Appendix 1

Signature Generation

HTTP

Java

String mti = "001X";
String jweString = "eyJlcGsiOnsia3R5Ijo...";

String message = mti + jweString;

String path = KEYPAIR_DIR + "ec_private_key_521.pem";

FileReader fileReader = new FileReader(path);
PEMParser pemParser = new PEMParser(fileReader);

PEMKeyPair pemKeyPair = (PEMKeyPair) pemParser.readObject();
byte[] encodedPrivateKey = pemKeyPair.getPrivateKeyInfo().getEncoded();

PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedPrivateKey);

KeyFactory keyFactory = KeyFactory.getInstance("EC");
PrivateKey privateKey = keyFactory.generatePrivate(keySpec);

Signature privateSignature = Signature.getInstance("SHA512withECDSA");
privateSignature.initSign(privateKey);
privateSignature.update(message.getBytes(StandardCharsets.UTF_8));

byte[] signature = privateSignature.sign();
String signatureStr = URLEncoder.encode(Base64.getEncoder().encodeToString(signature));

Node.js

const privateKeyPem = fs.readFileSync("ec_private_key_521.pem", "utf8");

const mti = "001X";
const jweString = "eyJlcGsiOnsia3R5Ijo...";
const message = mti + jweString;

const sign = new KJUR.crypto.Signature({ alg: "SHA512withECDSA" });

sign.init(privateKeyPem);
sign.updateString(message);
const signatureHex = sign.sign();
const signatureBase64 = btoa(
    String.fromCharCode(
        ...signatureHex.match(/.{1,2}/g).map((byte) => parseInt(byte, 16))
    )
);

const signedMessage = encodeURIComponent(signatureBase64);

Python

private_key_path = r"...\ec_private_key_521.pem"

mti = "001X"
jweString = "eyJlcGsiOnsia3R5Ijo..." 
message = mti + jweString

with open(private_key_path, "rb") as key_file:
        private_key = serialization.load_pem_private_key(
            key_file.read(), password=None, backend=default_backend()
        )
        
signature = private_key.sign(message.encode("utf-8"), ec.ECDSA(hashes.SHA512()))

base64_signature = base64.b64encode(signature).decode("utf-8")

signed_message = urllib.parse.quote(base64_signature, safe="")

.Net

public static ECDsa LoadPrivateKeyFromPem(string pem)
{
    byte[] keyBytes = Convert.FromBase64String(pem.Replace("-----BEGIN PRIVATE KEY-----", "")
    .Replace("-----END PRIVATE KEY-----", "")
    .Replace("\n", "")
    .Replace("\r", ""));

    var key = ECDsa.Create();
    key.ImportPkcs8PrivateKey(keyBytes, out _);
    return key;
}

string jweString = "eyJlcGsiOnsia3R5Ijo..."
string mti = "0011";
string message = mti + jweString;

string privateKeyName = "ec_private_key_521.pem"; 
byte[] dataBytes = Encoding.UTF8.GetBytes(message); 
string publicKeyPem = File.ReadAllText(privateKeyName); 
ECDsa privateKey = LoadPrivateKeyFromPem(publicKeyPem);

byte[] signature = privateKey.SignData(dataBytes, HashAlgorithmName.SHA512, DSASignatureFormat.Rfc3279DerSequence);  
string signedMessage = Uri.EscapeDataString(Convert.ToBase64String(signature));

PHP

$mti = "001X";
$jweString = "eyJlcGsiOnsia3R5Ijo...";

$data = $mti . "\n" . $jweString;

$privateKey = file_get_contents('key/mxx/mxx_keypair/ec_private_key_521.pem');

//Sign the data
$ecdsaKey = openssl_pkey_get_private($privateKey);
openssl_sign($data, $signature, $ecdsaKey, OPENSSL_ALGO_SHA512);
$signedMessage = urlencode(base64_encode($signature));