Create JSON Web Token Using AWS KMS Asymmetric Key

Create JSON Web Token Using AWS KMS Asymmetric Key

by

In this hands-on tutorial, we will see how to create JWT using AWS KMS Asymmetric Key.

Step 1: Create Base64-URL Encoded JWT Header & Payload

# Encode JSON to base64 (correcting assignment syntax)
JWT_HEADER=$(echo -n '{"alg":"RS256","typ":"JWT"}' | base64)
JWT_PAYLOAD=$(echo -n '{"sub": "1234567890", "name": "Rishi","iat": 1712222222}' | base64)

# Print encoded values
echo "JWT Header: $JWT_HEADER"
echo "JWT Payload: $JWT_PAYLOAD"

Step 2: Create String to Sign

STRING_TO_SIGN="<JWT_HEADER>.<JWT_PAYLOAD_WITHOUT=>"

Step 3: Hash the Data

HASHED_STRING=$(echo -n "$STRING_TO_SIGN" | openssl dgst -sha256 -binary | base64)
echo $HASHED_STRING

Step 4: Sign with AWS KMS

SIGNATURE=$(aws kms sign \
  --key-id alias/jwtKey \
  --message "$HASHED_STRING" \
  --message-type DIGEST \
  --signing-algorithm RSASSA_PKCS1_V1_5_SHA_256 \
  --query 'Signature' \
  --output text | base64 --decode | base64 | tr '+/' '-_' | tr -d '=')

Step 5: Generate JWT

JWT_FINAL="${STRING_TO_SIGN}.${SIGNATURE}"
echo "Final JWT: $JWT_FINAL"

GitHub:- https://github.com/TrickSumo/AWS-KMS-Course?tab=readme-ov-file#asymmetric-encryption-example—create-jwt

Thanks 🌿

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.