Openssl command can be used to generate ES256 asymmetric keys as required by the FAPI part 2 specification. Office will keep the private key and share the public key for registration with WIPO. Below is an example of script to generate ES256 asymmetric keys.
Code Block
language
bash
theme
RDark
title
private_key_jwt_generation.sh script
collapse
true
#!/bin/bash
# Set the environment
# set the output folder
OUTPUT_FOLDER=$1
#PRIVATE_KEY_ES256="${OUTPUT_FOLDER}/${2}"
#PUBLIC_KEY_ES256="${OUTPUT_FOLDER}/${3}"
FILES_NAME="${OUTPUT_FOLDER}/${2}"
CLIENT_NAME=$3
#create output folder if it does not exist
mkdir -p "${OUTPUT_FOLDER}"
# Generates the ES256 keys
openssl ecparam -genkey -name prime256v1 -noout -out "${FILES_NAME}_private.pem"
# Extracts the public key
openssl ec -in "${FILES_NAME}_private.pem" -pubout -out "${FILES_NAME}_public.pem"
# Generates an x509 certificate
CERT_KEY_ES256="${FILES_NAME}_es256_cert.pem"
OPENSSL_CONF="${OUTPUT_FOLDER}/openssl.cnf"
CERT_CN="${CLIENT_NAME} private_key_jwt authentication"
# Build the certificate config file
printf '[ req ]\n' > "${OPENSSL_CONF}"
printf 'prompt = no\n' >> "${OPENSSL_CONF}"
printf 'distinguished_name = req_distinguished_name\n' >> "${OPENSSL_CONF}"
printf '[ req_distinguished_name ]\n' >> "${OPENSSL_CONF}"
printf 'CN = %s\n' "${CERT_CN}" >> "${OPENSSL_CONF}"
# Creates the x509 certificate
openssl req -x509 -new -config "${OPENSSL_CONF}" -key "${FILES_NAME}_private.pem" -out "${CERT_KEY_ES256}"
Code Block
language
bash
theme
RDark
title
Script usage
sh ./private_key_jwt_generation.sh <output_folder_name> <files_prefix> <client_id>
Note
For the client_id (CLIENT_NAME), please create it as follow: "das-cc-api-id"
cc = country code of the IPO in lower caps
Note
<file_prefix>: any String that you would have to be included as prefix of the files to generate by the script