```bash
pip install jwcrypto
```

## Regenerate private key and JWKS (for developer use only)

1. Regenerate private key using `openssl`

    ```bash
    openssl genrsa -out key.pem 2048
    ```

1. Run gen-jwt.py with `--jkws` to create new public key set and demo JWT

    ```bash

// license that can be found in the LICENSE file.

package x509

// RFC 1423 describes the encryption of PEM blocks. The algorithm used to
// generate a key from the password was derived by looking at the OpenSSL
// implementation.

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/des"
	"crypto/md5"
	"encoding/hex"
	"encoding/pem"
	"errors"
	"io"
	"strings"
)

type PEMCipher int

        "readOnly": true},
        { "name": "varssl",
        "mountPath": "/var/ssl",
        "readOnly": true},
        { "name": "etcopenssl",
        "mountPath": "/etc/openssl",
        "readOnly": true},
        { "name": "etcpki",
        "mountPath": "/etc/srv/pki",
        "readOnly": true},
        { "name": "srvsshproxy",
        "mountPath": "{{srv_sshproxy_path}}",

# this is a test-only certificate request that is used in integration
# tests to test certificate based auth.
# generated with 'openssl req -out testuser.csr -key testuser.key -new -sha256'
# then skipping all the options except for setting CN to testuser
-----BEGIN CERTIFICATE REQUEST-----
MIICWDCCAUACAQAwEzERMA8GA1UEAwwIdGVzdHVzZXIwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC0MWVzF3QC92dQSzA/tBla3okdNkSNyd+SbnzFNxIG

var certFiles = []string{
	"/etc/ssl/certs/ca-certificates.crt",                // Debian/Ubuntu/Gentoo etc.
	"/etc/pki/tls/certs/ca-bundle.crt",                  // Fedora/RHEL 6
	"/etc/ssl/ca-bundle.pem",                            // OpenSUSE
	"/etc/pki/tls/cacert.pem",                           // OpenELEC
	"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
	"/etc/ssl/cert.pem",                                 // Alpine Linux
}

	if err != nil {
		return nil
	}
	return out[0:n]
}

type DecryptPKCS1v15Test struct {
	in, out string
}

// These test vectors were generated with `openssl rsautl -pkcs -encrypt`
var decryptPKCS1v15Tests = []DecryptPKCS1v15Test{
	{
		"gIcUIoVkD6ATMBk/u/nlCZCCWRKdkfjCgFdo35VpRXLduiKXhNz1XupLLzTXAybEq15juc+EgY5o0DHv/nt3yg==",
		"x",
	},
	{

# this is a test-only private key that is used in integration
# tests to test certificate based auth.
# generated with 'openssl genrsa 2048 > testuser.key'
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAtDFlcxd0AvdnUEswP7QZWt6JHTZEjcnfkm58xTcSBpp5v+b0
oNU9m/MserNCFy81CtpWmPXAddp0vept2Ffu9WBVZ14RqYHMVJUIHK/8pJnDJeeO
R2AUbOXdpv7+3H2I6rZrrxcBHkHlciNw6VixLtwxQmrNU6QAZw4IDnCw3tWBIwYK
OYTZaI5yrjqisyXyFo424f8Hr78UTGfuX3YuIpWkodydd5Jr5r64Q9p5+lqlHY4U

			}

			// OpenSSL will try to interleave application data and
			// a renegotiation if we send both concurrently.
			// Therefore: ask OpensSSL to start a renegotiation, run
			// a goroutine to call client.Read and thus process the
			// renegotiation request, watch for OpenSSL's stdout to
			// indicate that the handshake is complete and,
			// finally, have OpenSSL write something to cause

// # ====================================================================
// # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
// # project. The module is, however, dual licensed under OpenSSL and
// # CRYPTOGAMS licenses depending on where you obtain it. For further
// # details see http://www.openssl.org/~appro/cryptogams/.
// # ====================================================================

build-essential
curl
libbz2-dev
libffi-dev
liblzma-dev
libncurses5-dev
libreadline-dev
libsqlite3-dev
libssl-dev
libxml2-dev
libxmlsec1-dev
llvm
make
openssl
tk-dev
wget
xz-utils
zlib1g-dev
git

# Packages needed to build devtoolset
file
flex
g++
make
patch
rpm2cpio
unar
wget
xz-utils
cpio
gawk
texinfo