Add support to decode RSA public key generated using ssh-keygen

[ayeshLK]

Current Limitation

Currently Ballerina crypto module does not support the public-key format generated with ssh-keygen

Suggested Improvement

We need to include add support to decode public-keys generated with ssh-keygen

Steps

1. Generate the key-pair using ssh-keygen

ssh-keygen -t rsa -b 4096 -m PEM -f private.key

With the above command two files will be generated private.key and private.key.pub (which is the public key)

2. Try to decode the public-key using Ballerina crypto module

crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromCertFile("<path-to>/private.key.pub")

[isamauny]

Sorry but this is not my requirement :) My requirement is to be able to validate a JWT using a single JWK - This works for HS (symmetric) and RS/EC (asymmetric) keys.

One way to do this could be to separate the retrieval of the key from the validation step. When you validate, you validate against a single JWK. The logic to retrieve that key could be simple, or not. I had to create a loop across a JWKS once for a customer as we did not have the kid inside the JWT header. If the retrieval of the key is part of the validation logic, I can't do that.

So something like:

• Key retrieval (keyid, jwks | local JWK file) or my custom logic -> JWK Object
• JWT validation (JWK, JWT)