JCH
Java Community | Help. Code. Learn.10mo ago
Koblížkáč

Question about sharing a project with authentication

So im making a project with JWT auth and it requires to have 2 keys: public and private. its not generally recommended to share those keys right? would it be possible to somehow generate them when starting the application so the other devs dont have to do this?
17 Replies
JavaBot
JavaBot10mo ago
This post has been reserved for your question.
Hey @Koblížkáč! Please use /close or the Close Post button above when your problem is solved. Please remember to follow the help guidelines. This post will be automatically closed after 300 minutes of inactivity.
TIP: Narrow down your issue to simple and precise questions to maximize the chance that others will reply in here.
dan1st
dan1st10mo ago
The idea of public key encryption is that the public key can be shared but the private key stays private it should then be possible to verify the JWT with the public key But signing JWTs requires the private key
Koblížkáč
KoblížkáčOP10mo ago
yeah, so i can keep the public key in the repo, but the private key, does the developer have to generate his own with openssl, or is there smth in java which can do it?
dan1st
dan1st10mo ago
oh it is about the repo don't put any of them in the repo because the private and public key must match so each developer needs to have their own private and public key
Koblížkáč
KoblížkáčOP10mo ago
is this normal in like large projects? that each developer has to generate their own keys
Unknown User
Unknown User10mo ago
Message Not Public
Sign In & Join Server To View
Koblížkáč
KoblížkáčOP10mo ago
do you have the small script by any chance lol
Unknown User
Unknown User10mo ago
Message Not Public
Sign In & Join Server To View
Koblížkáč
KoblížkáčOP10mo ago
any would you mind sharing it with me?
Unknown User
Unknown User10mo ago
Message Not Public
Sign In & Join Server To View
Koblížkáč
KoblížkáčOP10mo ago
yeah i guess ill make a gradle task for it
dan1st
dan1st10mo ago
I don't think key generation is the problem lol
Koblížkáč
KoblížkáčOP10mo ago
im gonna say people are lazy, instead of writing that they need to do it manually, you can tell them to just run a gradle task
Unknown User
Unknown User10mo ago
Message Not Public
Sign In & Join Server To View
Koblížkáč
KoblížkáčOP10mo ago
do you guys think it would be better to use something from java library to generate the keys, or stick with the exec?
dan1st
dan1st10mo ago
depends I typically create keys from the command line using openssl, keytool or similar
JavaBot
JavaBot10mo ago
💤 Post marked as dormant
This post has been inactive for over 300 minutes, thus, it has been archived. If your question was not answered yet, feel free to re-open this post or create a new one. In case your post is not getting any attention, you can try to use /help ping. Warning: abusing this will result in moderative actions taken against you.
Want results from more Discord servers?
Add your server