{"id":15567324,"url":"https://github.com/dajiaji/mkkey","last_synced_at":"2026-01-14T07:16:33.758Z","repository":{"id":37926862,"uuid":"432043475","full_name":"dajiaji/mkkey","owner":"dajiaji","description":"Application-layer Key Generator supporting JWK (JSON Web Key) and PASERK (Platform-Agnostic Serialized Keys).","archived":true,"fork":false,"pushed_at":"2024-10-30T10:38:34.000Z","size":498,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-11T08:15:33.284Z","etag":null,"topics":["cryptography","jose","jwk","jwt","paserk","paseto","python","security"],"latest_commit_sha":null,"homepage":"https://github.com/dajiaji/mkkey","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dajiaji.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.rst","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-11-26T03:31:55.000Z","updated_at":"2024-11-16T02:37:00.000Z","dependencies_parsed_at":"2024-02-24T11:28:52.999Z","dependency_job_id":"d9eca949-ff8a-499f-90e6-fe8077492e3b","html_url":"https://github.com/dajiaji/mkkey","commit_stats":{"total_commits":168,"total_committers":4,"mean_commits":42.0,"dds":"0.44047619047619047","last_synced_commit":"67ac5e746b042abd6d0c1c6d273b772e13b570cb"},"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/dajiaji/mkkey","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dajiaji%2Fmkkey","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dajiaji%2Fmkkey/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dajiaji%2Fmkkey/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dajiaji%2Fmkkey/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dajiaji","download_url":"https://codeload.github.com/dajiaji/mkkey/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dajiaji%2Fmkkey/sbom","scorecard":{"id":317395,"data":{"date":"2025-08-11","repo":{"name":"github.com/dajiaji/mkkey","commit":"4c5ce9f7a160ad692d0254e5dfaf252a2b8e36c2"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.3,"checks":[{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/1 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29","Warn: no topLevel permission defined: .github/workflows/cd.yml:1","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cd.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/dajiaji/mkkey/cd.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cd.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/dajiaji/mkkey/cd.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/dajiaji/mkkey/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/dajiaji/mkkey/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/dajiaji/mkkey/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/dajiaji/mkkey/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/dajiaji/mkkey/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/dajiaji/mkkey/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/dajiaji/mkkey/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/dajiaji/mkkey/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/dajiaji/mkkey/codeql-analysis.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/cd.yml:24","Warn: pipCommand not pinned by hash: .github/workflows/cd.yml:25","Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:32","Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:60","Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:69","Info:   0 out of  10 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   5 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-79v4-65xg-pq4g","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-18T00:32:25.719Z","repository_id":37926862,"created_at":"2025-08-18T00:32:25.719Z","updated_at":"2025-08-18T00:32:25.719Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28412774,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T05:26:33.345Z","status":"ssl_error","status_checked_at":"2026-01-14T05:21:57.251Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","jose","jwk","jwt","paserk","paseto","python","security"],"created_at":"2024-10-02T17:10:43.599Z","updated_at":"2026-01-14T07:16:33.742Z","avatar_url":"https://github.com/dajiaji.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# mkkey - Application-Layer Key (JWK/PASERK) Generator\n\n[![PyPI version](https://badge.fury.io/py/mkkey.svg)](https://badge.fury.io/py/mkkey)\n![PyPI - Python Version](https://img.shields.io/pypi/pyversions/mkkey)\n![Github CI](https://github.com/dajiaji/mkkey/actions/workflows/ci.yml/badge.svg)\n[![codecov](https://codecov.io/gh/dajiaji/mkkey/branch/main/graph/badge.svg?token=QN8GXEYEP3)](https://codecov.io/gh/dajiaji/mkkey)\n\nmkkey is a CLI tool for generating following application-layer keys:\n- [RFC7517 - JWK (JSON Web Key)](https://datatracker.ietf.org/doc/html/rfc7517)\n- [PASERK (Platform-Agnositc Serialized Keys)](https://github.com/paseto-standard/paserk)\n\nUntil now, in order to create a JWK, you had to create a PEM-formatted key pair using a command\nsuch as `openssl`, and then load it and convert it into a JWK. With `mkkey`, you can\ndirectly and easily create JWKs and PASERKs that can be used in applications as shown below,\nwithout generating intermediate keys (PEM-formatted keys):\n\n![mkkey](https://github.com/dajiaji/mkkey/wiki/images/mkkey_header.png)\n\n# Index\n\n- [Installation](#installation)\n- [Basic Usage](#basic-usage)\n  - [JWK (JSON Web Key)](#jwk-json-web-key)\n      - [Generate a simple (default) JWK](#generate-a-simple-default-jwk)\n      - [Generate a JWK with specifying curve](#generate-a-jwk-with-specifying-curve)\n      - [Generate a JWK with optional attributes](#generate-a-jwk-with-optional-attributes)\n      - [Generate a JWK with kid generation method](#generate-a-jwk-with-kid-generation-method)\n  - [PASERK (Platform-Agnostic Serialized Keys)](#paserk-platform-agnostic-serialized-keys)\n      - [Generate a PASERK](#generate-a-paserk)\n      - [Generate a PASERK along with a PASERK ID](#generate-a-paserk-along-with-a-paserk-id)\n      - [Generate a PASERK wrapped using password-based encryption](#generate-a-paserk-wrapped-using-password-based-encryption)\n      - [Generate a PASERK wrapped by another symmetric key](#generate-a-paserk-wrapped-by-another-symmetric-key)\n- [kid generation methods for JWK](#kid-generation-methods-for-jwk)\n- [Contributing](#contributing)\n\n# Installation\n\nYou can install mkkey with pip:\n\n```sh\n$ pip install mkkey\n```\n\nIf the shell you are using is `bash`, `zsh` or `fish`, you can activate tab completion\nby following the steps below:\n\n1. Run `mkkey --install`.\n2. Follow the steps described in the output of `mkkey --install`.\n\n# Basic Usage\n\n## JWK (JSON Web Key)\n\nJWKs can be generated using the `mkkey jwk` command.\n\nTypical use cases are shown in this section but for details, see help:\n\n```sh\n$ mkkey jwk --help\n```\n\n### Generate a simple (default) JWK\n\nThe simplest way to use `mkkey jwt` is as follows. Simply specify a key type (in this case, `ec`).\nNow you will get the minimum JWK you need.\n\n```sh\n$ mkkey jwk ec\n{\n    \"public\": {\n        \"jwk\": {\n            \"kty\": \"EC\",\n            \"crv\": \"P-256\",\n            \"x\": \"Ti-mNoi-uQFYBVNkH6BSmuTAd8WL8kyEVJufZYv3mG8\",\n            \"y\": \"ANwoZQFI_teNrltM0s9LPjWli0_zyYvvv8cEZWKx1CQ\"\n        }\n    },\n    \"secret\": {\n        \"jwk\": {\n            \"kty\": \"EC\",\n            \"crv\": \"P-256\",\n            \"x\": \"Ti-mNoi-uQFYBVNkH6BSmuTAd8WL8kyEVJufZYv3mG8\",\n            \"y\": \"ANwoZQFI_teNrltM0s9LPjWli0_zyYvvv8cEZWKx1CQ\",\n            \"d\": \"l9Pbq0BmCsOzdapBtSxVpRiHhDTK5-ATteA0nMKzvFU\"\n        }\n    }\n}\n```\n\nIn addtion to `ec`, `rsa` and `okp` (Octet Key Pair) can be used as key types:\n\n```sh\n$ mkkey jwk rsa\n$ mkkey jwk okp\n```\n\n### Generate a JWK with specifying curve\n\nIf you want to use a curve other than `P-256`, use the `--crv` option:\n\n```sh\n$ mkkey jwk ec --crv P-384\n```\n\n### Generate a JWK with optional attributes\n\nIf you want to include `kid`, `alg`, `use` and `key_ops` in the JWK,\nuse the `--kid`, `--alg`, `--use`, and `--key-ops` respectively:\n\n```sh\n$ mkkey jwk ec --kid 01 --alg ES256 --use sig --key-ops\n{\n    \"public\": {\n        \"jwk\": {\n            \"kid\": \"01\",\n            \"kty\": \"EC\",\n            \"crv\": \"P-256\",\n            \"alg\": \"ES256\",\n            \"use\": \"sig\",\n            \"key_ops\": [\"verify\"],\n            \"x\": \"qg-3SA7jNvG7DPF8ajuRR69d5LoBz-I8Xg4ze1kjdHs\",\n            \"y\": \"JctPLnWOeyJM3apWxyEX3bHDo97kel4gdI8x0FlTwHc\"\n        }\n    },\n    \"secret\": {\n        \"jwk\": {\n            \"kid\": \"01\",\n            \"kty\": \"EC\",\n            \"crv\": \"P-256\",\n            \"alg\": \"ES256\",\n            \"use\": \"sig\",\n            \"key_ops\": [\"sign\"],\n            \"x\": \"qg-3SA7jNvG7DPF8ajuRR69d5LoBz-I8Xg4ze1kjdHs\",\n            \"y\": \"JctPLnWOeyJM3apWxyEX3bHDo97kel4gdI8x0FlTwHc\",\n            \"d\": \"GZ9ihMNwYYbglWHV8vau-W5gaZal5ajBb_NiY7Ci7Uk\"\n        }\n    }\n}\n```\n\n### Generate a JWK with kid generation method\n\n`kid` can also be generated automatically. In this case, use `--kid-type` to specify the generation method.\nFor now, only `sha256` (see [kid generation methods for JWK](#kid-generation-methods-for-jwk)) is available.\nYou can adjust the size of the auto-generated kid by using `--kid-size` as well:\n\n```sh\n$ mkkey jwk ec --kid-type sha256 --kid-size 16\n{\n    \"public\": {\n        \"jwk\": {\n            \"kid\": \"ozh_CYlRd3A1f2RLlA3Y5w\",\n            \"kty\": \"EC\",\n            \"crv\": \"P-256\",\n            \"x\": \"hDuMnnmlnFAKMsn-qP37XsKchg6K0bXPhsFgmWOpnVw\",\n            \"y\": \"_oQgP8b8V0hC_H73gIVBaMylAoTOA4mwM57Y2hC2xIk\"\n        }\n    },\n    \"secret\": {\n        \"jwk\": {\n            \"kid\": \"ozh_CYlRd3A1f2RLlA3Y5w\",\n            \"kty\": \"EC\",\n            \"crv\": \"P-256\",\n            \"x\": \"hDuMnnmlnFAKMsn-qP37XsKchg6K0bXPhsFgmWOpnVw\",\n            \"y\": \"_oQgP8b8V0hC_H73gIVBaMylAoTOA4mwM57Y2hC2xIk\",\n            \"d\": \"1b0lNEiyV_C8U0fGXDczfwTrKnHpWwjt_OU0H-MLJvs\"\n        }\n    }\n}\n```\n\n## PASERK (Platform-Agnostic Serialized Keys)\n\nPASERKs can be generated using the `mkkey paserk` command.\n\nTypical use cases are shown in this section but for details, see help:\n\n```sh\n$ mkkey paserk --help\n```\n\n### Generate a PASERK\n\nPASERKs can be generated using the `mkkey paserk` command with a target PASETO version\nand a purpose (in this case, `v4` and `public` respectively).\n\n```sh\n$ mkkey paserk v4 public\n{\n    \"public\": {\n        \"paserk\": \"k4.public.2BWUTPg5pmXZ3EVrOBv9I4I_F8Afj0TJ21HkaPT926M\"\n    },\n    \"secret\": {\n        \"paserk\": \"k4.secret.fKIawV2PPVpEONDcEH3_p1dc4OEYlTncmMa8gvwMVy_YFZRM-DmmZdncRWs4G_0jgj8XwB-PRMnbUeRo9P3bow\"\n    }\n}\n\n```\n\n### Generate a PASERK along with a PASERK ID\n\nIf you want to generate a PASERK ID (`kid`) along with a PASERK, use the `--kid` option:\n\n```sh\n$ mkkey paserk v4 public --kid\n{\n    \"public\": {\n        \"kid\": \"k4.pid.B7i9vMzTQv32mDV9JKjyRy5Iu4eyuufb_RjXwQeZiGrh\",\n        \"paserk\": \"k4.public.Qo7ipKpEa2RxCqmVXSpHdRbWMGtg9QsesMUbLQfU_Pw\"\n    },\n    \"secret\": {\n        \"kid\": \"k4.sid.v1091k4VuZOEKfIO5hLByGwK-RP6dFhfaltURc4CFkUd\",\n        \"paserk\": \"k4.secret.0h5Q2HDR8PbFMZhN8z7iXbbCyn5-bRQdNPRYIglvnWdCjuKkqkRrZHEKqZVdKkd1FtYwa2D1Cx6wxRstB9T8_A\"\n    }\n}\n```\n\n### Generate a PASERK wrapped using password-based encryption\n\nIf you want to wrap a secret PASERK with password-based encryption, use the `--password` option:\n\n```sh\n$ mkkey paserk v4 public --password mysecretpassword\n{\n    \"public\": {\n        \"paserk\": \"k4.public.qRUKsDFUDgi0zKuvax9fIEmaeRjyVdLqRMDli0YTDC0\"\n    },\n    \"secret\": {\n        \"paserk\": \"k4.secret-pw.62BwtRDohBqFGR-ohJau2AAAAAAA8AAAAAAAAgAAAAHToEnMr1aNWaJsfwxfjHiZkVqdfn8cuMqIburaesjyt7Un-UKE3Umdi3T2YnrNjoie_BGCFguNk_Q2C7qpKC6nehvr6oM3p-4BzrfZLzmKX7jqfgZlC9xZHe0NFfH5DphWqVfPZ5hoUv8gCYKhz7vZ1lyXNgbuCFI\"\n    }\n}\n```\n\n### Generate a PASERK wrapped by another symmetric key\n\nIf you want to wrap a secret PASERK by another symmetric key, use the `--wrapping-key` option:\n\n```sh\n$ mkkey paserk v4 public --wrapping-key 123456789abcdefghi\n{\n    \"public\": {\n        \"paserk\": \"k4.public.Dpdjm_Dd_4t7lzePcWkFLTPBQSBRwB-XZIJnpGbQcf0\"\n    },\n    \"secret\": {\n        \"paserk\": \"k4.secret-wrap.pie.aIbROal8a-FxyTddcC8cny98i-1IuZ5UrwBD64AZDt8b6_9z0DidT7KVKoyK9mTGwtTSSUFtRT9BYdkUc4kZJy0zio12KSw3hwkLqzYPtgUtxBqwlCIb9D2ug-2eaJw67iv1sNV4ovQsutSumob-po6Bt0IwoFXX0bDOVWHHqV8\"\n    }\n}\n```\n\n## kid generation methods for JWK\n\nFollowing kid generation methods are available that can be specified as `--kid-type` option:\n\n- `sha256`: Use a SHA256 hash value of DER formatted public key as a kid value. The DER format must be SubjectPublicKeyInfo which is the typical public key format and consists of an algorithm identifier and the public key bytes.\n- `none`: Do not generate kid [default].\n\n## Contributing\n\nWe welcome all kind of contributions, filing issues, suggesting new features or sending PRs.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdajiaji%2Fmkkey","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdajiaji%2Fmkkey","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdajiaji%2Fmkkey/lists"}