idnits 2.17.1 draft-ietf-jose-json-web-key-35.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 17, 2014) is 3450 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ECMAScript' -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.X690.1994' ** Obsolete normative reference: RFC 2818 (Obsoleted by RFC 9110) ** Downref: Normative reference to an Informational RFC: RFC 4949 ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 6125 (Obsoleted by RFC 9525) ** Obsolete normative reference: RFC 7159 (Obsoleted by RFC 8259) -- Obsolete informational reference (is this intentional?): RFC 3447 (Obsoleted by RFC 8017) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 5 errors (**), 0 flaws (~~), 1 warning (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 JOSE Working Group M. Jones 3 Internet-Draft Microsoft 4 Intended status: Standards Track October 17, 2014 5 Expires: April 20, 2015 7 JSON Web Key (JWK) 8 draft-ietf-jose-json-web-key-35 10 Abstract 12 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data 13 structure that represents a cryptographic key. This specification 14 also defines a JSON Web Key Set (JWK Set) JSON data structure that 15 represents a set of JWKs. Cryptographic algorithms and identifiers 16 for use with this specification are described in the separate JSON 17 Web Algorithms (JWA) specification and IANA registries defined by 18 that specification. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on April 20, 2015. 37 Copyright Notice 39 Copyright (c) 2014 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 4 56 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. Example JWK . . . . . . . . . . . . . . . . . . . . . . . . . 5 58 4. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 5 59 4.1. "kty" (Key Type) Parameter . . . . . . . . . . . . . . . . 6 60 4.2. "use" (Public Key Use) Parameter . . . . . . . . . . . . . 6 61 4.3. "key_ops" (Key Operations) Parameter . . . . . . . . . . . 7 62 4.4. "alg" (Algorithm) Parameter . . . . . . . . . . . . . . . 8 63 4.5. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 8 64 4.6. "x5u" (X.509 URL) Parameter . . . . . . . . . . . . . . . 8 65 4.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 9 66 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 9 67 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) 68 Parameter . . . . . . . . . . . . . . . . . . . . . . . . 10 69 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 10 70 5.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 10 71 6. String Comparison Rules . . . . . . . . . . . . . . . . . . . 11 72 7. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 11 73 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 74 8.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 13 75 8.1.1. Registration Template . . . . . . . . . . . . . . . . 13 76 8.1.2. Initial Registry Contents . . . . . . . . . . . . . . 14 77 8.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 15 78 8.2.1. Registration Template . . . . . . . . . . . . . . . . 15 79 8.2.2. Initial Registry Contents . . . . . . . . . . . . . . 16 80 8.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 16 81 8.3.1. Registration Template . . . . . . . . . . . . . . . . 16 82 8.3.2. Initial Registry Contents . . . . . . . . . . . . . . 17 83 8.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 18 84 8.4.1. Registration Template . . . . . . . . . . . . . . . . 18 85 8.4.2. Initial Registry Contents . . . . . . . . . . . . . . 19 86 8.5. Media Type Registration . . . . . . . . . . . . . . . . . 19 87 8.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 19 88 9. Security Considerations . . . . . . . . . . . . . . . . . . . 20 89 9.1. Key Provenance and Trust . . . . . . . . . . . . . . . . . 20 90 9.2. Preventing Disclosure of Non-Public Key Information . . . 20 91 9.3. RSA Private Key Representations and Blinding . . . . . . . 21 92 9.4. Key Entropy and Random Values . . . . . . . . . . . . . . 21 93 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21 94 10.1. Normative References . . . . . . . . . . . . . . . . . . . 21 95 10.2. Informative References . . . . . . . . . . . . . . . . . . 23 97 Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 24 98 A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 24 99 A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 24 100 A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 26 101 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) 102 Parameter . . . . . . . . . . . . . . . . . . . . . . 26 103 Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 27 104 C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 28 105 C.2. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . 31 106 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 31 107 C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 32 108 C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 32 109 C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 32 110 C.7. Additional Authenticated Data . . . . . . . . . . . . . . 33 111 C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 33 112 C.9. Complete Representation . . . . . . . . . . . . . . . . . 36 113 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 37 114 Appendix E. Document History . . . . . . . . . . . . . . . . . . 38 115 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 45 117 1. Introduction 119 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7159] 120 data structure that represents a cryptographic key. This 121 specification also defines a JSON Web Key Set (JWK Set) JSON data 122 structure that represents a set of JWKs. Cryptographic algorithms 123 and identifiers for use with this specification are described in the 124 separate JSON Web Algorithms (JWA) [JWA] specification and IANA 125 registries defined by that specification. 127 Goals for this specification do not include representing new kinds of 128 certificate chains, representing new kinds of certified keys, or 129 replacing X.509 certificates. 131 JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and 132 JSON Web Encryption (JWE) [JWE] specifications. 134 Names defined by this specification are short because a core goal is 135 for the resulting representations to be compact. 137 1.1. Notational Conventions 139 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 140 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 141 "OPTIONAL" in this document are to be interpreted as described in Key 142 words for use in RFCs to Indicate Requirement Levels [RFC2119]. If 143 these words are used without being spelled in uppercase then they are 144 to be interpreted with their normal natural language meanings. 146 BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per 147 Section 2 of [JWS]. 149 UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation 150 of STRING. 152 ASCII(STRING) denotes the octets of the ASCII [RFC20] representation 153 of STRING. 155 The concatenation of two values A and B is denoted as A || B. 157 2. Terminology 159 These terms defined by the JSON Web Signature (JWS) [JWS] 160 specification are incorporated into this specification: "Base64url 161 Encoding", "Collision-Resistant Name", "Header Parameter", and "JOSE 162 Header". 164 These terms defined by the Internet Security Glossary, Version 2 165 [RFC4949] are incorporated into this specification: "Ciphertext", 166 "Digital Signature", "Message Authentication Code (MAC)", and 167 "Plaintext". 169 These terms are defined by this specification: 171 JSON Web Key (JWK) 172 A JSON object that represents a cryptographic key. The members of 173 the object represent properties of the key, including its value. 175 JSON Web Key Set (JWK Set) 176 A JSON object that represents a set of JWKs. The JSON object MUST 177 have a "keys" member, which is an array of JWK objects. 179 3. Example JWK 181 This section provides an example of a JWK. The following example JWK 182 declares that the key is an Elliptic Curve [DSS] key, it is used with 183 the P-256 Elliptic Curve, and its x and y coordinates are the 184 base64url encoded values shown. A key identifier is also provided 185 for the key. 187 {"kty":"EC", 188 "crv":"P-256", 189 "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", 190 "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", 191 "kid":"Public key used in JWS A.3 example" 192 } 194 Additional example JWK values can be found in Appendix A. 196 4. JSON Web Key (JWK) Format 198 A JSON Web Key (JWK) is a JSON object that represents a cryptographic 199 key. The members of the object represent properties of the key, 200 including its value. This JSON object MAY contain white space and/or 201 line breaks. This document defines the key parameters that are not 202 algorithm specific, and thus common to many keys. 204 In addition to the common parameters, each JWK will have members that 205 are key type-specific. These members represent the parameters of the 206 key. Section 6 of the JSON Web Algorithms (JWA) [JWA] specification 207 defines multiple kinds of cryptographic keys and their associated 208 members. 210 The member names within a JWK MUST be unique; JWK parsers MUST either 211 reject JWKs with duplicate member names or use a JSON parser that 212 returns only the lexically last duplicate member name, as specified 213 in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. 215 Additional members can be present in the JWK; if not understood by 216 implementations encountering them, they MUST be ignored. Member 217 names used for representing key parameters for different keys types 218 need not be distinct. Any new member name should either be 219 registered in the IANA JSON Web Key Parameters registry defined in 220 Section 8.1 or be a value that contains a Collision-Resistant Name. 222 4.1. "kty" (Key Type) Parameter 224 The "kty" (key type) member identifies the cryptographic algorithm 225 family used with the key, such as "RSA" or "EC". "kty" values should 226 either be registered in the IANA JSON Web Key Types registry defined 227 in [JWA] or be a value that contains a Collision-Resistant Name. The 228 "kty" value is a case-sensitive string. This member MUST be present 229 in a JWK. 231 A list of defined "kty" values can be found in the IANA JSON Web Key 232 Types registry defined in [JWA]; the initial contents of this 233 registry are the values defined in Section 6.1 of the JSON Web 234 Algorithms (JWA) [JWA] specification. 236 The key type definitions include specification of the members to be 237 used for those key types. Additional members used with "kty" values 238 can also be found in the IANA JSON Web Key Parameters registry 239 defined in Section 8.1. 241 4.2. "use" (Public Key Use) Parameter 243 The "use" (public key use) member identifies the intended use of the 244 public key. The "use" parameter is employed to indicate whether a 245 public key is used for encrypting data or verifying the signature on 246 data. 248 Values defined by this specification are: 250 o "sig" (signature) 251 o "enc" (encryption) 253 Other values MAY be used. The "use" value is a case-sensitive 254 string. Use of the "use" member is OPTIONAL, unless the application 255 requires its presence. 257 When a key is used to wrap another key and a Public Key Use 258 designation for the first key is desired, the "enc" (encryption) key 259 use value is used, since key wrapping is a kind of encryption. The 260 "enc" value is also be used for public keys used for key agreement 261 operations. 263 Additional Public Key Use values can be registered in the IANA JSON 264 Web Key Use registry defined in Section 8.2. Registering any 265 extension values used is highly recommended when this specification 266 is used in open environments, in which multiple organizations need to 267 have a common understanding of any extensions used. However, 268 unregistered extension values can be used in closed environments, in 269 which the producing and consuming organization will always be the 270 same. 272 4.3. "key_ops" (Key Operations) Parameter 274 The "key_ops" (key operations) member identifies the operation(s) 275 that the key is intended to be used for. The "key_ops" parameter is 276 intended for use cases in which public, private, or symmetric keys 277 may be present. 279 Its value is an array of key operation values. Values defined by 280 this specification are: 282 o "sign" (compute digital signature or MAC) 283 o "verify" (verify digital signature or MAC) 284 o "encrypt" (encrypt content) 285 o "decrypt" (decrypt content and validate decryption, if applicable) 286 o "wrapKey" (encrypt key) 287 o "unwrapKey" (decrypt key and validate decryption, if applicable) 288 o "deriveKey" (derive key) 289 o "deriveBits" (derive bits not to be used as a key) 291 (Note that the "key_ops" values intentionally match the "KeyUsage" 292 values defined in the Web Cryptography API [WebCrypto] 293 specification.) 295 Other values MAY be used. The key operation values are case- 296 sensitive strings. Duplicate key operation values MUST NOT be 297 present in the array. Use of the "key_ops" member is OPTIONAL, 298 unless the application requires its presence. 300 Multiple unrelated key operations SHOULD NOT be specified for a key 301 because of the potential vulnerabilities associated with using the 302 same key with multiple algorithms. Thus, the combinations "sign" 303 with "verify", "encrypt" with "decrypt", and "wrapKey" with 304 "unwrapKey" are permitted, but other combinations SHOULD NOT be used. 306 Additional Key Operations values can be registered in the IANA JSON 307 Web Key Operations registry defined in Section 8.3. The same 308 considerations about registering extension values apply to the 309 "key_ops" member as do for the "use" member. 311 The "use" and "key_ops" JWK members SHOULD NOT be used together. 312 Applications should specify which of these members they use, if 313 either is to be used by the application. 315 4.4. "alg" (Algorithm) Parameter 317 The "alg" (algorithm) member identifies the algorithm intended for 318 use with the key. The values used should either be registered in the 319 IANA JSON Web Signature and Encryption Algorithms registry defined in 320 [JWA] or be a value that contains a Collision-Resistant Name. Use of 321 this member is OPTIONAL. 323 4.5. "kid" (Key ID) Parameter 325 The "kid" (key ID) member is used to match a specific key. This is 326 used, for instance, to choose among a set of keys within a JWK Set 327 during key rollover. The structure of the "kid" value is 328 unspecified. When "kid" values are used within a JWK Set, different 329 keys within the JWK Set SHOULD use distinct "kid" values. (One 330 example in which different keys might use the same "kid" value is if 331 they have different "kty" (key type) values but are considered to be 332 equivalent alternatives by the application using them.) The "kid" 333 value is a case-sensitive string. Use of this member is OPTIONAL. 335 When used with JWS or JWE, the "kid" value is used to match a JWS or 336 JWE "kid" Header Parameter value. 338 4.6. "x5u" (X.509 URL) Parameter 340 The "x5u" (X.509 URL) member is a URI [RFC3986] that refers to a 341 resource for an X.509 public key certificate or certificate chain 342 [RFC5280]. The identified resource MUST provide a representation of 343 the certificate or certificate chain that conforms to RFC 5280 344 [RFC5280] in PEM encoded form, with each certificate delimited as 345 specified in Section 6.1 of RFC 4945 [RFC4945]. The key in the first 346 certificate MUST match the public key represented by other members of 347 the JWK. The protocol used to acquire the resource MUST provide 348 integrity protection; an HTTP GET request to retrieve the certificate 349 MUST use TLS [RFC2818, RFC5246]; the identity of the server MUST be 350 validated, as per Section 6 of RFC 6125 [RFC6125]. Use of this 351 member is OPTIONAL. 353 While there is no requirement that optional JWK members providing key 354 usage, algorithm, or other information be present when the "x5u" 355 member is used, doing so may improve interoperability for 356 applications that do not handle PKIX certificates. If other members 357 are present, the contents of those members MUST be semantically 358 consistent with the related fields in the first certificate. For 359 instance, if the "use" member is present, then it MUST correspond to 360 the usage that is specified in the certificate, when it includes this 361 information. Similarly, if the "alg" member is present, it MUST 362 correspond to the algorithm specified in the certificate. 364 4.7. "x5c" (X.509 Certificate Chain) Parameter 366 The "x5c" (X.509 Certificate Chain) member contains a chain of one or 367 more PKIX certificates [RFC5280]. The certificate chain is 368 represented as a JSON array of certificate value strings. Each 369 string in the array is a base64 encoded ([RFC4648] Section 4 -- not 370 base64url encoded) DER [ITU.X690.1994] PKIX certificate value. The 371 PKIX certificate containing the key value MUST be the first 372 certificate. This MAY be followed by additional certificates, with 373 each subsequent certificate being the one used to certify the 374 previous one. The key in the first certificate MUST match the public 375 key represented by other members of the JWK. Use of this member is 376 OPTIONAL. 378 As with the "x5u" member, optional JWK members providing key usage, 379 algorithm, or other information MAY also be present when the "x5c" 380 member is used. If other members are present, the contents of those 381 members MUST be semantically consistent with the related fields in 382 the first certificate. See the last paragraph of Section 4.6 for 383 additional guidance on this. 385 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter 387 The "x5t" (X.509 Certificate SHA-1 Thumbprint) member is a base64url 388 encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an 389 X.509 certificate [RFC5280]. Note that certificate thumbprints are 390 also sometimes known as certificate fingerprints. The key in the 391 certificate MUST match the public key represented by other members of 392 the JWK. Use of this member is OPTIONAL. 394 As with the "x5u" member, optional JWK members providing key usage, 395 algorithm, or other information MAY also be present when the "x5t" 396 member is used. If other members are present, the contents of those 397 members MUST be semantically consistent with the related fields in 398 the referenced certificate. See the last paragraph of Section 4.6 399 for additional guidance on this. 401 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter 403 The "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) member is a 404 base64url encoded SHA-256 thumbprint (a.k.a. digest) of the DER 405 encoding of an X.509 certificate [RFC5280]. Note that certificate 406 thumbprints are also sometimes known as certificate fingerprints. 407 The key in the certificate MUST match the public key represented by 408 other members of the JWK. Use of this member is OPTIONAL. 410 As with the "x5u" member, optional JWK members providing key usage, 411 algorithm, or other information MAY also be present when the 412 "x5t#S256" member is used. If other members are present, the 413 contents of those members MUST be semantically consistent with the 414 related fields in the referenced certificate. See the last paragraph 415 of Section 4.6 for additional guidance on this. 417 5. JSON Web Key Set (JWK Set) Format 419 A JSON Web Key Set (JWK Set) is a JSON object that represents a set 420 of JWKs. The JSON object MUST have a "keys" member, with its value 421 being an array of JWK objects. This JSON object MAY contain white 422 space and/or line breaks. 424 The member names within a JWK Set MUST be unique; JWK Set parsers 425 MUST either reject JWK Sets with duplicate member names or use a JSON 426 parser that returns only the lexically last duplicate member name, as 427 specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 428 [ECMAScript]. 430 Additional members can be present in the JWK Set; if not understood 431 by implementations encountering them, they MUST be ignored. 432 Parameters for representing additional properties of JWK Sets should 433 either be registered in the IANA JSON Web Key Set Parameters registry 434 defined in Section 8.4 or be a value that contains a Collision- 435 Resistant Name. 437 Implementations SHOULD ignore JWKs within a JWK Set that use "kty" 438 (key type) values that are not understood by them, are missing 439 required members, or for which values are out of the supported 440 ranges. 442 5.1. "keys" Parameter 444 The value of the "keys" member is an array of JWK values. By 445 default, the order of the JWK values within the array does not imply 446 an order of preference among them, although applications of JWK Sets 447 can choose to assign a meaning to the order for their purposes, if 448 desired. 450 6. String Comparison Rules 452 The string comparison rules for this specification are the same as 453 those defined in Section 5.3 of [JWS]. 455 7. Encrypted JWK and Encrypted JWK Set Formats 457 Access to JWKs containing non-public key material by parties without 458 legitimate access to the non-public information MUST be prevented. 459 This can be accomplished by encrypting the JWK when potentially 460 observable by such parties to prevent the disclosure of private or 461 symmetric key values. The use of an Encrypted JWK, which is a JWE 462 with the UTF-8 encoding of a JWK as its plaintext value, is 463 recommended for this purpose. The processing of Encrypted JWKs is 464 identical to the processing of other JWEs. A "cty" (content type) 465 Header Parameter value of "jwk+json" MUST be used to indicate that 466 the content of the JWE is a JWK, unless the application knows that 467 the encrypted content is a JWK by another means or convention, in 468 which case the "cty" value would typically be omitted. 470 JWK Sets containing non-public key material will also need to be 471 encrypted under these circumstances. The use of an Encrypted JWK 472 Set, which is a JWE with the UTF-8 encoding of a JWK Set as its 473 plaintext value, is recommended for this purpose. The processing of 474 Encrypted JWK Sets is identical to the processing of other JWEs. A 475 "cty" (content type) Header Parameter value of "jwk-set+json" MUST be 476 used to indicate that the content of the JWE is a JWK Set, unless the 477 application knows that the encrypted content is a JWK Set by another 478 means or convention, in which case the "cty" value would typically be 479 omitted. 481 See Appendix C for an example encrypted JWK. 483 8. IANA Considerations 485 The following registration procedure is used for all the registries 486 established by this specification. 488 Values are registered on a Specification Required [RFC5226] basis 489 after a three-week review period on the [TBD]@ietf.org mailing list, 490 on the advice of one or more Designated Experts. However, to allow 491 for the allocation of values prior to publication, the Designated 492 Expert(s) may approve registration once they are satisfied that such 493 a specification will be published. 495 Registration requests must be sent to the [TBD]@ietf.org mailing list 496 for review and comment, with an appropriate subject (e.g., "Request 497 for access token type: example"). [[ Note to the RFC Editor: The name 498 of the mailing list should be determined in consultation with the 499 IESG and IANA. Suggested name: jose-reg-review. ]] 501 Within the review period, the Designated Expert(s) will either 502 approve or deny the registration request, communicating this decision 503 to the review list and IANA. Denials should include an explanation 504 and, if applicable, suggestions as to how to make the request 505 successful. Registration requests that are undetermined for a period 506 longer than 21 days can be brought to the IESG's attention (using the 507 iesg@ietf.org mailing list) for resolution. 509 Criteria that should be applied by the Designated Expert(s) includes 510 determining whether the proposed registration duplicates existing 511 functionality, determining whether it is likely to be of general 512 applicability or whether it is useful only for a single application, 513 and whether the registration description is clear. 515 IANA must only accept registry updates from the Designated Expert(s) 516 and should direct all requests for registration to the review mailing 517 list. 519 It is suggested that multiple Designated Experts be appointed who are 520 able to represent the perspectives of different applications using 521 this specification, in order to enable broadly-informed review of 522 registration decisions. In cases where a registration decision could 523 be perceived as creating a conflict of interest for a particular 524 Expert, that Expert should defer to the judgment of the other 525 Expert(s). 527 [[ Note to the RFC Editor and IANA: Pearl Liang of ICANN had 528 requested that the draft supply the following proposed registry 529 description information. It is to be used for all registries 530 established by this specification. 532 o Protocol Category: JSON Object Signing and Encryption (JOSE) 534 o Registry Location: http://www.iana.org/assignments/jose 536 o Webpage Title: (same as the protocol category) 538 o Registry Name: (same as the section title, but excluding the word 539 "Registry", for example "JSON Web Key Parameters") 541 ]] 543 8.1. JSON Web Key Parameters Registry 545 This specification establishes the IANA JSON Web Key Parameters 546 registry for JWK parameter names. The registry records the parameter 547 name, the key type(s) that the parameter is used with, and a 548 reference to the specification that defines it. It also records 549 whether the parameter conveys public or private information. This 550 specification registers the parameter names defined in Section 4. 551 The same JWK parameter name may be registered multiple times, 552 provided that duplicate parameter registrations are only for key type 553 specific JWK parameters; in this case, the meaning of the duplicate 554 parameter name is disambiguated by the "kty" value of the JWK 555 containing it. 557 8.1.1. Registration Template 559 Parameter Name: 560 The name requested (e.g., "kid"). Because a core goal of this 561 specification is for the resulting representations to be compact, 562 it is RECOMMENDED that the name be short -- not to exceed 8 563 characters without a compelling reason to do so. This name is 564 case-sensitive. Names may not match other registered names in a 565 case-insensitive manner unless the Designated Expert(s) state that 566 there is a compelling reason to allow an exception in this 567 particular case. However, matching names may be registered, 568 provided that the accompanying sets of "kty" values that the 569 Parameter Name is used with are disjoint; for the purposes of 570 matching "kty" values, "*" matches all values. 572 Parameter Description: 573 Brief description of the parameter (e.g., "Key ID"). 575 Used with "kty" Value(s): 576 The key type parameter value(s) that the parameter name is to be 577 used with, or the value "*" if the parameter value is used with 578 all key types. Values may not match other registered "kty" values 579 in a case-insensitive manner when the registered Parameter Name is 580 the same (including when the Parameter Name matches in a case- 581 insensitive manner) unless the Designated Expert(s) state that 582 there is a compelling reason to allow an exception in this 583 particular case. 585 Parameter Information Class: 586 Registers whether the parameter conveys public or private 587 information. Its value must be one the words Public or Private. 589 Change Controller: 590 For Standards Track RFCs, state "IESG". For others, give the name 591 of the responsible party. Other details (e.g., postal address, 592 email address, home page URI) may also be included. 594 Specification Document(s): 595 Reference to the document(s) that specify the parameter, 596 preferably including URI(s) that can be used to retrieve copies of 597 the document(s). An indication of the relevant sections may also 598 be included but is not required. 600 8.1.2. Initial Registry Contents 602 o Parameter Name: "kty" 603 o Parameter Description: Key Type 604 o Used with "kty" Value(s): * 605 o Parameter Information Class: Public 606 o Change Controller: IESG 607 o Specification Document(s): Section 4.1 of [[ this document ]] 609 o Parameter Name: "use" 610 o Parameter Description: Public Key Use 611 o Used with "kty" Value(s): * 612 o Parameter Information Class: Public 613 o Change Controller: IESG 614 o Specification Document(s): Section 4.2 of [[ this document ]] 616 o Parameter Name: "key_ops" 617 o Parameter Description: Key Operations 618 o Used with "kty" Value(s): * 619 o Parameter Information Class: Public 620 o Change Controller: IESG 621 o Specification Document(s): Section 4.3 of [[ this document ]] 623 o Parameter Name: "alg" 624 o Parameter Description: Algorithm 625 o Used with "kty" Value(s): * 626 o Parameter Information Class: Public 627 o Change Controller: IESG 628 o Specification Document(s): Section 4.4 of [[ this document ]] 630 o Parameter Name: "kid" 631 o Parameter Description: Key ID 632 o Used with "kty" Value(s): * 633 o Parameter Information Class: Public 634 o Change Controller: IESG 635 o Specification Document(s): Section 4.5 of [[ this document ]] 637 o Parameter Name: "x5u" 638 o Parameter Description: X.509 URL 639 o Used with "kty" Value(s): * 640 o Parameter Information Class: Public 641 o Change Controller: IESG 642 o Specification Document(s): Section 4.6 of [[ this document ]] 644 o Parameter Name: "x5c" 645 o Parameter Description: X.509 Certificate Chain 646 o Used with "kty" Value(s): * 647 o Parameter Information Class: Public 648 o Change Controller: IESG 649 o Specification Document(s): Section 4.7 of [[ this document ]] 651 o Parameter Name: "x5t" 652 o Parameter Description: X.509 Certificate SHA-1 Thumbprint 653 o Used with "kty" Value(s): * 654 o Parameter Information Class: Public 655 o Change Controller: IESG 656 o Specification Document(s): Section 4.8 of [[ this document ]] 658 o Parameter Name: "x5t#S256" 659 o Parameter Description: X.509 Certificate SHA-256 Thumbprint 660 o Used with "kty" Value(s): * 661 o Parameter Information Class: Public 662 o Change Controller: IESG 663 o Specification Document(s): Section 4.9 of [[ this document ]] 665 8.2. JSON Web Key Use Registry 667 This specification establishes the IANA JSON Web Key Use registry for 668 JWK "use" (public key use) member values. The registry records the 669 public key use value and a reference to the specification that 670 defines it. This specification registers the parameter names defined 671 in Section 4.2. 673 8.2.1. Registration Template 675 Use Member Value: 676 The name requested (e.g., "sig"). Because a core goal of this 677 specification is for the resulting representations to be compact, 678 it is RECOMMENDED that the name be short -- not to exceed 8 679 characters without a compelling reason to do so. This name is 680 case-sensitive. Names may not match other registered names in a 681 case-insensitive manner unless the Designated Expert(s) state that 682 there is a compelling reason to allow an exception in this 683 particular case. 685 Use Description: 686 Brief description of the use (e.g., "Digital Signature or MAC"). 688 Change Controller: 689 For Standards Track RFCs, state "IESG". For others, give the name 690 of the responsible party. Other details (e.g., postal address, 691 email address, home page URI) may also be included. 693 Specification Document(s): 694 Reference to the document(s) that specify the parameter, 695 preferably including URI(s) that can be used to retrieve copies of 696 the document(s). An indication of the relevant sections may also 697 be included but is not required. 699 8.2.2. Initial Registry Contents 701 o Use Member Value: "sig" 702 o Use Description: Digital Signature or MAC 703 o Change Controller: IESG 704 o Specification Document(s): Section 4.2 of [[ this document ]] 706 o Use Member Value: "enc" 707 o Use Description: Encryption 708 o Change Controller: IESG 709 o Specification Document(s): Section 4.2 of [[ this document ]] 711 8.3. JSON Web Key Operations Registry 713 This specification establishes the IANA JSON Web Key Operations 714 registry for values of JWK "key_ops" array elements. The registry 715 records the key operation value and a reference to the specification 716 that defines it. This specification registers the parameter names 717 defined in Section 4.3. 719 8.3.1. Registration Template 721 Key Operation Value: 722 The name requested (e.g., "sign"). Because a core goal of this 723 specification is for the resulting representations to be compact, 724 it is RECOMMENDED that the name be short -- not to exceed 8 725 characters without a compelling reason to do so. This name is 726 case-sensitive. Names may not match other registered names in a 727 case-insensitive manner unless the Designated Expert(s) state that 728 there is a compelling reason to allow an exception in this 729 particular case. 731 Key Operation Description: 732 Brief description of the key operation (e.g., "Compute digital 733 signature or MAC"). 735 Change Controller: 736 For Standards Track RFCs, state "IESG". For others, give the name 737 of the responsible party. Other details (e.g., postal address, 738 email address, home page URI) may also be included. 740 Specification Document(s): 741 Reference to the document(s) that specify the parameter, 742 preferably including URI(s) that can be used to retrieve copies of 743 the document(s). An indication of the relevant sections may also 744 be included but is not required. 746 8.3.2. Initial Registry Contents 748 o Key Operation Value: "sign" 749 o Key Operation Description: Compute digital signature or MAC 750 o Change Controller: IESG 751 o Specification Document(s): Section 4.3 of [[ this document ]] 753 o Key Operation Value: "verify" 754 o Key Operation Description: Verify digital signature or MAC 755 o Change Controller: IESG 756 o Specification Document(s): Section 4.3 of [[ this document ]] 758 o Key Operation Value: "encrypt" 759 o Key Operation Description: Encrypt content 760 o Change Controller: IESG 761 o Specification Document(s): Section 4.3 of [[ this document ]] 763 o Key Operation Value: "decrypt" 764 o Key Operation Description: Decrypt content and validate 765 decryption, if applicable 766 o Change Controller: IESG 767 o Specification Document(s): Section 4.3 of [[ this document ]] 769 o Key Operation Value: "wrapKey" 770 o Key Operation Description: Encrypt key 771 o Change Controller: IESG 772 o Specification Document(s): Section 4.3 of [[ this document ]] 774 o Key Operation Value: "unwrapKey" 775 o Key Operation Description: Decrypt key and validate decryption, if 776 applicable 778 o Change Controller: IESG 779 o Specification Document(s): Section 4.3 of [[ this document ]] 781 o Key Operation Value: "deriveKey" 782 o Key Operation Description: Derive key 783 o Change Controller: IESG 784 o Specification Document(s): Section 4.3 of [[ this document ]] 786 o Key Operation Value: "deriveBits" 787 o Key Operation Description: Derive bits not to be used as a key 788 o Change Controller: IESG 789 o Specification Document(s): Section 4.3 of [[ this document ]] 791 8.4. JSON Web Key Set Parameters Registry 793 This specification establishes the IANA JSON Web Key Set Parameters 794 registry for JWK Set parameter names. The registry records the 795 parameter name and a reference to the specification that defines it. 796 This specification registers the parameter names defined in 797 Section 5. 799 8.4.1. Registration Template 801 Parameter Name: 802 The name requested (e.g., "keys"). Because a core goal of this 803 specification is for the resulting representations to be compact, 804 it is RECOMMENDED that the name be short -- not to exceed 8 805 characters without a compelling reason to do so. This name is 806 case-sensitive. Names may not match other registered names in a 807 case-insensitive manner unless the Designated Expert(s) state that 808 there is a compelling reason to allow an exception in this 809 particular case. 811 Parameter Description: 812 Brief description of the parameter (e.g., "Array of JWK values"). 814 Change Controller: 815 For Standards Track RFCs, state "IESG". For others, give the name 816 of the responsible party. Other details (e.g., postal address, 817 email address, home page URI) may also be included. 819 Specification Document(s): 820 Reference to the document(s) that specify the parameter, 821 preferably including URI(s) that can be used to retrieve copies of 822 the document(s). An indication of the relevant sections may also 823 be included but is not required. 825 8.4.2. Initial Registry Contents 827 o Parameter Name: "keys" 828 o Parameter Description: Array of JWK values 829 o Change Controller: IESG 830 o Specification Document(s): Section 5.1 of [[ this document ]] 832 8.5. Media Type Registration 834 8.5.1. Registry Contents 836 This specification registers the "application/jwk+json" and 837 "application/jwk-set+json" Media Types [RFC2046] in the MIME Media 838 Types registry [IANA.MediaTypes] in the manner described in RFC 6838 839 [RFC6838], which can be used to indicate, respectively, that the 840 content is a JWK or a JWK Set. 842 o Type Name: application 843 o Subtype Name: jwk+json 844 o Required Parameters: n/a 845 o Optional Parameters: n/a 846 o Encoding considerations: 8bit; application/jwk+json values are 847 represented as JSON object; UTF-8 encoding SHOULD be employed for 848 the JSON object. 849 o Security Considerations: See the Security Considerations section 850 of [[ this document ]] 851 o Interoperability Considerations: n/a 852 o Published Specification: [[ this document ]] 853 o Applications that use this media type: OpenID Connect, Salesforce, 854 Google, Android, Windows Azure, W3C WebCrypto API, numerous others 855 o Fragment identifier considerations: n/a 856 o Additional Information: Magic number(s): n/a, File extension(s): 857 n/a, Macintosh file type code(s): n/a 858 o Person & email address to contact for further information: Michael 859 B. Jones, mbj@microsoft.com 860 o Intended Usage: COMMON 861 o Restrictions on Usage: none 862 o Author: Michael B. Jones, mbj@microsoft.com 863 o Change Controller: IESG 864 o Provisional registration? No 866 o Type Name: application 867 o Subtype Name: jwk-set+json 868 o Required Parameters: n/a 869 o Optional Parameters: n/a 870 o Encoding considerations: 8bit; application/jwk-set+json values are 871 represented as a JSON Object; UTF-8 encoding SHOULD be employed 872 for the JSON object. 874 o Security Considerations: See the Security Considerations section 875 of [[ this document ]] 876 o Interoperability Considerations: n/a 877 o Published Specification: [[ this document ]] 878 o Applications that use this media type: OpenID Connect, Salesforce, 879 Google, Android, Windows Azure, W3C WebCrypto API, numerous others 880 o Fragment identifier considerations: n/a 881 o Additional Information: Magic number(s): n/a, File extension(s): 882 n/a, Macintosh file type code(s): n/a 883 o Person & email address to contact for further information: Michael 884 B. Jones, mbj@microsoft.com 885 o Intended Usage: COMMON 886 o Restrictions on Usage: none 887 o Author: Michael B. Jones, mbj@microsoft.com 888 o Change Controller: IESG 889 o Provisional registration? No 891 9. Security Considerations 893 All of the security issues that are pertinent to any cryptographic 894 application must be addressed by JWS/JWE/JWK agents. Among these 895 issues are protecting the user's asymmetric private and symmetric 896 secret keys and employing countermeasures to various attacks. 898 9.1. Key Provenance and Trust 900 One should place no more trust in the data cryptographically secured 901 by a key than in the method by which it was obtained and in the 902 trustworthiness of the entity asserting an association with the key. 903 Any data associated with a key that is obtained in an untrusted 904 manner should be treated with skepticism. See Section 10.3 of [JWS] 905 for security considerations on key origin authentication. 907 The security considerations in Section 12.3 of XML DSIG 2.0 908 [W3C.NOTE-xmldsig-core2-20130411] about the strength of a digital 909 signature depending upon all the links in the security chain also 910 apply to this specification. 912 The TLS Requirements in Section 8 of [JWS] also apply to this 913 specification. 915 9.2. Preventing Disclosure of Non-Public Key Information 917 Private and symmetric keys MUST be protected from disclosure to 918 unintended parties. One recommended means of doing so is to encrypt 919 JWKs or JWK Sets containing them by using the JWK or JWK Set value as 920 the plaintext of a JWE. Of course, this requires that there be a 921 secure way to obtain the key used to encrypt the non-public key 922 information to the intended party and a secure way for that party to 923 obtain the corresponding decryption key. 925 The security considerations in RFC 3447 [RFC3447] and RFC 6030 926 [RFC6030] about protecting private and symmetric keys, key usage, and 927 information leakage also apply to this specification. 929 9.3. RSA Private Key Representations and Blinding 931 The RSA Key blinding operation [Kocher], which is a defense against 932 some timing attacks, requires all of the RSA key values "n", "e", and 933 "d". However, some RSA private key representations do not include 934 the public exponent "e", but only include the modulus "n" and the 935 private exponent "d". This is true, for instance, of the Java 936 RSAPrivateKeySpec API, which does not include the public exponent "e" 937 as a parameter. So as to enable RSA key blinding, such 938 representations should be avoided. For Java, the 939 RSAPrivateCrtKeySpec API can be used instead. Section 8.2.2(i) of 940 the Handbook of Applied Cryptography [HAC] discusses how to compute 941 the remaining RSA private key parameters, if needed, using only "n", 942 "e", and "d". 944 9.4. Key Entropy and Random Values 946 See Section 10.1 of [JWS] for security considerations on key entropy 947 and random values. 949 10. References 951 10.1. Normative References 953 [ECMAScript] 954 Ecma International, "ECMAScript Language Specification, 955 5.1 Edition", ECMA 262, June 2011. 957 [IANA.MediaTypes] 958 Internet Assigned Numbers Authority (IANA), "MIME Media 959 Types", 2005. 961 [ITU.X690.1994] 962 International Telecommunications Union, "Information 963 Technology - ASN.1 encoding rules: Specification of Basic 964 Encoding Rules (BER), Canonical Encoding Rules (CER) and 965 Distinguished Encoding Rules (DER)", ITU-T Recommendation 966 X.690, 1994. 968 [JWA] Jones, M., "JSON Web Algorithms (JWA)", 969 draft-ietf-jose-json-web-algorithms (work in progress), 970 October 2014. 972 [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", 973 draft-ietf-jose-json-web-encryption (work in progress), 974 October 2014. 976 [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web 977 Signature (JWS)", draft-ietf-jose-json-web-signature (work 978 in progress), October 2014. 980 [RFC20] Cerf, V., "ASCII format for Network Interchange", RFC 20, 981 October 1969. 983 [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 984 Extensions (MIME) Part Two: Media Types", RFC 2046, 985 November 1996. 987 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 988 Requirement Levels", BCP 14, RFC 2119, March 1997. 990 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 992 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 993 10646", STD 63, RFC 3629, November 2003. 995 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 996 Resource Identifier (URI): Generic Syntax", STD 66, 997 RFC 3986, January 2005. 999 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 1000 Encodings", RFC 4648, October 2006. 1002 [RFC4945] Korver, B., "The Internet IP Security PKI Profile of 1003 IKEv1/ISAKMP, IKEv2, and PKIX", RFC 4945, August 2007. 1005 [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", 1006 RFC 4949, August 2007. 1008 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 1009 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 1011 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 1012 Housley, R., and W. Polk, "Internet X.509 Public Key 1013 Infrastructure Certificate and Certificate Revocation List 1014 (CRL) Profile", RFC 5280, May 2008. 1016 [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and 1017 Verification of Domain-Based Application Service Identity 1018 within Internet Public Key Infrastructure Using X.509 1019 (PKIX) Certificates in the Context of Transport Layer 1020 Security (TLS)", RFC 6125, March 2011. 1022 [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data 1023 Interchange Format", RFC 7159, March 2014. 1025 10.2. Informative References 1027 [DSS] National Institute of Standards and Technology, "Digital 1028 Signature Standard (DSS)", FIPS PUB 186-4, July 2013. 1030 [HAC] Menezes, A., van Oorschot, P., and S. Vanstone, "Handbook 1031 of Applied Cryptography", CRC Press, 1996, 1032 . 1034 [Kocher] Kocher, P., "Timing Attacks on Implementations of Diffe- 1035 Hellman, RSA, DSS, and Other Systems", In Proceedings of 1036 the 16th Annual International Cryptology Conference 1037 Advances in Cryptology, Springer-Verlag, pp. 104-113, 1038 1996. 1040 [MagicSignatures] 1041 Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic 1042 Signatures", January 2011. 1044 [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography 1045 Standards (PKCS) #1: RSA Cryptography Specifications 1046 Version 2.1", RFC 3447, February 2003. 1048 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1049 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 1050 May 2008. 1052 [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric 1053 Key Container (PSKC)", RFC 6030, October 2010. 1055 [RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type 1056 Specifications and Registration Procedures", BCP 13, 1057 RFC 6838, January 2013. 1059 [W3C.NOTE-xmldsig-core2-20130411] 1060 Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Roessler, 1061 T., Yiu, K., Datta, P., and S. Cantor, "XML Signature 1062 Syntax and Processing Version 2.0", World Wide Web 1063 Consortium Note NOTE-xmldsig-core2-20130411, April 2013, 1064 . 1066 [WebCrypto] 1067 Sleevi, R. and M. Watson, "Web Cryptography API", World 1068 Wide Web Consortium Draft, March 2014, 1069 . 1071 Appendix A. Example JSON Web Key Sets 1073 A.1. Example Public Keys 1075 The following example JWK Set contains two public keys represented as 1076 JWKs: one using an Elliptic Curve algorithm and a second one using an 1077 RSA algorithm. The first specifies that the key is to be used for 1078 encryption. The second specifies that the key is to be used with the 1079 "RS256" algorithm. Both provide a Key ID for key matching purposes. 1080 In both cases, integers are represented using the base64url encoding 1081 of their big endian representations. (Long lines are broken are for 1082 display purposes only.) 1084 {"keys": 1085 [ 1086 {"kty":"EC", 1087 "crv":"P-256", 1088 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1089 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1090 "use":"enc", 1091 "kid":"1"}, 1093 {"kty":"RSA", 1094 "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 1095 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs 1096 tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 1097 QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI 1098 SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb 1099 w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1100 "e":"AQAB", 1101 "alg":"RS256", 1102 "kid":"2011-04-29"} 1103 ] 1104 } 1106 A.2. Example Private Keys 1108 The following example JWK Set contains two keys represented as JWKs 1109 containing both public and private key values: one using an Elliptic 1110 Curve algorithm and a second one using an RSA algorithm. This 1111 example extends the example in the previous section, adding private 1112 key values. (Line breaks are for display purposes only.) 1114 {"keys": 1115 [ 1116 {"kty":"EC", 1117 "crv":"P-256", 1118 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1119 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1120 "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", 1121 "use":"enc", 1122 "kid":"1"}, 1124 {"kty":"RSA", 1125 "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4 1126 cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMst 1127 n64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2Q 1128 vzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbIS 1129 D08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw 1130 0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1131 "e":"AQAB", 1132 "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9 1133 M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij 1134 wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d 1135 _cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz 1136 nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz 1137 me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", 1138 "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV 1139 nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV 1140 WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", 1141 "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum 1142 qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx 1143 kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", 1144 "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim 1145 YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu 1146 YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", 1147 "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU 1148 vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9 1149 GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", 1150 "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg 1151 UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx 1152 yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", 1153 "alg":"RS256", 1154 "kid":"2011-04-29"} 1155 ] 1156 } 1158 A.3. Example Symmetric Keys 1160 The following example JWK Set contains two symmetric keys represented 1161 as JWKs: one designated as being for use with the AES Key Wrap 1162 algorithm and a second one that is an HMAC key. (Line breaks are for 1163 display purposes only.) 1165 {"keys": 1166 [ 1167 {"kty":"oct", 1168 "alg":"A128KW", 1169 "k":"GawgguFyGrWKav7AX4VKUg"}, 1171 {"kty":"oct", 1172 "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75 1173 aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", 1174 "kid":"HMAC key used in JWS A.1 example"} 1175 ] 1176 } 1178 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter 1179 The following is an example of a JWK with a RSA signing key 1180 represented both as an RSA public key and as an X.509 certificate 1181 using the "x5c" parameter: 1183 {"kty":"RSA", 1184 "use":"sig", 1185 "kid":"1b94c", 1186 "n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08 1187 PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q 1188 u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a 1189 YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH 1190 MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv 1191 VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ", 1192 "e":"AQAB", 1193 "x5c": 1194 ["MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJB 1195 gNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYD 1196 VQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1 1197 wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBg 1198 NVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDV 1199 QQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1w 1200 YmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnH 1201 YMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66 1202 s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6 1203 SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpn 1204 fajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPq 1205 PvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVk 1206 aZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BA 1207 QUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL 1208 +9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1 1209 zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL 1210 2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo 1211 4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTq 1212 gawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA=="] 1213 } 1215 Appendix C. Example Encrypted RSA Private Key 1217 This example encrypts an RSA private key to the recipient using 1218 "PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for 1219 content encryption. 1221 NOTE: Unless otherwise indicated, all line breaks are included solely 1222 for readability. 1224 C.1. Plaintext RSA Private Key 1226 The following RSA key is the plaintext for the authenticated 1227 encryption operation, formatted as a JWK object: 1229 { 1230 "kty":"RSA", 1231 "kid":"juliet@capulet.lit", 1232 "use":"enc", 1233 "n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy 1234 O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP 1235 8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0 1236 Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X 1237 OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1 1238 _I8sLGuSiVdt3C_Fn2PZ3Z8i744FPFGGcG1qs2Wz-Q", 1239 "e":"AQAB", 1240 "d":"GRtbIQmhOZtyszfgKdg4u_N-R_mZGU_9k7JQ_jn1DnfTuMdSNprTeaSTyWfS 1241 NkuaAwnOEbIQVy1IQbWVV25NY3ybc_IhUJtfri7bAXYEReWaCl3hdlPKXy9U 1242 vqPYGR0kIXTQRqns-dVJ7jahlI7LyckrpTmrM8dWBo4_PMaenNnPiQgO0xnu 1243 ToxutRZJfJvG4Ox4ka3GORQd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu 1244 rY15k9qMSpG9OX_IJAXmxzAh_tWiZOwk2K4yxH9tS3Lq1yX8C1EWmeRDkK2a 1245 hecG85-oLKQt5VEpWHKmjOi_gJSdSgqcN96X52esAQ", 1246 "p":"2rnSOV4hKSN8sS4CgcQHFbs08XboFDqKum3sc4h3GRxrTmQdl1ZK9uw-PIHf 1247 QP0FkxXVrx-WE-ZEbrqivH_2iCLUS7wAl6XvARt1KkIaUxPPSYB9yk31s0Q8 1248 UK96E3_OrADAYtAJs-M3JxCLfNgqh56HDnETTQhH3rCT5T3yJws", 1249 "q":"1u_RiFDP7LBYh3N4GXLT9OpSKYP0uQZyiaZwBtOCBNJgQxaj10RWjsZu0c6I 1250 edis4S7B_coSKB0Kj9PaPaBzg-IySRvvcQuPamQu66riMhjVtG6TlV8CLCYK 1251 rYl52ziqK0E_ym2QnkwsUX7eYTB7LbAHRK9GqocDE5B0f808I4s", 1252 "dp":"KkMTWqBUefVwZ2_Dbj1pPQqyHSHjj90L5x_MOzqYAJMcLMZtbUtwKqvVDq3 1253 tbEo3ZIcohbDtt6SbfmWzggabpQxNxuBpoOOf_a_HgMXK_lhqigI4y_kqS1w 1254 Y52IwjUn5rgRrJ-yYo1h41KR-vz2pYhEAeYrhttWtxVqLCRViD6c", 1255 "dq":"AvfS0-gRxvn0bwJoMSnFxYcK1WnuEjQFluMGfwGitQBWtfZ1Er7t1xDkbN9 1256 GQTB9yqpDoYaN06H7CFtrkxhJIBQaj6nkF5KKS3TQtQ5qCzkOkmxIe3KRbBy 1257 mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu_lRFCOJ3xDea-ots", 1258 "qi":"lSQi-w9CpyUReMErP1RsBLk7wNtOvs5EQpPqmuMvqW57NBUczScEoPwmUqq 1259 abu9V0-Py4dQ57_bapoKRu1R90bvuFnU63SHWEFglZQvJDMeAvmj4sm-Fp0o 1260 Yu_neotgQ0hzbI5gry7ajdYy9-2lNx_76aBZoOUu9HCJ-UsfSOI8" 1261 } 1263 The octets representing the Plaintext used in this example (using 1264 JSON array notation) are: 1266 [123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107, 1267 105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112, 1268 117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34, 1269 58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56, 1270 80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78, 1271 89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87, 1272 101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49, 1273 103, 80, 78, 113, 70, 77, 83, 81, 82, 121, 79, 49, 50, 53, 71, 112, 1274 45, 84, 69, 107, 111, 100, 104, 87, 114, 48, 105, 117, 106, 106, 72, 1275 86, 120, 55, 66, 99, 86, 48, 108, 108, 83, 52, 119, 53, 65, 67, 71, 1276 103, 80, 114, 99, 65, 100, 54, 90, 99, 83, 82, 48, 45, 73, 113, 111, 1277 109, 45, 81, 70, 99, 78, 80, 56, 83, 106, 103, 48, 56, 54, 77, 119, 1278 111, 113, 81, 85, 95, 76, 89, 121, 119, 108, 65, 71, 90, 50, 49, 87, 1279 83, 100, 83, 95, 80, 69, 82, 121, 71, 70, 105, 78, 110, 106, 51, 81, 1280 81, 108, 79, 56, 89, 110, 115, 53, 106, 67, 116, 76, 67, 82, 119, 76, 1281 72, 76, 48, 80, 98, 49, 102, 69, 118, 52, 53, 65, 117, 82, 73, 117, 1282 85, 102, 86, 99, 80, 121, 83, 66, 87, 89, 110, 68, 121, 71, 120, 118, 1283 106, 89, 71, 68, 83, 77, 45, 65, 113, 87, 83, 57, 122, 73, 81, 50, 1284 90, 105, 108, 103, 84, 45, 71, 113, 85, 109, 105, 112, 103, 48, 88, 1285 79, 67, 48, 67, 99, 50, 48, 114, 103, 76, 101, 50, 121, 109, 76, 72, 1286 106, 112, 72, 99, 105, 67, 75, 86, 65, 98, 89, 53, 45, 76, 51, 50, 1287 45, 108, 83, 101, 90, 79, 45, 79, 115, 54, 85, 49, 53, 95, 97, 88, 1288 114, 107, 57, 71, 119, 56, 99, 80, 85, 97, 88, 49, 95, 73, 56, 115, 1289 76, 71, 117, 83, 105, 86, 100, 116, 51, 67, 95, 70, 110, 50, 80, 90, 1290 51, 90, 56, 105, 55, 52, 52, 70, 80, 70, 71, 71, 99, 71, 49, 113, 1291 115, 50, 87, 122, 45, 81, 34, 44, 34, 101, 34, 58, 34, 65, 81, 65, 1292 66, 34, 44, 34, 100, 34, 58, 34, 71, 82, 116, 98, 73, 81, 109, 104, 1293 79, 90, 116, 121, 115, 122, 102, 103, 75, 100, 103, 52, 117, 95, 78, 1294 45, 82, 95, 109, 90, 71, 85, 95, 57, 107, 55, 74, 81, 95, 106, 110, 1295 49, 68, 110, 102, 84, 117, 77, 100, 83, 78, 112, 114, 84, 101, 97, 1296 83, 84, 121, 87, 102, 83, 78, 107, 117, 97, 65, 119, 110, 79, 69, 98, 1297 73, 81, 86, 121, 49, 73, 81, 98, 87, 86, 86, 50, 53, 78, 89, 51, 121, 1298 98, 99, 95, 73, 104, 85, 74, 116, 102, 114, 105, 55, 98, 65, 88, 89, 1299 69, 82, 101, 87, 97, 67, 108, 51, 104, 100, 108, 80, 75, 88, 121, 57, 1300 85, 118, 113, 80, 89, 71, 82, 48, 107, 73, 88, 84, 81, 82, 113, 110, 1301 115, 45, 100, 86, 74, 55, 106, 97, 104, 108, 73, 55, 76, 121, 99, 1302 107, 114, 112, 84, 109, 114, 77, 56, 100, 87, 66, 111, 52, 95, 80, 1303 77, 97, 101, 110, 78, 110, 80, 105, 81, 103, 79, 48, 120, 110, 117, 1304 84, 111, 120, 117, 116, 82, 90, 74, 102, 74, 118, 71, 52, 79, 120, 1305 52, 107, 97, 51, 71, 79, 82, 81, 100, 57, 67, 115, 67, 90, 50, 118, 1306 115, 85, 68, 109, 115, 88, 79, 102, 85, 69, 78, 79, 121, 77, 113, 65, 1307 68, 67, 54, 112, 49, 77, 51, 104, 51, 51, 116, 115, 117, 114, 89, 49, 1308 53, 107, 57, 113, 77, 83, 112, 71, 57, 79, 88, 95, 73, 74, 65, 88, 1309 109, 120, 122, 65, 104, 95, 116, 87, 105, 90, 79, 119, 107, 50, 75, 1310 52, 121, 120, 72, 57, 116, 83, 51, 76, 113, 49, 121, 88, 56, 67, 49, 1311 69, 87, 109, 101, 82, 68, 107, 75, 50, 97, 104, 101, 99, 71, 56, 53, 1312 45, 111, 76, 75, 81, 116, 53, 86, 69, 112, 87, 72, 75, 109, 106, 79, 1313 105, 95, 103, 74, 83, 100, 83, 103, 113, 99, 78, 57, 54, 88, 53, 50, 1314 101, 115, 65, 81, 34, 44, 34, 112, 34, 58, 34, 50, 114, 110, 83, 79, 1315 86, 52, 104, 75, 83, 78, 56, 115, 83, 52, 67, 103, 99, 81, 72, 70, 1316 98, 115, 48, 56, 88, 98, 111, 70, 68, 113, 75, 117, 109, 51, 115, 99, 1317 52, 104, 51, 71, 82, 120, 114, 84, 109, 81, 100, 108, 49, 90, 75, 57, 1318 117, 119, 45, 80, 73, 72, 102, 81, 80, 48, 70, 107, 120, 88, 86, 114, 1319 120, 45, 87, 69, 45, 90, 69, 98, 114, 113, 105, 118, 72, 95, 50, 105, 1320 67, 76, 85, 83, 55, 119, 65, 108, 54, 88, 118, 65, 82, 116, 49, 75, 1321 107, 73, 97, 85, 120, 80, 80, 83, 89, 66, 57, 121, 107, 51, 49, 115, 1322 48, 81, 56, 85, 75, 57, 54, 69, 51, 95, 79, 114, 65, 68, 65, 89, 116, 1323 65, 74, 115, 45, 77, 51, 74, 120, 67, 76, 102, 78, 103, 113, 104, 53, 1324 54, 72, 68, 110, 69, 84, 84, 81, 104, 72, 51, 114, 67, 84, 53, 84, 1325 51, 121, 74, 119, 115, 34, 44, 34, 113, 34, 58, 34, 49, 117, 95, 82, 1326 105, 70, 68, 80, 55, 76, 66, 89, 104, 51, 78, 52, 71, 88, 76, 84, 57, 1327 79, 112, 83, 75, 89, 80, 48, 117, 81, 90, 121, 105, 97, 90, 119, 66, 1328 116, 79, 67, 66, 78, 74, 103, 81, 120, 97, 106, 49, 48, 82, 87, 106, 1329 115, 90, 117, 48, 99, 54, 73, 101, 100, 105, 115, 52, 83, 55, 66, 95, 1330 99, 111, 83, 75, 66, 48, 75, 106, 57, 80, 97, 80, 97, 66, 122, 103, 1331 45, 73, 121, 83, 82, 118, 118, 99, 81, 117, 80, 97, 109, 81, 117, 54, 1332 54, 114, 105, 77, 104, 106, 86, 116, 71, 54, 84, 108, 86, 56, 67, 76, 1333 67, 89, 75, 114, 89, 108, 53, 50, 122, 105, 113, 75, 48, 69, 95, 121, 1334 109, 50, 81, 110, 107, 119, 115, 85, 88, 55, 101, 89, 84, 66, 55, 76, 1335 98, 65, 72, 82, 75, 57, 71, 113, 111, 99, 68, 69, 53, 66, 48, 102, 1336 56, 48, 56, 73, 52, 115, 34, 44, 34, 100, 112, 34, 58, 34, 75, 107, 1337 77, 84, 87, 113, 66, 85, 101, 102, 86, 119, 90, 50, 95, 68, 98, 106, 1338 49, 112, 80, 81, 113, 121, 72, 83, 72, 106, 106, 57, 48, 76, 53, 120, 1339 95, 77, 79, 122, 113, 89, 65, 74, 77, 99, 76, 77, 90, 116, 98, 85, 1340 116, 119, 75, 113, 118, 86, 68, 113, 51, 116, 98, 69, 111, 51, 90, 1341 73, 99, 111, 104, 98, 68, 116, 116, 54, 83, 98, 102, 109, 87, 122, 1342 103, 103, 97, 98, 112, 81, 120, 78, 120, 117, 66, 112, 111, 79, 79, 1343 102, 95, 97, 95, 72, 103, 77, 88, 75, 95, 108, 104, 113, 105, 103, 1344 73, 52, 121, 95, 107, 113, 83, 49, 119, 89, 53, 50, 73, 119, 106, 85, 1345 110, 53, 114, 103, 82, 114, 74, 45, 121, 89, 111, 49, 104, 52, 49, 1346 75, 82, 45, 118, 122, 50, 112, 89, 104, 69, 65, 101, 89, 114, 104, 1347 116, 116, 87, 116, 120, 86, 113, 76, 67, 82, 86, 105, 68, 54, 99, 34, 1348 44, 34, 100, 113, 34, 58, 34, 65, 118, 102, 83, 48, 45, 103, 82, 120, 1349 118, 110, 48, 98, 119, 74, 111, 77, 83, 110, 70, 120, 89, 99, 75, 49, 1350 87, 110, 117, 69, 106, 81, 70, 108, 117, 77, 71, 102, 119, 71, 105, 1351 116, 81, 66, 87, 116, 102, 90, 49, 69, 114, 55, 116, 49, 120, 68, 1352 107, 98, 78, 57, 71, 81, 84, 66, 57, 121, 113, 112, 68, 111, 89, 97, 1353 78, 48, 54, 72, 55, 67, 70, 116, 114, 107, 120, 104, 74, 73, 66, 81, 1354 97, 106, 54, 110, 107, 70, 53, 75, 75, 83, 51, 84, 81, 116, 81, 53, 1355 113, 67, 122, 107, 79, 107, 109, 120, 73, 101, 51, 75, 82, 98, 66, 1356 121, 109, 88, 120, 107, 98, 53, 113, 119, 85, 112, 88, 53, 69, 76, 1357 68, 53, 120, 70, 99, 54, 70, 101, 105, 97, 102, 87, 89, 89, 54, 51, 1358 84, 109, 109, 69, 65, 117, 95, 108, 82, 70, 67, 79, 74, 51, 120, 68, 1359 101, 97, 45, 111, 116, 115, 34, 44, 34, 113, 105, 34, 58, 34, 108, 1360 83, 81, 105, 45, 119, 57, 67, 112, 121, 85, 82, 101, 77, 69, 114, 80, 1361 49, 82, 115, 66, 76, 107, 55, 119, 78, 116, 79, 118, 115, 53, 69, 81, 1362 112, 80, 113, 109, 117, 77, 118, 113, 87, 53, 55, 78, 66, 85, 99, 1363 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, 1364 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, 1365 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, 1366 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, 1367 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, 1368 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, 1369 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, 1370 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, 1371 125] 1373 C.2. JOSE Header 1375 The following example JWE Protected Header declares that: 1377 o the Content Encryption Key is encrypted to the recipient using the 1378 PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, 1380 o the Salt Input ("p2s") value is [217, 96, 147, 112, 150, 117, 70, 1381 247, 127, 8, 155, 137, 174, 42, 80, 215], 1383 o the Iteration Count ("p2c") value is 4096, 1385 o authenticated encryption is performed on the Plaintext using the 1386 AES_128_CBC_HMAC_SHA_256 algorithm to produce the Ciphertext and 1387 the Authentication Tag, and 1389 o the content type is application/jwk+json. 1391 { 1392 "alg":"PBES2-HS256+A128KW", 1393 "p2s":"2WCTcJZ1Rvd_CJuJripQ1w", 1394 "p2c":4096, 1395 "enc":"A128CBC-HS256", 1396 "cty":"jwk+json" 1397 } 1399 Encoding this JWE Protected Header as BASE64URL(UTF8(JWE Protected 1400 Header)) gives this value (with line breaks for display purposes 1401 only): 1403 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1404 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1405 andrK2pzb24ifQ 1407 C.3. Content Encryption Key (CEK) 1409 Generate a 256 bit random Content Encryption Key (CEK). In this 1410 example, the value (using JSON array notation) is: 1412 [111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 112, 1413 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 48, 1414 253, 182] 1416 C.4. Key Derivation 1418 Derive a key from a shared passphrase using the PBKDF2 algorithm with 1419 HMAC SHA-256 and the specified Salt and Iteration Count values and a 1420 128 bit requested output key size to produce the PBKDF2 Derived Key. 1421 This example uses the following passphrase: 1423 Thus from my lips, by yours, my sin is purged. 1425 The octets representing the passphrase are: 1427 [84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108, 1428 105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, 1429 109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103, 1430 101, 100, 46] 1432 The Salt value (UTF8(Alg) || 0x00 || Salt Input) is: 1434 [80, 66, 69, 83, 50, 45, 72, 83, 50, 53, 54, 43, 65, 49, 50, 56, 75, 1435 87, 0, 217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 155, 137, 174, 1436 42, 80, 215]. 1438 The resulting PBKDF2 Derived Key value is: 1440 [110, 171, 169, 92, 129, 92, 109, 117, 233, 242, 116, 233, 170, 14, 1441 24, 75] 1443 C.5. Key Encryption 1445 Encrypt the CEK with the "A128KW" algorithm using the PBKDF2 Derived 1446 Key. The resulting JWE Encrypted Key value is: 1448 [78, 186, 151, 59, 11, 141, 81, 240, 213, 245, 83, 211, 53, 188, 134, 1449 188, 66, 125, 36, 200, 222, 124, 5, 103, 249, 52, 117, 184, 140, 81, 1450 246, 158, 161, 177, 20, 33, 245, 57, 59, 4] 1452 Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives 1453 this value: 1455 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA 1457 C.6. Initialization Vector 1459 Generate a random 128 bit JWE Initialization Vector. In this 1460 example, the value is: 1462 [97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149, 1463 156] 1464 Encoding this JWE Initialization Vector as BASE64URL(JWE 1465 Initialization Vector) gives this value: 1467 Ye9j1qs22DmRSAddIh-VnA 1469 C.7. Additional Authenticated Data 1471 Let the Additional Authenticated Data encryption parameter be 1472 ASCII(BASE64URL(UTF8(JWE Protected Header))). This value is: 1474 [123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, 1475 50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, 1476 58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, 1477 117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, 1478 52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, 1479 66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, 1480 106, 119, 107, 43, 106, 115, 111, 110, 34, 125] 1482 C.8. Content Encryption 1484 Perform authenticated encryption on the Plaintext with the 1485 AES_128_CBC_HMAC_SHA_256 algorithm using the CEK as the encryption 1486 key, the JWE Initialization Vector, and the Additional Authenticated 1487 Data value above. The resulting Ciphertext is: 1489 [3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, 1490 131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, 1491 112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, 1492 157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, 1493 129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60, 1494 60, 47, 233, 132, 121, 13, 35, 188, 53, 19, 172, 77, 59, 54, 211, 1495 158, 172, 25, 60, 111, 0, 80, 201, 158, 160, 210, 68, 55, 12, 67, 1496 136, 130, 87, 216, 197, 95, 62, 20, 155, 205, 5, 140, 27, 168, 221, 1497 65, 114, 78, 157, 254, 46, 206, 182, 52, 135, 87, 239, 3, 34, 186, 1498 126, 220, 151, 17, 33, 237, 57, 96, 172, 183, 58, 45, 248, 103, 241, 1499 142, 136, 7, 53, 16, 173, 181, 7, 93, 92, 252, 1, 53, 212, 242, 8, 1500 255, 11, 239, 181, 24, 148, 136, 111, 24, 161, 244, 23, 106, 69, 157, 1501 215, 243, 189, 240, 166, 169, 249, 72, 38, 201, 99, 223, 173, 229, 9, 1502 222, 82, 79, 157, 176, 248, 85, 239, 121, 163, 1, 31, 48, 98, 206, 1503 61, 249, 104, 216, 201, 227, 105, 48, 194, 193, 10, 36, 160, 159, 1504 241, 166, 84, 54, 188, 211, 243, 242, 40, 46, 45, 193, 193, 160, 169, 1505 101, 201, 1, 73, 47, 105, 142, 88, 28, 42, 132, 26, 61, 58, 63, 142, 1506 243, 77, 26, 179, 153, 166, 46, 203, 208, 49, 55, 229, 34, 178, 4, 1507 109, 180, 204, 204, 115, 1, 103, 193, 5, 91, 215, 214, 195, 1, 110, 1508 208, 53, 144, 36, 105, 12, 54, 25, 129, 101, 15, 183, 150, 250, 147, 1509 115, 227, 58, 250, 5, 128, 232, 63, 15, 14, 19, 141, 124, 253, 142, 1510 137, 189, 135, 26, 44, 240, 27, 88, 132, 105, 127, 6, 71, 37, 41, 1511 124, 187, 165, 140, 34, 200, 123, 80, 228, 24, 231, 176, 132, 171, 1512 138, 145, 152, 116, 224, 50, 141, 51, 147, 91, 186, 7, 246, 106, 217, 1513 148, 244, 227, 244, 45, 220, 121, 165, 224, 148, 181, 17, 181, 128, 1514 197, 101, 237, 11, 169, 229, 149, 199, 78, 56, 15, 14, 190, 91, 216, 1515 222, 247, 213, 74, 40, 8, 96, 20, 168, 119, 96, 26, 24, 52, 37, 82, 1516 127, 57, 176, 147, 118, 59, 7, 224, 33, 117, 72, 155, 29, 82, 26, 1517 215, 189, 140, 119, 28, 152, 118, 93, 222, 194, 192, 148, 115, 83, 1518 253, 216, 212, 108, 88, 83, 175, 172, 220, 97, 79, 110, 42, 223, 170, 1519 161, 34, 164, 144, 193, 76, 122, 92, 160, 41, 178, 175, 6, 35, 96, 1520 113, 96, 158, 90, 129, 101, 26, 45, 70, 180, 189, 230, 15, 5, 247, 1521 150, 209, 94, 171, 26, 13, 142, 212, 129, 1, 176, 5, 0, 112, 203, 1522 174, 185, 119, 76, 233, 189, 54, 172, 189, 245, 223, 253, 205, 12, 1523 88, 9, 126, 157, 225, 90, 40, 229, 191, 63, 30, 160, 224, 69, 3, 140, 1524 109, 70, 89, 37, 213, 245, 194, 210, 180, 188, 63, 210, 139, 221, 2, 1525 144, 200, 20, 177, 216, 29, 227, 242, 106, 12, 135, 142, 139, 144, 1526 82, 225, 162, 171, 176, 108, 99, 6, 43, 193, 161, 116, 234, 216, 1, 1527 242, 21, 124, 162, 98, 205, 124, 193, 38, 12, 242, 90, 101, 76, 204, 1528 184, 124, 58, 180, 16, 240, 26, 76, 195, 250, 212, 191, 185, 191, 97, 1529 198, 186, 73, 225, 75, 14, 90, 123, 121, 172, 101, 50, 160, 221, 141, 1530 253, 205, 126, 77, 9, 87, 198, 110, 104, 182, 141, 120, 51, 25, 232, 1531 3, 32, 80, 6, 156, 8, 18, 4, 135, 221, 142, 25, 135, 2, 129, 132, 1532 115, 227, 74, 141, 28, 119, 11, 141, 117, 134, 198, 62, 150, 254, 97, 1533 75, 197, 251, 99, 89, 204, 224, 226, 67, 83, 175, 89, 0, 81, 29, 38, 1534 207, 89, 140, 255, 197, 177, 164, 128, 62, 116, 224, 180, 109, 169, 1535 28, 2, 59, 176, 130, 252, 44, 178, 81, 24, 181, 176, 75, 44, 61, 91, 1536 12, 37, 21, 255, 83, 130, 197, 16, 231, 60, 217, 56, 131, 118, 168, 1537 202, 58, 52, 84, 124, 162, 185, 174, 162, 226, 242, 112, 68, 246, 1538 202, 16, 208, 52, 154, 58, 129, 80, 102, 33, 171, 6, 186, 177, 14, 1539 195, 88, 136, 6, 0, 155, 28, 100, 162, 207, 162, 222, 117, 248, 170, 1540 208, 114, 87, 31, 57, 176, 33, 57, 83, 253, 12, 168, 110, 194, 59, 1541 22, 86, 48, 227, 196, 22, 176, 218, 122, 149, 21, 249, 195, 178, 174, 1542 250, 20, 34, 120, 60, 139, 201, 99, 40, 18, 177, 17, 54, 54, 6, 3, 1543 222, 128, 160, 88, 11, 27, 0, 81, 192, 36, 41, 169, 146, 8, 47, 64, 1544 136, 28, 64, 209, 67, 135, 202, 20, 234, 182, 91, 204, 146, 195, 187, 1545 0, 72, 77, 11, 111, 152, 204, 252, 177, 212, 89, 33, 50, 132, 184, 1546 44, 183, 186, 19, 250, 69, 176, 201, 102, 140, 14, 143, 212, 212, 1547 160, 123, 208, 185, 27, 155, 68, 77, 133, 198, 2, 126, 155, 215, 22, 1548 91, 30, 217, 176, 172, 244, 156, 174, 143, 75, 90, 21, 102, 1, 160, 1549 59, 253, 188, 88, 57, 185, 197, 83, 24, 22, 180, 174, 47, 207, 52, 1, 1550 141, 146, 119, 233, 68, 228, 224, 228, 193, 248, 155, 202, 90, 7, 1551 213, 88, 33, 108, 107, 14, 86, 8, 120, 250, 58, 142, 35, 164, 238, 1552 221, 219, 35, 123, 88, 199, 192, 143, 104, 83, 17, 166, 243, 247, 11, 1553 166, 67, 68, 204, 132, 23, 110, 103, 228, 14, 55, 122, 88, 57, 180, 1554 178, 237, 52, 130, 214, 245, 102, 123, 67, 73, 175, 1, 127, 112, 148, 1555 94, 132, 164, 197, 153, 217, 87, 25, 89, 93, 63, 22, 66, 166, 90, 1556 251, 101, 10, 145, 66, 17, 124, 36, 255, 165, 226, 97, 16, 86, 112, 1557 154, 88, 105, 253, 56, 209, 229, 122, 103, 51, 24, 228, 190, 3, 236, 1558 48, 182, 121, 176, 140, 128, 117, 87, 251, 224, 37, 23, 248, 21, 218, 1559 85, 251, 136, 84, 147, 143, 144, 46, 155, 183, 251, 89, 86, 23, 26, 1560 237, 100, 167, 32, 130, 173, 237, 89, 55, 110, 70, 142, 127, 65, 230, 1561 208, 109, 69, 19, 253, 84, 130, 130, 193, 92, 58, 108, 150, 42, 136, 1562 249, 234, 86, 241, 182, 19, 117, 246, 26, 181, 92, 101, 155, 44, 103, 1563 235, 173, 30, 140, 90, 29, 183, 190, 77, 53, 206, 127, 5, 87, 8, 187, 1564 184, 92, 4, 157, 22, 18, 105, 251, 39, 88, 182, 181, 103, 148, 233, 1565 6, 63, 70, 188, 7, 101, 216, 127, 77, 31, 12, 233, 7, 147, 106, 30, 1566 150, 77, 145, 13, 205, 48, 56, 245, 220, 89, 252, 127, 51, 180, 36, 1567 31, 55, 18, 214, 230, 254, 217, 197, 65, 247, 27, 215, 117, 247, 108, 1568 157, 121, 11, 63, 150, 195, 83, 6, 134, 242, 41, 24, 105, 204, 5, 63, 1569 192, 14, 159, 113, 72, 140, 128, 51, 215, 80, 215, 39, 149, 94, 79, 1570 128, 34, 5, 129, 82, 83, 121, 187, 37, 146, 27, 32, 177, 167, 71, 9, 1571 195, 30, 199, 196, 205, 252, 207, 69, 8, 120, 27, 190, 51, 43, 75, 1572 249, 234, 167, 116, 206, 203, 199, 43, 108, 87, 48, 155, 140, 228, 1573 210, 85, 25, 161, 96, 67, 8, 205, 64, 39, 75, 88, 44, 238, 227, 16, 1574 0, 100, 93, 129, 18, 4, 149, 50, 68, 72, 99, 35, 111, 254, 27, 102, 1575 175, 108, 233, 87, 181, 44, 169, 18, 139, 79, 208, 14, 202, 192, 5, 1576 162, 222, 231, 149, 24, 211, 49, 120, 101, 39, 206, 87, 147, 204, 1577 200, 251, 104, 115, 5, 127, 117, 195, 79, 151, 18, 224, 52, 0, 245, 1578 4, 85, 255, 103, 217, 0, 116, 198, 80, 91, 167, 192, 154, 199, 197, 1579 149, 237, 51, 2, 131, 30, 226, 95, 105, 48, 68, 135, 208, 144, 120, 1580 176, 145, 157, 8, 171, 80, 94, 61, 92, 92, 220, 157, 13, 138, 51, 23, 1581 185, 124, 31, 77, 1, 87, 241, 43, 239, 55, 122, 86, 210, 48, 208, 1582 204, 112, 144, 80, 147, 106, 219, 47, 253, 31, 134, 176, 16, 135, 1583 219, 95, 17, 129, 83, 236, 125, 136, 112, 86, 228, 252, 71, 129, 218, 1584 174, 156, 236, 12, 27, 159, 11, 138, 252, 253, 207, 31, 115, 214, 1585 118, 239, 203, 16, 211, 205, 99, 22, 51, 163, 107, 162, 246, 199, 67, 1586 127, 34, 108, 197, 53, 117, 58, 199, 3, 190, 74, 70, 190, 65, 235, 1587 175, 97, 157, 215, 252, 189, 245, 100, 229, 248, 46, 90, 126, 237, 4, 1588 159, 128, 58, 7, 156, 236, 69, 191, 85, 240, 179, 224, 249, 152, 49, 1589 195, 223, 60, 78, 186, 157, 155, 217, 58, 105, 116, 164, 217, 111, 1590 215, 150, 218, 252, 84, 86, 248, 140, 240, 226, 61, 106, 208, 95, 60, 1591 163, 6, 0, 235, 253, 162, 96, 62, 234, 251, 249, 35, 21, 7, 211, 233, 1592 86, 50, 33, 203, 67, 248, 60, 190, 123, 48, 167, 226, 90, 191, 71, 1593 56, 183, 165, 17, 85, 76, 238, 140, 211, 168, 53, 223, 194, 4, 97, 1594 149, 156, 120, 137, 76, 33, 229, 243, 194, 208, 198, 202, 139, 28, 1595 114, 46, 224, 92, 254, 83, 100, 134, 158, 92, 70, 78, 61, 62, 138, 1596 24, 173, 216, 66, 198, 70, 254, 47, 59, 193, 53, 6, 139, 19, 153, 1597 253, 28, 199, 122, 160, 27, 67, 234, 209, 227, 139, 4, 50, 7, 178, 1598 183, 89, 252, 32, 128, 137, 55, 52, 29, 89, 12, 111, 42, 181, 51, 1599 170, 132, 132, 207, 170, 228, 254, 178, 213, 0, 136, 175, 8] 1601 The resulting Authentication Tag value is: 1603 [208, 113, 102, 132, 236, 236, 67, 223, 39, 53, 98, 99, 32, 121, 17, 1604 236] 1606 Encoding this JWE Ciphertext as BASE64URL(JWE Ciphertext) gives this 1607 value (with line breaks for display purposes only): 1609 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1610 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1611 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1612 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1613 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1614 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1615 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1616 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1617 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1618 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1619 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1620 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1621 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1622 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1623 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1624 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1625 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1626 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1627 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1628 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1629 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1630 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1631 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1632 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1633 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1634 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1635 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1636 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1637 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1638 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1639 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1640 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1641 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1642 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg 1644 Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication 1645 Tag) gives this value: 1647 0HFmhOzsQ98nNWJjIHkR7A 1649 C.9. Complete Representation 1651 Assemble the final representation: The JWE Compact Serialization of 1652 this result, as defined in Section 7.1 of [JWE], is the string 1653 BASE64URL(UTF8(JWE Protected Header)) || '.' || BASE64URL(JWE 1654 Encrypted Key) || '.' || BASE64URL(JWE Initialization Vector) || '.' 1655 || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE Authentication 1656 Tag). 1658 The final result in this example is: 1660 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1661 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1662 andrK2pzb24ifQ. 1663 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA. 1664 Ye9j1qs22DmRSAddIh-VnA. 1665 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1666 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1667 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1668 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1669 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1670 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1671 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1672 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1673 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1674 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1675 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1676 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1677 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1678 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1679 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1680 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1681 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1682 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1683 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1684 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1685 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1686 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1687 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1688 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1689 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1690 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1691 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1692 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1693 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1694 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1695 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1696 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1697 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1698 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg. 1699 0HFmhOzsQ98nNWJjIHkR7A 1701 Appendix D. Acknowledgements 1703 A JSON representation for RSA public keys was previously introduced 1704 by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures 1706 [MagicSignatures]. 1708 Thanks to Matt Miller for creating the encrypted key example and to 1709 Edmund Jay and Brian Campbell for validating the example. 1711 This specification is the work of the JOSE Working Group, which 1712 includes dozens of active and dedicated participants. In particular, 1713 the following individuals contributed ideas, feedback, and wording 1714 that influenced this specification: 1716 Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de 1717 Medeiros, Stephen Farrell, Joe Hildebrand, Edmund Jay, Stephen Kent, 1718 Ben Laurie, James Manger, Matt Miller, Kathleen Moriarty, Chuck 1719 Mortimore, Tony Nadalin, Axel Nennker, John Panzer, Eric Rescorla, 1720 Pete Resnick, Nat Sakimura, Jim Schaad, Ryan Sleevi, Paul Tarjan, 1721 Hannes Tschofenig, and Sean Turner. 1723 Jim Schaad and Karen O'Donoghue chaired the JOSE working group and 1724 Sean Turner, Stephen Farrell, and Kathleen Moriarty served as 1725 Security area directors during the creation of this specification. 1727 Appendix E. Document History 1729 [[ to be removed by the RFC Editor before publication as an RFC ]] 1731 -35 1733 o Used real values for examples in the IANA Registration Templates. 1735 -34 1737 o Addressed IESG review comments by Pete Resnick, Stephen Farrell, 1738 and Richard Barnes. 1740 o Referenced RFC 4945 for PEM certificate delimiter syntax. 1742 -33 1744 o Addressed secdir review comments by Stephen Kent for which 1745 resolutions had mistakenly been omitted in the previous draft. 1747 o Acknowledged additional contributors. 1749 -32 1751 o Addressed Gen-ART review comments by Russ Housley. 1753 o Addressed secdir review comments by Stephen Kent. 1755 -31 1757 o No changes were made, other than to the version number and date. 1759 -30 1761 o Added references and cleaned up the reference syntax in a few 1762 places. 1764 o Applied minor wording changes to the Security Considerations 1765 section. 1767 -29 1769 o Replaced the terms JWS Header, JWE Header, and JWT Header with a 1770 single JOSE Header term defined in the JWS specification. This 1771 also enabled a single Header Parameter definition to be used and 1772 reduced other areas of duplication between specifications. 1774 -28 1776 o Revised the introduction to the Security Considerations section. 1778 o Refined the text about when applications using encrypted JWKs and 1779 JWK Sets would not need to use the "cty" header parameter. 1781 -27 1783 o Added an example JWK early in the draft. 1785 o Described additional security considerations. 1787 o Added the "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) JWK 1788 member. 1790 o Addressed a few editorial issues. 1792 -26 1794 o Referenced Section 6 of RFC 6125 for TLS server certificate 1795 identity validation. 1797 o Deleted misleading non-normative phrase from the "use" 1798 description. 1800 o Noted that octet sequences are depicted using JSON array notation. 1802 o Updated references, including to W3C specifications. 1804 -25 1806 o Updated WebCrypto reference to refer to W3C Last Call draft. 1808 -24 1810 o Corrected the authentication tag value in the encrypted key 1811 example. 1813 o Updated the JSON reference to RFC 7159. 1815 -23 1817 o No changes were made, other than to the version number and date. 1819 -22 1821 o Corrected RFC 2119 terminology usage. 1823 o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158. 1825 -21 1827 o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey" 1828 and "unwrapKey" to match the "KeyUsage" values defined in the 1829 current Web Cryptography API [WebCrypto] editor's draft. 1831 o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt 1832 Input), where the "p2s" Header Parameter encodes the Salt Input 1833 value and Alg is the "alg" Header Parameter value. 1835 o Changed some references from being normative to informative, 1836 addressing issue #90. 1838 -20 1840 o Renamed "use_details" to "key_ops" (key operations). 1842 o Clarified that "use" is meant for public key use cases, "key_ops" 1843 is meant for use cases in which public, private, or symmetric keys 1844 may be present, and that "use" and "key_ops" should not be used 1845 together. 1847 o Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis, 1848 addressing issue #90. 1850 -19 1852 o Added optional "use_details" (key use details) JWK member. 1854 o Reordered the key selection parameters. 1856 -18 1858 o Changes to address editorial and minor issues #68, #69, #73, #74, 1859 #76, #77, #78, #79, #82, #85, #89, and #135. 1861 o Added and used Description registry fields. 1863 -17 1865 o Refined the "typ" and "cty" definitions to always be MIME Media 1866 Types, with the omission of "application/" prefixes recommended 1867 for brevity, addressing issue #50. 1869 o Added an example encrypting an RSA private key with 1870 "PBES2-HS256+A128KW" and "A128CBC-HS256". Thanks to Matt Miller 1871 for producing this! 1873 o Processing rules occurring in both JWS and JWK are now referenced 1874 in JWS by JWK, rather than duplicated, addressing issue #57. 1876 o Terms used in multiple documents are now defined in one place and 1877 incorporated by reference. Some lightly used or obvious terms 1878 were also removed. This addresses issue #58. 1880 -16 1882 o Changes to address editorial and minor issues #41, #42, #43, #47, 1883 #51, #67, #71, #76, #80, #83, #84, #85, #86, #87, and #88. 1885 -15 1887 o Changes to address editorial issues #48, #64, #65, #66, and #91. 1889 -14 1891 o Relaxed language introducing key parameters since some parameters 1892 are applicable to multiple, but not all, key types. 1894 -13 1895 o Applied spelling and grammar corrections. 1897 -12 1899 o Stated that recipients MUST either reject JWKs and JWK Sets with 1900 duplicate member names or use a JSON parser that returns only the 1901 lexically last duplicate member name. 1903 -11 1905 o Stated that when "kid" values are used within a JWK Set, different 1906 keys within the JWK Set SHOULD use distinct "kid" values. 1908 o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate 1909 Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters. 1911 o Added section on Encrypted JWK and Encrypted JWK Set Formats. 1913 o Added a Parameter Information Class value to the JSON Web Key 1914 Parameters registry, which registers whether the parameter conveys 1915 public or private information. 1917 o Registered "application/jwk+json" and "application/jwk-set+json" 1918 MIME types and "JWK" and "JWK-SET" typ header parameter values, 1919 addressing issue #21. 1921 -10 1923 o No changes were made, other than to the version number and date. 1925 -09 1927 o Expanded the scope of the JWK specification to include private and 1928 symmetric key representations, as specified by 1929 draft-jones-jose-json-private-and-symmetric-key-00. 1931 o Defined that members that are not understood must be ignored. 1933 -08 1935 o Changed the name of the JWK key type parameter from "alg" to "kty" 1936 to enable use of "alg" to indicate the particular algorithm that 1937 the key is intended to be used with. 1939 o Clarified statements of the form "This member is OPTIONAL" to "Use 1940 of this member is OPTIONAL". 1942 o Referenced String Comparison Rules in JWS. 1944 o Added seriesInfo information to Internet Draft references. 1946 -07 1948 o Changed the name of the JWK RSA modulus parameter from "mod" to 1949 "n" and the name of the JWK RSA exponent parameter from "xpo" to 1950 "e", so that the identifiers are the same as those used in RFC 1951 3447. 1953 -06 1955 o Changed the name of the JWK RSA exponent parameter from "exp" to 1956 "xpo" so as to allow the potential use of the name "exp" for a 1957 future extension that might define an expiration parameter for 1958 keys. (The "exp" name is already used for this purpose in the JWT 1959 specification.) 1961 o Clarify that the "alg" (algorithm family) member is REQUIRED. 1963 o Correct an instance of "JWK" that should have been "JWK Set". 1965 o Applied changes made by the RFC Editor to RFC 6749's registry 1966 language to this specification. 1968 -05 1970 o Indented artwork elements to better distinguish them from the body 1971 text. 1973 -04 1975 o Refer to the registries as the primary sources of defined values 1976 and then secondarily reference the sections defining the initial 1977 contents of the registries. 1979 o Normatively reference XML DSIG 2.0 for its security 1980 considerations. 1982 o Added this language to Registration Templates: "This name is case 1983 sensitive. Names that match other registered names in a case 1984 insensitive manner SHOULD NOT be accepted." 1986 o Described additional open issues. 1988 o Applied editorial suggestions. 1990 -03 1992 o Clarified that "kid" values need not be unique within a JWK Set. 1994 o Moved JSON Web Key Parameters registry to the JWK specification. 1996 o Added "Collision Resistant Namespace" to the terminology section. 1998 o Changed registration requirements from RFC Required to 1999 Specification Required with Expert Review. 2001 o Added Registration Template sections for defined registries. 2003 o Added Registry Contents sections to populate registry values. 2005 o Numerous editorial improvements. 2007 -02 2009 o Simplified JWK terminology to get replace the "JWK Key Object" and 2010 "JWK Container Object" terms with simply "JSON Web Key (JWK)" and 2011 "JSON Web Key Set (JWK Set)" and to eliminate potential confusion 2012 between single keys and sets of keys. As part of this change, the 2013 top-level member name for a set of keys was changed from "jwk" to 2014 "keys". 2016 o Clarified that values with duplicate member names MUST be 2017 rejected. 2019 o Established JSON Web Key Set Parameters registry. 2021 o Explicitly listed non-goals in the introduction. 2023 o Moved algorithm-specific definitions from JWK to JWA. 2025 o Reformatted to give each member definition its own section 2026 heading. 2028 -01 2030 o Corrected the Magic Signatures reference. 2032 -00 2034 o Created the initial IETF draft based upon 2035 draft-jones-json-web-key-03 with no normative changes. 2037 Author's Address 2039 Michael B. Jones 2040 Microsoft 2042 Email: mbj@microsoft.com 2043 URI: http://self-issued.info/