I am working on generating JWT (Jason Web Tokens) for use with the API (Application Programming Interface) for Box. Box is a company that does “File sharing, storage and collaboration”. I have created a small group of functions to work through automating the handling the accounts of employees that have left the company.
In an effort to create a process that is entirely hands free, I need to be able to authenticate with Box’s interface securely without being prompted. I may get into what a JST is an how it works after I get this all pulled together, but for right now, there are three pieces of data used in a JWT, the Header, Claims, and Signature, and they need to be serialized to UTF-8 bytes, then encoded using the Base64url encoding.
One of the components of the Claims piece is the ‘jti’, which is a random hex string.
One of the Box employees has written an example of how to do this in another language, with I am hoping will help someone to identify and show me how to do this in PowerShell.
var sessionToken = crypto.randomBytes(20).toString('hex');
I may not have been as clear as I need to be, in part, because I don’t know much about hex.
What I need is a string like:
jti = “M4yeY3W63TxHa9jFek85”
In the example above, once you correct the {0:X) with {0:X}, gives an array of numbers.
And considering the output can be either one or two digits, it may produce a number that is a lot longer the 20 characters.
At first I thought I would try something like this:
I talked with a couple of programmers where I work, and asked if they had any ideas on how to generate this with a built in class in Windows and they said yes, System.Security.Cryptography.
I wrote this from what I could find. It isn’t any shorter, and I am not sure it is working any better.
@i255d : your original question is, clearly, about bytes written as hexadecimal form. But, your 1st reply, changes that to something quite different.
I guess, you want to have a look at Membership.GeneratePassword static method in Cryptography namespace. It will give you a string with random characters.
Yes, as I have walked through this process, I figured out that for it to be a hex number, the characters had to be 0-F, and I did notice also, that the string given in the example by Box is not a hex number.
I just went back to Box to see what the actual requirement is:
jti required String A unique identifier specified by the client for this JWT. This is a unique string that is at least 16 characters and at most 128 characters.
I guess it doesn’t need to be a hex, I assumed that from the code one of their people said they used to get it:
var sessionToken = crypto.randomBytes(20).toString(‘hex’);
Either way, I have finished with this part, an I am now going to open another question to figure out how to create the signature of the JWT.
The original question is to generate a 20 bytes random key, not characters. 20 bytes, is a 160-bit key. The suggested minimum of 16 bytes is because it’s 128-bit and considered sufficient entropy according to the OWASP project.
Depending on the serialization method, it could generate various lengths when serialized to a string of text.
For instance hexadecimal, or base64url, or Ascii85.
To generate a hex string in PowerShell based on bits you could use the following code:
I don’t know what brought you to this Bart, but I am grateful for your response. I would like to learn more about how these pieces work and how I could use PowerShell to create things like certs. So what brought this old post to your attention?