As a bit of a learning exercise, I'm trying to understand and implement a client for the Firefox Accounts Browser sync API.
I'm up to the point where I'm trying to ask the server to give me a certificate validating my public key: https://github.com/mozilla/fxa-auth-server/blob/5c1354ecbc0c606d31e7db1b8ffd047808bdf6fa/docs/api.md#post-v1certificatesign
An example of doing this can be seen here: https://github.com/zaach/sync-thing/blob/c46d344b67d7dbdcd338603325ee99c47b7ea14d/lib/fxaUser.js#L94
This uses the https://github.com/mozilla/jwcrypto library.
In order to understand exactly what's going on here, I'm attempting to generate my keypair with the node.js crypto library: http://nodejs.org/api/crypto.html#crypto_crypto_creatediffiehellman_prime_length
I can generate a keypair, but then I need to format it appropriately for the API, which asks for "y", "p", "q" and "g".
After a bunch of googling, i've found this reference to these key names: http://www.gnupg.org/documentation/manuals/gcrypt/DSA-key-parameters.html
Which seems fairly clear, while http://en.wikipedia.org/wiki/Digital_Signature_Algorithm#Key_generation contains a reasonable description of the meaning of these parameters.
The problem I'm having is figuring out what numbers represent p, q and g when using the API exposed in Node.js.
jwcrypto uses preselected values, as seen here https://github.com/mozilla/jwcrypto/blob/8e3037a049d801bd0020bb4fa9298f319409df0e/lib/algs/ds.js#L49 - although it's not clear to me how these were derived.
There also seem to be reasonable options defined in RFC 5114 (https://www.rfc-editor.org/rfc/rfc5114#section-2.3) - but I can't see how to use these with Node.
On the other hand, Node.js allows me to preselect one of the groups defined in RFC 2412 or RFC 3526, but I cannot figure out what q is for these primes.
So, to summarise my actual question(s):
- Is it possible to use Node.js crypto's Diffie-Hellman to generate a valid JSON Web Token public key?
- If so, how would I go about doing this?
- Why do some Diffie Hellman prime lists talk about only p, while others specify p and q?
