web>app

2026-03-12 14:17:39 +09:00
parent bc0a546d6f
commit 413cdf8cc2
10 changed files with 385 additions and 54 deletions
--- a/app.py
+++ b/app.py
@@ -5,12 +5,26 @@ import base64
 import uuid
 import os
 import string
+from cryptography.hazmat.primitives.asymmetric import rsa, ec
+from cryptography.hazmat.primitives import serialization
 from flask import Flask, render_template, request, jsonify

 app = Flask(__name__)


 KEY_CONFIGS = {
+    "jwt_rs256": {
+        "label": "JWT Key Pair (RS256)",
+        "description": "RSA 2048-bit 비대칭 키 쌍 (PEM)",
+        "bytes": None,
+        "format": "rsa_keypair",
+    },
+    "jwt_es256": {
+        "label": "JWT Key Pair (ES256)",
+        "description": "EC P-256 비대칭 키 쌍 (PEM)",
+        "bytes": None,
+        "format": "ec_keypair",
+    },
    "jwt_hs256": {
        "label": "JWT Secret (HS256)",
        "description": "HMAC-SHA256용 JWT 시크릿 키",
@@ -85,9 +99,53 @@ def generate_key(key_type: str, custom_bytes: int = 32, custom_format: str = "he
    if not config:
        raise ValueError(f"Unknown key type: {key_type}")

-    byte_length = config["bytes"] if config["bytes"] is not None else custom_bytes
    fmt = custom_format if key_type == "custom" else config["format"]

+    if fmt == "rsa_keypair":
+        private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+        priv_pem = private_key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.PKCS8,
+            encryption_algorithm=serialization.NoEncryption(),
+        ).decode()
+        pub_pem = private_key.public_key().public_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PublicFormat.SubjectPublicKeyInfo,
+        ).decode()
+        return {
+            "key": priv_pem,
+            "public_key": pub_pem,
+            "keypair": True,
+            "type": key_type,
+            "label": config["label"],
+            "bits": 2048,
+            "length": len(priv_pem),
+            "algorithm": "RS256",
+        }
+
+    if fmt == "ec_keypair":
+        private_key = ec.generate_private_key(ec.SECP256R1())
+        priv_pem = private_key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.PKCS8,
+            encryption_algorithm=serialization.NoEncryption(),
+        ).decode()
+        pub_pem = private_key.public_key().public_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PublicFormat.SubjectPublicKeyInfo,
+        ).decode()
+        return {
+            "key": priv_pem,
+            "public_key": pub_pem,
+            "keypair": True,
+            "type": key_type,
+            "label": config["label"],
+            "bits": 256,
+            "length": len(priv_pem),
+            "algorithm": "ES256",
+        }
+
+    byte_length = config["bytes"] if config["bytes"] is not None else custom_bytes
    raw = secrets.token_bytes(byte_length)

    if fmt == "hex":
@@ -110,6 +168,7 @@ def generate_key(key_type: str, custom_bytes: int = 32, custom_format: str = "he

    return {
        "key": key,
+        "keypair": False,
        "type": key_type,
        "label": config["label"],
        "bits": byte_length * 8,