 7f c9 fc
(jwk <- write_jwk(key))
{"kty":"oct","k":"rmJkz2E3MwbQ8aN8o3_J_A"} 
 [1] ae 62 64 cf 61 37 33 06 d0 f1 a3 7c a3 7f c9 fc