idnits 2.17.1 draft-ietf-jose-json-web-key-36.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 24, 2014) is 3469 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ECMAScript' -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.X690.1994' ** Obsolete normative reference: RFC 2818 (Obsoleted by RFC 9110) ** Downref: Normative reference to an Informational RFC: RFC 4949 ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 6125 (Obsoleted by RFC 9525) ** Obsolete normative reference: RFC 7159 (Obsoleted by RFC 8259) -- Obsolete informational reference (is this intentional?): RFC 3447 (Obsoleted by RFC 8017) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 5 errors (**), 0 flaws (~~), 1 warning (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 JOSE Working Group M. Jones 3 Internet-Draft Microsoft 4 Intended status: Standards Track October 24, 2014 5 Expires: April 27, 2015 7 JSON Web Key (JWK) 8 draft-ietf-jose-json-web-key-36 10 Abstract 12 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data 13 structure that represents a cryptographic key. This specification 14 also defines a JSON Web Key Set (JWK Set) JSON data structure that 15 represents a set of JWKs. Cryptographic algorithms and identifiers 16 for use with this specification are described in the separate JSON 17 Web Algorithms (JWA) specification and IANA registries defined by 18 that specification. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on April 27, 2015. 37 Copyright Notice 39 Copyright (c) 2014 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 4 56 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. Example JWK . . . . . . . . . . . . . . . . . . . . . . . . . 5 58 4. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 5 59 4.1. "kty" (Key Type) Parameter . . . . . . . . . . . . . . . . 6 60 4.2. "use" (Public Key Use) Parameter . . . . . . . . . . . . . 6 61 4.3. "key_ops" (Key Operations) Parameter . . . . . . . . . . . 7 62 4.4. "alg" (Algorithm) Parameter . . . . . . . . . . . . . . . 8 63 4.5. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 8 64 4.6. "x5u" (X.509 URL) Parameter . . . . . . . . . . . . . . . 8 65 4.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 9 66 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 9 67 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) 68 Parameter . . . . . . . . . . . . . . . . . . . . . . . . 10 69 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 10 70 5.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 10 71 6. String Comparison Rules . . . . . . . . . . . . . . . . . . . 11 72 7. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 11 73 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 74 8.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 13 75 8.1.1. Registration Template . . . . . . . . . . . . . . . . 13 76 8.1.2. Initial Registry Contents . . . . . . . . . . . . . . 14 77 8.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 15 78 8.2.1. Registration Template . . . . . . . . . . . . . . . . 15 79 8.2.2. Initial Registry Contents . . . . . . . . . . . . . . 16 80 8.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 16 81 8.3.1. Registration Template . . . . . . . . . . . . . . . . 16 82 8.3.2. Initial Registry Contents . . . . . . . . . . . . . . 17 83 8.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 18 84 8.4.1. Registration Template . . . . . . . . . . . . . . . . 18 85 8.4.2. Initial Registry Contents . . . . . . . . . . . . . . 19 86 8.5. Media Type Registration . . . . . . . . . . . . . . . . . 19 87 8.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 19 88 9. Security Considerations . . . . . . . . . . . . . . . . . . . 20 89 9.1. Key Provenance and Trust . . . . . . . . . . . . . . . . . 20 90 9.2. Preventing Disclosure of Non-Public Key Information . . . 20 91 9.3. RSA Private Key Representations and Blinding . . . . . . . 21 92 9.4. Key Entropy and Random Values . . . . . . . . . . . . . . 21 93 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21 94 10.1. Normative References . . . . . . . . . . . . . . . . . . . 21 95 10.2. Informative References . . . . . . . . . . . . . . . . . . 23 97 Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 24 98 A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 24 99 A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 24 100 A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 26 101 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) 102 Parameter . . . . . . . . . . . . . . . . . . . . . . 26 103 Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 27 104 C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 28 105 C.2. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . 31 106 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 31 107 C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 32 108 C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 32 109 C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 32 110 C.7. Additional Authenticated Data . . . . . . . . . . . . . . 33 111 C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 33 112 C.9. Complete Representation . . . . . . . . . . . . . . . . . 36 113 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 37 114 Appendix E. Document History . . . . . . . . . . . . . . . . . . 38 115 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 45 117 1. Introduction 119 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7159] 120 data structure that represents a cryptographic key. This 121 specification also defines a JSON Web Key Set (JWK Set) JSON data 122 structure that represents a set of JWKs. Cryptographic algorithms 123 and identifiers for use with this specification are described in the 124 separate JSON Web Algorithms (JWA) [JWA] specification and IANA 125 registries defined by that specification. 127 Goals for this specification do not include representing new kinds of 128 certificate chains, representing new kinds of certified keys, or 129 replacing X.509 certificates. 131 JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and 132 JSON Web Encryption (JWE) [JWE] specifications. 134 Names defined by this specification are short because a core goal is 135 for the resulting representations to be compact. 137 1.1. Notational Conventions 139 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 140 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 141 "OPTIONAL" in this document are to be interpreted as described in Key 142 words for use in RFCs to Indicate Requirement Levels [RFC2119]. If 143 these words are used without being spelled in uppercase then they are 144 to be interpreted with their normal natural language meanings. 146 BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per 147 Section 2 of [JWS]. 149 UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation 150 of STRING. 152 ASCII(STRING) denotes the octets of the ASCII [RFC20] representation 153 of STRING. 155 The concatenation of two values A and B is denoted as A || B. 157 2. Terminology 159 These terms defined by the JSON Web Signature (JWS) [JWS] 160 specification are incorporated into this specification: "Base64url 161 Encoding", "Collision-Resistant Name", "Header Parameter", and "JOSE 162 Header". 164 These terms defined by the Internet Security Glossary, Version 2 165 [RFC4949] are incorporated into this specification: "Ciphertext", 166 "Digital Signature", "Message Authentication Code (MAC)", and 167 "Plaintext". 169 These terms are defined by this specification: 171 JSON Web Key (JWK) 172 A JSON object that represents a cryptographic key. The members of 173 the object represent properties of the key, including its value. 175 JSON Web Key Set (JWK Set) 176 A JSON object that represents a set of JWKs. The JSON object MUST 177 have a "keys" member, which is an array of JWK objects. 179 3. Example JWK 181 This section provides an example of a JWK. The following example JWK 182 declares that the key is an Elliptic Curve [DSS] key, it is used with 183 the P-256 Elliptic Curve, and its x and y coordinates are the 184 base64url encoded values shown. A key identifier is also provided 185 for the key. 187 {"kty":"EC", 188 "crv":"P-256", 189 "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", 190 "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", 191 "kid":"Public key used in JWS A.3 example" 192 } 194 Additional example JWK values can be found in Appendix A. 196 4. JSON Web Key (JWK) Format 198 A JSON Web Key (JWK) is a JSON object that represents a cryptographic 199 key. The members of the object represent properties of the key, 200 including its value. This JSON object MAY contain white space and/or 201 line breaks before or after any JSON values or structural characters, 202 in accordance with Section 2 of RFC 7159 [RFC7159]. This document 203 defines the key parameters that are not algorithm specific, and thus 204 common to many keys. 206 In addition to the common parameters, each JWK will have members that 207 are key type-specific. These members represent the parameters of the 208 key. Section 6 of the JSON Web Algorithms (JWA) [JWA] specification 209 defines multiple kinds of cryptographic keys and their associated 210 members. 212 The member names within a JWK MUST be unique; JWK parsers MUST either 213 reject JWKs with duplicate member names or use a JSON parser that 214 returns only the lexically last duplicate member name, as specified 215 in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. 217 Additional members can be present in the JWK; if not understood by 218 implementations encountering them, they MUST be ignored. Member 219 names used for representing key parameters for different keys types 220 need not be distinct. Any new member name should either be 221 registered in the IANA JSON Web Key Parameters registry defined in 222 Section 8.1 or be a value that contains a Collision-Resistant Name. 224 4.1. "kty" (Key Type) Parameter 226 The "kty" (key type) member identifies the cryptographic algorithm 227 family used with the key, such as "RSA" or "EC". "kty" values should 228 either be registered in the IANA JSON Web Key Types registry defined 229 in [JWA] or be a value that contains a Collision-Resistant Name. The 230 "kty" value is a case-sensitive string. This member MUST be present 231 in a JWK. 233 A list of defined "kty" values can be found in the IANA JSON Web Key 234 Types registry defined in [JWA]; the initial contents of this 235 registry are the values defined in Section 6.1 of the JSON Web 236 Algorithms (JWA) [JWA] specification. 238 The key type definitions include specification of the members to be 239 used for those key types. Additional members used with "kty" values 240 can also be found in the IANA JSON Web Key Parameters registry 241 defined in Section 8.1. 243 4.2. "use" (Public Key Use) Parameter 245 The "use" (public key use) member identifies the intended use of the 246 public key. The "use" parameter is employed to indicate whether a 247 public key is used for encrypting data or verifying the signature on 248 data. 250 Values defined by this specification are: 252 o "sig" (signature) 253 o "enc" (encryption) 255 Other values MAY be used. The "use" value is a case-sensitive 256 string. Use of the "use" member is OPTIONAL, unless the application 257 requires its presence. 259 When a key is used to wrap another key and a Public Key Use 260 designation for the first key is desired, the "enc" (encryption) key 261 use value is used, since key wrapping is a kind of encryption. The 262 "enc" value is also be used for public keys used for key agreement 263 operations. 265 Additional Public Key Use values can be registered in the IANA JSON 266 Web Key Use registry defined in Section 8.2. Registering any 267 extension values used is highly recommended when this specification 268 is used in open environments, in which multiple organizations need to 269 have a common understanding of any extensions used. However, 270 unregistered extension values can be used in closed environments, in 271 which the producing and consuming organization will always be the 272 same. 274 4.3. "key_ops" (Key Operations) Parameter 276 The "key_ops" (key operations) member identifies the operation(s) 277 that the key is intended to be used for. The "key_ops" parameter is 278 intended for use cases in which public, private, or symmetric keys 279 may be present. 281 Its value is an array of key operation values. Values defined by 282 this specification are: 284 o "sign" (compute digital signature or MAC) 285 o "verify" (verify digital signature or MAC) 286 o "encrypt" (encrypt content) 287 o "decrypt" (decrypt content and validate decryption, if applicable) 288 o "wrapKey" (encrypt key) 289 o "unwrapKey" (decrypt key and validate decryption, if applicable) 290 o "deriveKey" (derive key) 291 o "deriveBits" (derive bits not to be used as a key) 293 (Note that the "key_ops" values intentionally match the "KeyUsage" 294 values defined in the Web Cryptography API [WebCrypto] 295 specification.) 297 Other values MAY be used. The key operation values are case- 298 sensitive strings. Duplicate key operation values MUST NOT be 299 present in the array. Use of the "key_ops" member is OPTIONAL, 300 unless the application requires its presence. 302 Multiple unrelated key operations SHOULD NOT be specified for a key 303 because of the potential vulnerabilities associated with using the 304 same key with multiple algorithms. Thus, the combinations "sign" 305 with "verify", "encrypt" with "decrypt", and "wrapKey" with 306 "unwrapKey" are permitted, but other combinations SHOULD NOT be used. 308 Additional Key Operations values can be registered in the IANA JSON 309 Web Key Operations registry defined in Section 8.3. The same 310 considerations about registering extension values apply to the 311 "key_ops" member as do for the "use" member. 313 The "use" and "key_ops" JWK members SHOULD NOT be used together; 314 however, if both are used, the information they convey MUST be 315 consistent. Applications should specify which of these members they 316 use, if either is to be used by the application. 318 4.4. "alg" (Algorithm) Parameter 320 The "alg" (algorithm) member identifies the algorithm intended for 321 use with the key. The values used should either be registered in the 322 IANA JSON Web Signature and Encryption Algorithms registry defined in 323 [JWA] or be a value that contains a Collision-Resistant Name. Use of 324 this member is OPTIONAL. 326 4.5. "kid" (Key ID) Parameter 328 The "kid" (key ID) member is used to match a specific key. This is 329 used, for instance, to choose among a set of keys within a JWK Set 330 during key rollover. The structure of the "kid" value is 331 unspecified. When "kid" values are used within a JWK Set, different 332 keys within the JWK Set SHOULD use distinct "kid" values. (One 333 example in which different keys might use the same "kid" value is if 334 they have different "kty" (key type) values but are considered to be 335 equivalent alternatives by the application using them.) The "kid" 336 value is a case-sensitive string. Use of this member is OPTIONAL. 338 When used with JWS or JWE, the "kid" value is used to match a JWS or 339 JWE "kid" Header Parameter value. 341 4.6. "x5u" (X.509 URL) Parameter 343 The "x5u" (X.509 URL) member is a URI [RFC3986] that refers to a 344 resource for an X.509 public key certificate or certificate chain 345 [RFC5280]. The identified resource MUST provide a representation of 346 the certificate or certificate chain that conforms to RFC 5280 347 [RFC5280] in PEM encoded form, with each certificate delimited as 348 specified in Section 6.1 of RFC 4945 [RFC4945]. The key in the first 349 certificate MUST match the public key represented by other members of 350 the JWK. The protocol used to acquire the resource MUST provide 351 integrity protection; an HTTP GET request to retrieve the certificate 352 MUST use TLS [RFC2818, RFC5246]; the identity of the server MUST be 353 validated, as per Section 6 of RFC 6125 [RFC6125]. Use of this 354 member is OPTIONAL. 356 While there is no requirement that optional JWK members providing key 357 usage, algorithm, or other information be present when the "x5u" 358 member is used, doing so may improve interoperability for 359 applications that do not handle PKIX certificates. If other members 360 are present, the contents of those members MUST be semantically 361 consistent with the related fields in the first certificate. For 362 instance, if the "use" member is present, then it MUST correspond to 363 the usage that is specified in the certificate, when it includes this 364 information. Similarly, if the "alg" member is present, it MUST 365 correspond to the algorithm specified in the certificate. 367 4.7. "x5c" (X.509 Certificate Chain) Parameter 369 The "x5c" (X.509 Certificate Chain) member contains a chain of one or 370 more PKIX certificates [RFC5280]. The certificate chain is 371 represented as a JSON array of certificate value strings. Each 372 string in the array is a base64 encoded ([RFC4648] Section 4 -- not 373 base64url encoded) DER [ITU.X690.1994] PKIX certificate value. The 374 PKIX certificate containing the key value MUST be the first 375 certificate. This MAY be followed by additional certificates, with 376 each subsequent certificate being the one used to certify the 377 previous one. The key in the first certificate MUST match the public 378 key represented by other members of the JWK. Use of this member is 379 OPTIONAL. 381 As with the "x5u" member, optional JWK members providing key usage, 382 algorithm, or other information MAY also be present when the "x5c" 383 member is used. If other members are present, the contents of those 384 members MUST be semantically consistent with the related fields in 385 the first certificate. See the last paragraph of Section 4.6 for 386 additional guidance on this. 388 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter 390 The "x5t" (X.509 Certificate SHA-1 Thumbprint) member is a base64url 391 encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an 392 X.509 certificate [RFC5280]. Note that certificate thumbprints are 393 also sometimes known as certificate fingerprints. The key in the 394 certificate MUST match the public key represented by other members of 395 the JWK. Use of this member is OPTIONAL. 397 As with the "x5u" member, optional JWK members providing key usage, 398 algorithm, or other information MAY also be present when the "x5t" 399 member is used. If other members are present, the contents of those 400 members MUST be semantically consistent with the related fields in 401 the referenced certificate. See the last paragraph of Section 4.6 402 for additional guidance on this. 404 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter 406 The "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) member is a 407 base64url encoded SHA-256 thumbprint (a.k.a. digest) of the DER 408 encoding of an X.509 certificate [RFC5280]. Note that certificate 409 thumbprints are also sometimes known as certificate fingerprints. 410 The key in the certificate MUST match the public key represented by 411 other members of the JWK. Use of this member is OPTIONAL. 413 As with the "x5u" member, optional JWK members providing key usage, 414 algorithm, or other information MAY also be present when the 415 "x5t#S256" member is used. If other members are present, the 416 contents of those members MUST be semantically consistent with the 417 related fields in the referenced certificate. See the last paragraph 418 of Section 4.6 for additional guidance on this. 420 5. JSON Web Key Set (JWK Set) Format 422 A JSON Web Key Set (JWK Set) is a JSON object that represents a set 423 of JWKs. The JSON object MUST have a "keys" member, with its value 424 being an array of JWK objects. This JSON object MAY contain white 425 space and/or line breaks. 427 The member names within a JWK Set MUST be unique; JWK Set parsers 428 MUST either reject JWK Sets with duplicate member names or use a JSON 429 parser that returns only the lexically last duplicate member name, as 430 specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 431 [ECMAScript]. 433 Additional members can be present in the JWK Set; if not understood 434 by implementations encountering them, they MUST be ignored. 435 Parameters for representing additional properties of JWK Sets should 436 either be registered in the IANA JSON Web Key Set Parameters registry 437 defined in Section 8.4 or be a value that contains a Collision- 438 Resistant Name. 440 Implementations SHOULD ignore JWKs within a JWK Set that use "kty" 441 (key type) values that are not understood by them, are missing 442 required members, or for which values are out of the supported 443 ranges. 445 5.1. "keys" Parameter 447 The value of the "keys" member is an array of JWK values. By 448 default, the order of the JWK values within the array does not imply 449 an order of preference among them, although applications of JWK Sets 450 can choose to assign a meaning to the order for their purposes, if 451 desired. 453 6. String Comparison Rules 455 The string comparison rules for this specification are the same as 456 those defined in Section 5.3 of [JWS]. 458 7. Encrypted JWK and Encrypted JWK Set Formats 460 Access to JWKs containing non-public key material by parties without 461 legitimate access to the non-public information MUST be prevented. 462 This can be accomplished by encrypting the JWK when potentially 463 observable by such parties to prevent the disclosure of private or 464 symmetric key values. The use of an Encrypted JWK, which is a JWE 465 with the UTF-8 encoding of a JWK as its plaintext value, is 466 recommended for this purpose. The processing of Encrypted JWKs is 467 identical to the processing of other JWEs. A "cty" (content type) 468 Header Parameter value of "jwk+json" MUST be used to indicate that 469 the content of the JWE is a JWK, unless the application knows that 470 the encrypted content is a JWK by another means or convention, in 471 which case the "cty" value would typically be omitted. 473 JWK Sets containing non-public key material will also need to be 474 encrypted under these circumstances. The use of an Encrypted JWK 475 Set, which is a JWE with the UTF-8 encoding of a JWK Set as its 476 plaintext value, is recommended for this purpose. The processing of 477 Encrypted JWK Sets is identical to the processing of other JWEs. A 478 "cty" (content type) Header Parameter value of "jwk-set+json" MUST be 479 used to indicate that the content of the JWE is a JWK Set, unless the 480 application knows that the encrypted content is a JWK Set by another 481 means or convention, in which case the "cty" value would typically be 482 omitted. 484 See Appendix C for an example encrypted JWK. 486 8. IANA Considerations 488 The following registration procedure is used for all the registries 489 established by this specification. 491 Values are registered on a Specification Required [RFC5226] basis 492 after a three-week review period on the jose-reg-review@ietf.org 493 mailing list, on the advice of one or more Designated Experts. 494 However, to allow for the allocation of values prior to publication, 495 the Designated Expert(s) may approve registration once they are 496 satisfied that such a specification will be published. 498 Registration requests must be sent to the jose-reg-review@ietf.org 499 mailing list for review and comment, with an appropriate subject 500 (e.g., "Request for access token type: example"). 502 Within the review period, the Designated Expert(s) will either 503 approve or deny the registration request, communicating this decision 504 to the review list and IANA. Denials should include an explanation 505 and, if applicable, suggestions as to how to make the request 506 successful. Registration requests that are undetermined for a period 507 longer than 21 days can be brought to the IESG's attention (using the 508 iesg@ietf.org mailing list) for resolution. 510 Criteria that should be applied by the Designated Expert(s) includes 511 determining whether the proposed registration duplicates existing 512 functionality, determining whether it is likely to be of general 513 applicability or whether it is useful only for a single application, 514 and whether the registration description is clear. 516 IANA must only accept registry updates from the Designated Expert(s) 517 and should direct all requests for registration to the review mailing 518 list. 520 It is suggested that multiple Designated Experts be appointed who are 521 able to represent the perspectives of different applications using 522 this specification, in order to enable broadly-informed review of 523 registration decisions. In cases where a registration decision could 524 be perceived as creating a conflict of interest for a particular 525 Expert, that Expert should defer to the judgment of the other 526 Expert(s). 528 [[ Note to the RFC Editor and IANA: Pearl Liang of ICANN had 529 requested that the draft supply the following proposed registry 530 description information. It is to be used for all registries 531 established by this specification. 533 o Protocol Category: JSON Object Signing and Encryption (JOSE) 535 o Registry Location: http://www.iana.org/assignments/jose 537 o Webpage Title: (same as the protocol category) 539 o Registry Name: (same as the section title, but excluding the word 540 "Registry", for example "JSON Web Key Parameters") 542 ]] 544 8.1. JSON Web Key Parameters Registry 546 This specification establishes the IANA JSON Web Key Parameters 547 registry for JWK parameter names. The registry records the parameter 548 name, the key type(s) that the parameter is used with, and a 549 reference to the specification that defines it. It also records 550 whether the parameter conveys public or private information. This 551 specification registers the parameter names defined in Section 4. 552 The same JWK parameter name may be registered multiple times, 553 provided that duplicate parameter registrations are only for key type 554 specific JWK parameters; in this case, the meaning of the duplicate 555 parameter name is disambiguated by the "kty" value of the JWK 556 containing it. 558 8.1.1. Registration Template 560 Parameter Name: 561 The name requested (e.g., "kid"). Because a core goal of this 562 specification is for the resulting representations to be compact, 563 it is RECOMMENDED that the name be short -- not to exceed 8 564 characters without a compelling reason to do so. This name is 565 case-sensitive. Names may not match other registered names in a 566 case-insensitive manner unless the Designated Expert(s) state that 567 there is a compelling reason to allow an exception in this 568 particular case. However, matching names may be registered, 569 provided that the accompanying sets of "kty" values that the 570 Parameter Name is used with are disjoint; for the purposes of 571 matching "kty" values, "*" matches all values. 573 Parameter Description: 574 Brief description of the parameter (e.g., "Key ID"). 576 Used with "kty" Value(s): 577 The key type parameter value(s) that the parameter name is to be 578 used with, or the value "*" if the parameter value is used with 579 all key types. Values may not match other registered "kty" values 580 in a case-insensitive manner when the registered Parameter Name is 581 the same (including when the Parameter Name matches in a case- 582 insensitive manner) unless the Designated Expert(s) state that 583 there is a compelling reason to allow an exception in this 584 particular case. 586 Parameter Information Class: 587 Registers whether the parameter conveys public or private 588 information. Its value must be one the words Public or Private. 590 Change Controller: 591 For Standards Track RFCs, state "IESG". For others, give the name 592 of the responsible party. Other details (e.g., postal address, 593 email address, home page URI) may also be included. 595 Specification Document(s): 596 Reference to the document(s) that specify the parameter, 597 preferably including URI(s) that can be used to retrieve copies of 598 the document(s). An indication of the relevant sections may also 599 be included but is not required. 601 8.1.2. Initial Registry Contents 603 o Parameter Name: "kty" 604 o Parameter Description: Key Type 605 o Used with "kty" Value(s): * 606 o Parameter Information Class: Public 607 o Change Controller: IESG 608 o Specification Document(s): Section 4.1 of [[ this document ]] 610 o Parameter Name: "use" 611 o Parameter Description: Public Key Use 612 o Used with "kty" Value(s): * 613 o Parameter Information Class: Public 614 o Change Controller: IESG 615 o Specification Document(s): Section 4.2 of [[ this document ]] 617 o Parameter Name: "key_ops" 618 o Parameter Description: Key Operations 619 o Used with "kty" Value(s): * 620 o Parameter Information Class: Public 621 o Change Controller: IESG 622 o Specification Document(s): Section 4.3 of [[ this document ]] 624 o Parameter Name: "alg" 625 o Parameter Description: Algorithm 626 o Used with "kty" Value(s): * 627 o Parameter Information Class: Public 628 o Change Controller: IESG 629 o Specification Document(s): Section 4.4 of [[ this document ]] 631 o Parameter Name: "kid" 632 o Parameter Description: Key ID 633 o Used with "kty" Value(s): * 634 o Parameter Information Class: Public 635 o Change Controller: IESG 636 o Specification Document(s): Section 4.5 of [[ this document ]] 638 o Parameter Name: "x5u" 639 o Parameter Description: X.509 URL 640 o Used with "kty" Value(s): * 641 o Parameter Information Class: Public 642 o Change Controller: IESG 643 o Specification Document(s): Section 4.6 of [[ this document ]] 645 o Parameter Name: "x5c" 646 o Parameter Description: X.509 Certificate Chain 647 o Used with "kty" Value(s): * 648 o Parameter Information Class: Public 649 o Change Controller: IESG 650 o Specification Document(s): Section 4.7 of [[ this document ]] 652 o Parameter Name: "x5t" 653 o Parameter Description: X.509 Certificate SHA-1 Thumbprint 654 o Used with "kty" Value(s): * 655 o Parameter Information Class: Public 656 o Change Controller: IESG 657 o Specification Document(s): Section 4.8 of [[ this document ]] 659 o Parameter Name: "x5t#S256" 660 o Parameter Description: X.509 Certificate SHA-256 Thumbprint 661 o Used with "kty" Value(s): * 662 o Parameter Information Class: Public 663 o Change Controller: IESG 664 o Specification Document(s): Section 4.9 of [[ this document ]] 666 8.2. JSON Web Key Use Registry 668 This specification establishes the IANA JSON Web Key Use registry for 669 JWK "use" (public key use) member values. The registry records the 670 public key use value and a reference to the specification that 671 defines it. This specification registers the parameter names defined 672 in Section 4.2. 674 8.2.1. Registration Template 676 Use Member Value: 677 The name requested (e.g., "sig"). Because a core goal of this 678 specification is for the resulting representations to be compact, 679 it is RECOMMENDED that the name be short -- not to exceed 8 680 characters without a compelling reason to do so. This name is 681 case-sensitive. Names may not match other registered names in a 682 case-insensitive manner unless the Designated Expert(s) state that 683 there is a compelling reason to allow an exception in this 684 particular case. 686 Use Description: 687 Brief description of the use (e.g., "Digital Signature or MAC"). 689 Change Controller: 690 For Standards Track RFCs, state "IESG". For others, give the name 691 of the responsible party. Other details (e.g., postal address, 692 email address, home page URI) may also be included. 694 Specification Document(s): 695 Reference to the document(s) that specify the parameter, 696 preferably including URI(s) that can be used to retrieve copies of 697 the document(s). An indication of the relevant sections may also 698 be included but is not required. 700 8.2.2. Initial Registry Contents 702 o Use Member Value: "sig" 703 o Use Description: Digital Signature or MAC 704 o Change Controller: IESG 705 o Specification Document(s): Section 4.2 of [[ this document ]] 707 o Use Member Value: "enc" 708 o Use Description: Encryption 709 o Change Controller: IESG 710 o Specification Document(s): Section 4.2 of [[ this document ]] 712 8.3. JSON Web Key Operations Registry 714 This specification establishes the IANA JSON Web Key Operations 715 registry for values of JWK "key_ops" array elements. The registry 716 records the key operation value and a reference to the specification 717 that defines it. This specification registers the parameter names 718 defined in Section 4.3. 720 8.3.1. Registration Template 722 Key Operation Value: 723 The name requested (e.g., "sign"). Because a core goal of this 724 specification is for the resulting representations to be compact, 725 it is RECOMMENDED that the name be short -- not to exceed 8 726 characters without a compelling reason to do so. This name is 727 case-sensitive. Names may not match other registered names in a 728 case-insensitive manner unless the Designated Expert(s) state that 729 there is a compelling reason to allow an exception in this 730 particular case. 732 Key Operation Description: 733 Brief description of the key operation (e.g., "Compute digital 734 signature or MAC"). 736 Change Controller: 737 For Standards Track RFCs, state "IESG". For others, give the name 738 of the responsible party. Other details (e.g., postal address, 739 email address, home page URI) may also be included. 741 Specification Document(s): 742 Reference to the document(s) that specify the parameter, 743 preferably including URI(s) that can be used to retrieve copies of 744 the document(s). An indication of the relevant sections may also 745 be included but is not required. 747 8.3.2. Initial Registry Contents 749 o Key Operation Value: "sign" 750 o Key Operation Description: Compute digital signature or MAC 751 o Change Controller: IESG 752 o Specification Document(s): Section 4.3 of [[ this document ]] 754 o Key Operation Value: "verify" 755 o Key Operation Description: Verify digital signature or MAC 756 o Change Controller: IESG 757 o Specification Document(s): Section 4.3 of [[ this document ]] 759 o Key Operation Value: "encrypt" 760 o Key Operation Description: Encrypt content 761 o Change Controller: IESG 762 o Specification Document(s): Section 4.3 of [[ this document ]] 764 o Key Operation Value: "decrypt" 765 o Key Operation Description: Decrypt content and validate 766 decryption, if applicable 767 o Change Controller: IESG 768 o Specification Document(s): Section 4.3 of [[ this document ]] 770 o Key Operation Value: "wrapKey" 771 o Key Operation Description: Encrypt key 772 o Change Controller: IESG 773 o Specification Document(s): Section 4.3 of [[ this document ]] 775 o Key Operation Value: "unwrapKey" 776 o Key Operation Description: Decrypt key and validate decryption, if 777 applicable 779 o Change Controller: IESG 780 o Specification Document(s): Section 4.3 of [[ this document ]] 782 o Key Operation Value: "deriveKey" 783 o Key Operation Description: Derive key 784 o Change Controller: IESG 785 o Specification Document(s): Section 4.3 of [[ this document ]] 787 o Key Operation Value: "deriveBits" 788 o Key Operation Description: Derive bits not to be used as a key 789 o Change Controller: IESG 790 o Specification Document(s): Section 4.3 of [[ this document ]] 792 8.4. JSON Web Key Set Parameters Registry 794 This specification establishes the IANA JSON Web Key Set Parameters 795 registry for JWK Set parameter names. The registry records the 796 parameter name and a reference to the specification that defines it. 797 This specification registers the parameter names defined in 798 Section 5. 800 8.4.1. Registration Template 802 Parameter Name: 803 The name requested (e.g., "keys"). Because a core goal of this 804 specification is for the resulting representations to be compact, 805 it is RECOMMENDED that the name be short -- not to exceed 8 806 characters without a compelling reason to do so. This name is 807 case-sensitive. Names may not match other registered names in a 808 case-insensitive manner unless the Designated Expert(s) state that 809 there is a compelling reason to allow an exception in this 810 particular case. 812 Parameter Description: 813 Brief description of the parameter (e.g., "Array of JWK values"). 815 Change Controller: 816 For Standards Track RFCs, state "IESG". For others, give the name 817 of the responsible party. Other details (e.g., postal address, 818 email address, home page URI) may also be included. 820 Specification Document(s): 821 Reference to the document(s) that specify the parameter, 822 preferably including URI(s) that can be used to retrieve copies of 823 the document(s). An indication of the relevant sections may also 824 be included but is not required. 826 8.4.2. Initial Registry Contents 828 o Parameter Name: "keys" 829 o Parameter Description: Array of JWK values 830 o Change Controller: IESG 831 o Specification Document(s): Section 5.1 of [[ this document ]] 833 8.5. Media Type Registration 835 8.5.1. Registry Contents 837 This specification registers the "application/jwk+json" and 838 "application/jwk-set+json" Media Types [RFC2046] in the MIME Media 839 Types registry [IANA.MediaTypes] in the manner described in RFC 6838 840 [RFC6838], which can be used to indicate, respectively, that the 841 content is a JWK or a JWK Set. 843 o Type Name: application 844 o Subtype Name: jwk+json 845 o Required Parameters: n/a 846 o Optional Parameters: n/a 847 o Encoding considerations: 8bit; application/jwk+json values are 848 represented as JSON object; UTF-8 encoding SHOULD be employed for 849 the JSON object. 850 o Security Considerations: See the Security Considerations section 851 of [[ this document ]] 852 o Interoperability Considerations: n/a 853 o Published Specification: [[ this document ]] 854 o Applications that use this media type: OpenID Connect, Salesforce, 855 Google, Android, Windows Azure, W3C WebCrypto API, numerous others 856 o Fragment identifier considerations: n/a 857 o Additional Information: Magic number(s): n/a, File extension(s): 858 n/a, Macintosh file type code(s): n/a 859 o Person & email address to contact for further information: Michael 860 B. Jones, mbj@microsoft.com 861 o Intended Usage: COMMON 862 o Restrictions on Usage: none 863 o Author: Michael B. Jones, mbj@microsoft.com 864 o Change Controller: IESG 865 o Provisional registration? No 867 o Type Name: application 868 o Subtype Name: jwk-set+json 869 o Required Parameters: n/a 870 o Optional Parameters: n/a 871 o Encoding considerations: 8bit; application/jwk-set+json values are 872 represented as a JSON Object; UTF-8 encoding SHOULD be employed 873 for the JSON object. 875 o Security Considerations: See the Security Considerations section 876 of [[ this document ]] 877 o Interoperability Considerations: n/a 878 o Published Specification: [[ this document ]] 879 o Applications that use this media type: OpenID Connect, Salesforce, 880 Google, Android, Windows Azure, W3C WebCrypto API, numerous others 881 o Fragment identifier considerations: n/a 882 o Additional Information: Magic number(s): n/a, File extension(s): 883 n/a, Macintosh file type code(s): n/a 884 o Person & email address to contact for further information: Michael 885 B. Jones, mbj@microsoft.com 886 o Intended Usage: COMMON 887 o Restrictions on Usage: none 888 o Author: Michael B. Jones, mbj@microsoft.com 889 o Change Controller: IESG 890 o Provisional registration? No 892 9. Security Considerations 894 All of the security issues that are pertinent to any cryptographic 895 application must be addressed by JWS/JWE/JWK agents. Among these 896 issues are protecting the user's asymmetric private and symmetric 897 secret keys and employing countermeasures to various attacks. 899 9.1. Key Provenance and Trust 901 One should place no more trust in the data cryptographically secured 902 by a key than in the method by which it was obtained and in the 903 trustworthiness of the entity asserting an association with the key. 904 Any data associated with a key that is obtained in an untrusted 905 manner should be treated with skepticism. See Section 10.3 of [JWS] 906 for security considerations on key origin authentication. 908 The security considerations in Section 12.3 of XML DSIG 2.0 909 [W3C.NOTE-xmldsig-core2-20130411] about the strength of a digital 910 signature depending upon all the links in the security chain also 911 apply to this specification. 913 The TLS Requirements in Section 8 of [JWS] also apply to this 914 specification. 916 9.2. Preventing Disclosure of Non-Public Key Information 918 Private and symmetric keys MUST be protected from disclosure to 919 unintended parties. One recommended means of doing so is to encrypt 920 JWKs or JWK Sets containing them by using the JWK or JWK Set value as 921 the plaintext of a JWE. Of course, this requires that there be a 922 secure way to obtain the key used to encrypt the non-public key 923 information to the intended party and a secure way for that party to 924 obtain the corresponding decryption key. 926 The security considerations in RFC 3447 [RFC3447] and RFC 6030 927 [RFC6030] about protecting private and symmetric keys, key usage, and 928 information leakage also apply to this specification. 930 9.3. RSA Private Key Representations and Blinding 932 The RSA Key blinding operation [Kocher], which is a defense against 933 some timing attacks, requires all of the RSA key values "n", "e", and 934 "d". However, some RSA private key representations do not include 935 the public exponent "e", but only include the modulus "n" and the 936 private exponent "d". This is true, for instance, of the Java 937 RSAPrivateKeySpec API, which does not include the public exponent "e" 938 as a parameter. So as to enable RSA key blinding, such 939 representations should be avoided. For Java, the 940 RSAPrivateCrtKeySpec API can be used instead. Section 8.2.2(i) of 941 the Handbook of Applied Cryptography [HAC] discusses how to compute 942 the remaining RSA private key parameters, if needed, using only "n", 943 "e", and "d". 945 9.4. Key Entropy and Random Values 947 See Section 10.1 of [JWS] for security considerations on key entropy 948 and random values. 950 10. References 952 10.1. Normative References 954 [ECMAScript] 955 Ecma International, "ECMAScript Language Specification, 956 5.1 Edition", ECMA 262, June 2011. 958 [IANA.MediaTypes] 959 Internet Assigned Numbers Authority (IANA), "MIME Media 960 Types", 2005. 962 [ITU.X690.1994] 963 International Telecommunications Union, "Information 964 Technology - ASN.1 encoding rules: Specification of Basic 965 Encoding Rules (BER), Canonical Encoding Rules (CER) and 966 Distinguished Encoding Rules (DER)", ITU-T Recommendation 967 X.690, 1994. 969 [JWA] Jones, M., "JSON Web Algorithms (JWA)", 970 draft-ietf-jose-json-web-algorithms (work in progress), 971 October 2014. 973 [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", 974 draft-ietf-jose-json-web-encryption (work in progress), 975 October 2014. 977 [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web 978 Signature (JWS)", draft-ietf-jose-json-web-signature (work 979 in progress), October 2014. 981 [RFC20] Cerf, V., "ASCII format for Network Interchange", RFC 20, 982 October 1969. 984 [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 985 Extensions (MIME) Part Two: Media Types", RFC 2046, 986 November 1996. 988 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 989 Requirement Levels", BCP 14, RFC 2119, March 1997. 991 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 993 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 994 10646", STD 63, RFC 3629, November 2003. 996 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 997 Resource Identifier (URI): Generic Syntax", STD 66, 998 RFC 3986, January 2005. 1000 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 1001 Encodings", RFC 4648, October 2006. 1003 [RFC4945] Korver, B., "The Internet IP Security PKI Profile of 1004 IKEv1/ISAKMP, IKEv2, and PKIX", RFC 4945, August 2007. 1006 [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", 1007 RFC 4949, August 2007. 1009 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 1010 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 1012 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 1013 Housley, R., and W. Polk, "Internet X.509 Public Key 1014 Infrastructure Certificate and Certificate Revocation List 1015 (CRL) Profile", RFC 5280, May 2008. 1017 [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and 1018 Verification of Domain-Based Application Service Identity 1019 within Internet Public Key Infrastructure Using X.509 1020 (PKIX) Certificates in the Context of Transport Layer 1021 Security (TLS)", RFC 6125, March 2011. 1023 [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data 1024 Interchange Format", RFC 7159, March 2014. 1026 10.2. Informative References 1028 [DSS] National Institute of Standards and Technology, "Digital 1029 Signature Standard (DSS)", FIPS PUB 186-4, July 2013. 1031 [HAC] Menezes, A., van Oorschot, P., and S. Vanstone, "Handbook 1032 of Applied Cryptography", CRC Press, 1996, 1033 . 1035 [Kocher] Kocher, P., "Timing Attacks on Implementations of Diffe- 1036 Hellman, RSA, DSS, and Other Systems", In Proceedings of 1037 the 16th Annual International Cryptology Conference 1038 Advances in Cryptology, Springer-Verlag, pp. 104-113, 1039 1996. 1041 [MagicSignatures] 1042 Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic 1043 Signatures", January 2011. 1045 [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography 1046 Standards (PKCS) #1: RSA Cryptography Specifications 1047 Version 2.1", RFC 3447, February 2003. 1049 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1050 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 1051 May 2008. 1053 [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric 1054 Key Container (PSKC)", RFC 6030, October 2010. 1056 [RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type 1057 Specifications and Registration Procedures", BCP 13, 1058 RFC 6838, January 2013. 1060 [W3C.NOTE-xmldsig-core2-20130411] 1061 Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Roessler, 1062 T., Yiu, K., Datta, P., and S. Cantor, "XML Signature 1063 Syntax and Processing Version 2.0", World Wide Web 1064 Consortium Note NOTE-xmldsig-core2-20130411, April 2013, 1065 . 1067 [WebCrypto] 1068 Sleevi, R. and M. Watson, "Web Cryptography API", World 1069 Wide Web Consortium Draft, March 2014, 1070 . 1072 Appendix A. Example JSON Web Key Sets 1074 A.1. Example Public Keys 1076 The following example JWK Set contains two public keys represented as 1077 JWKs: one using an Elliptic Curve algorithm and a second one using an 1078 RSA algorithm. The first specifies that the key is to be used for 1079 encryption. The second specifies that the key is to be used with the 1080 "RS256" algorithm. Both provide a Key ID for key matching purposes. 1081 In both cases, integers are represented using the base64url encoding 1082 of their big endian representations. (Long lines are broken are for 1083 display purposes only.) 1085 {"keys": 1086 [ 1087 {"kty":"EC", 1088 "crv":"P-256", 1089 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1090 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1091 "use":"enc", 1092 "kid":"1"}, 1094 {"kty":"RSA", 1095 "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 1096 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs 1097 tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 1098 QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI 1099 SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb 1100 w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1101 "e":"AQAB", 1102 "alg":"RS256", 1103 "kid":"2011-04-29"} 1104 ] 1105 } 1107 A.2. Example Private Keys 1109 The following example JWK Set contains two keys represented as JWKs 1110 containing both public and private key values: one using an Elliptic 1111 Curve algorithm and a second one using an RSA algorithm. This 1112 example extends the example in the previous section, adding private 1113 key values. (Line breaks are for display purposes only.) 1115 {"keys": 1116 [ 1117 {"kty":"EC", 1118 "crv":"P-256", 1119 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1120 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1121 "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", 1122 "use":"enc", 1123 "kid":"1"}, 1125 {"kty":"RSA", 1126 "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4 1127 cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMst 1128 n64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2Q 1129 vzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbIS 1130 D08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw 1131 0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1132 "e":"AQAB", 1133 "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9 1134 M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij 1135 wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d 1136 _cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz 1137 nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz 1138 me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", 1139 "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV 1140 nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV 1141 WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", 1142 "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum 1143 qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx 1144 kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", 1145 "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim 1146 YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu 1147 YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", 1148 "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU 1149 vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9 1150 GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", 1151 "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg 1152 UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx 1153 yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", 1154 "alg":"RS256", 1155 "kid":"2011-04-29"} 1156 ] 1157 } 1159 A.3. Example Symmetric Keys 1161 The following example JWK Set contains two symmetric keys represented 1162 as JWKs: one designated as being for use with the AES Key Wrap 1163 algorithm and a second one that is an HMAC key. (Line breaks are for 1164 display purposes only.) 1166 {"keys": 1167 [ 1168 {"kty":"oct", 1169 "alg":"A128KW", 1170 "k":"GawgguFyGrWKav7AX4VKUg"}, 1172 {"kty":"oct", 1173 "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75 1174 aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", 1175 "kid":"HMAC key used in JWS A.1 example"} 1176 ] 1177 } 1179 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter 1180 The following is an example of a JWK with a RSA signing key 1181 represented both as an RSA public key and as an X.509 certificate 1182 using the "x5c" parameter: 1184 {"kty":"RSA", 1185 "use":"sig", 1186 "kid":"1b94c", 1187 "n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08 1188 PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q 1189 u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a 1190 YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH 1191 MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv 1192 VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ", 1193 "e":"AQAB", 1194 "x5c": 1195 ["MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJB 1196 gNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYD 1197 VQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1 1198 wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBg 1199 NVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDV 1200 QQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1w 1201 YmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnH 1202 YMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66 1203 s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6 1204 SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpn 1205 fajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPq 1206 PvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVk 1207 aZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BA 1208 QUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL 1209 +9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1 1210 zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL 1211 2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo 1212 4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTq 1213 gawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA=="] 1214 } 1216 Appendix C. Example Encrypted RSA Private Key 1218 This example encrypts an RSA private key to the recipient using 1219 "PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for 1220 content encryption. 1222 NOTE: Unless otherwise indicated, all line breaks are included solely 1223 for readability. 1225 C.1. Plaintext RSA Private Key 1227 The following RSA key is the plaintext for the authenticated 1228 encryption operation, formatted as a JWK object: 1230 { 1231 "kty":"RSA", 1232 "kid":"juliet@capulet.lit", 1233 "use":"enc", 1234 "n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy 1235 O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP 1236 8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0 1237 Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X 1238 OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1 1239 _I8sLGuSiVdt3C_Fn2PZ3Z8i744FPFGGcG1qs2Wz-Q", 1240 "e":"AQAB", 1241 "d":"GRtbIQmhOZtyszfgKdg4u_N-R_mZGU_9k7JQ_jn1DnfTuMdSNprTeaSTyWfS 1242 NkuaAwnOEbIQVy1IQbWVV25NY3ybc_IhUJtfri7bAXYEReWaCl3hdlPKXy9U 1243 vqPYGR0kIXTQRqns-dVJ7jahlI7LyckrpTmrM8dWBo4_PMaenNnPiQgO0xnu 1244 ToxutRZJfJvG4Ox4ka3GORQd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu 1245 rY15k9qMSpG9OX_IJAXmxzAh_tWiZOwk2K4yxH9tS3Lq1yX8C1EWmeRDkK2a 1246 hecG85-oLKQt5VEpWHKmjOi_gJSdSgqcN96X52esAQ", 1247 "p":"2rnSOV4hKSN8sS4CgcQHFbs08XboFDqKum3sc4h3GRxrTmQdl1ZK9uw-PIHf 1248 QP0FkxXVrx-WE-ZEbrqivH_2iCLUS7wAl6XvARt1KkIaUxPPSYB9yk31s0Q8 1249 UK96E3_OrADAYtAJs-M3JxCLfNgqh56HDnETTQhH3rCT5T3yJws", 1250 "q":"1u_RiFDP7LBYh3N4GXLT9OpSKYP0uQZyiaZwBtOCBNJgQxaj10RWjsZu0c6I 1251 edis4S7B_coSKB0Kj9PaPaBzg-IySRvvcQuPamQu66riMhjVtG6TlV8CLCYK 1252 rYl52ziqK0E_ym2QnkwsUX7eYTB7LbAHRK9GqocDE5B0f808I4s", 1253 "dp":"KkMTWqBUefVwZ2_Dbj1pPQqyHSHjj90L5x_MOzqYAJMcLMZtbUtwKqvVDq3 1254 tbEo3ZIcohbDtt6SbfmWzggabpQxNxuBpoOOf_a_HgMXK_lhqigI4y_kqS1w 1255 Y52IwjUn5rgRrJ-yYo1h41KR-vz2pYhEAeYrhttWtxVqLCRViD6c", 1256 "dq":"AvfS0-gRxvn0bwJoMSnFxYcK1WnuEjQFluMGfwGitQBWtfZ1Er7t1xDkbN9 1257 GQTB9yqpDoYaN06H7CFtrkxhJIBQaj6nkF5KKS3TQtQ5qCzkOkmxIe3KRbBy 1258 mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu_lRFCOJ3xDea-ots", 1259 "qi":"lSQi-w9CpyUReMErP1RsBLk7wNtOvs5EQpPqmuMvqW57NBUczScEoPwmUqq 1260 abu9V0-Py4dQ57_bapoKRu1R90bvuFnU63SHWEFglZQvJDMeAvmj4sm-Fp0o 1261 Yu_neotgQ0hzbI5gry7ajdYy9-2lNx_76aBZoOUu9HCJ-UsfSOI8" 1262 } 1264 The octets representing the Plaintext used in this example (using 1265 JSON array notation) are: 1267 [123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107, 1268 105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112, 1269 117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34, 1270 58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56, 1271 80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78, 1272 89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87, 1273 101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49, 1274 103, 80, 78, 113, 70, 77, 83, 81, 82, 121, 79, 49, 50, 53, 71, 112, 1275 45, 84, 69, 107, 111, 100, 104, 87, 114, 48, 105, 117, 106, 106, 72, 1276 86, 120, 55, 66, 99, 86, 48, 108, 108, 83, 52, 119, 53, 65, 67, 71, 1277 103, 80, 114, 99, 65, 100, 54, 90, 99, 83, 82, 48, 45, 73, 113, 111, 1278 109, 45, 81, 70, 99, 78, 80, 56, 83, 106, 103, 48, 56, 54, 77, 119, 1279 111, 113, 81, 85, 95, 76, 89, 121, 119, 108, 65, 71, 90, 50, 49, 87, 1280 83, 100, 83, 95, 80, 69, 82, 121, 71, 70, 105, 78, 110, 106, 51, 81, 1281 81, 108, 79, 56, 89, 110, 115, 53, 106, 67, 116, 76, 67, 82, 119, 76, 1282 72, 76, 48, 80, 98, 49, 102, 69, 118, 52, 53, 65, 117, 82, 73, 117, 1283 85, 102, 86, 99, 80, 121, 83, 66, 87, 89, 110, 68, 121, 71, 120, 118, 1284 106, 89, 71, 68, 83, 77, 45, 65, 113, 87, 83, 57, 122, 73, 81, 50, 1285 90, 105, 108, 103, 84, 45, 71, 113, 85, 109, 105, 112, 103, 48, 88, 1286 79, 67, 48, 67, 99, 50, 48, 114, 103, 76, 101, 50, 121, 109, 76, 72, 1287 106, 112, 72, 99, 105, 67, 75, 86, 65, 98, 89, 53, 45, 76, 51, 50, 1288 45, 108, 83, 101, 90, 79, 45, 79, 115, 54, 85, 49, 53, 95, 97, 88, 1289 114, 107, 57, 71, 119, 56, 99, 80, 85, 97, 88, 49, 95, 73, 56, 115, 1290 76, 71, 117, 83, 105, 86, 100, 116, 51, 67, 95, 70, 110, 50, 80, 90, 1291 51, 90, 56, 105, 55, 52, 52, 70, 80, 70, 71, 71, 99, 71, 49, 113, 1292 115, 50, 87, 122, 45, 81, 34, 44, 34, 101, 34, 58, 34, 65, 81, 65, 1293 66, 34, 44, 34, 100, 34, 58, 34, 71, 82, 116, 98, 73, 81, 109, 104, 1294 79, 90, 116, 121, 115, 122, 102, 103, 75, 100, 103, 52, 117, 95, 78, 1295 45, 82, 95, 109, 90, 71, 85, 95, 57, 107, 55, 74, 81, 95, 106, 110, 1296 49, 68, 110, 102, 84, 117, 77, 100, 83, 78, 112, 114, 84, 101, 97, 1297 83, 84, 121, 87, 102, 83, 78, 107, 117, 97, 65, 119, 110, 79, 69, 98, 1298 73, 81, 86, 121, 49, 73, 81, 98, 87, 86, 86, 50, 53, 78, 89, 51, 121, 1299 98, 99, 95, 73, 104, 85, 74, 116, 102, 114, 105, 55, 98, 65, 88, 89, 1300 69, 82, 101, 87, 97, 67, 108, 51, 104, 100, 108, 80, 75, 88, 121, 57, 1301 85, 118, 113, 80, 89, 71, 82, 48, 107, 73, 88, 84, 81, 82, 113, 110, 1302 115, 45, 100, 86, 74, 55, 106, 97, 104, 108, 73, 55, 76, 121, 99, 1303 107, 114, 112, 84, 109, 114, 77, 56, 100, 87, 66, 111, 52, 95, 80, 1304 77, 97, 101, 110, 78, 110, 80, 105, 81, 103, 79, 48, 120, 110, 117, 1305 84, 111, 120, 117, 116, 82, 90, 74, 102, 74, 118, 71, 52, 79, 120, 1306 52, 107, 97, 51, 71, 79, 82, 81, 100, 57, 67, 115, 67, 90, 50, 118, 1307 115, 85, 68, 109, 115, 88, 79, 102, 85, 69, 78, 79, 121, 77, 113, 65, 1308 68, 67, 54, 112, 49, 77, 51, 104, 51, 51, 116, 115, 117, 114, 89, 49, 1309 53, 107, 57, 113, 77, 83, 112, 71, 57, 79, 88, 95, 73, 74, 65, 88, 1310 109, 120, 122, 65, 104, 95, 116, 87, 105, 90, 79, 119, 107, 50, 75, 1311 52, 121, 120, 72, 57, 116, 83, 51, 76, 113, 49, 121, 88, 56, 67, 49, 1312 69, 87, 109, 101, 82, 68, 107, 75, 50, 97, 104, 101, 99, 71, 56, 53, 1313 45, 111, 76, 75, 81, 116, 53, 86, 69, 112, 87, 72, 75, 109, 106, 79, 1314 105, 95, 103, 74, 83, 100, 83, 103, 113, 99, 78, 57, 54, 88, 53, 50, 1315 101, 115, 65, 81, 34, 44, 34, 112, 34, 58, 34, 50, 114, 110, 83, 79, 1316 86, 52, 104, 75, 83, 78, 56, 115, 83, 52, 67, 103, 99, 81, 72, 70, 1317 98, 115, 48, 56, 88, 98, 111, 70, 68, 113, 75, 117, 109, 51, 115, 99, 1318 52, 104, 51, 71, 82, 120, 114, 84, 109, 81, 100, 108, 49, 90, 75, 57, 1319 117, 119, 45, 80, 73, 72, 102, 81, 80, 48, 70, 107, 120, 88, 86, 114, 1320 120, 45, 87, 69, 45, 90, 69, 98, 114, 113, 105, 118, 72, 95, 50, 105, 1321 67, 76, 85, 83, 55, 119, 65, 108, 54, 88, 118, 65, 82, 116, 49, 75, 1322 107, 73, 97, 85, 120, 80, 80, 83, 89, 66, 57, 121, 107, 51, 49, 115, 1323 48, 81, 56, 85, 75, 57, 54, 69, 51, 95, 79, 114, 65, 68, 65, 89, 116, 1324 65, 74, 115, 45, 77, 51, 74, 120, 67, 76, 102, 78, 103, 113, 104, 53, 1325 54, 72, 68, 110, 69, 84, 84, 81, 104, 72, 51, 114, 67, 84, 53, 84, 1326 51, 121, 74, 119, 115, 34, 44, 34, 113, 34, 58, 34, 49, 117, 95, 82, 1327 105, 70, 68, 80, 55, 76, 66, 89, 104, 51, 78, 52, 71, 88, 76, 84, 57, 1328 79, 112, 83, 75, 89, 80, 48, 117, 81, 90, 121, 105, 97, 90, 119, 66, 1329 116, 79, 67, 66, 78, 74, 103, 81, 120, 97, 106, 49, 48, 82, 87, 106, 1330 115, 90, 117, 48, 99, 54, 73, 101, 100, 105, 115, 52, 83, 55, 66, 95, 1331 99, 111, 83, 75, 66, 48, 75, 106, 57, 80, 97, 80, 97, 66, 122, 103, 1332 45, 73, 121, 83, 82, 118, 118, 99, 81, 117, 80, 97, 109, 81, 117, 54, 1333 54, 114, 105, 77, 104, 106, 86, 116, 71, 54, 84, 108, 86, 56, 67, 76, 1334 67, 89, 75, 114, 89, 108, 53, 50, 122, 105, 113, 75, 48, 69, 95, 121, 1335 109, 50, 81, 110, 107, 119, 115, 85, 88, 55, 101, 89, 84, 66, 55, 76, 1336 98, 65, 72, 82, 75, 57, 71, 113, 111, 99, 68, 69, 53, 66, 48, 102, 1337 56, 48, 56, 73, 52, 115, 34, 44, 34, 100, 112, 34, 58, 34, 75, 107, 1338 77, 84, 87, 113, 66, 85, 101, 102, 86, 119, 90, 50, 95, 68, 98, 106, 1339 49, 112, 80, 81, 113, 121, 72, 83, 72, 106, 106, 57, 48, 76, 53, 120, 1340 95, 77, 79, 122, 113, 89, 65, 74, 77, 99, 76, 77, 90, 116, 98, 85, 1341 116, 119, 75, 113, 118, 86, 68, 113, 51, 116, 98, 69, 111, 51, 90, 1342 73, 99, 111, 104, 98, 68, 116, 116, 54, 83, 98, 102, 109, 87, 122, 1343 103, 103, 97, 98, 112, 81, 120, 78, 120, 117, 66, 112, 111, 79, 79, 1344 102, 95, 97, 95, 72, 103, 77, 88, 75, 95, 108, 104, 113, 105, 103, 1345 73, 52, 121, 95, 107, 113, 83, 49, 119, 89, 53, 50, 73, 119, 106, 85, 1346 110, 53, 114, 103, 82, 114, 74, 45, 121, 89, 111, 49, 104, 52, 49, 1347 75, 82, 45, 118, 122, 50, 112, 89, 104, 69, 65, 101, 89, 114, 104, 1348 116, 116, 87, 116, 120, 86, 113, 76, 67, 82, 86, 105, 68, 54, 99, 34, 1349 44, 34, 100, 113, 34, 58, 34, 65, 118, 102, 83, 48, 45, 103, 82, 120, 1350 118, 110, 48, 98, 119, 74, 111, 77, 83, 110, 70, 120, 89, 99, 75, 49, 1351 87, 110, 117, 69, 106, 81, 70, 108, 117, 77, 71, 102, 119, 71, 105, 1352 116, 81, 66, 87, 116, 102, 90, 49, 69, 114, 55, 116, 49, 120, 68, 1353 107, 98, 78, 57, 71, 81, 84, 66, 57, 121, 113, 112, 68, 111, 89, 97, 1354 78, 48, 54, 72, 55, 67, 70, 116, 114, 107, 120, 104, 74, 73, 66, 81, 1355 97, 106, 54, 110, 107, 70, 53, 75, 75, 83, 51, 84, 81, 116, 81, 53, 1356 113, 67, 122, 107, 79, 107, 109, 120, 73, 101, 51, 75, 82, 98, 66, 1357 121, 109, 88, 120, 107, 98, 53, 113, 119, 85, 112, 88, 53, 69, 76, 1358 68, 53, 120, 70, 99, 54, 70, 101, 105, 97, 102, 87, 89, 89, 54, 51, 1359 84, 109, 109, 69, 65, 117, 95, 108, 82, 70, 67, 79, 74, 51, 120, 68, 1360 101, 97, 45, 111, 116, 115, 34, 44, 34, 113, 105, 34, 58, 34, 108, 1361 83, 81, 105, 45, 119, 57, 67, 112, 121, 85, 82, 101, 77, 69, 114, 80, 1362 49, 82, 115, 66, 76, 107, 55, 119, 78, 116, 79, 118, 115, 53, 69, 81, 1363 112, 80, 113, 109, 117, 77, 118, 113, 87, 53, 55, 78, 66, 85, 99, 1364 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, 1365 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, 1366 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, 1367 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, 1368 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, 1369 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, 1370 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, 1371 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, 1372 125] 1374 C.2. JOSE Header 1376 The following example JWE Protected Header declares that: 1378 o the Content Encryption Key is encrypted to the recipient using the 1379 PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, 1381 o the Salt Input ("p2s") value is [217, 96, 147, 112, 150, 117, 70, 1382 247, 127, 8, 155, 137, 174, 42, 80, 215], 1384 o the Iteration Count ("p2c") value is 4096, 1386 o authenticated encryption is performed on the Plaintext using the 1387 AES_128_CBC_HMAC_SHA_256 algorithm to produce the Ciphertext and 1388 the Authentication Tag, and 1390 o the content type is application/jwk+json. 1392 { 1393 "alg":"PBES2-HS256+A128KW", 1394 "p2s":"2WCTcJZ1Rvd_CJuJripQ1w", 1395 "p2c":4096, 1396 "enc":"A128CBC-HS256", 1397 "cty":"jwk+json" 1398 } 1400 Encoding this JWE Protected Header as BASE64URL(UTF8(JWE Protected 1401 Header)) gives this value (with line breaks for display purposes 1402 only): 1404 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1405 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1406 andrK2pzb24ifQ 1408 C.3. Content Encryption Key (CEK) 1410 Generate a 256 bit random Content Encryption Key (CEK). In this 1411 example, the value (using JSON array notation) is: 1413 [111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 112, 1414 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 48, 1415 253, 182] 1417 C.4. Key Derivation 1419 Derive a key from a shared passphrase using the PBKDF2 algorithm with 1420 HMAC SHA-256 and the specified Salt and Iteration Count values and a 1421 128 bit requested output key size to produce the PBKDF2 Derived Key. 1422 This example uses the following passphrase: 1424 Thus from my lips, by yours, my sin is purged. 1426 The octets representing the passphrase are: 1428 [84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108, 1429 105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, 1430 109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103, 1431 101, 100, 46] 1433 The Salt value (UTF8(Alg) || 0x00 || Salt Input) is: 1435 [80, 66, 69, 83, 50, 45, 72, 83, 50, 53, 54, 43, 65, 49, 50, 56, 75, 1436 87, 0, 217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 155, 137, 174, 1437 42, 80, 215]. 1439 The resulting PBKDF2 Derived Key value is: 1441 [110, 171, 169, 92, 129, 92, 109, 117, 233, 242, 116, 233, 170, 14, 1442 24, 75] 1444 C.5. Key Encryption 1446 Encrypt the CEK with the "A128KW" algorithm using the PBKDF2 Derived 1447 Key. The resulting JWE Encrypted Key value is: 1449 [78, 186, 151, 59, 11, 141, 81, 240, 213, 245, 83, 211, 53, 188, 134, 1450 188, 66, 125, 36, 200, 222, 124, 5, 103, 249, 52, 117, 184, 140, 81, 1451 246, 158, 161, 177, 20, 33, 245, 57, 59, 4] 1453 Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives 1454 this value: 1456 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA 1458 C.6. Initialization Vector 1460 Generate a random 128 bit JWE Initialization Vector. In this 1461 example, the value is: 1463 [97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149, 1464 156] 1465 Encoding this JWE Initialization Vector as BASE64URL(JWE 1466 Initialization Vector) gives this value: 1468 Ye9j1qs22DmRSAddIh-VnA 1470 C.7. Additional Authenticated Data 1472 Let the Additional Authenticated Data encryption parameter be 1473 ASCII(BASE64URL(UTF8(JWE Protected Header))). This value is: 1475 [123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, 1476 50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, 1477 58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, 1478 117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, 1479 52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, 1480 66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, 1481 106, 119, 107, 43, 106, 115, 111, 110, 34, 125] 1483 C.8. Content Encryption 1485 Perform authenticated encryption on the Plaintext with the 1486 AES_128_CBC_HMAC_SHA_256 algorithm using the CEK as the encryption 1487 key, the JWE Initialization Vector, and the Additional Authenticated 1488 Data value above. The resulting Ciphertext is: 1490 [3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, 1491 131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, 1492 112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, 1493 157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, 1494 129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60, 1495 60, 47, 233, 132, 121, 13, 35, 188, 53, 19, 172, 77, 59, 54, 211, 1496 158, 172, 25, 60, 111, 0, 80, 201, 158, 160, 210, 68, 55, 12, 67, 1497 136, 130, 87, 216, 197, 95, 62, 20, 155, 205, 5, 140, 27, 168, 221, 1498 65, 114, 78, 157, 254, 46, 206, 182, 52, 135, 87, 239, 3, 34, 186, 1499 126, 220, 151, 17, 33, 237, 57, 96, 172, 183, 58, 45, 248, 103, 241, 1500 142, 136, 7, 53, 16, 173, 181, 7, 93, 92, 252, 1, 53, 212, 242, 8, 1501 255, 11, 239, 181, 24, 148, 136, 111, 24, 161, 244, 23, 106, 69, 157, 1502 215, 243, 189, 240, 166, 169, 249, 72, 38, 201, 99, 223, 173, 229, 9, 1503 222, 82, 79, 157, 176, 248, 85, 239, 121, 163, 1, 31, 48, 98, 206, 1504 61, 249, 104, 216, 201, 227, 105, 48, 194, 193, 10, 36, 160, 159, 1505 241, 166, 84, 54, 188, 211, 243, 242, 40, 46, 45, 193, 193, 160, 169, 1506 101, 201, 1, 73, 47, 105, 142, 88, 28, 42, 132, 26, 61, 58, 63, 142, 1507 243, 77, 26, 179, 153, 166, 46, 203, 208, 49, 55, 229, 34, 178, 4, 1508 109, 180, 204, 204, 115, 1, 103, 193, 5, 91, 215, 214, 195, 1, 110, 1509 208, 53, 144, 36, 105, 12, 54, 25, 129, 101, 15, 183, 150, 250, 147, 1510 115, 227, 58, 250, 5, 128, 232, 63, 15, 14, 19, 141, 124, 253, 142, 1511 137, 189, 135, 26, 44, 240, 27, 88, 132, 105, 127, 6, 71, 37, 41, 1512 124, 187, 165, 140, 34, 200, 123, 80, 228, 24, 231, 176, 132, 171, 1513 138, 145, 152, 116, 224, 50, 141, 51, 147, 91, 186, 7, 246, 106, 217, 1514 148, 244, 227, 244, 45, 220, 121, 165, 224, 148, 181, 17, 181, 128, 1515 197, 101, 237, 11, 169, 229, 149, 199, 78, 56, 15, 14, 190, 91, 216, 1516 222, 247, 213, 74, 40, 8, 96, 20, 168, 119, 96, 26, 24, 52, 37, 82, 1517 127, 57, 176, 147, 118, 59, 7, 224, 33, 117, 72, 155, 29, 82, 26, 1518 215, 189, 140, 119, 28, 152, 118, 93, 222, 194, 192, 148, 115, 83, 1519 253, 216, 212, 108, 88, 83, 175, 172, 220, 97, 79, 110, 42, 223, 170, 1520 161, 34, 164, 144, 193, 76, 122, 92, 160, 41, 178, 175, 6, 35, 96, 1521 113, 96, 158, 90, 129, 101, 26, 45, 70, 180, 189, 230, 15, 5, 247, 1522 150, 209, 94, 171, 26, 13, 142, 212, 129, 1, 176, 5, 0, 112, 203, 1523 174, 185, 119, 76, 233, 189, 54, 172, 189, 245, 223, 253, 205, 12, 1524 88, 9, 126, 157, 225, 90, 40, 229, 191, 63, 30, 160, 224, 69, 3, 140, 1525 109, 70, 89, 37, 213, 245, 194, 210, 180, 188, 63, 210, 139, 221, 2, 1526 144, 200, 20, 177, 216, 29, 227, 242, 106, 12, 135, 142, 139, 144, 1527 82, 225, 162, 171, 176, 108, 99, 6, 43, 193, 161, 116, 234, 216, 1, 1528 242, 21, 124, 162, 98, 205, 124, 193, 38, 12, 242, 90, 101, 76, 204, 1529 184, 124, 58, 180, 16, 240, 26, 76, 195, 250, 212, 191, 185, 191, 97, 1530 198, 186, 73, 225, 75, 14, 90, 123, 121, 172, 101, 50, 160, 221, 141, 1531 253, 205, 126, 77, 9, 87, 198, 110, 104, 182, 141, 120, 51, 25, 232, 1532 3, 32, 80, 6, 156, 8, 18, 4, 135, 221, 142, 25, 135, 2, 129, 132, 1533 115, 227, 74, 141, 28, 119, 11, 141, 117, 134, 198, 62, 150, 254, 97, 1534 75, 197, 251, 99, 89, 204, 224, 226, 67, 83, 175, 89, 0, 81, 29, 38, 1535 207, 89, 140, 255, 197, 177, 164, 128, 62, 116, 224, 180, 109, 169, 1536 28, 2, 59, 176, 130, 252, 44, 178, 81, 24, 181, 176, 75, 44, 61, 91, 1537 12, 37, 21, 255, 83, 130, 197, 16, 231, 60, 217, 56, 131, 118, 168, 1538 202, 58, 52, 84, 124, 162, 185, 174, 162, 226, 242, 112, 68, 246, 1539 202, 16, 208, 52, 154, 58, 129, 80, 102, 33, 171, 6, 186, 177, 14, 1540 195, 88, 136, 6, 0, 155, 28, 100, 162, 207, 162, 222, 117, 248, 170, 1541 208, 114, 87, 31, 57, 176, 33, 57, 83, 253, 12, 168, 110, 194, 59, 1542 22, 86, 48, 227, 196, 22, 176, 218, 122, 149, 21, 249, 195, 178, 174, 1543 250, 20, 34, 120, 60, 139, 201, 99, 40, 18, 177, 17, 54, 54, 6, 3, 1544 222, 128, 160, 88, 11, 27, 0, 81, 192, 36, 41, 169, 146, 8, 47, 64, 1545 136, 28, 64, 209, 67, 135, 202, 20, 234, 182, 91, 204, 146, 195, 187, 1546 0, 72, 77, 11, 111, 152, 204, 252, 177, 212, 89, 33, 50, 132, 184, 1547 44, 183, 186, 19, 250, 69, 176, 201, 102, 140, 14, 143, 212, 212, 1548 160, 123, 208, 185, 27, 155, 68, 77, 133, 198, 2, 126, 155, 215, 22, 1549 91, 30, 217, 176, 172, 244, 156, 174, 143, 75, 90, 21, 102, 1, 160, 1550 59, 253, 188, 88, 57, 185, 197, 83, 24, 22, 180, 174, 47, 207, 52, 1, 1551 141, 146, 119, 233, 68, 228, 224, 228, 193, 248, 155, 202, 90, 7, 1552 213, 88, 33, 108, 107, 14, 86, 8, 120, 250, 58, 142, 35, 164, 238, 1553 221, 219, 35, 123, 88, 199, 192, 143, 104, 83, 17, 166, 243, 247, 11, 1554 166, 67, 68, 204, 132, 23, 110, 103, 228, 14, 55, 122, 88, 57, 180, 1555 178, 237, 52, 130, 214, 245, 102, 123, 67, 73, 175, 1, 127, 112, 148, 1556 94, 132, 164, 197, 153, 217, 87, 25, 89, 93, 63, 22, 66, 166, 90, 1557 251, 101, 10, 145, 66, 17, 124, 36, 255, 165, 226, 97, 16, 86, 112, 1558 154, 88, 105, 253, 56, 209, 229, 122, 103, 51, 24, 228, 190, 3, 236, 1559 48, 182, 121, 176, 140, 128, 117, 87, 251, 224, 37, 23, 248, 21, 218, 1560 85, 251, 136, 84, 147, 143, 144, 46, 155, 183, 251, 89, 86, 23, 26, 1561 237, 100, 167, 32, 130, 173, 237, 89, 55, 110, 70, 142, 127, 65, 230, 1562 208, 109, 69, 19, 253, 84, 130, 130, 193, 92, 58, 108, 150, 42, 136, 1563 249, 234, 86, 241, 182, 19, 117, 246, 26, 181, 92, 101, 155, 44, 103, 1564 235, 173, 30, 140, 90, 29, 183, 190, 77, 53, 206, 127, 5, 87, 8, 187, 1565 184, 92, 4, 157, 22, 18, 105, 251, 39, 88, 182, 181, 103, 148, 233, 1566 6, 63, 70, 188, 7, 101, 216, 127, 77, 31, 12, 233, 7, 147, 106, 30, 1567 150, 77, 145, 13, 205, 48, 56, 245, 220, 89, 252, 127, 51, 180, 36, 1568 31, 55, 18, 214, 230, 254, 217, 197, 65, 247, 27, 215, 117, 247, 108, 1569 157, 121, 11, 63, 150, 195, 83, 6, 134, 242, 41, 24, 105, 204, 5, 63, 1570 192, 14, 159, 113, 72, 140, 128, 51, 215, 80, 215, 39, 149, 94, 79, 1571 128, 34, 5, 129, 82, 83, 121, 187, 37, 146, 27, 32, 177, 167, 71, 9, 1572 195, 30, 199, 196, 205, 252, 207, 69, 8, 120, 27, 190, 51, 43, 75, 1573 249, 234, 167, 116, 206, 203, 199, 43, 108, 87, 48, 155, 140, 228, 1574 210, 85, 25, 161, 96, 67, 8, 205, 64, 39, 75, 88, 44, 238, 227, 16, 1575 0, 100, 93, 129, 18, 4, 149, 50, 68, 72, 99, 35, 111, 254, 27, 102, 1576 175, 108, 233, 87, 181, 44, 169, 18, 139, 79, 208, 14, 202, 192, 5, 1577 162, 222, 231, 149, 24, 211, 49, 120, 101, 39, 206, 87, 147, 204, 1578 200, 251, 104, 115, 5, 127, 117, 195, 79, 151, 18, 224, 52, 0, 245, 1579 4, 85, 255, 103, 217, 0, 116, 198, 80, 91, 167, 192, 154, 199, 197, 1580 149, 237, 51, 2, 131, 30, 226, 95, 105, 48, 68, 135, 208, 144, 120, 1581 176, 145, 157, 8, 171, 80, 94, 61, 92, 92, 220, 157, 13, 138, 51, 23, 1582 185, 124, 31, 77, 1, 87, 241, 43, 239, 55, 122, 86, 210, 48, 208, 1583 204, 112, 144, 80, 147, 106, 219, 47, 253, 31, 134, 176, 16, 135, 1584 219, 95, 17, 129, 83, 236, 125, 136, 112, 86, 228, 252, 71, 129, 218, 1585 174, 156, 236, 12, 27, 159, 11, 138, 252, 253, 207, 31, 115, 214, 1586 118, 239, 203, 16, 211, 205, 99, 22, 51, 163, 107, 162, 246, 199, 67, 1587 127, 34, 108, 197, 53, 117, 58, 199, 3, 190, 74, 70, 190, 65, 235, 1588 175, 97, 157, 215, 252, 189, 245, 100, 229, 248, 46, 90, 126, 237, 4, 1589 159, 128, 58, 7, 156, 236, 69, 191, 85, 240, 179, 224, 249, 152, 49, 1590 195, 223, 60, 78, 186, 157, 155, 217, 58, 105, 116, 164, 217, 111, 1591 215, 150, 218, 252, 84, 86, 248, 140, 240, 226, 61, 106, 208, 95, 60, 1592 163, 6, 0, 235, 253, 162, 96, 62, 234, 251, 249, 35, 21, 7, 211, 233, 1593 86, 50, 33, 203, 67, 248, 60, 190, 123, 48, 167, 226, 90, 191, 71, 1594 56, 183, 165, 17, 85, 76, 238, 140, 211, 168, 53, 223, 194, 4, 97, 1595 149, 156, 120, 137, 76, 33, 229, 243, 194, 208, 198, 202, 139, 28, 1596 114, 46, 224, 92, 254, 83, 100, 134, 158, 92, 70, 78, 61, 62, 138, 1597 24, 173, 216, 66, 198, 70, 254, 47, 59, 193, 53, 6, 139, 19, 153, 1598 253, 28, 199, 122, 160, 27, 67, 234, 209, 227, 139, 4, 50, 7, 178, 1599 183, 89, 252, 32, 128, 137, 55, 52, 29, 89, 12, 111, 42, 181, 51, 1600 170, 132, 132, 207, 170, 228, 254, 178, 213, 0, 136, 175, 8] 1602 The resulting Authentication Tag value is: 1604 [208, 113, 102, 132, 236, 236, 67, 223, 39, 53, 98, 99, 32, 121, 17, 1605 236] 1607 Encoding this JWE Ciphertext as BASE64URL(JWE Ciphertext) gives this 1608 value (with line breaks for display purposes only): 1610 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1611 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1612 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1613 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1614 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1615 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1616 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1617 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1618 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1619 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1620 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1621 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1622 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1623 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1624 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1625 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1626 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1627 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1628 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1629 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1630 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1631 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1632 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1633 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1634 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1635 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1636 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1637 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1638 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1639 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1640 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1641 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1642 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1643 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg 1645 Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication 1646 Tag) gives this value: 1648 0HFmhOzsQ98nNWJjIHkR7A 1650 C.9. Complete Representation 1652 Assemble the final representation: The JWE Compact Serialization of 1653 this result, as defined in Section 7.1 of [JWE], is the string 1654 BASE64URL(UTF8(JWE Protected Header)) || '.' || BASE64URL(JWE 1655 Encrypted Key) || '.' || BASE64URL(JWE Initialization Vector) || '.' 1656 || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE Authentication 1657 Tag). 1659 The final result in this example is: 1661 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1662 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1663 andrK2pzb24ifQ. 1664 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA. 1665 Ye9j1qs22DmRSAddIh-VnA. 1666 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1667 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1668 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1669 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1670 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1671 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1672 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1673 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1674 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1675 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1676 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1677 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1678 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1679 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1680 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1681 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1682 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1683 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1684 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1685 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1686 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1687 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1688 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1689 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1690 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1691 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1692 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1693 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1694 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1695 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1696 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1697 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1698 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1699 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg. 1700 0HFmhOzsQ98nNWJjIHkR7A 1702 Appendix D. Acknowledgements 1704 A JSON representation for RSA public keys was previously introduced 1705 by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures 1707 [MagicSignatures]. 1709 Thanks to Matt Miller for creating the encrypted key example and to 1710 Edmund Jay and Brian Campbell for validating the example. 1712 This specification is the work of the JOSE Working Group, which 1713 includes dozens of active and dedicated participants. In particular, 1714 the following individuals contributed ideas, feedback, and wording 1715 that influenced this specification: 1717 Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de 1718 Medeiros, Stephen Farrell, Joe Hildebrand, Edmund Jay, Stephen Kent, 1719 Ben Laurie, James Manger, Matt Miller, Kathleen Moriarty, Chuck 1720 Mortimore, Tony Nadalin, Axel Nennker, John Panzer, Eric Rescorla, 1721 Pete Resnick, Nat Sakimura, Jim Schaad, Ryan Sleevi, Paul Tarjan, 1722 Hannes Tschofenig, and Sean Turner. 1724 Jim Schaad and Karen O'Donoghue chaired the JOSE working group and 1725 Sean Turner, Stephen Farrell, and Kathleen Moriarty served as 1726 Security area directors during the creation of this specification. 1728 Appendix E. Document History 1730 [[ to be removed by the RFC Editor before publication as an RFC ]] 1732 -36 1734 o Stated that if both "use" and "key_ops" are used, the information 1735 they convey MUST be consistent. 1737 o Clarified where white space and line breaks may occur in JSON 1738 objects by referencing Section 2 of RFC 7159. 1740 o Specified that registration reviews occur on the 1741 jose-reg-review@ietf.org mailing list. 1743 -35 1745 o Used real values for examples in the IANA Registration Templates. 1747 -34 1749 o Addressed IESG review comments by Pete Resnick, Stephen Farrell, 1750 and Richard Barnes. 1752 o Referenced RFC 4945 for PEM certificate delimiter syntax. 1754 -33 1756 o Addressed secdir review comments by Stephen Kent for which 1757 resolutions had mistakenly been omitted in the previous draft. 1759 o Acknowledged additional contributors. 1761 -32 1763 o Addressed Gen-ART review comments by Russ Housley. 1765 o Addressed secdir review comments by Stephen Kent. 1767 -31 1769 o No changes were made, other than to the version number and date. 1771 -30 1773 o Added references and cleaned up the reference syntax in a few 1774 places. 1776 o Applied minor wording changes to the Security Considerations 1777 section. 1779 -29 1781 o Replaced the terms JWS Header, JWE Header, and JWT Header with a 1782 single JOSE Header term defined in the JWS specification. This 1783 also enabled a single Header Parameter definition to be used and 1784 reduced other areas of duplication between specifications. 1786 -28 1788 o Revised the introduction to the Security Considerations section. 1790 o Refined the text about when applications using encrypted JWKs and 1791 JWK Sets would not need to use the "cty" header parameter. 1793 -27 1795 o Added an example JWK early in the draft. 1797 o Described additional security considerations. 1799 o Added the "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) JWK 1800 member. 1802 o Addressed a few editorial issues. 1804 -26 1806 o Referenced Section 6 of RFC 6125 for TLS server certificate 1807 identity validation. 1809 o Deleted misleading non-normative phrase from the "use" 1810 description. 1812 o Noted that octet sequences are depicted using JSON array notation. 1814 o Updated references, including to W3C specifications. 1816 -25 1818 o Updated WebCrypto reference to refer to W3C Last Call draft. 1820 -24 1822 o Corrected the authentication tag value in the encrypted key 1823 example. 1825 o Updated the JSON reference to RFC 7159. 1827 -23 1829 o No changes were made, other than to the version number and date. 1831 -22 1833 o Corrected RFC 2119 terminology usage. 1835 o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158. 1837 -21 1839 o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey" 1840 and "unwrapKey" to match the "KeyUsage" values defined in the 1841 current Web Cryptography API [WebCrypto] editor's draft. 1843 o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt 1844 Input), where the "p2s" Header Parameter encodes the Salt Input 1845 value and Alg is the "alg" Header Parameter value. 1847 o Changed some references from being normative to informative, 1848 addressing issue #90. 1850 -20 1852 o Renamed "use_details" to "key_ops" (key operations). 1854 o Clarified that "use" is meant for public key use cases, "key_ops" 1855 is meant for use cases in which public, private, or symmetric keys 1856 may be present, and that "use" and "key_ops" should not be used 1857 together. 1859 o Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis, 1860 addressing issue #90. 1862 -19 1864 o Added optional "use_details" (key use details) JWK member. 1866 o Reordered the key selection parameters. 1868 -18 1870 o Changes to address editorial and minor issues #68, #69, #73, #74, 1871 #76, #77, #78, #79, #82, #85, #89, and #135. 1873 o Added and used Description registry fields. 1875 -17 1877 o Refined the "typ" and "cty" definitions to always be MIME Media 1878 Types, with the omission of "application/" prefixes recommended 1879 for brevity, addressing issue #50. 1881 o Added an example encrypting an RSA private key with 1882 "PBES2-HS256+A128KW" and "A128CBC-HS256". Thanks to Matt Miller 1883 for producing this! 1885 o Processing rules occurring in both JWS and JWK are now referenced 1886 in JWS by JWK, rather than duplicated, addressing issue #57. 1888 o Terms used in multiple documents are now defined in one place and 1889 incorporated by reference. Some lightly used or obvious terms 1890 were also removed. This addresses issue #58. 1892 -16 1894 o Changes to address editorial and minor issues #41, #42, #43, #47, 1895 #51, #67, #71, #76, #80, #83, #84, #85, #86, #87, and #88. 1897 -15 1898 o Changes to address editorial issues #48, #64, #65, #66, and #91. 1900 -14 1902 o Relaxed language introducing key parameters since some parameters 1903 are applicable to multiple, but not all, key types. 1905 -13 1907 o Applied spelling and grammar corrections. 1909 -12 1911 o Stated that recipients MUST either reject JWKs and JWK Sets with 1912 duplicate member names or use a JSON parser that returns only the 1913 lexically last duplicate member name. 1915 -11 1917 o Stated that when "kid" values are used within a JWK Set, different 1918 keys within the JWK Set SHOULD use distinct "kid" values. 1920 o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate 1921 Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters. 1923 o Added section on Encrypted JWK and Encrypted JWK Set Formats. 1925 o Added a Parameter Information Class value to the JSON Web Key 1926 Parameters registry, which registers whether the parameter conveys 1927 public or private information. 1929 o Registered "application/jwk+json" and "application/jwk-set+json" 1930 MIME types and "JWK" and "JWK-SET" typ header parameter values, 1931 addressing issue #21. 1933 -10 1935 o No changes were made, other than to the version number and date. 1937 -09 1939 o Expanded the scope of the JWK specification to include private and 1940 symmetric key representations, as specified by 1941 draft-jones-jose-json-private-and-symmetric-key-00. 1943 o Defined that members that are not understood must be ignored. 1945 -08 1946 o Changed the name of the JWK key type parameter from "alg" to "kty" 1947 to enable use of "alg" to indicate the particular algorithm that 1948 the key is intended to be used with. 1950 o Clarified statements of the form "This member is OPTIONAL" to "Use 1951 of this member is OPTIONAL". 1953 o Referenced String Comparison Rules in JWS. 1955 o Added seriesInfo information to Internet Draft references. 1957 -07 1959 o Changed the name of the JWK RSA modulus parameter from "mod" to 1960 "n" and the name of the JWK RSA exponent parameter from "xpo" to 1961 "e", so that the identifiers are the same as those used in RFC 1962 3447. 1964 -06 1966 o Changed the name of the JWK RSA exponent parameter from "exp" to 1967 "xpo" so as to allow the potential use of the name "exp" for a 1968 future extension that might define an expiration parameter for 1969 keys. (The "exp" name is already used for this purpose in the JWT 1970 specification.) 1972 o Clarify that the "alg" (algorithm family) member is REQUIRED. 1974 o Correct an instance of "JWK" that should have been "JWK Set". 1976 o Applied changes made by the RFC Editor to RFC 6749's registry 1977 language to this specification. 1979 -05 1981 o Indented artwork elements to better distinguish them from the body 1982 text. 1984 -04 1986 o Refer to the registries as the primary sources of defined values 1987 and then secondarily reference the sections defining the initial 1988 contents of the registries. 1990 o Normatively reference XML DSIG 2.0 for its security 1991 considerations. 1993 o Added this language to Registration Templates: "This name is case 1994 sensitive. Names that match other registered names in a case 1995 insensitive manner SHOULD NOT be accepted." 1997 o Described additional open issues. 1999 o Applied editorial suggestions. 2001 -03 2003 o Clarified that "kid" values need not be unique within a JWK Set. 2005 o Moved JSON Web Key Parameters registry to the JWK specification. 2007 o Added "Collision Resistant Namespace" to the terminology section. 2009 o Changed registration requirements from RFC Required to 2010 Specification Required with Expert Review. 2012 o Added Registration Template sections for defined registries. 2014 o Added Registry Contents sections to populate registry values. 2016 o Numerous editorial improvements. 2018 -02 2020 o Simplified JWK terminology to get replace the "JWK Key Object" and 2021 "JWK Container Object" terms with simply "JSON Web Key (JWK)" and 2022 "JSON Web Key Set (JWK Set)" and to eliminate potential confusion 2023 between single keys and sets of keys. As part of this change, the 2024 top-level member name for a set of keys was changed from "jwk" to 2025 "keys". 2027 o Clarified that values with duplicate member names MUST be 2028 rejected. 2030 o Established JSON Web Key Set Parameters registry. 2032 o Explicitly listed non-goals in the introduction. 2034 o Moved algorithm-specific definitions from JWK to JWA. 2036 o Reformatted to give each member definition its own section 2037 heading. 2039 -01 2040 o Corrected the Magic Signatures reference. 2042 -00 2044 o Created the initial IETF draft based upon 2045 draft-jones-json-web-key-03 with no normative changes. 2047 Author's Address 2049 Michael B. Jones 2050 Microsoft 2052 Email: mbj@microsoft.com 2053 URI: http://self-issued.info/