[BA-2207] Adds script to generate jwks well known file & the private key #34
Conversation
- domain verification key generation script for well known file - yarn generate-key-script - readme doc on how to use it
| const cwdArgIndex = process.argv.indexOf('--cwd'); | ||
| if (cwdArgIndex !== -1 && process.argv[cwdArgIndex + 1]) { | ||
| return process.argv[cwdArgIndex + 1]; |
There was a problem hiding this comment.
this isn't documented anywhere - but we likely don't need it anyways.
| x, | ||
| y, | ||
| use: 'sig', | ||
| kid: 'coinbase-domain-verification', |
| try { | ||
| const outputDir = getOutputDir(); | ||
|
|
||
| console.log('🔑 Generating Coinbase domain verification keys...\n'); |
| const wellKnownDir = join(outputDir, '.well-known'); | ||
| mkdirSync(wellKnownDir, { recursive: true }); |
There was a problem hiding this comment.
I don't think we need to output it to a local directory called .well-known. also its currently but created as a hidden directory which might be annoying
- no .well-known output directory - changed 'Coinbase' to 'base'
montycheese
left a comment
montycheese
left a comment
There was a problem hiding this comment.
Lgtm. One small update. I'm going to pull locally to verify running locally before approving
|
|
||
| function main() { | ||
| try { | ||
| console.log('🔑 Generating Coinbase domain verification keys...\n'); |
There was a problem hiding this comment.
| console.log('🔑 Generating Coinbase domain verification keys...\n'); | |
| console.log('🔑 Generating Base domain verification keys...\n'); |
| function generateDomainVerificationKeys() { | ||
| // Generate a random private key | ||
| const privateKeyBytes = randomBytes(32); | ||
| const privateKey = base64url(privateKeyBytes); |
There was a problem hiding this comment.
Does this need to be in base 64?
verify-signature.js
Outdated
| @@ -0,0 +1,68 @@ | |||
| const crypto = require('crypto'); | |||
There was a problem hiding this comment.
move this to scripts/verify-domain-keys-test.js
| ``` | ||
|
|
||
| ## Output | ||
| - `.well-known/base-jwks.json`: Public key in JWKS format for domain verification |
There was a problem hiding this comment.
i think the output here is just base-jwk.json? cuz the file is generated in projectRoot/base-jek.json
- doesn't base64 encode the private key - yarn validate-key-script for testing sec256kp1 encoding/decoding.
3 participants
Summary
https://linear.app/coinbase/issue/BA-2207/wsdk-create-script-to-generate-well-known-jwks-file-as-well-as-the
Generates the sec256k1 public key & outputs it in the base-jwks.json file. It also outputs the corresponding private key in the domain-verification-private-key.txt file. I also made a docs/domain-verification-key-generation readme file for instructions on how to do all of this.
How did you test your changes?
I ran the command and verified the generated output contents were accurate and outputted in the correct folder/file path.
Screen.Recording.2025-06-27.at.9.16.05.AM.mov