JOSE Working Group M. Miller Internet-Draft Cisco Systems, Inc. Intended status: Informational December 04, 2013 Expires: June 7, 2014 Examples of Protecting Content using JavaScript Object Signing and Encryption (JOSE) draft-ietf-jose-cookbook-00 Abstract A set of examples of using JavaScript Object Signing and Encryption (JOSE) to protect data. This document illustrates a representative sampling of various JSON Web Signature (JWS) and JSON Web Encryption (JWE) results given similar inputs. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on June 7, 2014. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Miller Expires June 7, 2014 [Page 1] Internet-Draft JOSE Cookbook December 2013 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Conventions Used in this Document . . . . . . . . . . . . 5 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. JSON Web Signature Examples . . . . . . . . . . . . . . . . . 5 3.1. RSA v1.5 Signature . . . . . . . . . . . . . . . . . . . 6 3.1.1. Input Factors . . . . . . . . . . . . . . . . . . . . 6 3.1.2. Signing Operation . . . . . . . . . . . . . . . . . . 7 3.1.3. Output Results . . . . . . . . . . . . . . . . . . . 8 3.2. RSA-PSS Signature . . . . . . . . . . . . . . . . . . . . 9 3.2.1. Input Factors . . . . . . . . . . . . . . . . . . . . 9 3.2.2. Signing Operation . . . . . . . . . . . . . . . . . . 9 3.2.3. Output Results . . . . . . . . . . . . . . . . . . . 10 3.3. ECDSA Signature . . . . . . . . . . . . . . . . . . . . . 11 3.3.1. Input Factors . . . . . . . . . . . . . . . . . . . . 11 3.3.2. Signing Operation . . . . . . . . . . . . . . . . . . 12 3.3.3. Output Results . . . . . . . . . . . . . . . . . . . 12 3.4. HMAC-SHA2 Integrity Protection . . . . . . . . . . . . . 13 3.4.1. Input Factors . . . . . . . . . . . . . . . . . . . . 13 3.4.2. Signing Operation . . . . . . . . . . . . . . . . . . 14 3.4.3. Output Results . . . . . . . . . . . . . . . . . . . 15 3.5. Detached Signature . . . . . . . . . . . . . . . . . . . 15 3.5.1. Input Factors . . . . . . . . . . . . . . . . . . . . 16 3.5.2. Signing Operation . . . . . . . . . . . . . . . . . . 16 3.5.3. Output Results . . . . . . . . . . . . . . . . . . . 17 3.6. Protecting Specific Header Fields . . . . . . . . . . . . 17 3.6.1. Input Factors . . . . . . . . . . . . . . . . . . . . 17 3.6.2. Signing Operation . . . . . . . . . . . . . . . . . . 18 3.6.3. Output Results . . . . . . . . . . . . . . . . . . . 18 3.7. Protecting Content Only . . . . . . . . . . . . . . . . . 19 3.7.1. Input Factors . . . . . . . . . . . . . . . . . . . . 19 3.7.2. Signing Operation . . . . . . . . . . . . . . . . . . 20 3.7.3. Output Results . . . . . . . . . . . . . . . . . . . 20 3.8. Multiple Signatures . . . . . . . . . . . . . . . . . . . 21 3.8.1. Input Factors . . . . . . . . . . . . . . . . . . . . 21 3.8.2. First Signing Operation . . . . . . . . . . . . . . . 21 3.8.3. Second Signing Operation . . . . . . . . . . . . . . 23 3.8.4. Third Signing Operation . . . . . . . . . . . . . . . 24 3.8.5. Output Results . . . . . . . . . . . . . . . . . . . 25 4. JSON Web Encryption Examples . . . . . . . . . . . . . . . . 26 4.1. Key Encryption using RSA v1.5 and AES-HMAC-SHA2 . . . . . 26 4.1.1. Input Factors . . . . . . . . . . . . . . . . . . . . 26 4.1.2. Generated Factors . . . . . . . . . . . . . . . . . . 27 4.1.3. Encrypting the Key . . . . . . . . . . . . . . . . . 28 4.1.4. Encrypting the Content . . . . . . . . . . . . . . . 28 4.1.5. Output Results . . . . . . . . . . . . . . . . . . . 29 4.2. Key Encryption using RSA-OAEP with A256GCM . . . . . . . 31 Miller Expires June 7, 2014 [Page 2] Internet-Draft JOSE Cookbook December 2013 4.2.1. Input Factors . . . . . . . . . . . . . . . . . . . . 31 4.2.2. Generated Factors . . . . . . . . . . . . . . . . . . 33 4.2.3. Encrypting the Key . . . . . . . . . . . . . . . . . 33 4.2.4. Encrypting the Content . . . . . . . . . . . . . . . 33 4.2.5. Output Results . . . . . . . . . . . . . . . . . . . 34 4.3. Key Wrap using PBES2-AES-KeyWrap with AES-CBC-HMAC-SHA2 . 36 4.3.1. Input Factors . . . . . . . . . . . . . . . . . . . . 36 4.3.2. Generated Factors . . . . . . . . . . . . . . . . . . 37 4.3.3. Encrypting the Key . . . . . . . . . . . . . . . . . 38 4.3.4. Encrypting the Content . . . . . . . . . . . . . . . 38 4.3.5. Output Results . . . . . . . . . . . . . . . . . . . 39 4.4. Key Agreement with Key Wrapping using ECDH-ES and AES- KeyWrap with AES-GCM . . . . . . . . . . . . . . . . . . 41 4.4.1. Input Factors . . . . . . . . . . . . . . . . . . . . 41 4.4.2. Generated Factors . . . . . . . . . . . . . . . . . . 42 4.4.3. Encrypting the Key . . . . . . . . . . . . . . . . . 42 4.4.4. Encrypting the Content . . . . . . . . . . . . . . . 43 4.4.5. Output Results . . . . . . . . . . . . . . . . . . . 44 4.5. Key Agreement using ECDH-ES with AES-CBC-HMAC-SHA2 . . . 45 4.5.1. Input Factors . . . . . . . . . . . . . . . . . . . . 45 4.5.2. Generated Factors . . . . . . . . . . . . . . . . . . 46 4.5.3. Key Agreement . . . . . . . . . . . . . . . . . . . . 46 4.5.4. Encrypting the Content . . . . . . . . . . . . . . . 47 4.5.5. Output Results . . . . . . . . . . . . . . . . . . . 48 4.6. Direct Encryption using AES-GCM . . . . . . . . . . . . . 49 4.6.1. Input Factors . . . . . . . . . . . . . . . . . . . . 49 4.6.2. Generated Factors . . . . . . . . . . . . . . . . . . 50 4.6.3. Encrypting the Content . . . . . . . . . . . . . . . 50 4.6.4. Output Results . . . . . . . . . . . . . . . . . . . 51 4.7. Key Wrap using AES-GCM KeyWrap with AES-CBC-HMAC-SHA2 . . 52 4.7.1. Input Factors . . . . . . . . . . . . . . . . . . . . 52 4.7.2. Generated Factors . . . . . . . . . . . . . . . . . . 53 4.7.3. Encrypting the Key . . . . . . . . . . . . . . . . . 53 4.7.4. Encrypting the Content . . . . . . . . . . . . . . . 54 4.7.5. Output Results . . . . . . . . . . . . . . . . . . . 55 4.8. Key Wrap using AES-KeyWrap with AES-GCM . . . . . . . . . 56 4.8.1. Input Factors . . . . . . . . . . . . . . . . . . . . 57 4.8.2. Generated Factors . . . . . . . . . . . . . . . . . . 57 4.8.3. Encrypting the Key . . . . . . . . . . . . . . . . . 57 4.8.4. Encrypting the Content . . . . . . . . . . . . . . . 58 4.8.5. Output Results . . . . . . . . . . . . . . . . . . . 59 4.9. Compressed Content . . . . . . . . . . . . . . . . . . . 60 4.9.1. Input Factors . . . . . . . . . . . . . . . . . . . . 60 4.9.2. Generated Factors . . . . . . . . . . . . . . . . . . 60 4.9.3. Encrypting the Key . . . . . . . . . . . . . . . . . 61 4.9.4. Encrypting the Content . . . . . . . . . . . . . . . 61 4.9.5. Output Results . . . . . . . . . . . . . . . . . . . 62 4.10. Including Additional Authenticated Data . . . . . . . . . 63 Miller Expires June 7, 2014 [Page 3] Internet-Draft JOSE Cookbook December 2013 4.10.1. Input Factors . . . . . . . . . . . . . . . . . . . 64 4.10.2. Generated Factors . . . . . . . . . . . . . . . . . 64 4.10.3. Encrypting the Key . . . . . . . . . . . . . . . . . 65 4.10.4. Encrypting the Content . . . . . . . . . . . . . . . 65 4.10.5. Output Results . . . . . . . . . . . . . . . . . . . 66 4.11. Protecting Specific Header Fields . . . . . . . . . . . . 67 4.11.1. Input Factors . . . . . . . . . . . . . . . . . . . 67 4.11.2. Generated Factors . . . . . . . . . . . . . . . . . 68 4.11.3. Encrypting the Key . . . . . . . . . . . . . . . . . 68 4.11.4. Encrypting the Content . . . . . . . . . . . . . . . 68 4.11.5. Output Results . . . . . . . . . . . . . . . . . . . 69 4.12. Protecting Content Only . . . . . . . . . . . . . . . . . 70 4.12.1. Input Factors . . . . . . . . . . . . . . . . . . . 70 4.12.2. Generated Factors . . . . . . . . . . . . . . . . . 71 4.12.3. Encrypting the Key . . . . . . . . . . . . . . . . . 71 4.12.4. Encrypting the Content . . . . . . . . . . . . . . . 71 4.12.5. Output Results . . . . . . . . . . . . . . . . . . . 72 4.13. Encrypting to Multiple Recipients . . . . . . . . . . . . 73 4.13.1. Input Factors . . . . . . . . . . . . . . . . . . . 73 4.13.2. Generated Factors . . . . . . . . . . . . . . . . . 74 4.13.3. Encrypting the Key to the First Recipient . . . . . 74 4.13.4. Encrypting the Key to the Second Recipient . . . . . 75 4.13.5. Encrypting the Key to the Third Recipient . . . . . 76 4.13.6. Encrypting the Content . . . . . . . . . . . . . . . 78 4.13.7. Output Results . . . . . . . . . . . . . . . . . . . 79 5. Security Considerations . . . . . . . . . . . . . . . . . . . 81 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 81 7. Informative References . . . . . . . . . . . . . . . . . . . 81 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 82 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 82 1. Introduction The JavaScript Object Signing and Encryption (JOSE) technologies - JSON Web Key (JWK) [I-D.ietf-jose-json-web-key], JSON Web Signature (JWS) [I-D.ietf-jose-json-web-signature], JSON Web Encryption (JWE) [I-D.ietf-jose-json-web-encryption], and JSON Web Algorithms (JWA) [I-D.ietf-jose-json-web-algorithms] - collectively can be used to protect content in a myriad of ways. The full set of permutations is extremely large, and might be daunting to some. This document provides a number of examples of signing or encrypting content using JOSE. While not exhaustive, it does compile together a representative sample of JOSE features. As much as possible, the same signature payload or encryption plaintext content is used to illustrate differences in various signing and encryption results. Miller Expires June 7, 2014 [Page 4] Internet-Draft JOSE Cookbook December 2013 1.1. Conventions Used in this Document All instances of binary octet strings are represented using [RFC4648] base64url encoding. Wherever possible, the examples include both the Compact and JSON serializations. All of the examples in this document have whitespace added to improve formatting and readability. Except for plaintext or payload content, whitespace is not part of the cryptographic operations. Plaintext or payload content does include whitespace (unless otherwise noted), although line breaks (U+000A LINE FEED) have replaced spaces (U+0020 SPACE) is some cases to improve readability. 2. Terminology This document inherits terminology regarding JSON Web Key (JWK) technology from [I-D.ietf-jose-json-web-key], terminology regarding JSON Web Signature (JWS) technology from [I-D.ietf-jose-json-web-signature], terminology regarding JSON Web Encryption (JWE) technology from [I-D.ietf-jose-json-web-encryption], and terminology regarding algorithms from [I-D.ietf-jose-json-web-algorithms]. 3. JSON Web Signature Examples The following sections demonstrate how to generate various JWS objects. All of the succeeding examples use the following payload plaintext, serialized as UTF-8, with line breaks (U+000A LINE FEED) replacing some " " (U+0020 SPACE) characters to improve formatting: It's a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there's no knowing where you might be swept off to. Figure 1: Payload content plaintext The Payload - with line breaks (U+000A LINE FEED) replaced with " " (U+0020 SPACE) - encoded as [RFC4648] base64url: Miller Expires June 7, 2014 [Page 5] Internet-Draft JOSE Cookbook December 2013 SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91dCB5b3 VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZiB5b3UgZG9u J3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2luZyB3aGVyZSB5b3 UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg Figure 2: Payload content, base64url-encoded 3.1. RSA v1.5 Signature This example illustrates signing content using the "RS256" (RSASSA- PKCS1-v1_5 with SHA-256) algorithm. 3.1.1. Input Factors The following are supplied before beginning the signing operation: o Payload content; this example uses the content from Figure 1, encoded using [RFC4648] base64url to produce Figure 2. o RSA private key; this example uses the key from Figure 3. o "alg" parameter of "RS256". { "kty": "RSA", "kid": "bilbo.baggins@hobbiton.example", "use": "sig", "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rH VTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRB SFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqk HHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD 1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0F Vbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_ qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw", "e": "AQAB", "d": "bWUC9B-EFRIo8kpGfh0ZuyGPvMNKvYWNtB_ikiH9k20eT-O1q_ I78eiZkpXxXQ0UTEs2LsNRS-8uJbvQ-A1irkwMSMkK1J3XTGgd rhCku9gRldY7sNA_AKZGh-Q661_42rINLRCe8W-nZ34ui_qOfk LnK9QWDDqpaIsA-bMwWWSDFu2MUBYwkHTMEzLYGqOe04noqeq1 hExBTHBOBdkMXiuFhUq1BU6l-DqEiWxqg82sXt2h-LMnT3046A OYJoRioz75tSUQfGCshWTBnP5uDjd18kKhyv07lhfSJdrPdM5P lyl21hsFf4L_mHCuoFau7gdsPfHPxxjVOcOpBrQzwQ", "p": "3Slxg_DwTXJcb6095RoXygQCAZ5RnAvZlno1yhHtnUex_fp7AZ _9nRaO7HX_-SFfGQeutao2TDjDAWU4Vupk8rw9JR0AzZ0N2fvu IAmr_WCsmGpeNqQnev1T7IyEsnh8UMt-n5CafhkikzhEsrmndH 6LxOrvRJlsPp6Zv8bUq0k", "q": "uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs 6grT8bR_cu0Dm1MZwWmtdqDyI95HrUeq3MP15vMMON8lHTeZu2 Miller Expires June 7, 2014 [Page 6] Internet-Draft JOSE Cookbook December 2013 lmKvwqW7anV5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxH lSqAZ192zB3pVFJ0s7pFc", "dp": "B8PVvXkvJrj2L-GYQ7v3y9r6Kw5g9SahXBwsWUzp19TVlgI-YV 85q1NIb1rxQtD-IsXXR3-TanevuRPRt5OBOdiMGQp8pbt26glj YfKU_E9xn-RULHz0-ed9E9gXLKD4VGngpz-PfQ_q29pk5xWHoJ p009Qf1HvChixRX59ehik", "dq": "CLDmDGduhylc9o7r84rEUVn7pzQ6PF83Y-iBZx5NT-TpnOZKF1 pErAMVeKzFEl41DlHHqqBLSM0W1sOFbwTxYWZDm6sI6og5iTbw QGIC3gnJKbi_7k_vJgGHwHxgPaX2PnvP-zyEkDERuf-ry4c_Z1 1Cq9AqC2yeL6kdKT1cYF8", "qi": "3PiqvXQN0zwMeE-sBvZgi289XP9XCQF3VWqPzMKnIgQp7_Tugo 6-NZBKCQsMf3HaEGBjTVJs_jcK8-TRXvaKe-7ZMaQj8VfBdYks sbu0NKDDhjJ-GtiseaDVWt7dcH0cfwxgFUHpQh7FoCrjFJ6h6Z EpMF6xmujs4qMpPz8aaI4" } Figure 3: RSA 2048-bit Private Key, in JWK format 3.1.2. Signing Operation The following are generated to complete the signing operation: o Protected JWS Header; this example uses the header from Figure 4, encoded using [RFC4648] base64url to produce Figure 5. { "alg": "RS256", "kid": "bilbo.baggins@hobbiton.example" } Figure 4: Protected JWS Header JSON eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 Figure 5: Protected JWS Header, base64url-encoded Performing the signature operation over the combined protected JWS header (Figure 5) and Payload content (Figure 2) produces the following signature: Miller Expires June 7, 2014 [Page 7] Internet-Draft JOSE Cookbook December 2013 jYc0gEV3V-RogN63dfD39ubQDvRFpqT0pYN2zmDfhxzLEqvWNFmINxPHuBZyNb 8FDgfU7oFPgLMdbzWP8dzebwCAQH1j_MV98HMMoaQweDy8L_6XBy6JjcxGne_o GDyMM-gBm6VyW_xqK03pLEvmUrUlFLAVWuMpkd675wX8lPtiiEmswOqph6aCtA LnBDMTUOlFzPpOb6B6OXctf4AG1cTfzcbyLWIGhGjqnPdqmoHldn-57eRT-G-R -UR_XcxxvQ1b7gYAhh5_367tNnlnhIvv0RNr2UaqtnSG50B3TUVdDuJ0eHmPxW dD6kVwiEIYeHPT4uhaRe2XgbTSx2pTQg Figure 6: Signature, base64url-encoded 3.1.3. Output Results The following compose the resulting JWS object: o Protected JWS header (Figure 4) o Payload content (Figure 2) o Signature (Figure 6) The resulting JWS object using the Compact serialization: eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 . SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91dCB5b3 VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZiB5b3UgZG9u J3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2luZyB3aGVyZSB5b3 UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg . jYc0gEV3V-RogN63dfD39ubQDvRFpqT0pYN2zmDfhxzLEqvWNFmINxPHuBZyNb 8FDgfU7oFPgLMdbzWP8dzebwCAQH1j_MV98HMMoaQweDy8L_6XBy6JjcxGne_o GDyMM-gBm6VyW_xqK03pLEvmUrUlFLAVWuMpkd675wX8lPtiiEmswOqph6aCtA LnBDMTUOlFzPpOb6B6OXctf4AG1cTfzcbyLWIGhGjqnPdqmoHldn-57eRT-G-R -UR_XcxxvQ1b7gYAhh5_367tNnlnhIvv0RNr2UaqtnSG50B3TUVdDuJ0eHmPxW dD6kVwiEIYeHPT4uhaRe2XgbTSx2pTQg Figure 7: Compact Serialization The resulting JWS object using the JSON serialization: { "payload": "SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91d CB5b3VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZi B5b3UgZG9uJ3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2l uZyB3aGVyZSB5b3UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg", "signatures": [ { Miller Expires June 7, 2014 [Page 8] Internet-Draft JOSE Cookbook December 2013 "protected": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iY ml0b24uZXhhbXBsZSJ9", "signature": "jYc0gEV3V-RogN63dfD39ubQDvRFpqT0pYN2zmDfhxzLEqvWNFmIN xPHuBZyNb8FDgfU7oFPgLMdbzWP8dzebwCAQH1j_MV98HMMoaQweD y8L_6XBy6JjcxGne_oGDyMM-gBm6VyW_xqK03pLEvmUrUlFLAVWuM pkd675wX8lPtiiEmswOqph6aCtALnBDMTUOlFzPpOb6B6OXctf4AG 1cTfzcbyLWIGhGjqnPdqmoHldn-57eRT-G-R-UR_XcxxvQ1b7gYAh h5_367tNnlnhIvv0RNr2UaqtnSG50B3TUVdDuJ0eHmPxWdD6kVwiE IYeHPT4uhaRe2XgbTSx2pTQg" } ] } Figure 8: JSON Serialization 3.2. RSA-PSS Signature This example illustrates signing content using the "PS256" (RSASSA- PSS with SHA-256) algorithm. 3.2.1. Input Factors The following are supplied before beginning the signing operation: o Payload content; this example uses the content from Figure 1, encoded using [RFC4648] base64url to produce Figure 2. o RSA private key; this example uses the key from Figure 3. o "alg" parameter of "RS256". 3.2.2. Signing Operation The following are generated to complete the signing operation: o Protected JWS Header; this example uses the header from Figure 9, encoded using [RFC4648] base64url to produce Figure 10. { "alg": "PS384", "kid": "bilbo.baggins@hobbiton.example" } Figure 9: Protected JWS Header JSON Miller Expires June 7, 2014 [Page 9] Internet-Draft JOSE Cookbook December 2013 eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 Figure 10: Protected JWS Header, base64url-encoded Performing the signature operation over the combined protected JWS header (Figure 10) and Payload content (Figure 2) produces the following signature: kmV2DSGzAWL3qq4fZOpOfW1Jn-qFa0OyEOtaL-XiDt_JQVnhurpQlT698iBkiy wXRzcvwyY-UgeTrCDT6kPAZHN3Tj6l_bsPwHt7B1AaphZObG94tYCdyQlwdrCy lBBaDMwwjQuSvL9MP40KLAlV5BGmnps-2rAUK9VL_HmKRcjo2dQ_VRfbaCSmmI -aohWvcdptMyI6kZhHL_zLCOWO5RoY5YWV42u46ZdW-e06QgBZkzdHEmS2Aimx EIy6PamU6FKvRLR3s8tiagdmBEwqiXUoRq5i3VL-XRvGMtk6jUonloTOii-nsU 6jN1AwrFGwe7kd33X6AX9CaMtOJaUZVw Figure 11: Signature, base64url-encoded 3.2.3. Output Results The following compose the resulting JWS object: o Protected JWS header (Figure 10) o Payload content (Figure 2) o Signature (Figure 11) The resulting JWS object using the Compact serialization: eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 . SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91dCB5b3 VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZiB5b3UgZG9u J3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2luZyB3aGVyZSB5b3 UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg . kmV2DSGzAWL3qq4fZOpOfW1Jn-qFa0OyEOtaL-XiDt_JQVnhurpQlT698iBkiy wXRzcvwyY-UgeTrCDT6kPAZHN3Tj6l_bsPwHt7B1AaphZObG94tYCdyQlwdrCy lBBaDMwwjQuSvL9MP40KLAlV5BGmnps-2rAUK9VL_HmKRcjo2dQ_VRfbaCSmmI -aohWvcdptMyI6kZhHL_zLCOWO5RoY5YWV42u46ZdW-e06QgBZkzdHEmS2Aimx EIy6PamU6FKvRLR3s8tiagdmBEwqiXUoRq5i3VL-XRvGMtk6jUonloTOii-nsU 6jN1AwrFGwe7kd33X6AX9CaMtOJaUZVw Figure 12: Compact Serialization The resulting JWS object using the JSON serialization: Miller Expires June 7, 2014 [Page 10] Internet-Draft JOSE Cookbook December 2013 { "payload": "SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91d CB5b3VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZi B5b3UgZG9uJ3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2l uZyB3aGVyZSB5b3UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg", "signatures": [ { "protected": "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iY ml0b24uZXhhbXBsZSJ9", "signature": "kmV2DSGzAWL3qq4fZOpOfW1Jn-qFa0OyEOtaL-XiDt_JQVnhurpQl T698iBkiywXRzcvwyY-UgeTrCDT6kPAZHN3Tj6l_bsPwHt7B1Aaph ZObG94tYCdyQlwdrCylBBaDMwwjQuSvL9MP40KLAlV5BGmnps-2rA UK9VL_HmKRcjo2dQ_VRfbaCSmmI-aohWvcdptMyI6kZhHL_zLCOWO 5RoY5YWV42u46ZdW-e06QgBZkzdHEmS2AimxEIy6PamU6FKvRLR3s 8tiagdmBEwqiXUoRq5i3VL-XRvGMtk6jUonloTOii-nsU6jN1AwrF Gwe7kd33X6AX9CaMtOJaUZVw" } ] } Figure 13: JSON Serialization 3.3. ECDSA Signature This example illustrates signing content using the "ES512" (ECDSA with curve P-521 and SHA-512) algorithm. 3.3.1. Input Factors The following are supplied before beginning the signing operation: o Payload content; this example uses the content from Figure 1, encoded using [RFC4648] base64url to produce Figure 2. o EC private key on the curve P-521; this example uses the key from Figure 14. o "alg" parameter of "ES512" { "kty": "EC", "kid": "bilbo.baggins@hobbiton.example", "use": "sig", "crv": "P-521", "x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJX Miller Expires June 7, 2014 [Page 11] Internet-Draft JOSE Cookbook December 2013 u9A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt", "y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHira VySsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1", "d": "CFE43av1ypdfWGD5GgjpHW1fmnatQBh2akdmgLVc0znoq2xytfrN sqKlCsJb0IZkfdPi5umehMosNgn98Xf-sm0" } Figure 14: Elliptic Curve P-521 Private Key 3.3.2. Signing Operation The following are generated before beginning the signature process: o Protected JWS Header; this example uses the header from Figure 15, encoded using [RFC4648] base64url to produce Figure 16. { "alg": "ES512", "kid": "bilbo.baggins@hobbiton.example" } Figure 15: Protected JWS Header JSON eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 Figure 16: Protected JWS Header, base64url-encoded Performing the signature operation over the combined protected JWS header (Figure 16) and Payload content ({{jws-payload_b64u) produces the following signature: GU4icJRWWqP0nDHX2HqiIZGueMWosZnx-RHjbNkkuJuVtW6ylbiHAHuOIuH9RD dnildrg7VGvnjVK2Jv_47gyLQc8kweURgG5Zg6vauw6TyH7feCxMpfZ8BEqLSL cLa_UUwYNLAFMB3FwQMIgSJJi7u510k1B6Nh-KcNJmViDeD2gA Figure 17: Signature, base64url-encoded 3.3.3. Output Results The following compose the resulting JWS object: o Protected JWS header (Figure 16) o Payload content (Figure 2) o Signature (Figure 17) Miller Expires June 7, 2014 [Page 12] Internet-Draft JOSE Cookbook December 2013 The resulting JWS object using the Compact serialization: eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 . SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91dCB5b3V yIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZiB5b3UgZG9uJ3 Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2luZyB3aGVyZSB5b3Ugb WlnaHQgYmUgc3dlcHQgb2ZmIHRvLg . GU4icJRWWqP0nDHX2HqiIZGueMWosZnx-RHjbNkkuJuVtW6ylbiHAHuOIuH9RD dnildrg7VGvnjVK2Jv_47gyLQc8kweURgG5Zg6vauw6TyH7feCxMpfZ8BEqLSL cLa_UUwYNLAFMB3FwQMIgSJJi7u510k1B6Nh-KcNJmViDeD2gA Figure 18: Compact Serialization The resulting JWS object using the JSON serialization: { "payload": "SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91d CB5b3VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZi B5b3UgZG9uJ3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2l uZyB3aGVyZSB5b3UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg", "signatures": [ { "protected": "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iY ml0b24uZXhhbXBsZSJ9", "signature": "GU4icJRWWqP0nDHX2HqiIZGueMWosZnx-RHjbNkkuJuVtW6ylbiHA HuOIuH9RDdnildrg7VGvnjVK2Jv_47gyLQc8kweURgG5Zg6vauw6T yH7feCxMpfZ8BEqLSLcLa_UUwYNLAFMB3FwQMIgSJJi7u510k1B6N h-KcNJmViDeD2gA" } ] } Figure 19: JSON Serialization 3.4. HMAC-SHA2 Integrity Protection This example illustrates integrity protecting content using the "HS256" (HMAC-SHA-256) algorithm. 3.4.1. Input Factors The following are supplied before beginning the signing operation: Miller Expires June 7, 2014 [Page 13] Internet-Draft JOSE Cookbook December 2013 o Payload content; this example uses the content from Figure 1, encoded using [RFC4648] base64url to produce Figure 2. o AES symmetric key; this example uses the key from Figure 20. o "alg" parameter of "HS256". { "kty": "oct", "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037", "use": "sig", "k": "hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg" } Figure 20: AES 256-bit symmetric key 3.4.2. Signing Operation The following are generated before completing the signing operation: o Protected JWS Header; this example uses the header from Figure 21, encoded using [RFC4648] base64url to produce Figure 22. { "alg": "HS256", "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" } Figure 21: Protected JWS Header JSON eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9 Figure 22: Protected JWS Header, base64url-encoded Performing the signature operation over the combined protected JWS header (Figure 22) and Payload content (Figure 2) produces the following signature: BC8xgQaFNKeZieRI0z7wDzbpRyG_ombR9gDU22IBJEM Figure 23: Signature, base64url-encoded Miller Expires June 7, 2014 [Page 14] Internet-Draft JOSE Cookbook December 2013 3.4.3. Output Results The following compose the resulting JWS object: o Protected JWS header (Figure 22) o Payload content (Figure 2) o Signature (Figure 23) The resulting JWS object using the Compact serialization: eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9 . SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91dCB5b3 VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZiB5b3UgZG9u J3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2luZyB3aGVyZSB5b3 UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg . BC8xgQaFNKeZieRI0z7wDzbpRyG_ombR9gDU22IBJEM Figure 24: Compact Serialization The resulting JWS object using the JSON serialization: { "payload": "SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91d CB5b3VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZi B5b3UgZG9uJ3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2l uZyB3aGVyZSB5b3UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg", "signatures": [ { "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxY i1iZmQ2LWVlZjMxNGJjNzAzNyJ9", "signature": "BC8xgQaFNKeZieRI0z7wDzbpRyG_ombR9gDU22IBJEM" } ] } Figure 25: JSON Serialization 3.5. Detached Signature Miller Expires June 7, 2014 [Page 15] Internet-Draft JOSE Cookbook December 2013 This example illustrates a detached signature. This example is identical others, except the resulting JWS objects do not include the Payload content. Instead, the application is expected to locate it elsewhere. For example, the signature might be in a meta-data section, with the payload being the content. 3.5.1. Input Factors The following are supplied before beginning the signing operation: o Payload content; this example uses the content from Figure 1, encoded using [RFC4648] base64url to produce Figure 2. o Signing key; this example uses the AES symmetric key from Figure 20. o Signing algorithm; this example uses "RS256". 3.5.2. Signing Operation The following are generated before completing the signing operation: o Protected JWS Header; this example uses the header from Figure 26, encoded using [RFC4648] base64url to produce Figure 27. The protected JWS header parameters: { "alg": "HS256", "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" } Figure 26: Protected JWS Header JSON eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9 Figure 27: Protected JWS Header, base64url-encoded Performing the signature operation over the combined protected JWS header (Figure 27) and Payload content (Figure 2) produces the following signature: ns-fxWMR0YjG5KJK5VAVdE9c9zEHL4SlnjJvw2yiRQw Figure 28: Signature, base64url-encoded Miller Expires June 7, 2014 [Page 16] Internet-Draft JOSE Cookbook December 2013 3.5.3. Output Results The following compose the resulting JWS object: o Protected JWS header (Figure 27) o Signature (Figure 28) The resulting JWS object using the Compact serialization: eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9 . . ns-fxWMR0YjG5KJK5VAVdE9c9zEHL4SlnjJvw2yiRQw Figure 29: JSON Serialization The resulting JWS object using the JSON serialization: { "signatures": [ { "protected": "eyJhbGciOiJIUzI1NiJ9", "header": { "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" }, "signature": "LHbXRdr8vWfAWIPsViW2RDE5edTLiChP_6fRTDbwHBM" } ] } Figure 30: JSON Serialization 3.6. Protecting Specific Header Fields This example illustrates a signature where only certain header parameters are protected. Since this example contains both unprotected and protected header parameters, only the JSON serialization is possible. 3.6.1. Input Factors The following are supplied before beginning the signing operation: Miller Expires June 7, 2014 [Page 17] Internet-Draft JOSE Cookbook December 2013 o Payload content; this example uses the content from Figure 1, encoded using [RFC4648] base64url to produce Figure 2. o Signing key; this example uses the AES symmetric key from Figure 20. o Signing algorithm; this example uses "RS256". 3.6.2. Signing Operation The following are generated before completing the signing operation: o Protected JWS Header; this example uses the header from Figure 31, encoded using [RFC4648] base64url to produce Figure 32. o Unprotected JWS Header; this example uses the header from Figure 33. The protected JWS header parameters: { "alg": "HS256" } Figure 31: Protected JWS Header JSON eyJhbGciOiJIUzI1NiJ9 Figure 32: Protected JWS Header, base64url-encoded { "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" } Figure 33: Unprotected JWS Header JSON Performing the signature operation over the combined protected JWS header (Figure 32) and Payload content (Figure 2) produces the following signature: LHbXRdr8vWfAWIPsViW2RDE5edTLiChP_6fRTDbwHBM Figure 34: Signature, base64url-encoded 3.6.3. Output Results The following compose the resulting JWS object: Miller Expires June 7, 2014 [Page 18] Internet-Draft JOSE Cookbook December 2013 o Protected JWS header (Figure 32) o Unprotected JWS header (Figure 33) o Payload content (Figure 2) o Signature (Figure 34) The resulting JWS object using the JSON serialization: { "payload": "SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91d CB5b3VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZi B5b3UgZG9uJ3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2l uZyB3aGVyZSB5b3UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg", "signatures": [ { "protected": "eyJhbGciOiJIUzI1NiJ9", "header": { "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" }, "signature": "LHbXRdr8vWfAWIPsViW2RDE5edTLiChP_6fRTDbwHBM" } ] } Figure 35: JSON Serialization 3.7. Protecting Content Only This example illustrates a signature where none of the header parameters are protected. Since this example contains only unprotected header parameters, only the JSON serialization is possible. 3.7.1. Input Factors The following are supplied before beginning the signing operation: o Payload content; this example uses the content from Figure 1, encoded using [RFC4648] base64url to produce Figure 2. o Signing key; this example uses the AES key from Figure 20. Miller Expires June 7, 2014 [Page 19] Internet-Draft JOSE Cookbook December 2013 o Signing algorithm; this example uses "RS256" 3.7.2. Signing Operation The following are generated before completing the signing operation: o Unprotected JWS Header; this example uses the header from Figure 36. { "alg": "HS256", "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" } Figure 36: Unprotected JWS Header JSON Performing the signature operation over the combined empty string (as there is no protected JWS header) and Payload content (Figure 2) produces the following signature: RDrY7zngV8Mi0agUZpWOyS2WSIziPslf9tQllQYXC08 Figure 37: Signature, base64url-encoded 3.7.3. Output Results The following compose the resulting JWS object: o Unprotected JWS header (Figure 36) o Payload content (Figure 2) o Signature (Figure 37) The resulting JWS object using the JSON serialization: { "payload": "SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91d CB5b3VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZi B5b3UgZG9uJ3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2l uZyB3aGVyZSB5b3UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg", "signatures": [ { "header": { "alg": "HS256", "kid": Miller Expires June 7, 2014 [Page 20] Internet-Draft JOSE Cookbook December 2013 "018c0ae5-4d9b-471b-bfd6-eef314bc7037" }, "signature": "RDrY7zngV8Mi0agUZpWOyS2WSIziPslf9tQllQYXC08" } ] } JSON Serialization 3.8. Multiple Signatures This example illustrates multiple signatures applied to the same payload. Since this example contains more than one signature, only the JSON serialization is possible. 3.8.1. Input Factors The following are supplied before beginning the signing operation: o Payload content; this example uses the content from Figure 1, encoded using [RFC4648] base64url to produce Figure 2. o Signing keys; this example uses the following: * RSA private key from Figure 3 for the first signature * EC private key from Figure 14 for the second signature * AES symmetric key from Figure 20 for the third signature o Signing algorithms; this example uses the following: * "RS256" for the first signature * "ES512" for the second signature * "HS256" for the third signature 3.8.2. First Signing Operation The following are generated before completing the first signing operation: o Protected JWS Header; this example uses the header from Figure 38, encoded using [RFC4648] base64url to produce Figure 39. Miller Expires June 7, 2014 [Page 21] Internet-Draft JOSE Cookbook December 2013 o Unprotected JWS Header; this example uses the header from Figure 40. { "alg": "RS256" } Figure 38: Signature #1 Protected JWS Header JSON eyJhbGciOiJSUzI1NiJ9 Figure 39: Signature #1 Protected JWS Header, base64url-encoded { "kid": "bilbo.baggins@hobbiton.example" } Figure 40: Signature #1 JWS Header JSON Performing the first signature operation over the combined protected JWS header (Figure 39) and the Payload content (Figure 2) produces the following signature: B4yWtHdhlWkVAB7hYEczTe4fNixKRbOV6XnTZ_LMIRabj3WLZe61BgWsaE_tXI LGjS_hxIkY1YluKOOmC80vmGF-0j5T6mGKqcHxApoXbhTls9utFReQgg7OpXNB r9F1-Dn4K1kTEiVWZMJqSEJljrGcznKj3bJTcEQOoZPf16YigOl39Vifani_qY Qr0FLzSd0WTdO7M3b4WRCRYHGZQ9ssZXvFQ2A2C73zDARzKj3YBuUvgzKkTB_H _aoCUH8tOhjE6XU5A6Uil508sldyYo-sYIe9waWWchM4snN_uWCAMecr4WmRIO sb8rz7cRXK9MeH_6w8YntuDtgkCScdxQ Figure 41: Signature #1, base64url-encoded The following is the assembled first signature serialized as JSON: Miller Expires June 7, 2014 [Page 22] Internet-Draft JOSE Cookbook December 2013 { "protected": "eyJhbGciOiJSUzI1NiJ9", "header": { "kid": "bilbo.baggins@hobbiton.example" }, "signature": "B4yWtHdhlWkVAB7hYEczTe4fNixKRbOV6XnTZ_LMIRabj3WLZe61BgWsa E_tXILGjS_hxIkY1YluKOOmC80vmGF-0j5T6mGKqcHxApoXbhTls9utFR eQgg7OpXNBr9F1-Dn4K1kTEiVWZMJqSEJljrGcznKj3bJTcEQOoZPf16Y igOl39Vifani_qYQr0FLzSd0WTdO7M3b4WRCRYHGZQ9ssZXvFQ2A2C73z DARzKj3YBuUvgzKkTB_H_aoCUH8tOhjE6XU5A6Uil508sldyYo-sYIe9w aWWchM4snN_uWCAMecr4WmRIOsb8rz7cRXK9MeH_6w8YntuDtgkCScdxQ" } Figure 42: Signature #1 JSON 3.8.3. Second Signing Operation The following are generated before completing the second signing operation: o Unprotected JWS Header; this example uses the header from Figure 43. { "alg": "ES512", "kid": "bilbo.baggins@hobbiton.example" } Figure 43: Signature #2 JWS Header JSON Performing the second signature operation over the combined empty string (as there is no protected JWS header) and Payload content (Figure 2) produces the following signature: GliCVJY7BmN6pRTLfpWIKBjczIXDJjFlXluppc24eYWPCJCNP8z1YRp9mBn7wq UkU0xPaSzcq-GppxhQTUq27TsORK11Ab3i74DiNmsy_usLDyzlSh2UCW-jF6WA H1jq0fCa32H4zxnTIJV_uwMDyLuuXdwgHLfDoA1hEyUoqeY50A Figure 44: Signature #2, base64url-encoded The following is the assembled second signature serialized as JSON: { "header": { "alg": "ES512", "kid": "bilbo.baggins@hobbiton.example" }, Miller Expires June 7, 2014 [Page 23] Internet-Draft JOSE Cookbook December 2013 "signature": "GliCVJY7BmN6pRTLfpWIKBjczIXDJjFlXluppc24eYWPCJCNP8z1YRp9m Bn7wqUkU0xPaSzcq-GppxhQTUq27TsORK11Ab3i74DiNmsy_usLDyzlSh 2UCW-jF6WAH1jq0fCa32H4zxnTIJV_uwMDyLuuXdwgHLfDoA1hEyUoqeY 50A" } Figure 45: Signature #2 JSON 3.8.4. Third Signing Operation The following are generated before completing the third signing operation: o Protected JWS Header; this example uses the header from Figure 46, encoded using [RFC4648] base64url to produce Figure 47. { "alg": "HS256", "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" } Figure 46: Signature #3 Protected JWS Header JSON eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9 Figure 47: Signature #3 Protected JWS Header, base64url-encoded Performing the third signature operation over the combined protected JWS header (Figure 47) and Payload content (Figure 2) produces the following signature: RDrY7zngV8Mi0agUZpWOyS2WSIziPslf9tQllQYXC08 Figure 48: Signature #3, base64url-encoded The following is the assembled third signature serialized as JSON: { "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZm Q2LWVlZjMxNGJjNzAzNyJ9", "signature": "BC8xgQaFNKeZieRI0z7wDzbpRyG_ombR9gDU22IBJEM" } Figure 49: Signature #3 JSON Miller Expires June 7, 2014 [Page 24] Internet-Draft JOSE Cookbook December 2013 3.8.5. Output Results The following compose the resulting JWS object: o Payload content (Figure 2) o Signature #1 JSON (Figure 42) o Signature #2 JSON (Figure 45) o Signature #3 JSON (Figure 49) The resulting JWS object using the JSON serialization: { "payload": "SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91d CB5b3VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZi B5b3UgZG9uJ3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2l uZyB3aGVyZSB5b3UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg", "signatures": [ { "protected": "eyJhbGciOiJSUzI1NiJ9", "header": { "kid": "bilbo.baggins@hobbiton.example" }, "signature": "B4yWtHdhlWkVAB7hYEczTe4fNixKRbOV6XnTZ_LMIRabj3WLZe61B gWsaE_tXILGjS_hxIkY1YluKOOmC80vmGF-0j5T6mGKqcHxApoXbh Tls9utFReQgg7OpXNBr9F1-Dn4K1kTEiVWZMJqSEJljrGcznKj3bJ TcEQOoZPf16YigOl39Vifani_qYQr0FLzSd0WTdO7M3b4WRCRYHGZ Q9ssZXvFQ2A2C73zDARzKj3YBuUvgzKkTB_H_aoCUH8tOhjE6XU5A 6Uil508sldyYo-sYIe9waWWchM4snN_uWCAMecr4WmRIOsb8rz7cR XK9MeH_6w8YntuDtgkCScdxQ" }, { "header": { "alg": "ES512", "kid": "bilbo.baggins@hobbiton.example" }, "signature": "GliCVJY7BmN6pRTLfpWIKBjczIXDJjFlXluppc24eYWPCJCNP8z1Y Rp9mBn7wqUkU0xPaSzcq-GppxhQTUq27TsORK11Ab3i74DiNmsy_u sLDyzlSh2UCW-jF6WAH1jq0fCa32H4zxnTIJV_uwMDyLuuXdwgHLf DoA1hEyUoqeY50A" }, { "protected": Miller Expires June 7, 2014 [Page 25] Internet-Draft JOSE Cookbook December 2013 "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi 1iZmQ2LWVlZjMxNGJjNzAzNyJ9", "signature": "BC8xgQaFNKeZieRI0z7wDzbpRyG_ombR9gDU22IBJEM" } ] } Figure 50: JSON Serialization 4. JSON Web Encryption Examples The following sections demonstrate how to generate various JWE objects. All of the succeeding examples (unless otherwise noted) use the following plaintext content, serialized as UTF-8, with line breaks (U+000A LINE FEED) replacing some " " (U+0020 SPACE) characters to improve formatting: You can trust us to stick with you through thick and thin--to the bitter end. And you can trust us to keep any secret of yours--closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo. Figure 51: Plaintext content 4.1. Key Encryption using RSA v1.5 and AES-HMAC-SHA2 This example illustrates encrypting content using the "RSA1_5" (RSAES-PKCS1-v1_5) key encryption algorithm and the "A128CBC-HS256" (AES-128-CBC-HMAC-SHA-256) content encryption algorithm. 4.1.1. Input Factors The following are supplied before beginning the encryption process: o Plaintext content; this example uses the content from Figure 51. o RSA public key; this example uses the key from Figure 52. o "alg" parameter of "RSA1_5". o "enc" parameter of "A128CBC-HS256". { "kty": "RSA", Miller Expires June 7, 2014 [Page 26] Internet-Draft JOSE Cookbook December 2013 "kid": "frodo.baggins@hobbiton.example", "use": "enc", "n": "maxhbsmBtdQ3CNrKvprUE6n9lYcregDMLYNeTAWcLj8NnPU9XIYe gTHVHQjxKDSHP2l-F5jS7sppG1wgdAqZyhnWvXhYNvcM7RfgKxqN x_xAHx6f3yy7s-M9PSNCwPC2lh6UAkR4I00EhV9lrypM9Pi4lBUo p9t5fS9W5UNwaAllhrd-osQGPjIeI1deHTwx-ZTHu3C60Pu_LJIl 6hKn9wbwaUmA4cR5Bd2pgbaY7ASgsjCUbtYJaNIHSoHXprUdJZKU MAzV0WOKPfA6OPI4oypBadjvMZ4ZAj3BnXaSYsEZhaueTXvZB4eZ OAjIyh2e_VOIKVMsnDrJYAVotGlvMQ", "e": "AQAB", "d": "Kn9tgoHfiTVi8uPu5b9TnwyHwG5dK6RE0uFdlpCGnJN7ZEi963R7 wybQ1PLAHmpIbNTztfrheoAniRV1NCIqXaW_qS461xiDTp4ntEPn qcKsyO5jMAji7-CL8vhpYYowNFvIesgMoVaPRYMYT9TW63hNM0aW s7USZ_hLg6Oe1mY0vHTI3FucjSM86Nff4oIENt43r2fspgEPGRrd E6fpLc9Oaq-qeP1GFULimrRdndm-P8q8kvN3KHlNAtEgrQAgTTgz 80S-3VD0FgWfgnb1PNmiuPUxO8OpI9KDIfu_acc6fg14nsNaJqXe 6RESvhGPH2afjHqSy_Fd2vpzj85bQQ", "p": "2DwQmZ43FoTnQ8IkUj3BmKRf5Eh2mizZA5xEJ2MinUE3sdTYKSL taEoekX9vbBZuWxHdVhM6UnKCJ_2iNk8Z0ayLYHL0_G21aXf9-un ynEpUsH7HHTklLpYAzOOx1ZgVljoxAdWNn3hiEFrjZLZGS7lOH-a 3QQlDDQoJOJ2VFmU", "q": "te8LY4-W7IyaqH1ExujjMqkTAlTeRbv0VLQnfLY2xINnrWdwiQ93 _VF099aP1ESeLja2nw-6iKIe-qT7mtCPozKfVtUYfz5HrJ_XY2kf exJINb9lhZHMv5p1skZpeIS-GPHCC6gRlKo1q-idn_qxyusfWv7W AxlSVfQfk8d6Et0", "dp": "UfYKcL_or492vVc0PzwLSplbg4L3-Z5wL48mwiswbpzOyIgd2xHT HQmjJpFAIZ8q-zf9RmgJXkDrFs9rkdxPtAsL1WYdeCT5c125Fkdg 317JVRDo1inX7x2Kdh8ERCreW8_4zXItuTl_KiXZNU5lvMQjWbIw 2eTx1lpsflo0rYU", "dq": "iEgcO-QfpepdH8FWd7mUFyrXdnOkXJBCogChY6YKuIHGc_p8Le9M bpFKESzEaLlN1Ehf3B6oGBl5Iz_ayUlZj2IoQZ82znoUrpa9fVYN ot87ACfzIG7q9Mv7RiPAderZi03tkVXAdaBau_9vs5rS-7HMtxkV rxSUvJY14TkXlHE", "qi": "kC-lzZOqoFaZCr5l0tOVtREKoVqaAYhQiqIRGL-MzS4sCmRkxm5v ZlXYx6RtE1n_AagjqajlkjieGlxTTThHD8Iga6foGBMaAr5uR1hG QpSc7Gl7CF1DZkBJMTQN6EshYzZfxW08mIO8M6Rzuh0beL6fG9mk DcIyPrBXx2bQ_mM" } Figure 52: RSA 2048-bit Key, in JWK format (*NOTE*: While the key includes the private parameters, only the public parameters "e" and "n" are necessary for the encryption operation.) 4.1.2. Generated Factors The following are generated before encrypting: Miller Expires June 7, 2014 [Page 27] Internet-Draft JOSE Cookbook December 2013 o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 53 o Initialization vector/nonce; this example uses the initialization vector from Figure 54 vQ6_Pof-pnIBBB_qhAxzuusbc25hFCB1pJuBIN7yMNU Figure 53: Content Encryption Key, base64url-encoded mR-7lneQlGq9vxe_udL4LA Figure 54: Initialization Vector, base64url-encoded 4.1.3. Encrypting the Key Performing the key encryption operation over the CEK (Figure 53) with the RSA key (Figure 52) results in the following encrypted key: IDNYysyXa21oifTY_cy7sB7vAa9oHkE4RZZ78r88TdrGlKWbzltMJw4sJ7xpNo vR8KZDHLeJUwiaQKIjWBFs2Dytdk4gHhVDc2rx9F2vHN2S1vQuC_TYslbSDLHx nnZkH2_ymlJz2saY5RJAjh-9OHCMcTJI-j7hJpMEJmvWt_XrDp9tBby0xyjdwd teAtwyJxD5nyzBUGTsfaCzfqZTF_3BJu2AKyuE10KEMbBo8EJVf1PP1JSS73qy UqEt8oo0OHlYTicOwwwwhyiNshdrA4zQSeC2M0yxzDcQvXswQHQs1bXA8K-KJa B-u6qkDMAwA1tJEch4R58z9WsYKyrhAw Figure 55: Encrypted Key, base64url-encoded 4.1.4. Encrypting the Content The following are generated before encrypting the plaintext: o Protected JWE Header; this example uses the header from Figure 56, encoded using [RFC4648] base64url to produce Figure 57. { "alg": "RSA1_5", "kid": "frodo.baggins@hobbiton.example", "enc": "A128CBC-HS256" } Figure 56: Protected JWE Header JSON eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0 Figure 57: Protected JWE Header, base64url-encoded Miller Expires June 7, 2014 [Page 28] Internet-Draft JOSE Cookbook December 2013 Performing the content encryption operation on the Plaintext (Figure 51) using the following: o CEK (Figure 53); o Initialization vector/nonce (Figure 54); and o Protected JWE header (Figure 56) as authenticated data produces the following: o Ciphertext from Figure 58. o Authentication tag from Figure 59. LecEGK89HoOzWbbh97km04mExBgZp0kO8LMFTJgfTqNjHW5VSPh0QMww7zqSkl a_8ZPoWIzm1Y6xGtKLA9enpRFTrHZxZxTH9eG9P9PjsIC20NsGVweYeYc_l7m2 vyC_E1BzTQ9jb3wS1DxrqSX6YRjJ5mqx8ZX3tJW-wWVZfW8-PSEXb4GlBi22iQ goXfx8yHYfv-lXWlaQ2HjDWl21Mab41aW4ZYKt8maWZiglK4XckGv7-whchA42 VB4pNOQMY7e9BTyvm-DwVSS3Ul2bX3jz9kB--aTLxGtl9sR7z1ZgAyfRqoSs0S op9J35heE89JveLIAjnuXH2ShsF0lW6T4HEYXFh9QsAF4TRdnpRs4 Figure 58: Ciphertext, base64url-encoded 3AIdtJkgAkWuhBdFo8iL8A Figure 59: Authentication Tag, base64url-encoded 4.1.5. Output Results The following compose the resulting JWE object: o Protected JWE header (Figure 57). o Encrypted Key (Figure 55). o Initialization vector/nonce (Figure 54). o Ciphertext (Figure 58). o Authentication Tag (Figure 59). The resulting JWE object using the Compact serialization: eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0 . IDNYysyXa21oifTY_cy7sB7vAa9oHkE4RZZ78r88TdrGlKWbzltMJw4sJ7xpNo Miller Expires June 7, 2014 [Page 29] Internet-Draft JOSE Cookbook December 2013 vR8KZDHLeJUwiaQKIjWBFs2Dytdk4gHhVDc2rx9F2vHN2S1vQuC_TYslbSDLHx nnZkH2_ymlJz2saY5RJAjh-9OHCMcTJI-j7hJpMEJmvWt_XrDp9tBby0xyjdwd teAtwyJxD5nyzBUGTsfaCzfqZTF_3BJu2AKyuE10KEMbBo8EJVf1PP1JSS73qy UqEt8oo0OHlYTicOwwwwhyiNshdrA4zQSeC2M0yxzDcQvXswQHQs1bXA8K-KJa B-u6qkDMAwA1tJEch4R58z9WsYKyrhAw . mR-7lneQlGq9vxe_udL4LA . LecEGK89HoOzWbbh97km04mExBgZp0kO8LMFTJgfTqNjHW5VSPh0QMww7zqSkl a_8ZPoWIzm1Y6xGtKLA9enpRFTrHZxZxTH9eG9P9PjsIC20NsGVweYeYc_l7m2 vyC_E1BzTQ9jb3wS1DxrqSX6YRjJ5mqx8ZX3tJW-wWVZfW8-PSEXb4GlBi22iQ goXfx8yHYfv-lXWlaQ2HjDWl21Mab41aW4ZYKt8maWZiglK4XckGv7-whchA42 VB4pNOQMY7e9BTyvm-DwVSS3Ul2bX3jz9kB--aTLxGtl9sR7z1ZgAyfRqoSs0S op9J35heE89JveLIAjnuXH2ShsF0lW6T4HEYXFh9QsAF4TRdnpRs4 . 3AIdtJkgAkWuhBdFo8iL8A Figure 60: Compact Serialization The resulting JWE object using the JSON serialization: { "recipients": { "encrypted_key": "IDNYysyXa21oifTY_cy7sB7vAa9oHkE4RZZ78r88TdrGlKWbzltMJw4 sJ7xpNovR8KZDHLeJUwiaQKIjWBFs2Dytdk4gHhVDc2rx9F2vHN2S1v QuC_TYslbSDLHxnnZkH2_ymlJz2saY5RJAjh-9OHCMcTJI-j7hJpMEJ mvWt_XrDp9tBby0xyjdwdteAtwyJxD5nyzBUGTsfaCzfqZTF_3BJu2A KyuE10KEMbBo8EJVf1PP1JSS73qyUqEt8oo0OHlYTicOwwwwhyiNshd rA4zQSeC2M0yxzDcQvXswQHQs1bXA8K-KJaB-u6qkDMAwA1tJEch4R5 8z9WsYKyrhAw" }, "protected": "eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpd G9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0", "iv": "mR-7lneQlGq9vxe_udL4LA", "ciphertext": "LecEGK89HoOzWbbh97km04mExBgZp0kO8LMFTJgfTqNjHW5VSPh0QMww7 zqSkla_8ZPoWIzm1Y6xGtKLA9enpRFTrHZxZxTH9eG9P9PjsIC20NsGVw eYeYc_l7m2vyC_E1BzTQ9jb3wS1DxrqSX6YRjJ5mqx8ZX3tJW-wWVZfW8 -PSEXb4GlBi22iQgoXfx8yHYfv-lXWlaQ2HjDWl21Mab41aW4ZYKt8maW ZiglK4XckGv7-whchA42VB4pNOQMY7e9BTyvm-DwVSS3Ul2bX3jz9kB-- aTLxGtl9sR7z1ZgAyfRqoSs0Sop9J35heE89JveLIAjnuXH2ShsF0lW6T 4HEYXFh9QsAF4TRdnpRs4", "tag": "3AIdtJkgAkWuhBdFo8iL8A" } Miller Expires June 7, 2014 [Page 30] Internet-Draft JOSE Cookbook December 2013 Figure 61: JSON Serialization 4.2. Key Encryption using RSA-OAEP with A256GCM This example illustrates encrypting content using the "RSA-OAEP" (RSAES-OAEP) key encryption algorithm and the "A256GCM" (AES-GCM) content encryption algorithm. 4.2.1. Input Factors The following are supplied before beginning the encryption process: o Plaintext content; this example uses the plaintext from Figure 51. o RSA public key; this example uses the key from Figure 62. o "alg" parameter of "RSA-OAEP" o "enc" parameter of "A256GCM" { "kty": "RSA", "kid": "samwise.gamgee@hobbiton.example", "use": "enc", "alg": "RSA-OAEP", "n": "wbdxI55VaanZXPY29Lg5hdmv2XhvqAhoxUkanfzf2-5zVUxa6prH RrI4pP1AhoqJRlZfYtWWd5mmHRG2pAHIlh0ySJ9wi0BioZBl1XP2 e-C-FyXJGcTy0HdKQWlrfhTm42EW7Vv04r4gfao6uxjLGwfpGrZL arohiWCPnkNrg71S2CuNZSQBIPGjXfkmIy2tl_VWgGnL22GplyXj 5YlBLdxXp3XeStsqo571utNfoUTU8E4qdzJ3U1DItoVkPGsMwlmm nJiwA7sXRItBCivR4M5qnZtdw-7v4WuR4779ubDuJ5nalMv2S66- RPcnFAzWSKxtBDnFJJDGIUe7Tzizjg1nms0Xq_yPub_UOlWn0ec8 5FCft1hACpWG8schrOBeNqHBODFskYpUc2LC5JA2TaPF2dA67dg1 TTsC_FupfQ2kNGcE1LgprxKHcVWYQb86B-HozjHZcqtauBzFNV5t bTuB-TpkcvJfNcFLlH3b8mb-H_ox35FjqBSAjLKyoeqfKTpVjvXh d09knwgJf6VKq6UC418_TOljMVfFTWXUxlnfhOOnzW6HSSzD1c9W rCuVzsUMv54szidQ9wf1cYWf3g5qFDxDQKis99gcDaiCAwM3yEBI zuNeeCa5dartHDb1xEB_HcHSeYbghbMjGfasvKn0aZRsnTyC0xhW BlsolZE", "e": "AQAB", "d": "n7fzJc3_WG59VEOBTkayzuSMM780OJQuZjN_KbH8lOZG25ZoA7T4 Bxcc0xQn5oZE5uSCIwg91oCt0JvxPcpmqzaJZg1nirjcWZ-oBtVk 7gCAWq-B3qhfF3izlbkosrzjHajIcY33HBhsy4_WerrXg4MDNE4H Yojy68TcxT2LYQRxUOCf5TtJXvM8olexlSGtVnQnDRutxEUCwiew fmmrfveEogLx9EA-KMgAjTiISXxqIXQhWUQX1G7v_mV_Hr2YuImY cNcHkRvp9E7ook0876DhkO8v4UOZLwA1OlUX98mkoqwc58A_Y2lB YbVx1_s5lpPsEqbbH-nqIjh1fL0gdNfihLxnclWtW7pCztLnImZA yeCWAG7ZIfv-Rn9fLIv9jZ6r7r-MSH9sqbuziHN2grGjD_jfRluM Miller Expires June 7, 2014 [Page 31] Internet-Draft JOSE Cookbook December 2013 Ha0l84fFKl6bcqN1JWxPVhzNZo01yDF-1LiQnqUYSepPf6X3a2SO dkqBRiquE6EvLuSYIDpJq3jDIsgoL8Mo1LoomgiJxUwL_GWEOGu2 8gplyzm-9Q0U0nyhEf1uhSR8aJAQWAiFImWH5W_IQT9I7-yrindr _2fWQ_i1UgMsGzA7aOGzZfPljRy6z-tY_KuBG00-28S_aWvjyUc- Alp8AUyKjBZ-7CWH32fGWK48j1t-zomrwjL_mnhsPbGs0c9WsWgR zI-K8gE", "p": "7_2v3OQZzlPFcHyYfLABQ3XP85Es4hCdwCkbDeltaUXgVy9l9etK ghvM4hRkOvbb01kYVuLFmxIkCDtpi-zLCYAdXKrAK3PtSbtzld_X Z9nlsYa_QZWpXB_IrtFjVfdKUdMz94pHUhFGFj7nr6NNxfpiHSHW FE1zD_AC3mY46J961Y2LRnreVwAGNw53p07Db8yD_92pDa97vqcZ OdgtybH9q6uma-RFNhO1AoiJhYZj69hjmMRXx-x56HO9cnXNbmzN SCFCKnQmn4GQLmRj9sfbZRqL94bbtE4_e0Zrpo8RNo8vxRLqQNwI y85fc6BRgBJomt8QdQvIgPgWCv5HoQ", "q": "zqOHk1P6WN_rHuM7ZF1cXH0x6RuOHq67WuHiSknqQeefGBA9PWs6 ZyKQCO-O6mKXtcgE8_Q_hA2kMRcKOcvHil1hqMCNSXlflM7WPRPZ u2qCDcqssd_uMbP-DqYthH_EzwL9KnYoH7JQFxxmcv5An8oXUtTw k4knKjkIYGRuUwfQTus0w1NfjFAyxOOiAQ37ussIcE6C6ZSsM3n4 1UlbJ7TCqewzVJaPJN5cxjySPZPD3Vp01a9YgAD6a3IIaKJdIxJS 1ImnfPevSJQBE79-EXe2kSwVgOzvt-gsmM29QQ8veHy4uAqca5dZ zMs7hkkHtw1z0jHV90epQJJlXXnH8Q", "dp": "19oDkBh1AXelMIxQFm2zZTqUhAzCIr4xNIGEPNoDt1jK83_FJA-x nx5kA7-1erdHdms_Ef67HsONNv5A60JaR7w8LHnDiBGnjdaUmmuO 8XAxQJ_ia5mxjxNjS6E2yD44USo2JmHvzeeNczq25elqbTPLhUpG o1IZuG72FZQ5gTjXoTXC2-xtCDEUZfaUNh4IeAipfLugbpe0JAFl FfrTDAMUFpC3iXjxqzbEanflwPvj6V9iDSgjj8SozSM0dLtxvu0L IeIQAeEgT_yXcrKGmpKdSO08kLBx8VUjkbv_3Pn20Gyu2YEuwpFl M_H1NikuxJNKFGmnAq9LcnwwT0jvoQ", "dq": "S6p59KrlmzGzaQYQM3o0XfHCGvfqHLYjCO557HYQf72O9kLMCfd_ 1VBEqeD-1jjwELKDjck8kOBl5UvohK1oDfSP1DleAy-cnmL29DqW mhgwM1ip0CCNmkmsmDSlqkUXDi6sAaZuntyukyflI-qSQ3C_BafP yFaKrt1fgdyEwYa08pESKwwWisy7KnmoUvaJ3SaHmohFS78TJ25c fc10wZ9hQNOrIChZlkiOdFCtxDqdmCqNacnhgE3bZQjGp3n83ODS z9zwJcSUvODlXBPc2AycH6Ci5yjbxt4Ppox_5pjm6xnQkiPgj01G psUssMmBN7iHVsrE7N2iznBNCeOUIQ", "qi": "FZhClBMywVVjnuUud-05qd5CYU0dK79akAgy9oX6RX6I3IIIPckC ciRrokxglZn-omAY5CnCe4KdrnjFOT5YUZE7G_Pg44XgCXaarLQf 4hl80oPEf6-jJ5Iy6wPRx7G2e8qLxnh9cOdf-kRqgOS3F48Ucvw3 ma5V6KGMwQqWFeV31XtZ8l5cVI-I3NzBS7qltpUVgz2Ju021eyc7 IlqgzR98qKONl27DuEES0aK0WE97jnsyO27Yp88Wa2RiBrEocM89 QZI1seJiGDizHRUP4UZxw9zsXww46wy0P6f9grnYp7t8LkyDDk8e oI4KX6SNMNVcyVS9IWjlq8EzqZEKIA" } Figure 62: RSA 4096-bit Key (*NOTE*: While the key includes the private parameters, only the public parameters "e" and "n" are necessary for the encryption operation.) Miller Expires June 7, 2014 [Page 32] Internet-Draft JOSE Cookbook December 2013 4.2.2. Generated Factors The following are generated before encrypting: o AES symmetric key as the Content Encryption CEK (CEK); this example uses the key from Figure 63. o Initialization vector/nonce; this example uses the initialization vector/nonce from Figure 64. 09EnDWfdf6KCP09QbQQdhhoyFE5GoGAjdShgLGLol8k Figure 63: Content Encryption Key, base64url-encoded MKccO3TLKaMB67zj Figure 64: Initialization Vector, base64url-encoded 4.2.3. Encrypting the Key Performing the key encryption operation over the CEK (Figure 63)) with the RSA key (Figure 62) produces the following encrypted key: WaQnEArx6u7NRlv6o08qNgsMpo-UFVXs_ALqEbAhQJVOXMyNqacRhYoujIOFlt i0u_ofz6Yh93Pu83iTZYIGk0fFD4C62-kSiX5Enl-UyORiMca925XxPItbOE6v 8sbzwzTBC-rzPXN9qrfPvKCdrlWbJv6oQAUbtreKpG8yD17YYyKw9qedx7BrSc 9TCvNH8ahrC93O1Qp_rZIPdkt92A8yhAje_cxMMaMHZ4YmlN_u05120iJhp6bg 5S_zPlpqmd5-BrpUIGmH0hwuBk2Z5Djbm47YlosNZUWIB69JBFazaDhGGRhsfM eceRRhhGaG94gP2uZS42h1fZjYDH9zNxvXXHJ-4zqj8sM-LHLH16uDTVkvYaUw ZPTUAj55fBKBs-o8o7rLCce8AWXEDBuqm-8rTnakLss5_Hc7l61RC8K4IJWnWB zGLFlM1jRApbEwA5HZO61ku45WLGC64NLDdnyGahFxW9EikKXcE21Jc716oRfF EeiOXaZGtJhYTjsuPr5IYJr8fWX_NC1y1xqYW1JnfLKklIemtznHTXvq7de6Vx eSucwBklB24oafBFSeMEGBqKFQPhCBaAqCdJL1NkMhA9D6gqJkjluT1Aj0_Dq8 ikwSP2dG3grGlrl6EtTuhA-j_ArrqLzvSoJU51Nu_1k3usrvgIWLZ89i8Zt05S A Figure 65: Encrypted Key, base64url-encoded 4.2.4. Encrypting the Content The following are generated before encrypting the plaintext: o Protected JWE Header; this example uses the the header from Figure 66, encoded using [RFC4648] base64url to produce Figure 67. { "alg": "RSA-OAEP", "kid": "samwise.gamgee@hobbiton.example", Miller Expires June 7, 2014 [Page 33] Internet-Draft JOSE Cookbook December 2013 "enc": "A256GCM" } Figure 66: Protected JWE Header JSON eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG 9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0 Figure 67: Protected JWE Header, base64url-encoded Performing the content encryption operation over the Plaintext (Figure 51) with the following: o CEK (Figure 63); o Initialization vector/nonce (Figure 64); and o Protected JWE Header (Figure 67) as authenticated data produces the following: o Ciphertext from Figure 68. o Authentication tag from Figure 69. dLMYOKvvtY8Adfc8Tg4lSKElvvzBi2MJcSKDssll-jj0S_NIjI3P956z_qhZgJ 3bVLTVPr1p8JcThDcqTZtrA4ShYpyyTrBnEzOOyyzv4h6WWiuoCJTfI1Gxzm-J PJNdPYifgOS0E5RKk5L64yDtotBP9AMTZZ4WjatyAlRcgD5hVhP2HrqIVG0j1S b5g5tz4fi5vmSwIhGOeOxwgLvuryjn-8ECi_5LkdUiC3wQP53pZRtqmwmACyq_ uXvTpbUWSGna1LKaup-UC1PkOUGvHFa83WgkarkJbSkA0ZoVtebBJ_XvwNlfe1 VRDk8hxh0AmPvvsMiantgQ4oE6LCjOWKj6C4UNSWgla8zhousjSQ Figure 68: Ciphertext, base64url-encoded vCmVSWBtadRAKUhtizP5tw Figure 69: Authentication Tag, base64url-encoded 4.2.5. Output Results The following compose the resulting JWE object: o Protected JWE header (Figure 67) o Encrypted key (Figure 65) o Initialization vector/nonce (Figure 64) Miller Expires June 7, 2014 [Page 34] Internet-Draft JOSE Cookbook December 2013 o Ciphertext (Figure 68) o Authentication tag (Figure 69) The resulting JWE object using the Compact serialization: eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG 9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0 . WaQnEArx6u7NRlv6o08qNgsMpo-UFVXs_ALqEbAhQJVOXMyNqacRhYoujIOFlt i0u_ofz6Yh93Pu83iTZYIGk0fFD4C62-kSiX5Enl-UyORiMca925XxPItbOE6v 8sbzwzTBC-rzPXN9qrfPvKCdrlWbJv6oQAUbtreKpG8yD17YYyKw9qedx7BrSc 9TCvNH8ahrC93O1Qp_rZIPdkt92A8yhAje_cxMMaMHZ4YmlN_u05120iJhp6bg 5S_zPlpqmd5-BrpUIGmH0hwuBk2Z5Djbm47YlosNZUWIB69JBFazaDhGGRhsfM eceRRhhGaG94gP2uZS42h1fZjYDH9zNxvXXHJ-4zqj8sM-LHLH16uDTVkvYaUw ZPTUAj55fBKBs-o8o7rLCce8AWXEDBuqm-8rTnakLss5_Hc7l61RC8K4IJWnWB zGLFlM1jRApbEwA5HZO61ku45WLGC64NLDdnyGahFxW9EikKXcE21Jc716oRfF EeiOXaZGtJhYTjsuPr5IYJr8fWX_NC1y1xqYW1JnfLKklIemtznHTXvq7de6Vx eSucwBklB24oafBFSeMEGBqKFQPhCBaAqCdJL1NkMhA9D6gqJkjluT1Aj0_Dq8 ikwSP2dG3grGlrl6EtTuhA-j_ArrqLzvSoJU51Nu_1k3usrvgIWLZ89i8Zt05S A . MKccO3TLKaMB67zj . dLMYOKvvtY8Adfc8Tg4lSKElvvzBi2MJcSKDssll-jj0S_NIjI3P956z_qhZgJ 3bVLTVPr1p8JcThDcqTZtrA4ShYpyyTrBnEzOOyyzv4h6WWiuoCJTfI1Gxzm-J PJNdPYifgOS0E5RKk5L64yDtotBP9AMTZZ4WjatyAlRcgD5hVhP2HrqIVG0j1S b5g5tz4fi5vmSwIhGOeOxwgLvuryjn-8ECi_5LkdUiC3wQP53pZRtqmwmACyq_ uXvTpbUWSGna1LKaup-UC1PkOUGvHFa83WgkarkJbSkA0ZoVtebBJ_XvwNlfe1 VRDk8hxh0AmPvvsMiantgQ4oE6LCjOWKj6C4UNSWgla8zhousjSQ . vCmVSWBtadRAKUhtizP5tw Figure 70: Compact Serialization The resulting JWE object using the JSON serialization: { "recipients": [ { "encrypted_key": "WaQnEArx6u7NRlv6o08qNgsMpo-UFVXs_ALqEbAhQJVOXMyNqacRh YoujIOFlti0u_ofz6Yh93Pu83iTZYIGk0fFD4C62-kSiX5Enl-UyO RiMca925XxPItbOE6v8sbzwzTBC-rzPXN9qrfPvKCdrlWbJv6oQAU btreKpG8yD17YYyKw9qedx7BrSc9TCvNH8ahrC93O1Qp_rZIPdkt9 2A8yhAje_cxMMaMHZ4YmlN_u05120iJhp6bg5S_zPlpqmd5-BrpUI GmH0hwuBk2Z5Djbm47YlosNZUWIB69JBFazaDhGGRhsfMeceRRhhG aG94gP2uZS42h1fZjYDH9zNxvXXHJ-4zqj8sM-LHLH16uDTVkvYaU Miller Expires June 7, 2014 [Page 35] Internet-Draft JOSE Cookbook December 2013 wZPTUAj55fBKBs-o8o7rLCce8AWXEDBuqm-8rTnakLss5_Hc7l61R C8K4IJWnWBzGLFlM1jRApbEwA5HZO61ku45WLGC64NLDdnyGahFxW 9EikKXcE21Jc716oRfFEeiOXaZGtJhYTjsuPr5IYJr8fWX_NC1y1x qYW1JnfLKklIemtznHTXvq7de6VxeSucwBklB24oafBFSeMEGBqKF QPhCBaAqCdJL1NkMhA9D6gqJkjluT1Aj0_Dq8ikwSP2dG3grGlrl6 EtTuhA-j_ArrqLzvSoJU51Nu_1k3usrvgIWLZ89i8Zt05SA" } ], "protected": "eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvY mJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0", "iv": "MKccO3TLKaMB67zj", "ciphertext": "dLMYOKvvtY8Adfc8Tg4lSKElvvzBi2MJcSKDssll-jj0S_NIjI3P956z_ qhZgJ3bVLTVPr1p8JcThDcqTZtrA4ShYpyyTrBnEzOOyyzv4h6WWiuoCJ TfI1Gxzm-JPJNdPYifgOS0E5RKk5L64yDtotBP9AMTZZ4WjatyAlRcgD5 hVhP2HrqIVG0j1Sb5g5tz4fi5vmSwIhGOeOxwgLvuryjn-8ECi_5LkdUi C3wQP53pZRtqmwmACyq_uXvTpbUWSGna1LKaup-UC1PkOUGvHFa83Wgka rkJbSkA0ZoVtebBJ_XvwNlfe1VRDk8hxh0AmPvvsMiantgQ4oE6LCjOWK j6C4UNSWgla8zhousjSQ", "tag": "vCmVSWBtadRAKUhtizP5tw" } Figure 71: JSON Serialization 4.3. Key Wrap using PBES2-AES-KeyWrap with AES-CBC-HMAC-SHA2 The example illustrates encrypting content using the "PBES2-HS512+A256KW" (PBES2 Password-based Encryption using HMAC- SHA-512 and AES-256-KeyWrap) key encryption algorithm with the "A128CBC-HS256" (AES-128-CBC-HMAC-SHA-256) content encryption algorithm. 4.3.1. Input Factors The following are supplied before beginning the encryption process: o Plaintext content; this example uses the plaintext from Figure 72 (*NOTE* all whitespace added for readability) o Password; this example uses the password from Figure 73 o "alg" parameter of "PBES2-HS512+A256KW" o "enc" parameter of "A128CBC-HS256" Miller Expires June 7, 2014 [Page 36] Internet-Draft JOSE Cookbook December 2013 { "keys": [ { "kty": "oct", "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a", "use": "enc", "alg": "A128GCM", "k": "XctOhJAkA-pD9Lh7ZgW_2A" }, { "kty": "oct", "kid": "81b20965-8332-43d9-a468-82160ad91ac8", "use": "enc", "alg": "A128KW", "k": "GZy6sIZ6wl9NJOKB-jnmVQ" }, { "kty": "oct", "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d", "use": "enc", "alg": "A256GCMKW", "k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8" } ] } Figure 72: Plaintext Content entrap_o_peter_long_credit_tun Figure 73: Password 4.3.2. Generated Factors The following are generated before encrypting: o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 74. o Initialization vector/nonce; this example uses the initialization vector/nonce from Figure 75. LbIgtUgy3OYW-gpNaXZro-2naGkhnyw9NnXDrijI4EI Figure 74: Content Encryption Key, base64url-encoded Miller Expires June 7, 2014 [Page 37] Internet-Draft JOSE Cookbook December 2013 HnJqms6_fz9N6mpsML9NHA Figure 75: Initialization Vector, base64url-encoded 4.3.3. Encrypting the Key The following are generated before encrypting the CEK: o Salt; this example uses the salt from Figure 76. o Iteration count; this example uses the interaction count 8192. 8Q1SzinasR3xchYz6ZZcHA Figure 76: Salt, base64url-encoded Performing the key encryption operation over the CEK (Figure 74)) with the following: o Password (Figure 73; o Salt (Figure 76), encoded as an octet string; and o Iteration count (8192) produces the following encrypted key: WY1x1MsMrbQogWOeXDasyESSjYi-3iS4p8UjlWMwNJOS0j7_KFQE0w Figure 77: Encrypted Key, base64url-encoded 4.3.4. Encrypting the Content The following are generated before encrypting the content: o Protected JWE Header; this example uses the header from Figure 78, encoded using [RFC4648] base64url to produce Figure 79. { "p2s": "8Q1SzinasR3xchYz6ZZcHA", "p2c": 8192, "alg": "PBES2-HS256+A128KW", "cty": "JWK-SET+JSON", "enc": "A128CBC-HS256" } Figure 78: Protected JWE Header JSON Miller Expires June 7, 2014 [Page 38] Internet-Draft JOSE Cookbook December 2013 eyJwMnMiOiI4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJhbG ciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJKV0stU0VUK0pTT04iLCJl bmMiOiJBMTI4Q0JDLUhTMjU2In0 Figure 79: Protected JWE Header, base64url-encoded Performing the content encryption operation over the Plaintext (Figure 72) with the the following: o CEK (Figure 74); o Initialization vector/nonce (Figure 75); and o Protected JWE header (Figure 79) as authenticated data produces the following: o Ciphertext from Figure 80. o Authentication tag from Figure 81. B39o2LfmeYhS_FiszP560P1VkHWNS6vukmQrUL2DdoQgzwz8debUcWgo1A9JXE BUk4rr4ALHcn8wA1yRuzWOUlpk0LNBmBfrvdRpgItUQiknWa5U1KY_PqWIZKpJ J-Gq0QTaBTsfnffUbk3BD7eillUdg3poI7EFHLsE7GN3nyuJKaCCdIkFngEekt jM2WMUPPMuXracPftXsxJDPnUAwtCAEsShnHozPEUpMIIgWnnlM8dlofYaDewX WySoYn321leWpLGCZVaJIEEgAttFH2iZpbb3MNV1UifDMgMCUS-Xbq4ohDcgu3 dv9xWg81PNib-GyXoFU93HN9HEblg8iZ6CfKVZ_KKvNS1oCVaoMKqPIf6Jgo-i G4S_bblOma9esofjwIp-RU9h3fpx-taoMRvjb2pLEm1FQrYXkx5i3hfN0ESsHR BW1WyCWnVK8M7mHJUHQqBL0FWZMKjpgWa00uZOnpZteZO4eyQKYSsBgyMRSuhF 6tceKFfxIWtclIno Figure 80: Ciphertext, base64url-encoded YLeY6UpSeM3dUNqg5lEu0Q Figure 81: Authentication Tag, base64url-encoded 4.3.5. Output Results The following compose the resulting JWE object: o Protected JWE header (Figure 79) o Encrypted key (Figure 77) o Initialization vector/nonce (Figure 75) o Ciphertext (Figure 80) Miller Expires June 7, 2014 [Page 39] Internet-Draft JOSE Cookbook December 2013 o Authentication tag (Figure 81) The resulting JWE object using the Compact serialization: eyJwMnMiOiI4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJhbG ciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJKV0stU0VUK0pTT04iLCJl bmMiOiJBMTI4Q0JDLUhTMjU2In0 . WY1x1MsMrbQogWOeXDasyESSjYi-3iS4p8UjlWMwNJOS0j7_KFQE0w . HnJqms6_fz9N6mpsML9NHA . B39o2LfmeYhS_FiszP560P1VkHWNS6vukmQrUL2DdoQgzwz8debUcWgo1A9JXE BUk4rr4ALHcn8wA1yRuzWOUlpk0LNBmBfrvdRpgItUQiknWa5U1KY_PqWIZKpJ J-Gq0QTaBTsfnffUbk3BD7eillUdg3poI7EFHLsE7GN3nyuJKaCCdIkFngEekt jM2WMUPPMuXracPftXsxJDPnUAwtCAEsShnHozPEUpMIIgWnnlM8dlofYaDewX WySoYn321leWpLGCZVaJIEEgAttFH2iZpbb3MNV1UifDMgMCUS-Xbq4ohDcgu3 dv9xWg81PNib-GyXoFU93HN9HEblg8iZ6CfKVZ_KKvNS1oCVaoMKqPIf6Jgo-i G4S_bblOma9esofjwIp-RU9h3fpx-taoMRvjb2pLEm1FQrYXkx5i3hfN0ESsHR BW1WyCWnVK8M7mHJUHQqBL0FWZMKjpgWa00uZOnpZteZO4eyQKYSsBgyMRSuhF 6tceKFfxIWtclIno . YLeY6UpSeM3dUNqg5lEu0Q Figure 82: Compact Serialization The resulting JWE object using the JSON serialization: { "recipients": [ { "encrypted_key": "WY1x1MsMrbQogWOeXDasyESSjYi-3iS4p8UjlWMwNJOS0j7_KFQE0 w" } ], "protected": "eyJwMnMiOiI4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyL CJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJKV0stU0VUK0 pTT04iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0", "iv": "HnJqms6_fz9N6mpsML9NHA", "ciphertext": "B39o2LfmeYhS_FiszP560P1VkHWNS6vukmQrUL2DdoQgzwz8debUcWgo1 A9JXEBUk4rr4ALHcn8wA1yRuzWOUlpk0LNBmBfrvdRpgItUQiknWa5U1K Y_PqWIZKpJJ-Gq0QTaBTsfnffUbk3BD7eillUdg3poI7EFHLsE7GN3nyu JKaCCdIkFngEektjM2WMUPPMuXracPftXsxJDPnUAwtCAEsShnHozPEUp MIIgWnnlM8dlofYaDewXWySoYn321leWpLGCZVaJIEEgAttFH2iZpbb3M Miller Expires June 7, 2014 [Page 40] Internet-Draft JOSE Cookbook December 2013 NV1UifDMgMCUS-Xbq4ohDcgu3dv9xWg81PNib-GyXoFU93HN9HEblg8iZ 6CfKVZ_KKvNS1oCVaoMKqPIf6Jgo-iG4S_bblOma9esofjwIp-RU9h3fp x-taoMRvjb2pLEm1FQrYXkx5i3hfN0ESsHRBW1WyCWnVK8M7mHJUHQqBL 0FWZMKjpgWa00uZOnpZteZO4eyQKYSsBgyMRSuhF6tceKFfxIWtclIno", "tag": "YLeY6UpSeM3dUNqg5lEu0Q" } Figure 83: JSON Serialization 4.4. Key Agreement with Key Wrapping using ECDH-ES and AES-KeyWrap with AES-GCM This example illustrates encrypting content using the "ECDH- ES+A128KW" (Elliptic Curve Diffie-Hellman Ephemeral-Static with AES-128-KeyWrap) key encryption algorithm and the "A128GCM" (AES-GCM) content encryption algorithm. 4.4.1. Input Factors The following are supplied before beginning the encryption process: o Plaintext content; this example uses the content from Figure 51 o EC public key; this example uses the public key from Figure 84 o "alg" parameter of "ECDH-ES+A128KW" o "enc" parameter of "A128GCM" { "kty": "EC", "kid": "peregrin.took@tuckborough.example", "use": "enc", "crv": "P-384", "x": "YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGa QLpe2FpxBmu2", "y": "A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D 5-SkgaFL1ETP", "d": "iTx2pk7wW-GqJkHcEkFQb2EFyYcO7RugmaW3mRrQVAOUiPommT0I dnYK2xDlZh-j" } Figure 84: Elliptic Curve P-384 Key, in JWK format (*NOTE*: While the key includes the private parameters, only the public parameters "crv", "x", and "y" are necessary for the encryption operation.) Miller Expires June 7, 2014 [Page 41] Internet-Draft JOSE Cookbook December 2013 4.4.2. Generated Factors The following are generated before encrypting: o Symmetric AES key as the Content Encryption Key (CEK); this example uses the key from Figure 85. o Initialization vector/nonce; this example uses the initialization vector/nonce from Figure 86 C3eS2iNXmSTA7W8tBpjs3w Figure 85: Content Encryption Key, base64url-encoded ubzqaTluloMJR8Ec Figure 86: Initialization Vector, base64url-encoded 4.4.3. Encrypting the Key To encrypt the Content Encryption Key, the following are generated: o Ephemeral EC private key on the same curve as the EC public key; this example uses the private key that matches the public key from Figure 87. { "kty": "EC", "crv": "P-384", "x": "qMz7Lgb3Bc1GNuVn4ZSxLDeDpihGWRwqA2fA1-2IJwDQtKMdpKY0 XjNqBbjigcL-", "y": "Ygt6Bc_o29f-DJ_5O3YCMoX2tXXz1ysj9MFRnucByIQoR0y3SVmq BBwQISq9grWe" } Figure 87: Ephemeral Elliptic Curve P-384 Key, in JWK format Performing the key encryption operation over the CEK (Figure 85) with the following: o The static Elliptic Curve public key (Figure 84); and o The ephemeral Elliptic Curve private key (Figure 87); produces the following JWE encrypted key: Miller Expires June 7, 2014 [Page 42] Internet-Draft JOSE Cookbook December 2013 zPCB2OMxJSGs6zA7zIYO2cUE4Yz5p7TY Figure 88: Encrypted Key, base64url-encoded 4.4.4. Encrypting the Content The following are generated before encrypting the content: o Protected JWE header; this example uses the header from Figure 89, encoded to [RFC4648] base64url as Figure 90. { "alg": "ECDH-ES+A128KW", "kid": "peregrin.took@tuckborough.example", "epk": { "kty": "EC", "crv": "P-384", "x": "qMz7Lgb3Bc1GNuVn4ZSxLDeDpihGWRwqA2fA1-2IJwDQtKMdpK Y0XjNqBbjigcL-", "y": "Ygt6Bc_o29f-DJ_5O3YCMoX2tXXz1ysj9MFRnucByIQoR0y3SV mqBBwQISq9grWe" }, "enc": "A128GCM" } Figure 89: Protected JWE Header JSON eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdH Vja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAt Mzg0IiwieCI6InFNejdMZ2IzQmMxR051Vm40WlN4TERlRHBpaEdXUndxQTJmQT EtMklKd0RRdEtNZHBLWTBYak5xQmJqaWdjTC0iLCJ5IjoiWWd0NkJjX28yOWYt REpfNU8zWUNNb1gydFhYejF5c2o5TUZSbnVjQnlJUW9SMHkzU1ZtcUJCd1FJU3 E5Z3JXZSJ9LCJlbmMiOiJBMTI4R0NNIn0 Figure 90: Protected JWE Header, base64url-encoded Performing the content encryption operation on the Plaintext (Figure 51) using the following: o CEK (Figure 85); o Initialization vector/nonce (Figure 86); and o Protected JWE header (Figure 90) as authenticated data produces the following: o Ciphertext from Figure 91. Miller Expires June 7, 2014 [Page 43] Internet-Draft JOSE Cookbook December 2013 o Authentication tag from Figure 92. zQVvyDdwBRvUVkPxQCHD0YtCihhKu462TdE4s4U8VDsCEvJ2t24YRChqKa-xC2 Ai-l1AvpPIYpwWYgwk3r9QBDTXsHbyn7FVhoVes0YAMthhmnLgbgf0_TQqG9PK vFOki83X3aZ2PIHGcjSifIT6OQqxXE9YhdXwD0bXpkXUlq-JlnQ3pssAqQLpUV _-4Ne6lZj4gFLunBEDGVcfhLiviyAF2BjlJG7mhToPq57d2Q99N10WfPmXVQ38 htg8thQ2qcenxi5Axd2PJXNjDsDroleU-ObLE3Bb8IJ1a04LzqB4Xmp_wgbwHC VR-bqTKgth3h_NoDLqCxQ0QcG9E78i36iPJuLAzVgS0ChHzo5ULw Figure 91: Ciphertext, base64url-encoded 5cJTRUT3kQRrw_UGwtMtDQ Figure 92: Authentication Tag, base64url-encoded 4.4.5. Output Results The following compose the resulting JWE object: o Protected JWE header (Figure 90) o Encrypted key (Figure 88) o Initialization vector/nonce (Figure 86) o Ciphertext (Figure 91) o Authentication tag (Figure 92) The resulting JWE object using the Compact serialization: eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdH Vja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAt Mzg0IiwieCI6InFNejdMZ2IzQmMxR051Vm40WlN4TERlRHBpaEdXUndxQTJmQT EtMklKd0RRdEtNZHBLWTBYak5xQmJqaWdjTC0iLCJ5IjoiWWd0NkJjX28yOWYt REpfNU8zWUNNb1gydFhYejF5c2o5TUZSbnVjQnlJUW9SMHkzU1ZtcUJCd1FJU3 E5Z3JXZSJ9LCJlbmMiOiJBMTI4R0NNIn0 . zPCB2OMxJSGs6zA7zIYO2cUE4Yz5p7TY . ubzqaTluloMJR8Ec . zQVvyDdwBRvUVkPxQCHD0YtCihhKu462TdE4s4U8VDsCEvJ2t24YRChqKa-xC2 Ai-l1AvpPIYpwWYgwk3r9QBDTXsHbyn7FVhoVes0YAMthhmnLgbgf0_TQqG9PK vFOki83X3aZ2PIHGcjSifIT6OQqxXE9YhdXwD0bXpkXUlq-JlnQ3pssAqQLpUV _-4Ne6lZj4gFLunBEDGVcfhLiviyAF2BjlJG7mhToPq57d2Q99N10WfPmXVQ38 htg8thQ2qcenxi5Axd2PJXNjDsDroleU-ObLE3Bb8IJ1a04LzqB4Xmp_wgbwHC VR-bqTKgth3h_NoDLqCxQ0QcG9E78i36iPJuLAzVgS0ChHzo5ULw Miller Expires June 7, 2014 [Page 44] Internet-Draft JOSE Cookbook December 2013 . 5cJTRUT3kQRrw_UGwtMtDQ Figure 93: Compact Serialization The resulting JWE object using the JSON serialization: { "recipients": [ { "encrypted_key": "zPCB2OMxJSGs6zA7zIYO2cUE4Yz5p7TY" } ], "protected": "eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb 2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsIm NydiI6IlAtMzg0IiwieCI6InFNejdMZ2IzQmMxR051Vm40WlN4TERlRHB paEdXUndxQTJmQTEtMklKd0RRdEtNZHBLWTBYak5xQmJqaWdjTC0iLCJ5 IjoiWWd0NkJjX28yOWYtREpfNU8zWUNNb1gydFhYejF5c2o5TUZSbnVjQ nlJUW9SMHkzU1ZtcUJCd1FJU3E5Z3JXZSJ9LCJlbmMiOiJBMTI4R0NNIn 0", "iv": "ubzqaTluloMJR8Ec", "ciphertext": "zQVvyDdwBRvUVkPxQCHD0YtCihhKu462TdE4s4U8VDsCEvJ2t24YRChqK a-xC2Ai-l1AvpPIYpwWYgwk3r9QBDTXsHbyn7FVhoVes0YAMthhmnLgbg f0_TQqG9PKvFOki83X3aZ2PIHGcjSifIT6OQqxXE9YhdXwD0bXpkXUlq- JlnQ3pssAqQLpUV_-4Ne6lZj4gFLunBEDGVcfhLiviyAF2BjlJG7mhToP q57d2Q99N10WfPmXVQ38htg8thQ2qcenxi5Axd2PJXNjDsDroleU-ObLE 3Bb8IJ1a04LzqB4Xmp_wgbwHCVR-bqTKgth3h_NoDLqCxQ0QcG9E78i36 iPJuLAzVgS0ChHzo5ULw", "tag": "5cJTRUT3kQRrw_UGwtMtDQ" } Figure 94: JSON Serialization 4.5. Key Agreement using ECDH-ES with AES-CBC-HMAC-SHA2 This example illustrates encrypting content using the "ECDH-ES" (Elliptic Curve Diffie-Hellman Ephemeral-Static) key agreement algorithm and the "A128CBC-HS256" (AES-128-CBC-HMAC-SHA-256) content encryption algorithm. 4.5.1. Input Factors The following are supplied before beginning the encryption process: Miller Expires June 7, 2014 [Page 45] Internet-Draft JOSE Cookbook December 2013 o Plaintext content; this example uses the content from Figure 51. o EC public key; this example uses the public key from Figure 95. o "alg" parameter of "ECDH-ES" o "enc" parameter of "A128CBC-HS256" { "kty": "EC", "kid": "meriadoc.brandybuck@buckland.example", "use": "enc", "crv": "P-256", "x": "XnXXKEsaUU4hPZza_zSHIbt02UA505B1rDWc7JNlcDE", "y": "Md5NqzfiXCytoaMglA-9MstvgOBdMSroXA2Hb6vR6dQ", "d": "44eY-VRWsn1zdz3VaWS6idEpOGt1ErydBARq7Iyh9pY" } Figure 95: Elliptic Curve P-256 Key (*NOTE*: While the key includes the private parameters, only the public parameters "crv", "x", and "y" are necessary for the encryption operation.) 4.5.2. Generated Factors The following are generated before encrypting: o Initialization vector/nonce; this examples uses the initialization vector/nonce from Figure 96. BMbSNYW2uC7RX3xql1gbQw Figure 96: Initialization Vector, base64url-encoded *NOTE*: The Content Encryption Key (CEK) is not randomly generated; instead it is determined using key agreement. 4.5.3. Key Agreement The following are generated to agree on a CEK: o Ephemeral private key; this example uses the private that matches the public key from Figure 97. { "kty": "EC", "crv": "P-256", Miller Expires June 7, 2014 [Page 46] Internet-Draft JOSE Cookbook December 2013 "x": "h_ImuH3OW5JxZNQZWIWCFTYAIigZYs1-QzsQR9tCEQ4", "y": "4ZWJVVrTOWdEVbH266nb4Wy2QiwH_9XAcdpNh4S2oX0" } Figure 97: Ephemeral public key, in JWK format Performing the ECDH operation using the static EC public key (Figure 95) over the ephemeral private key Figure 97) produces the following CEK: W7j3XePj-Id6Zn71dv1b_QUQaNqJSMuxWhutlLqxLFE Figure 98: Agreed-to Content Encryption Key, base64url-encoded 4.5.4. Encrypting the Content The following are generated before encrypting the content: o Protected JWE Header; this example uses the header from Figure 99, encoded to [RFC4648] as Figure 100. { "alg": "ECDH-ES", "kid": "meriadoc.brandybuck@buckland.example", "epk": { "kty": "EC", "crv": "P-256", "x": "h_ImuH3OW5JxZNQZWIWCFTYAIigZYs1-QzsQR9tCEQ4", "y": "4ZWJVVrTOWdEVbH266nb4Wy2QiwH_9XAcdpNh4S2oX0" }, "enc": "A128CBC-HS256" } Figure 99: Protected JWE Header JSON eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidW NrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYi LCJ4IjoiaF9JbXVIM09XNUp4Wk5RWldJV0NGVFlBSWlnWllzMS1RenNRUjl0Q0 VRNCIsInkiOiI0WldKVlZyVE9XZEVWYkgyNjZuYjRXeTJRaXdIXzlYQWNkcE5o NFMyb1gwIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ Figure 100: Protected JWE Header, base64url-encoded Performing the content encryption operation on the Plaintext (Figure 51) using the following: o CEK (Figure 98); Miller Expires June 7, 2014 [Page 47] Internet-Draft JOSE Cookbook December 2013 o Initialization vector/nonce (Figure 96); and o Protected JWE header (Figure 100) as authenticated data produces the following: o Ciphertext from Figure 101. o Authentication tag from Figure 102. mwSOHtsJDtD1R4Y4r0Ads9Bc8nTgk_Y4wVe_4pJsb7RERAgnfFRYRmlgjSaGPM M7PytxfLss6clZI7YW366xh8DiqOWUavR7VFGLZIOHkrMsTPaehWlQZrQz77Ie dSM20wSGVj-E4T0KRtX3CrZsEPjtXqNbm_EmDPgxVYTaTthGdWbyDnPMvp6eGL T6gsMkctSLIHgaGvI2VWB0oNYdKnCRU-p2JFkLu5XQfOww4E5zKW9Xycx3mkh_ gA1dFU28Zs_boX-mm4UYseIJfaZAX_eqs7NDMpbrb29frJCFI-rYfahoVz6QhN QXQMNmzL93pDo5QE_i9pIzR4KJu-uaItKTKNAdBKgSa9JZfc21dSw Figure 101: Ciphertext, base64url-encoded kqeubaGyskAjcj8mDymY6A Figure 102: Authentication Tag, base64url-encoded 4.5.5. Output Results The following compose the resulting JWE object: o Protected JWE header (Figure 90) o Initialization vector/nonce (Figure 86) o Ciphertext (Figure 91) o Authentication tag (Figure 92) the resulting JWE object using the Compact serialization: eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidW NrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYi LCJ4IjoiaF9JbXVIM09XNUp4Wk5RWldJV0NGVFlBSWlnWllzMS1RenNRUjl0Q0 VRNCIsInkiOiI0WldKVlZyVE9XZEVWYkgyNjZuYjRXeTJRaXdIXzlYQWNkcE5o NFMyb1gwIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ . . BMbSNYW2uC7RX3xql1gbQw . mwSOHtsJDtD1R4Y4r0Ads9Bc8nTgk_Y4wVe_4pJsb7RERAgnfFRYRmlgjSaGPM M7PytxfLss6clZI7YW366xh8DiqOWUavR7VFGLZIOHkrMsTPaehWlQZrQz77Ie Miller Expires June 7, 2014 [Page 48] Internet-Draft JOSE Cookbook December 2013 dSM20wSGVj-E4T0KRtX3CrZsEPjtXqNbm_EmDPgxVYTaTthGdWbyDnPMvp6eGL T6gsMkctSLIHgaGvI2VWB0oNYdKnCRU-p2JFkLu5XQfOww4E5zKW9Xycx3mkh_ gA1dFU28Zs_boX-mm4UYseIJfaZAX_eqs7NDMpbrb29frJCFI-rYfahoVz6QhN QXQMNmzL93pDo5QE_i9pIzR4KJu-uaItKTKNAdBKgSa9JZfc21dSw . kqeubaGyskAjcj8mDymY6A Figure 103: Compact Serialization the resulting JWE object using the JSON serialization: { "protected": "eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja 0BidWNrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2Ij oiUC0yNTYiLCJ4IjoiaF9JbXVIM09XNUp4Wk5RWldJV0NGVFlBSWlnWll zMS1RenNRUjl0Q0VRNCIsInkiOiI0WldKVlZyVE9XZEVWYkgyNjZuYjRX eTJRaXdIXzlYQWNkcE5oNFMyb1gwIn0sImVuYyI6IkExMjhDQkMtSFMyN TYifQ", "iv": "BMbSNYW2uC7RX3xql1gbQw", "ciphertext": "mwSOHtsJDtD1R4Y4r0Ads9Bc8nTgk_Y4wVe_4pJsb7RERAgnfFRYRmlgj SaGPMM7PytxfLss6clZI7YW366xh8DiqOWUavR7VFGLZIOHkrMsTPaehWl QZrQz77IedSM20wSGVj-E4T0KRtX3CrZsEPjtXqNbm_EmDPgxVYTaTthGd WbyDnPMvp6eGLT6gsMkctSLIHgaGvI2VWB0oNYdKnCRU-p2JFkLu5XQfOw w4E5zKW9Xycx3mkh_gA1dFU28Zs_boX-mm4UYseIJfaZAX_eqs7NDMpbrb 29frJCFI-rYfahoVz6QhNQXQMNmzL93pDo5QE_i9pIzR4KJu-uaItKTKNA dBKgSa9JZfc21dSw", "tag": "kqeubaGyskAjcj8mDymY6A" } Figure 104: JSON Serialization 4.6. Direct Encryption using AES-GCM This example illustrates encrypting content using a previously exchanged key directly and the "A128GCM" (AES-GCM) content encryption algorithm. 4.6.1. Input Factors The following are supplied before beginning the encryption process: o Plaintext content; this example uses the content from Figure 51. Miller Expires June 7, 2014 [Page 49] Internet-Draft JOSE Cookbook December 2013 o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 105. o "alg" parameter of "dir" o "enc" parameter of "A128GCM" { "kty": "oct", "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a", "use": "enc", "alg": "A128GCM", "k": "XctOhJAkA-pD9Lh7ZgW_2A" } Figure 105: AES 128-bit key, in JWK format 4.6.2. Generated Factors The following are generated before encrypting: o Initialization vector/nonce; this example uses the initialization vector/nonce from Figure 106. OI-fESJKbHHk1-rA Figure 106: Initialization Vector, base64url-encoded 4.6.3. Encrypting the Content The following are generated before encrypting the content: o Protected JWE Header; this example uses the header from Figure 107, encoded as [RFC4648] base64url to produce Figure 108. { "alg": "dir", "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a", "enc": "A128GCM" } Figure 107: Protected JWE Header JSON Encoded as [RFC4648] base64url: Miller Expires June 7, 2014 [Page 50] Internet-Draft JOSE Cookbook December 2013 eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MT diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0 Figure 108: Protected JWE Header, base64url-encoded Performing the encryption operation on the Plaintext (Figure 51) using the following: o CEK (Figure 105); o Initialization vector/nonce (Figure 106); and o Protected JWE header (Figure 108) as authenticated data produces the following: o Ciphertext from Figure 109. o Authentication tag from Figure 110. 18KNUnRDhesDLn7Ec4ui6q0aptYFNkbx6Vf64wWItX7hMQe2XgbNTt-GVG_3Dz -5mscM9bKe0TkgEecWAovlTFkuwhL-TZhbcnYdMXtaNtqYe2TEZ5fFlRiEr9is 8gBeJ7YOwazxwtE8O6FwwqeAOnR-PI8M30ODcq9B8UVzEISWu3Pf4yugvVMpLR DxJEbyVDVr5MjiXsXpOkEdc7uUisJ0H0ygoP_mjSjUHROjh2_QVqpTUwzx2qto 3KVDj-MZehUb2FivjT7FecB3Yz-m-KhYXvXR5l5XnoqCT0ioaFzeW9zbiAMj_o 1gvWgPLv8HRD9OxMERTCwbJt4O3baG9Roz-5We10hx-sb2EKtN0g Figure 109: Ciphertext, base64url-encoded mBCmmmn0W0j4BS7ln3nxVA Figure 110: Authentication Tag, base64url-encoded 4.6.4. Output Results The following compose the resulting JWE object: o Protected JWE header (Figure 108) o Initialization vector/nonce (Figure 106) o Ciphertext (Figure 109) o Authentication tag (Figure 110) The resulting JWE object using the Compact serialization: Miller Expires June 7, 2014 [Page 51] Internet-Draft JOSE Cookbook December 2013 eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MT diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0 . . OI-fESJKbHHk1-rA . 18KNUnRDhesDLn7Ec4ui6q0aptYFNkbx6Vf64wWItX7hMQe2XgbNTt-GVG_3Dz -5mscM9bKe0TkgEecWAovlTFkuwhL-TZhbcnYdMXtaNtqYe2TEZ5fFlRiEr9is 8gBeJ7YOwazxwtE8O6FwwqeAOnR-PI8M30ODcq9B8UVzEISWu3Pf4yugvVMpLR DxJEbyVDVr5MjiXsXpOkEdc7uUisJ0H0ygoP_mjSjUHROjh2_QVqpTUwzx2qto 3KVDj-MZehUb2FivjT7FecB3Yz-m-KhYXvXR5l5XnoqCT0ioaFzeW9zbiAMj_o 1gvWgPLv8HRD9OxMERTCwbJt4O3baG9Roz-5We10hx-sb2EKtN0g . mBCmmmn0W0j4BS7ln3nxVA Figure 111: Compact Serialization The resulting JWE object using the JSON serialization: { "protected": "eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3M i02MTdiNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0", "iv": "OI-fESJKbHHk1-rA", "ciphertext": "18KNUnRDhesDLn7Ec4ui6q0aptYFNkbx6Vf64wWItX7hMQe2XgbNTt-GV G_3Dz-5mscM9bKe0TkgEecWAovlTFkuwhL-TZhbcnYdMXtaNtqYe2TEZ5 fFlRiEr9is8gBeJ7YOwazxwtE8O6FwwqeAOnR-PI8M30ODcq9B8UVzEIS Wu3Pf4yugvVMpLRDxJEbyVDVr5MjiXsXpOkEdc7uUisJ0H0ygoP_mjSjU HROjh2_QVqpTUwzx2qto3KVDj-MZehUb2FivjT7FecB3Yz-m-KhYXvXR5 l5XnoqCT0ioaFzeW9zbiAMj_o1gvWgPLv8HRD9OxMERTCwbJt4O3baG9R oz-5We10hx-sb2EKtN0g", "tag": "mBCmmmn0W0j4BS7ln3nxVA" } Figure 112: JSON Serialization 4.7. Key Wrap using AES-GCM KeyWrap with AES-CBC-HMAC-SHA2 This example illustrates encrypting content using the "A256GCMKW" (AES-256-GCM-KeyWrap) key encryption algorithm with the "A128CBC- HS256" (AES-128-CBC-HMAC-SHA-256) content encryption algorithm. 4.7.1. Input Factors The following are supplied before beginning the encryption process: Miller Expires June 7, 2014 [Page 52] Internet-Draft JOSE Cookbook December 2013 o Plaintext content; this example uses the content from Figure 51. o AES symmetric key; this example uses the key from Figure 113. o "alg" parameter of "A256GCMKW" o "enc" parameter of "A128CBC-HS256" { "kty": "oct", "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d", "use": "enc", "alg": "A256GCMKW", "k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8" } Figure 113: AES 256-bit Key 4.7.2. Generated Factors The following are generated before encrypting: o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 114. o Initialization vector/nonce for content encryption; this example uses the initilization vector/nonce from Figure 115. a2gN8ASDdVKI86lMJC8rKI8RV8U8OltRlVzygIo48NA Figure 114: Content Encryption Key, base64url-encoded Z3wPFyzW8czy88sUmzcnlg Figure 115: Initialization Vector, base64url-encoded 4.7.3. Encrypting the Key The following are generated before encrypting the CEK: o Initialization vector/nonce for key wrapping; this example uses the initialization vector/nonce from Figure 116. 3llIgu3y7Vu5dZW7 Figure 116: Key Wrap Initialization Vector, base64url-encoded Miller Expires June 7, 2014 [Page 53] Internet-Draft JOSE Cookbook December 2013 Performing the key encryption operation over the CEK (Figure 114) with the following: o AES symmetric key (Figure 113); o Key wrap initialization vector/nonce (Figure 116); and o The empty string as authenticated data produces the following: o Encrypted Key from Figure 117. o Key wrap authentication tag from Figure 118. cfBkmK29hCy31FM6VhHHgqbGa2DQvXZgnqSSl8zcOsE Figure 117: Encrypted Key, base64url-encoded 7qiY1gOLorD7ro67FZqYRw Figure 118: Key Wrap Authentication Tag, base64url-encoded 4.7.4. Encrypting the Content The following are generated before encrypting the content: o Protected JWE Header; this example uses the header from Figure 119, encoded to [RFC4648] base64url as Figure 120. { "alg": "A256GCMKW", "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d", "tag": "7qiY1gOLorD7ro67FZqYRw", "iv": "3llIgu3y7Vu5dZW7", "enc": "A128CBC-HS256" } Figure 119: Protected JWE Header JSON eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYj IwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiI3cWlZMWdPTG9yRDdybzY3RlpxWVJ3 IiwiaXYiOiIzbGxJZ3UzeTdWdTVkWlc3IiwiZW5jIjoiQTEyOENCQy1IUzI1Ni J9 Figure 120: Protected JWE Header, base64url-encoded Miller Expires June 7, 2014 [Page 54] Internet-Draft JOSE Cookbook December 2013 Performing the content encryption operation over the Plaintext (Figure 51) with the following: o CEK (Figure 114); o Initialization vector/nonce (Figure 115); and o Protected JWE header (Figure 120) as authenticated data produces the following: o Ciphertext from Figure 121. o Authentication tag from Figure 122. YSoJLPEGGMUoFM7zbKAwZivdakcAZWsyoQycpRG-4haDdLdXXGtLCev_HEs-Tu 5xRlK-4FFIQJ8l6bfSTR9glEa2FaVS8tgkZO1X9BbPAY9_4SCuLLO4n5LFK0mI TQ8WOgpa0FTfG_1ml76MWGVtgADHGzvqSib9xoW39YsIdOu3Evj2GmvvPIm1WZ K3HjQhQkvfKbpSFLFRkH3xsHyYYkKiH2PEOCZOzHNzc8PRMavtkBO64zmpWTfy tMshzm0sgbroEBFU-vCHWzt5fVx_A9oUn5szL7RlkXU12fOCc7VJ2X5TtYPPr_ bM4z6KB5FBLS3hVVfHZee83e9IDrk0k7AIcf3KpfzapJmZ3kdZgOg Figure 121: Ciphertext, base64url-encoded d7dahIDc06hrpWqDiQzaXQ Figure 122: Authentication Tag, base64url-encoded 4.7.5. Output Results The following compose the resulting JWE object: o Protected JWE header (Figure 120) o encrypted key (Figure 117) o Initialization vector/nonce (Figure 115) o Ciphertext (Figure 121) o Authentication tag (Figure 122) The resulting JWE object using the Compact serialization: eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYj IwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiI3cWlZMWdPTG9yRDdybzY3RlpxWVJ3 IiwiaXYiOiIzbGxJZ3UzeTdWdTVkWlc3IiwiZW5jIjoiQTEyOENCQy1IUzI1Ni J9 Miller Expires June 7, 2014 [Page 55] Internet-Draft JOSE Cookbook December 2013 . cfBkmK29hCy31FM6VhHHgqbGa2DQvXZgnqSSl8zcOsE . Z3wPFyzW8czy88sUmzcnlg . YSoJLPEGGMUoFM7zbKAwZivdakcAZWsyoQycpRG-4haDdLdXXGtLCev_HEs-Tu 5xRlK-4FFIQJ8l6bfSTR9glEa2FaVS8tgkZO1X9BbPAY9_4SCuLLO4n5LFK0mI TQ8WOgpa0FTfG_1ml76MWGVtgADHGzvqSib9xoW39YsIdOu3Evj2GmvvPIm1WZ K3HjQhQkvfKbpSFLFRkH3xsHyYYkKiH2PEOCZOzHNzc8PRMavtkBO64zmpWTfy tMshzm0sgbroEBFU-vCHWzt5fVx_A9oUn5szL7RlkXU12fOCc7VJ2X5TtYPPr_ bM4z6KB5FBLS3hVVfHZee83e9IDrk0k7AIcf3KpfzapJmZ3kdZgOg . W7cYYn27uUYttxShJ2yYhQ Figure 123: Compact Serialization The resulting JWE object using the JSON serialization: { "recipients": [ { "encrypted_key": "cfBkmK29hCy31FM6VhHHgqbGa2DQvXZgnqSSl8zcOsE" } ], "protected": "eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkO TUtYjIwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiI3cWlZMWdPTG9yRDdybz Y3RlpxWVJ3IiwiaXYiOiIzbGxJZ3UzeTdWdTVkWlc3IiwiZW5jIjoiQTE yOENCQy1IUzI1NiJ9", "iv": "Z3wPFyzW8czy88sUmzcnlg", "ciphertext": "YSoJLPEGGMUoFM7zbKAwZivdakcAZWsyoQycpRG-4haDdLdXXGtLCev_H Es-Tu5xRlK-4FFIQJ8l6bfSTR9glEa2FaVS8tgkZO1X9BbPAY9_4SCuLL O4n5LFK0mITQ8WOgpa0FTfG_1ml76MWGVtgADHGzvqSib9xoW39YsIdOu 3Evj2GmvvPIm1WZK3HjQhQkvfKbpSFLFRkH3xsHyYYkKiH2PEOCZOzHNz c8PRMavtkBO64zmpWTfytMshzm0sgbroEBFU-vCHWzt5fVx_A9oUn5szL 7RlkXU12fOCc7VJ2X5TtYPPr_bM4z6KB5FBLS3hVVfHZee83e9IDrk0k7 AIcf3KpfzapJmZ3kdZgOg", "tag": "W7cYYn27uUYttxShJ2yYhQ" } Figure 124: JSON Serialization 4.8. Key Wrap using AES-KeyWrap with AES-GCM Miller Expires June 7, 2014 [Page 56] Internet-Draft JOSE Cookbook December 2013 The following example illustrates content encryption using the "A128KW" (AES-128-KeyWrap) key encryption algorithm and the "A128GCM" (AES-128-GCM) content encryption algorithm. 4.8.1. Input Factors The following are supplied before beginning the encryption process: o Plaintext content; this example uses the content from Figure 51. o AES symmetric key; this example uses the key from Figure 125. o "alg" parameter of "A128KW" o "enc" parameter of "A128GCM" { "kty": "oct", "kid": "81b20965-8332-43d9-a468-82160ad91ac8", "use": "enc", "alg": "A128KW", "k": "GZy6sIZ6wl9NJOKB-jnmVQ" } Figure 125: AES 128-Bit Key 4.8.2. Generated Factors The following are generated before encrypting: o AES symmetric key as the Content Encryption Key; this example uses the key from Figure 126. o Initialization vector/nonce; this example uses the initialization vector/nonce from Figure 127. 'Hv3Kmjt7vR2in57dLm-Pfw Figure 126: Content Encryption Key, base64url-encoded wxdDTG0-QnGvBZew Figure 127: Initialization Vector, base64url-encoded 4.8.3. Encrypting the Key Performing the key encryption operation over the CEK (Figure 126) with the AES key (Figure 125) produces the following encrypted key: Miller Expires June 7, 2014 [Page 57] Internet-Draft JOSE Cookbook December 2013 RMMWwegPo5GY-5DeqC51gevcIOQpc4CH Figure 128: Encrypted Key, base64url-encoded 4.8.4. Encrypting the Content The following are generated before encrypting the content: o Protected JWE Header; this example uses the header from Figure 129, encoded to [RFC4648] base64url as Figure 130. { "alg": "A128KW", "kid": "81b20965-8332-43d9-a468-82160ad91ac8", "enc": "A128GCM" } Figure 129: Protected JWE Header JSON eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC 04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0 Figure 130: Protected JWE Header, base64url-encoded Performing the content encryption over the Plaintext (Figure 51) with the following: o CEK (Figure 126); o Initialization vector/nonce (Figure 127); and o Protected JWE header (Figure 130) as authenticated data produces the following: o Ciphertext from Figure 131. o Authentication tag from Figure 132. DoM1vi13RWus_t3EsvGWk4gDH3F8TGRnBo4p3uImtmboRrT1pniDLDQTipfOin 86hMl343jhxcRObGyiKgIyPI-tG8M9E92VkHeOE8O77-s6wRj9XxxEs8zw9YPX baILJYTbR5aWyRLpTwlEhAf5_DVL2b5vnvTNctEp5JaojvqXF5F3jkZAaJwa4u IjhqGd7gJvf7zKbwF7Is_GbSm9rf9Z0dacH5LQQn2P_VYEb8ptUWmgz4Gg1YFF tGg16H5JAutG9a6GqFUdkSZ-mKSothgDEHv9gnAqYnWKLaE3E2hzhxcgtNwNKf lLSfmV247xbRYZhR8NeJ_GoKCjrH7isFvUM0Uzx43cPpPDypyiGA Figure 131: Ciphertext, base64url-encoded Miller Expires June 7, 2014 [Page 58] Internet-Draft JOSE Cookbook December 2013 And authentication tag: N7CDBxgruPcQozgqPeihlw Figure 132: Authentication Tag, base64url-encoded 4.8.5. Output Results The following compose the resulting JWE object: o Protected JWE header (Figure 130) o encrypted key (Figure 128) o Initialization vector/nonce (Figure 127) o Ciphertext (Figure 131) o Authentication tag (Figure 132) The resulting JWE object using the Compact serialization: eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC 04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0 . RMMWwegPo5GY-5DeqC51gevcIOQpc4CH . wxdDTG0-QnGvBZew . DoM1vi13RWus_t3EsvGWk4gDH3F8TGRnBo4p3uImtmboRrT1pniDLDQTipfOin 86hMl343jhxcRObGyiKgIyPI-tG8M9E92VkHeOE8O77-s6wRj9XxxEs8zw9YPX baILJYTbR5aWyRLpTwlEhAf5_DVL2b5vnvTNctEp5JaojvqXF5F3jkZAaJwa4u IjhqGd7gJvf7zKbwF7Is_GbSm9rf9Z0dacH5LQQn2P_VYEb8ptUWmgz4Gg1YFF tGg16H5JAutG9a6GqFUdkSZ-mKSothgDEHv9gnAqYnWKLaE3E2hzhxcgtNwNKf lLSfmV247xbRYZhR8NeJ_GoKCjrH7isFvUM0Uzx43cPpPDypyiGA . N7CDBxgruPcQozgqPeihlw Figure 133: Compact Serialization The resulting JWE object using the JSON serialization: { "recipients": [ { "encrypted_key": "RMMWwegPo5GY-5DeqC51gevcIOQpc4CH" } Miller Expires June 7, 2014 [Page 59] Internet-Draft JOSE Cookbook December 2013 ], "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktY TQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0", "iv": "wxdDTG0-QnGvBZew", "ciphertext": "DoM1vi13RWus_t3EsvGWk4gDH3F8TGRnBo4p3uImtmboRrT1pniDLDQTi pfOin86hMl343jhxcRObGyiKgIyPI-tG8M9E92VkHeOE8O77-s6wRj9Xx xEs8zw9YPXbaILJYTbR5aWyRLpTwlEhAf5_DVL2b5vnvTNctEp5Jaojvq XF5F3jkZAaJwa4uIjhqGd7gJvf7zKbwF7Is_GbSm9rf9Z0dacH5LQQn2P _VYEb8ptUWmgz4Gg1YFFtGg16H5JAutG9a6GqFUdkSZ-mKSothgDEHv9g nAqYnWKLaE3E2hzhxcgtNwNKflLSfmV247xbRYZhR8NeJ_GoKCjrH7isF vUM0Uzx43cPpPDypyiGA", "tag": "N7CDBxgruPcQozgqPeihlw" } Figure 134: JSON Serialization 4.9. Compressed Content This example illustrates encrypting content that is first compressed. It reuses the AES key, key encryption algorithm, and content encryption algorithm from Section 4.8. 4.9.1. Input Factors The following are supplied before beginning the encryption process: o Plaintext content; this example uses the content from Figure 51. o Recipient encryption key; this example uses the key from Figure 125. o Key encryption algorithm; this example uses "A128KW". o Content encryption algorithm; this example uses "A128GCM". o "zip" parameter as "DEF". 4.9.2. Generated Factors The following are generated before encrypting: o Compressed plaintext from the original plaintext content; compressing Figure 51 using the DEFLATE [RFC1951] algorithm produces the compressed plaintext from Figure 135. Miller Expires June 7, 2014 [Page 60] Internet-Draft JOSE Cookbook December 2013 o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 136. o Initialization vector/nonce; this example uses the initialization vector/nonce from Figure 137. eJxtj0EOwyAMBL-yD0jyh_bQL1Q9EmICCsKVMYry-zpEPVTqycizu15e3OBdgU qrilahjKrJb9iTRhyGNQq3Ndo8164s56uMoyk1EuakSgIqy4SbweNP4kb0NueB Sl5IweGUSR1Hn7maW6M5TmdXJr0w5TDh3vSbWVh_YjNdKDhPBrjNmeAyFxp6z5 XtUug_YUtx2Fms5dNEQv0EgiRrXgc8hBeePt1uYQ0 Figure 135: Compressed Plaintext, base64url-encoded 03x4Y5d1Lk0K2VbMmePmMw Figure 136: Content Encryption Key, base64url-encoded 9UnGd0z8-Yx3BFV3 Figure 137: Initialization Vector, base64url-encoded 4.9.3. Encrypting the Key Performing the key encryption operation over the CEK (Figure 136) with the AES key ({{jwe-aeskw-key) produces the following encrypted key: fUGYywsd6dWWr5JpNP0EMMN2XkXk8_h5 Figure 138: Encrypted Key, base64url-encoded 4.9.4. Encrypting the Content The following are generated before encrypting the content: o Protected JWE Header; this example uses the header from Figure 139, encoded as [RFC4648] base64url as Figure 140. { "alg": "A128KW", "kid": "81b20965-8332-43d9-a468-82160ad91ac8", "enc": "A128GCM", "zip": "DEF" } Figure 139: Protected JWE Header JSON Miller Expires June 7, 2014 [Page 61] Internet-Draft JOSE Cookbook December 2013 eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC 04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0 Figure 140: Protected JWE Header, base64url-encoded Performing the content encryption operation over the compressed Plaintext (Figure 135, encoded as an octet string) with the following: o CEK (Figure 136); o Initialization vector/nonce (Figure 137); and o Protected JWE header (Figure 140) as authenticated data produces the following: o Ciphertext from Figure 141. o Authentication tag from Figure 142. b962BmHXeA9iYY8u9GnpxtXnme1MNm7vhhBqcxJHof08hGn1ltC7Mpf0dnlB0y ZqAlqBWDJrGs3eVseTlFEFm0pDHDlIven74xwZPdJdEylDKPTeZLaCf6TjK46C UfWJBajPZ2wiupjQJb5FYz_1KsWYCXAE4k6xt9v5wkwm_FHpYevNXuE7hokcim LRiCi1R_xjnG7sHCTWKb56L0ZsqacWn_52jkO9B3Q Figure 141: Ciphertext, base64url-encoded And authentication tag: Im5q_DU2ZafibIuj5GNI5Q Figure 142: Authentication Tag, base64url-encoded 4.9.5. Output Results The following compose the resulting JWE object: o Protected JWE header (Figure 140) o encrypted key (Figure 138) o Initialization vector/nonce (Figure 137) o Ciphertext (Figure 141) o Authentication tag (Figure 142) Miller Expires June 7, 2014 [Page 62] Internet-Draft JOSE Cookbook December 2013 The resulting JWE object using the Compact serialization: eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC 04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0 . fUGYywsd6dWWr5JpNP0EMMN2XkXk8_h5 . 9UnGd0z8-Yx3BFV3 . b962BmHXeA9iYY8u9GnpxtXnme1MNm7vhhBqcxJHof08hGn1ltC7Mpf0dnlB0y ZqAlqBWDJrGs3eVseTlFEFm0pDHDlIven74xwZPdJdEylDKPTeZLaCf6TjK46C UfWJBajPZ2wiupjQJb5FYz_1KsWYCXAE4k6xt9v5wkwm_FHpYevNXuE7hokcim LRiCi1R_xjnG7sHCTWKb56L0ZsqacWn_52jkO9B3Q . Im5q_DU2ZafibIuj5GNI5Q Figure 143: Compact Serialization The resulting JWE object using the JSON serialization: { "recipients": [ { "encrypted_key": "fUGYywsd6dWWr5JpNP0EMMN2XkXk8_h5" } ], "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktY TQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiRE VGIn0", "iv": "9UnGd0z8-Yx3BFV3", "ciphertext": "b962BmHXeA9iYY8u9GnpxtXnme1MNm7vhhBqcxJHof08hGn1ltC7Mpf0d nlB0yZqAlqBWDJrGs3eVseTlFEFm0pDHDlIven74xwZPdJdEylDKPTeZL aCf6TjK46CUfWJBajPZ2wiupjQJb5FYz_1KsWYCXAE4k6xt9v5wkwm_FH pYevNXuE7hokcimLRiCi1R_xjnG7sHCTWKb56L0ZsqacWn_52jkO9B3Q", "tag": "Im5q_DU2ZafibIuj5GNI5Q" } Figure 144: JSON Serialization 4.10. Including Additional Authenticated Data This example illustrates encrypting content that includes additional authenticated data. As this example includes an additional top-level Miller Expires June 7, 2014 [Page 63] Internet-Draft JOSE Cookbook December 2013 property not present in the Compact serialization, only the JSON serialization is possible. 4.10.1. Input Factors The following are supplied before beginning the encryption process: o Plaintext content; this example uses the content from Figure 51. o Recipient encryption key; this example uses the key from Figure 125. o Key encryption algorithm; this example uses "A128KW". o Content encryption algorithm; this example uses "A128GCM". o Additional authenticated data; this example uses a [I-D.ietf-jcardcal-jcard] vCard from Figure 145, serialized to UTF-8. [ "vcard", [ [ "version", {}, "text", "4.0" ], [ "fn", {}, "text", "Meriadoc Brandybuck" ], [ "n", {}, "text", [ "Brandybuck", "Meriadoc", "Mr.", "" ] ], [ "bday", {}, "text", "TA 2982" ], [ "gender", {}, "text", "M" ] ] ] Figure 145: Additional Authenticated Data, in JSON format *NOTE* whitespace between JSON values added for readability. 4.10.2. Generated Factors The following are generated before encrypting: o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 146. o Initialization vector/nonce; this example uses the initialization vector/nonce from Figure 147. Miller Expires June 7, 2014 [Page 64] Internet-Draft JOSE Cookbook December 2013 o Encoded additional authenticated data (AAD); this example uses the additional authenticated data from Figure 145, encoded to [RFC4648] base64url as Figure 148. uGL3QU7R3HMR3ik-oTW82w Figure 146: Content Encryption Key, base64url-encoded HorZstLCLfNNC7TN Figure 147: Initialization Vector, base64url-encoded WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuIix7fS widGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4iLHt9LCJ0ZXh0Iixb IkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbImJkYXkiLHt9LC J0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV4dCIsIk0iXV1d Figure 148: Additional Authenticated Data, base64url-encoded 4.10.3. Encrypting the Key Performing the key encryption operation over the CEK (Figure 146) with the AES key (Figure 125) produces the following encrypted key: MJjYoJ6DKa__0KTJP5PT8pR0T_tybLRc Figure 149: Encrypted Key, base64url-encoded 4.10.4. Encrypting the Content The following are generated before encrypting the content: o Protected JWE Header; this example uses the header from Figure 150, encoded to [RFC4648] base64url as Figure 151. { "alg": "A128KW", "kid": "81b20965-8332-43d9-a468-82160ad91ac8", "enc": "A128GCM" } Figure 150: Protected JWE Header JSON eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC 04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0 Figure 151: Protected JWE Header, base64url-encoded Miller Expires June 7, 2014 [Page 65] Internet-Draft JOSE Cookbook December 2013 Performing the content encryption operation over the Plaintext with the following: o CEK (Figure 146); o Initialization vector/nonce (Figure 147); and o Concatenation of the protected JWE header (Figure 151), ".", and the [RFC4648] base64url encoding of Figure 145 as authenticated data produces the following: o Ciphertext from Figure 152. o Authentication tag from Figure 153. 36qblaXJa6XlM7EHkAWVcrAvUA-w0zUsaSiK9ajj1CsPp-oHpElk7bktsA2u9p b_T0yeXpjeaGKc0tWO6VKMIpIEJed-reIzaHva_JrHKt63tKWRmGDtQ9EHDCgw Vv_0EwUoVW_RzfugR-71IsoTSYeziVi2XL_nsHpcVGFQOgD2C-nvwqo4_8f9pZ _bmK_kj0eAc54qp2laNG7odWGOSpOvW4Vr2ujW8QnHQlaKUNUqh0ODvCu0hFWN pzxEgja4X6UlSkY6uTQR-mBBpwlA4rAnjP-pn0zuq0T13vkCplokt2GKhRLysE 6UqLjnyfexHGjC349nzsBHoCXk2tKJwrqPpssCnsqPaffU Figure 152: Ciphertext, base64url-encoded tp_Idm6BMHn3iJQ86T4sRA Figure 153: Authentication Tag, base64url-encoded 4.10.5. Output Results The following compose the resulting JWE object: o Protected JWE header (Figure 151) o encrypted key (Figure 149) o Initialization vector/nonce (Figure 147) o Additional authenticated data (Figure 148) o Ciphertext (Figure 152) o Authentication tag (Figure 153) The resulting JWE object using the JSON serialization: Miller Expires June 7, 2014 [Page 66] Internet-Draft JOSE Cookbook December 2013 { "recipients": [ { "encrypted_key": "Aa2ArPkcYIHxdlA3lsGWtcC9sBkqTYHr" } ], "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktY TQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0", "iv": "HorZstLCLfNNC7TN", "aad": "WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuI ix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4iLHt9LCJ 0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbI mJkYXkiLHt9LCJ0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV 4dCIsIk0iXV1d", "ciphertext": "36qblaXJa6XlM7EHkAWVcrAvUA-w0zUsaSiK9ajj1CsPp-oHpElk7bkts A2u9pb_T0yeXpjeaGKc0tWO6VKMIpIEJed-reIzaHva_JrHKt63tKWRmG DtQ9EHDCgwVv_0EwUoVW_RzfugR-71IsoTSYeziVi2XL_nsHpcVGFQOgD 2C-nvwqo4_8f9pZ_bmK_kj0eAc54qp2laNG7odWGOSpOvW4Vr2ujW8QnH QlaKUNUqh0ODvCu0hFWNpzxEgja4X6UlSkY6uTQR-mBBpwlA4rAnjP-pn 0zuq0T13vkCplokt2GKhRLysE6UqLjnyfexHGjC349nzsBHoCXk2tKJwr qPpssCnsqPaffU", "tag": "tp_Idm6BMHn3iJQ86T4sRA" } Figure 154: JSON Serialization 4.11. Protecting Specific Header Fields This example illustrates encrypting content where only certain JWE header parameters are protected. As this example includes unprotected JWE header parameters, only the JSON serialization is possible. 4.11.1. Input Factors The following are supplied before beginning the encryption process: o Plaintext content; this example uses the content from Figure 51. o Recipient encryption key; this example uses the key from Figure 125. Miller Expires June 7, 2014 [Page 67] Internet-Draft JOSE Cookbook December 2013 o Key encryption algorithm; this example uses "A128KW". o Content encryption algorithm; this example uses "A128GCM". 4.11.2. Generated Factors The following are generated before encrypting: o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 155. o Initialization vector/nonce; this example uses the initialization vector/nonce from Figure 156. uGL3QU7R3HMR3ik-oTW82w Figure 155: Content Encryption Key, base64url-encoded HorZstLCLfNNC7TN Figure 156: Initialization Vector, base64url-encoded 4.11.3. Encrypting the Key Performing the key encryption operation over the CEK (Figure 155) with the AES key (Figure 125) produces the following encrypted key: MJjYoJ6DKa__0KTJP5PT8pR0T_tybLRc Figure 157: Encrypted Key, base64url-encoded 4.11.4. Encrypting the Content The following are generated before encrypting the content: o Protected JWE Header; this example uses the header from Figure 158, encoded to [RFC4648] base64url as Figure 159. { "enc": "A128GCM" } Figure 158: Protected JWE Header JSON eyJlbmMiOiJBMTI4R0NNIn0 Figure 159: Protected JWE Header, base64url-encoded Miller Expires June 7, 2014 [Page 68] Internet-Draft JOSE Cookbook December 2013 Performing the content encryption operation over the Plaintext with the following: o CEK (Figure 155); o Initialization vector/nonce (Figure 156); and o Protected JWE header (Figure 159) as authenticated data produces the following: o Ciphertext from Figure 160. o Authentication tag from Figure 161. XR98Or5bnT-qBoQ0-K8WbR6hphUsSoJZdE6W0c3CYJ2kSk-6NuycqF4ZrKy6YC -Gs3jfCwkCmW955kmDgTIlc-fSQ-w__kwrM8wepy1h61OeY2HCM8-vJpK3yHcW HrbJhuqJExRWlnR6l9y9kcAzc3F1YWBJ5B5uY0PvbbbiQnRL5d9VFxKZFjF8qT a6T1OsXR22bKkb-oG8JWSiefhxZlGQCpqRUfmYDRMZhfakIa1hXVDaLZIapkka gpw510A5yt0E5W8qkcCrezJZtCSFeHTJFqspCcnTvdfDqkGVQwo1cxKr0Wu-2K wb3dP8TlZJ2dMSOxXyMQav1nqZcfKn2qg4xI87D5mhfCrW Figure 160: Ciphertext, base64url-encoded Hjccc2tFAQi12LH6FF-jFA Figure 161: Authentication Tag, base64url-encoded 4.11.5. Output Results The following compose the resulting JWE object: o Unprotected JWE header (Figure 162) o Protected JWE header (Figure 159) o encrypted key (Figure 157) o Initialization vector/nonce (Figure 156) o Ciphertext (Figure 160) o Authentication tag (Figure 161) The following unprotected JWE header is generated before assembling the output results: Miller Expires June 7, 2014 [Page 69] Internet-Draft JOSE Cookbook December 2013 { "alg": "A128KW", "kid": "81b20965-8332-43d9-a468-82160ad91ac8" } Figure 162: Unprotected JWE Header JSON The resulting JWE object using the JSON serialization: { "recipients": [ { "encrypted_key": "MJjYoJ6DKa__0KTJP5PT8pR0T_tybLRc" } ], "unprotected": { "alg": "A128KW", "kid": "81b20965-8332-43d9-a468-82160ad91ac8" }, "protected": "eyJlbmMiOiJBMTI4R0NNIn0", "iv": "HorZstLCLfNNC7TN", "ciphertext": "XR98Or5bnT-qBoQ0-K8WbR6hphUsSoJZdE6W0c3CYJ2kSk-6NuycqF4Zr Ky6YC-Gs3jfCwkCmW955kmDgTIlc-fSQ-w__kwrM8wepy1h61OeY2HCM8 -vJpK3yHcWHrbJhuqJExRWlnR6l9y9kcAzc3F1YWBJ5B5uY0PvbbbiQnR L5d9VFxKZFjF8qTa6T1OsXR22bKkb-oG8JWSiefhxZlGQCpqRUfmYDRMZ hfakIa1hXVDaLZIapkkagpw510A5yt0E5W8qkcCrezJZtCSFeHTJFqspC cnTvdfDqkGVQwo1cxKr0Wu-2Kwb3dP8TlZJ2dMSOxXyMQav1nqZcfKn2q g4xI87D5mhfCrW", "tag": "Hjccc2tFAQi12LH6FF-jFA" } Figure 163: JSON Serialization 4.12. Protecting Content Only This example illustrates encrypting content where none of the JWE header parameters are protected. As this example includes only unprotected JWE header parameters, only the JSON serialization is possible. 4.12.1. Input Factors The following are supplied before beginning the encryption process: Miller Expires June 7, 2014 [Page 70] Internet-Draft JOSE Cookbook December 2013 o Plaintext content; this example uses the content from Figure 51. o Recipient encryption key; this example uses the key from Figure 125. o Key encryption algorithm; this example uses "A128KW". o Content encryption algorithm; this example uses "A128GCM". 4.12.2. Generated Factors The following are generated before encrypting: o AES symmetric key as the Content Encryption Key; this example the key from Figure 164. o Initialization vector/nonce; this example uses the initialization vector/nonce from Figure 165. 5UVirgqilMhbWpSnM3alUQ Figure 164: Content Encryption Key, base64url-encoded zdbIl4BrrziYK55_ Figure 165: Initialization Vector, base64url-encoded 4.12.3. Encrypting the Key Performing the key encryption operation over the CEK (Figure 164 with the AES key (Figure 125 produces the following encrypted key: yyuirCy7Hd_nY0gL5Jfq6sJ7RXRR0DtF Figure 166: Encrypted Key, base64url-encoded 4.12.4. Encrypting the Content Performing the content encryption operation over the Plaintext (Figure 51) using the following: o CEK (Figure 164); o Initialization vector/nonce (Figure 165); and o Empty string as authenticated data produces the following: Miller Expires June 7, 2014 [Page 71] Internet-Draft JOSE Cookbook December 2013 o Ciphertext from Figure 167. o Authenticated data from Figure 168. 3MtsMr7GhYafTv6KNiWMEg5vl4tE2FHfmvfxhTJnioynNBD7G6LEEI6uLDHK-p A2vINROgEAEiN9srAPN2qxl1kxJs4FBBin21pErXalJF_yqotv5OX-sXpyMSd2 X4peV29PRKVI2gaeVH8QjhuV5ar1UYaFW9qTqxwsN_NrbN8x709Exvhl3LoX6H 5XH9KFAc0nEk_AXvAvtYbq3GpWu3OONrXQuq6Oy7LCvBwCjlSKUEMR094sPim5 GVB7p_CX_xDuWGkPiaCTru0qJOfPjIbzzAjnf5m4Nw9kB1bMmYl4k_nvBSbUa1 -ybdYyGcK1ldGbWzYsCYZFII4DmK8rXHYDHRA1jR8StGEo Figure 167: Ciphertext, base64url-encoded 0qbCArWBoY_iqVMwfjNC4Q Figure 168: Authentication Tag, base64url-encoded 4.12.5. Output Results The following unprotected JWE header is generated before assembling the output results: { "alg": "A128KW", "kid": "81b20965-8332-43d9-a468-82160ad91ac8", "enc": "A128GCM" } Figure 169: Unprotected JWE Header JSON The following compose the resulting JWE object: o Unprotected JWE header (Figure 169) o encrypted key (Figure 166) o Initialization vector/nonce (Figure 165) o Ciphertext (Figure 167) o Authentication tag (Figure 168) The resulting JWE object using the JSON serialization: { "recipients": [ { "encrypted_key": Miller Expires June 7, 2014 [Page 72] Internet-Draft JOSE Cookbook December 2013 "yyuirCy7Hd_nY0gL5Jfq6sJ7RXRR0DtF" } ], "unprotected": { "alg": "A128KW", "kid": "81b20965-8332-43d9-a468-82160ad91ac8", "enc": "A128GCM" }, "iv": "zdbIl4BrrziYK55_", "ciphertext": "3MtsMr7GhYafTv6KNiWMEg5vl4tE2FHfmvfxhTJnioynNBD7G6LEEI6uL DHK-pA2vINROgEAEiN9srAPN2qxl1kxJs4FBBin21pErXalJF_yqotv5O X-sXpyMSd2X4peV29PRKVI2gaeVH8QjhuV5ar1UYaFW9qTqxwsN_NrbN8 x709Exvhl3LoX6H5XH9KFAc0nEk_AXvAvtYbq3GpWu3OONrXQuq6Oy7LC vBwCjlSKUEMR094sPim5GVB7p_CX_xDuWGkPiaCTru0qJOfPjIbzzAjnf 5m4Nw9kB1bMmYl4k_nvBSbUa1-ybdYyGcK1ldGbWzYsCYZFII4DmK8rXH YDHRA1jR8StGEo", "tag": "0qbCArWBoY_iqVMwfjNC4Q" } Figure 170: JSON Serialization 4.13. Encrypting to Multiple Recipients This example illustrates encryption content for multiple recipients. As this example has multiple recipients, only the JSON serialization is possible. 4.13.1. Input Factors The following are supplied before beginning the encryption process: o Plaintext content; this example uses the plaintext from Figure 51. o Recipient keys; this example uses the following: * The RSA public key from Figure 52 for the first recipient. * The EC public key from Figure 84 for the second recipient. * The AES symmetric key from Figure 113 for the third recipient. o Key encryption algorithms; this example uses the following: * "RSA1_5" for the first recipient. Miller Expires June 7, 2014 [Page 73] Internet-Draft JOSE Cookbook December 2013 * "ECDH-ES+A256KW" for the second recipient. * "A256GCMKW" for the third recipient. o Content encryption algorithm; this example uses "A128CBC-HS256" 4.13.2. Generated Factors The following are generated before encrypting: o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 171. o Initialization vector/nonce; this example uses the initialization vector/nonce from Figure 172. OYs79m0f3LEuMZzmWBCywRn4u8B09BVidJb9j0ojDsY Figure 171: Content Encryption Key, base64url-encoded nY-xFgdef1LrsU7u Figure 172: Initialization Vector, base64url-encoded 4.13.3. Encrypting the Key to the First Recipient Performing the "RSA1_5" key encryption operation over the CEK (Figure 171 with the first recipient's RSA key (Figure 52 produces the following encrypted key: EBbDunXtz-j0Gn0q4c9vtueHlb0E-oBkSMno9PUg8eR7Y5T71aU9t0JkvxtKiO xibNkeeUSYPLPGvxslWAYgmqYW--uP_R64hQFp2fcB5MnyQ69GBkMU6Poie-Ct Q2y9Z3Mv9-NMbT7LO99A_2EUEXuxzGnHYSftk7KKjyw38LBuvSOVdokkHWMP4p VLeUJB1ovbT4M1j3pxUzyM2426sD6LfjorQhY8vsChyDaFST0Oe8uBvcRyA5ma bEyRYlUet8PRH_CjINMipv7LCDRsKVnr3oHwZEfCJFGNC-w_-Qn4xcmkmxyaz1 -kZEpS_t2kWJsFqx3mg7QAXJBxdGmy6A Figure 173: Recipient #1 Encrypted Key, base64url-encoded The following are generated after encrypting the CEK for the first recipient: o Recipient JWE header from Figure 174 { "alg": "RSA1_5", "kid": "frodo.baggins@hobbiton.example" } Miller Expires June 7, 2014 [Page 74] Internet-Draft JOSE Cookbook December 2013 Figure 174: Recipient #1 JWE Header JSON The following is the assembled first recipient JSON: { "encrypted_key": "EBbDunXtz-j0Gn0q4c9vtueHlb0E-oBkSMno9PUg8eR7Y5T71aU9t0Jkv xtKiOxibNkeeUSYPLPGvxslWAYgmqYW--uP_R64hQFp2fcB5MnyQ69GBk MU6Poie-CtQ2y9Z3Mv9-NMbT7LO99A_2EUEXuxzGnHYSftk7KKjyw38LB uvSOVdokkHWMP4pVLeUJB1ovbT4M1j3pxUzyM2426sD6LfjorQhY8vsCh yDaFST0Oe8uBvcRyA5mabEyRYlUet8PRH_CjINMipv7LCDRsKVnr3oHwZ EfCJFGNC-w_-Qn4xcmkmxyaz1-kZEpS_t2kWJsFqx3mg7QAXJBxdGmy6A", "header": { "alg": "RSA1_5", "kid": "frodo.baggins@hobbiton.example" } } Figure 175: Recipient #1 JSON 4.13.4. Encrypting the Key to the Second Recipient The following are generated before encrypting the CEK for the second recipient: o Ephemeral EC private key on the same curve as the EC public key; this example uses the private key that matches the public key from Figure 176. { "kty": "EC", "crv": "P-384", "x": "-fcIsKguXqJTTsWdHbJ4iRY_xARz9O_JdAxVEJnrxo7sJRbkwH mwlMi4AxCVzG_I", "y": "JcuN_3pD0dbTjry07BoFoJ-_W-SumUHH9XIAvXkKeFkJV4s5GM CwXwxtgkNeZ32T" } Figure 176: Ephemeral public key for Recipient #2, in JWK format Performing the "ECDH-ES+A256KW" key encryption operation over the CEK (Figure 171 with the following: o Static Elliptic Curve public key (Figure 84). o Ephemeral Elliptic Curve private key (Figure 176. produces the following encrypted key: Miller Expires June 7, 2014 [Page 75] Internet-Draft JOSE Cookbook December 2013 Dd1kQYNhhSIlKEAyE9UYhjtUBGahteiYVnRUg_tWf8S9VJZKL_8YOw Figure 177: Recipient #2 Encrypted Key, base64url-encoded The following are generated after encrypting the CEK for the second recipient: o Recipient JWE Header from Figure 178. { "alg": "ECDH-ES+A256KW", "kid": "peregrin.took@tuckborough.example", "epk": { "kty": "EC", "crv": "P-384", "x": "-fcIsKguXqJTTsWdHbJ4iRY_xARz9O_JdAxVEJnrxo7sJRbkwH mwlMi4AxCVzG_I", "y": "JcuN_3pD0dbTjry07BoFoJ-_W-SumUHH9XIAvXkKeFkJV4s5GM CwXwxtgkNeZ32T" } } Figure 178: Recipient #2 JWE Header JSON The following is the assembled second recipient JSON: { "encrypted_key": "Dd1kQYNhhSIlKEAyE9UYhjtUBGahteiYVnRUg_tWf8S9VJZKL_8YOw", "header": { "alg": "ECDH-ES+A256KW", "kid": "peregrin.took@tuckborough.example", "epk": { "kty": "EC", "crv": "P-384", "x": "-fcIsKguXqJTTsWdHbJ4iRY_xARz9O_JdAxVEJnrxo7sJRbk wHmwlMi4AxCVzG_I", "y": "JcuN_3pD0dbTjry07BoFoJ-_W-SumUHH9XIAvXkKeFkJV4s5 GMCwXwxtgkNeZ32T" } } } Figure 179: Recipient #2 JSON 4.13.5. Encrypting the Key to the Third Recipient Miller Expires June 7, 2014 [Page 76] Internet-Draft JOSE Cookbook December 2013 The following are generated before encrypting the CEK for the third recipient: o Initialization vector/nonce for key wrapping; this example uses the initialization vector/nonce from {{jwe-multi-kwiv_3} kZtitxRDXfzCS6ZK Figure 180 Performing the "A256GCMKW" key encryption operation over the CEK (Figure 171) with the following: o AES symmetric key (Figure 113; and o Initialization vector/nonce ((Figure 180 produces the following: o Encrypted key from Figure 181. o Key wrap authentication tag from Figure 182 iiVL4XCDCnsWCSZCTysGxl41vdnJqIThbumNa9wSQBo Figure 181: Recipient #3 Encrypted Key, base64url-encoded DOVpODvbotRWOHEqTRcXkg Figure 182: Recipient #3 Encrypted Key, base64url-encoded The following are generated after encrypting the CEK for the third recipient: o Recipient JWE header; this example uses the header from Figure 183. { "alg": "A256GCMKW", "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d", "tag": "DOVpODvbotRWOHEqTRcXkg", "iv": "kZtitxRDXfzCS6ZK" } Figure 183: Recipient #3 JWE Header JSON The following is the assembled third recipient JSON: Miller Expires June 7, 2014 [Page 77] Internet-Draft JOSE Cookbook December 2013 { "encrypted_key": "DOVpODvbotRWOHEqTRcXkg", "header": { "alg": "A256GCMKW", "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d", "tag": "DOVpODvbotRWOHEqTRcXkg", "iv": "kZtitxRDXfzCS6ZK" } Figure 184: Recipient #3 JSON 4.13.6. Encrypting the Content The following are generated before encrypting the content: o Protected JWE Header; this example uses the header from Figure 185, encoded to [RFC4648] base64url as Figure 186. { "enc": "A128GCM" } Figure 185: Protected JWE Header JSON eyJlbmMiOiJBMTI4R0NNIn0 Figure 186: Protected JWE Header, base64url-encoded Performing the content encryption operation over the Plaintext (Figure 51) with the following: o CEK (Figure 171), o Initialization vector/nonce (Figure 172), and o Protected JWE header (Figure 186) as the authenticated data produces the following: o Ciphertext from Figure 187 o Authentication tag from Figure 188 aG6vvrUIPIE5AunujYfPvgO1ypah6leCfYeW721swK9Nr8ERrKJn-HFkEkcx2r HnLgp33hKX6jPBWlSwilwGl2e2xg3SxQiA9OYncXBkpUcUK4KoIg7qCvtTsVFp sVRJYTBDqpGuecYdYOeZPWUuB1vX4jrCFIpHh3BIraAE6iTxdmxhHP-OXGZQpU N4Y2qcromUQP2jSreVGp2Gn9b4bWELfLny4WqRVmB_bySnyUxdglzGAQEse7s_ Miller Expires June 7, 2014 [Page 78] Internet-Draft JOSE Cookbook December 2013 o1s_6i1fOZnB5WzcoNo2aTZIKWLjJ347XL95KcF9aYwMAZSi7N4n41Zs2Yaa8- u07LpV9fQ7ubDQj1fQ4clpxPv_IDbHJ3tgdlH2lWSHwZADwgpIOA Figure 187: Ciphertext, base64url-encoded ESZx8edqbU4osp8P8H0a5Q Figure 188: Authentication Tag, base64url-encoded The following is generated after encrypting the plaintext: o Unprotected JWE header parameters; this example uses the header from Figure 189. { "cty": "text/plain" } Figure 189: Unprotected JWE Header JSON 4.13.7. Output Results The following compose the resulting JWE object: o Recipient #1 JSON (Figure 175) o Recipient #2 JSON (Figure 179) o Recipient #3 JSON (Figure 184) o Initialization vector/nonce (Figure 172) o Ciphertext (Figure 187) o Authentication tag (Figure 188) The resulting JWE object using the JSON serialization: { "recipients": [ { "encrypted_key": "EBbDunXtz-j0Gn0q4c9vtueHlb0E-oBkSMno9PUg8eR7Y5T71aU9t 0JkvxtKiOxibNkeeUSYPLPGvxslWAYgmqYW--uP_R64hQFp2fcB5M nyQ69GBkMU6Poie-CtQ2y9Z3Mv9-NMbT7LO99A_2EUEXuxzGnHYSf tk7KKjyw38LBuvSOVdokkHWMP4pVLeUJB1ovbT4M1j3pxUzyM2426 sD6LfjorQhY8vsChyDaFST0Oe8uBvcRyA5mabEyRYlUet8PRH_CjI NMipv7LCDRsKVnr3oHwZEfCJFGNC-w_-Qn4xcmkmxyaz1-kZEpS_t Miller Expires June 7, 2014 [Page 79] Internet-Draft JOSE Cookbook December 2013 2kWJsFqx3mg7QAXJBxdGmy6A", "header": { "alg": "RSA1_5", "kid": "frodo.baggins@hobbiton.example" } }, { "encrypted_key": "Dd1kQYNhhSIlKEAyE9UYhjtUBGahteiYVnRUg_tWf8S9VJZKL_8YO w", "header": { "alg": "ECDH-ES+A256KW", "kid": "peregrin.took@tuckborough.example", "epk": { "kty": "EC", "crv": "P-384", "x": "-fcIsKguXqJTTsWdHbJ4iRY_xARz9O_JdAxVEJnrxo7sJRbkw HmwlMi4AxCVzG_I", "y": "JcuN_3pD0dbTjry07BoFoJ-_W-SumUHH9XIAvXkKeFkJV4s5G MCwXwxtgkNeZ32T" } } }, { "encrypted_key": "iiVL4XCDCnsWCSZCTysGxl41vdnJqIThbumNa9wSQBo", "header": { "alg": "A256GCMKW", "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d", "tag": "DOVpODvbotRWOHEqTRcXkg", "iv": "kZtitxRDXfzCS6ZK" } } ], "protected": "eyJlbmMiOiJBMTI4R0NNIn0", "unprotected": { "cty": "text/plain" }, "iv": "nY-xFgdef1LrsU7u", "ciphertext": "aG6vvrUIPIE5AunujYfPvgO1ypah6leCfYeW721swK9Nr8ERrKJn-HFkE kcx2rHnLgp33hKX6jPBWlSwilwGl2e2xg3SxQiA9OYncXBkpUcUK4KoIg 7qCvtTsVFpsVRJYTBDqpGuecYdYOeZPWUuB1vX4jrCFIpHh3BIraAE6iT xdmxhHP-OXGZQpUN4Y2qcromUQP2jSreVGp2Gn9b4bWELfLny4WqRVmB_ bySnyUxdglzGAQEse7s_o1s_6i1fOZnB5WzcoNo2aTZIKWLjJ347XL95K Miller Expires June 7, 2014 [Page 80] Internet-Draft JOSE Cookbook December 2013 cF9aYwMAZSi7N4n41Zs2Yaa8-u07LpV9fQ7ubDQj1fQ4clpxPv_IDbHJ3 tgdlH2lWSHwZADwgpIOA", "tag": "ESZx8edqbU4osp8P8H0a5Q" } Figure 190: JSON Serialization 5. Security Considerations This document introduces no new security considerations over those stated in [I-D.ietf-jose-json-web-algorithms], [I-D.ietf-jose-json-web-encryption], [I-D.ietf-jose-json-web-key], and [I-D.ietf-jose-json-web-signature]. 6. IANA Considerations This document has no actions for IANA. 7. Informative References [I-D.ietf-jcardcal-jcard] Kewisch, P., "jCard: The JSON format for vCard", draft- ietf-jcardcal-jcard-07 (work in progress), October 2013. [I-D.ietf-jose-json-web-algorithms] Jones, M., "JSON Web Algorithms (JWA)", draft-ietf-jose- json-web-algorithms-18 (work in progress), November 2013. [I-D.ietf-jose-json-web-encryption] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web Encryption (JWE)", draft-ietf-jose-json-web-encryption-18 (work in progress), November 2013. [I-D.ietf-jose-json-web-key] Jones, M., "JSON Web Key (JWK)", draft-ietf-jose-json-web- key-18 (work in progress), November 2013. [I-D.ietf-jose-json-web-signature] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Signature (JWS)", draft-ietf-jose-json-web-signature-18 (work in progress), November 2013. [RFC1951] Deutsch, P., "DEFLATE Compressed Data Format Specification version 1.3", RFC 1951, May 1996. [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 4648, October 2006. Miller Expires June 7, 2014 [Page 81] Internet-Draft JOSE Cookbook December 2013 Appendix A. Acknowledgements All of the examples herein use quotes and character names found in the novels "The Hobbit"; "The Fellowship of the Ring"; "The Two Towers"; and "Return of the King", written by J. R. R. Tolkien. Thanks to Richard Barnes and Jim Schaad for providing for their input on the outline for this document. Author's Address Matthew Miller Cisco Systems, Inc. 1899 Wynkoop Street, Suite 600 Denver, CO 80202 USA Phone: +1-303-308-3204 Email: mamille2@cisco.com Miller Expires June 7, 2014 [Page 82]