panva
commented
3 years ago @heaths #553 updated the placeholder texts for both public and private key inputs
Public Key: Public Key in SPKI, PKCS #1, X.509 Certificate, or JWK string format. Private Key: Private Key in PKCS #8, PKCS #1, or JWK string format.
That means
Public Key with labels "PUBLIC KEY", "RSA PUBLIC KEY", "CERTIFICATE" Private Key with labels "PRIVATE KEY", "RSA PRIVATE KEY"
553 also adds support for JSON Web Key (JWK) format, it expects a JSON String such as
// public key
{"crv":"P-256","x":"EVs_o5-uQbTjL3chynL4wXgUg2R9q9UU8I5mEovUf84","y":"kGe5DgSIycKp8w9aJmoHhB1sB3QTugfnRWm5nU_TzsY","kty":"EC"}// private key
{"crv":"P-256","x":"EVs_o5-uQbTjL3chynL4wXgUg2R9q9UU8I5mEovUf84","y":"kGe5DgSIycKp8w9aJmoHhB1sB3QTugfnRWm5nU_TzsY","d":"evZzL1gdAFr88hb2OF_2NxApJCzGCEDdfSp6VQO30hw","kty":"EC"}newlines for readability are allowed, likewise, for PEM format newlines in the base64 portion are allowed. newlines after the opening label and before closing label for PEM formats are required.
heaths
DanOnCall
In the placeholder text for https://jwt.io, the public key states,
As to what "plain text" is in this context isn't clear.
While trying to help a Key Vault customer, I originally tried a base64url-encoded key would work since everything else was base64url-encoded. When that didn't work and I was sure my sample was correct, I tried both base64 and PEM using the common "PUBLIC KEY" label for PKCS#8-encoded keys. It wasn't until I switched over to using a certificate with the "CERTIFICATE" PEM label that worked when I thought to try the PKCS1, RSA-only "RSA PUBLIC KEY".
It would be great if either the placeholder text or some link to more info could clarify this. I spent more time than I care to admit trying to figure out what to paste in that textarea or if my code was wrong.