How to Generate a New JSON Web Key with “dp” (First Factor CRT Exp) , “dq” (Second Factor CRT Exp) , “qi” (First CRT Coefficient) Parameter ?

[jeanmichelcraye]

Hi, Sorry if it’s a newbie question but I experienced that :
HTTP API POST keys/{set] (Generate a New JSON Web Key) with body
{
“use”: “sig”,
“kid”: “d21c.... Hiden... 6063",
“alg”: “RS256"
}
return
{
"keys": [
{
"use": "sig",
"kty": "RSA",
"kid": "private:d21cf19...hidden..7dc46063",
"alg": "RS256",
"n": "...hidden..",
"e": "AQAB",
"d": "...hidden..",
"p": "...hidden..",
"q": "...hidden.."
},
{
"use": "sig",
"kty": "RSA",
"kid": "public:d21cf...hidden..dc46063",
"alg": "RS256",
"n": "...hidden..",
"e": "AQAB"
}

do not return any of
“dp” (First Factor CRT Exponent) Parameter
“dq” (Second Factor CRT Exponent) Parameter
“qi” (First CRT Coefficient) Parameter
is there any specific config to produce a full private key structure ?

[vinckr]

Hello @jeanmichelcraye
You can overwrite the default key set: https://www.ory.sh/docs/hydra/reference/api#update-a-json-web-key-set
See also the full thread on this: #2599

May I ask what prompted you to make this change?

[jeanmichelcraye]

Hello Vincent,
Thank you for the suggestion, it is actualy the workaround I use :

1. generate my own internal JWK
2. push it using PUT API to add/update the JWK on Hydra.
   It is a more work as POST request could generate at first a full JWK private key with all option (dp,qi, ...) in one step.
   To answer to your question, my purpose was to use HYDRA JWKS to store my own JWK in order to use Private key to sign my API Backend JWT requests and make JWK public key available to frontend apps.

[vinckr]

Makes sense.

POST request could generate at first a full JWK private key with all option (dp,qi, ...) in one step.

I did not find a feature request for this, so feel free to open one; maybe there is some more interest from the community in this feature.