Openssl command can be used to generate ES256 asymmetric keys as required by the FAPI part 2 specification. Office will keep the private key and share the public key for registration with WIPO. Below is an example of script to generate ES256 asymmetric keys.
Code Block
language
bash
theme
RDark
title
private_key_jwt_generation.sh script
collapse
true
#!/bin/bash
# Set the environment
# set the output folder
OUTPUT_FOLDER=$1
PRIVATE#PRIVATE_KEY_ES256="${OUTPUT_FOLDER}/${2}"
PUBLIC#PUBLIC_KEY_ES256="${OUTPUT_FOLDER}/${3}"
FILES_NAME="${OUTPUT_FOLDER}/${2}"
CLIENT_NAME=$4$3
#create output folder if it does not exist
mkdir -p "${OUTPUT_FOLDER}"
# Generates the ES256 keys
openssl ecparam -genkey -name prime256v1 -noout -out "${PRIVATEFILES_KEY_ES256}NAME}_private.pem"
# Extracts the public key
openssl ec -in "${PRIVATEFILES_KEY_ES256}NAME}_private.pem" -pubout -out "${PUBLICFILES_KEY_ES256}NAME}_public.pem"
# Generates an x509 certificate
CERT_KEY_ES256="${OUTPUTFILES_FOLDERNAME}/_es256_cert.pem"
OPENSSL_CONF="${OUTPUT_FOLDER}/openssl.cnf"
CERT_CN="${CLIENT_NAME} private_key_jwt authentication"
# Build the certificate config file
printf '[ req ]\n' > "${OPENSSL_CONF}"
printf 'prompt = no\n' >> "${OPENSSL_CONF}"
printf 'distinguished_name = req_distinguished_name\n' >> "${OPENSSL_CONF}"
printf '[ req_distinguished_name ]\n' >> "${OPENSSL_CONF}"
printf 'CN = %s\n' "${CERT_CN}" >> "${OPENSSL_CONF}"
# Creates the x509 certificate
openssl req -x509 -new -config "${OPENSSL_CONF}" -key "${PRIVATEFILES_KEY_ES256}NAME}_private.pem" -out "${CERT_KEY_ES256}"
Note
For the clientir (CLIENT_NAME), please create it as follow: "das-cc-api-id"