The thumbprint as a base64url encoded string.
const jwk: PublicKeyJwk = {
'kty': 'EC',
'crv': 'secp256k1',
'x': '61iPYuGefxotzBdQZtDvv6cWHZmXrTTscY-u7Y2pFZc',
'y': '88nPCVLfrAY9i-wg5ORcwVbHWC_tbeAd1JE2e0co0lU'
};
const thumbprint = jwkThumbprint(jwk);
console.log(`JWK thumbprint: ${thumbprint}`);
RFC7638 for the specification of JWK thumbprint computation.
Throws an Error if the provided key type is unsupported.
Computes the thumbprint of a JSON Web Key (JWK) using the method specified in RFC 7638. This function accepts RSA, EC, OKP, and oct keys and returns the thumbprint as a base64url encoded SHA-256 hash of the JWK's required members, serialized and sorted lexicographically.
Purpose:
Uniquely Identifying Keys: The thumbprint allows the unique identification of a specific JWK within a set of JWKs. It provides a deterministic way to generate a value that can be used as a key identifier (kid) or to match a specific key.
Simplifying Key Management: In systems where multiple keys are used, managing and identifying individual keys can become complex. The thumbprint method simplifies this by creating a standardized, unique identifier for each key.
Enabling Interoperability: By standardizing the method to compute a thumbprint, different systems can compute the same thumbprint value for a given JWK. This enables interoperability among systems that use JWKs.
Secure Comparison: The thumbprint provides a way to securely compare JWKs to determine if they are equivalent.