Skip to content

Instantly share code, notes, and snippets.

@Hiweus

Hiweus/index.cjs

Created May 22, 2025 11:32
Show Gist options
  • Save Hiweus/15e2f94fb831b6ee389a4f21c9b460d6 to your computer and use it in GitHub Desktop.
Save Hiweus/15e2f94fb831b6ee389a4f21c9b460d6 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. Hiweus created this gist May 22, 2025.
    50 changes: 50 additions & 0 deletions index.cjs
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,50 @@
    const { generateKeyPairSync, sign } = require('crypto');
    const fs = require('fs');

    // 1. Gera o par de chaves Ed25519
    const { publicKey, privateKey } = generateKeyPairSync('ed25519');

    // 2. Extrai chave pública crua (32 bytes)
    const publicRaw = publicKey.export({ format: 'der', type: 'spki' }).slice(-32);
    const publicKeyBase64Url = publicRaw.toString('base64url');

    // 3. Extrai a chave privada crua (seed) de 32 bytes
    const privateDer = privateKey.export({ format: 'der', type: 'pkcs8' });
    const seed = privateDer.slice(-64, -32); // 32 bytes (seed)

    // 4. Concatena seed + public = 64 bytes
    const private64 = Buffer.concat([seed, publicRaw]);
    const privateKeyBase64Url = private64.toString('base64url');

    // 5. Salva chaves
    fs.writeFileSync('jwt_public.key', publicKeyBase64Url);
    fs.writeFileSync('jwt_private.key', privateKeyBase64Url);

    console.log('✅ Chaves salvas:');
    console.log('- Pública (jwt_public.key):', publicKeyBase64Url);
    console.log('- Privada (jwt_private.key):', privateKeyBase64Url);
    console.log('- Comprimento da privada (bytes):', private64.length); // Should be 64

    // 6. Cria JWT sem expiração
    const header = {
    alg: 'EdDSA',
    typ: 'JWT',
    };

    const payload = {
    sub: 'usuario1',
    iss: 'meu-app',
    };

    const base64url = (obj) => Buffer.from(JSON.stringify(obj)).toString('base64url');
    const encodedHeader = base64url(header);
    const encodedPayload = base64url(payload);
    const toSign = `${encodedHeader}.${encodedPayload}`;

    // 7. Assina usando a chave original
    const signature = sign(null, Buffer.from(toSign), privateKey).toString('base64url');

    // 8. Gera JWT completo
    const jwt = `${toSign}.${signature}`;
    console.log('\n✅ JWT gerado:\n');
    console.log(jwt);