I would like to use private and public certificate instead or directly using private and public keys for signing and verifying JSON payload using apigee JWS policies.
We can observe that the policy has a option to add JWKS during verifications , But if I have a certificates how to make JWKS with it?
And Can I use JWKS for signing JSON payload as well using apigee policy ?
Can we use keystore present in apigee for saving JWKS ?
> I would like to use private and public certificate instead or directly using private and public keys for signing and verifying JSON payload using apigee JWS policies.
I will help you. First I want to clarify your situation. My understanding is:
Given that, can you clarify this statement?
> I would like to use private and public certificate
I think you are referring to public/private key cryptography, because you are saying "private and public", even though I have some confusion about your use of the word "certificate in there. And you said JWS, so that means Signing (not encrypting). Public/private key crypto , and signing, means you will use one of the algorithms in the RS*, PS*, or ES* sets.
For those algorithms, the documentation for the GenerateJWS policy states that you must supply the private key as a PEM-encoded key.
For later verifying that JWS, with VerifyJWS, you must supply the corresponding public key. You have options for the format in which you supply the public key. The documentation states that you must specify either a JWKS, or an encoded public key.
There is one more option that is not mentioned in the documentation: you could supply an encoded certificate there, under the Value element. It works the same as the public key option, but it will look like "----- BEGIN CERTIFICATE-----"
If you choose to use the JWKS option, there are a number of sub-options:
OK does that clarify things further for you?
> Can I use JWKS for signing JSON payload as well using apigee policy ?
No, you must have a PEM-encoded private key, as per the documentation.
> Can we use keystore present in apigee for saving JWKS ?
No, you must use one of the options I described above; the same options are also described in the documentation for the policy.