JSON Private KeyMicrosoftmbj@microsoft.comhttp://self-issued.info/
Security
JOSE Working GroupRFCRequest for CommentsI-DInternet-DraftJavaScript Object NotationJSONJSON Web KeyJWKJSON Web AlgorithmsJWA
The JSON Private Key specification extends the
JSON Web Key (JWK) and
JSON Web Algorithms (JWA)
specifications to define a
JavaScript Object Notation (JSON)
representation of private keys.
The JSON Private Key specification extends the
JSON Web Key (JWK) and
JSON Web Algorithms (JWA)
specifications to define a
JavaScript Object Notation (JSON)
representation of private keys.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as
described in
Key words for use in RFCs to Indicate Requirement Levels .
This specification uses the same terminology as the
JSON Web Key (JWK) and
JSON Web Algorithms (JWA)
specifications.
This section defines additional JSON Web Key parameters
that enable JWKs to represent private keys.
When the JWK alg
member value is EC,
the following member MAY be used to represent
an Elliptic Curve private key:
The d (ECC private key) member contains
the Elliptic Curve private key value.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The array representation MUST not be shortened
to omit any leading zero bytes.
For instance, when representing 521 bit integers,
the byte array to be base64url encoded MUST contain 66 bytes,
including any leading zero bytes.
When the JWK alg
member value is RSA,
the following member MAY be used to represent
an RSA private key:
The d (private exponent) member contains
the private exponent value for the RSA private key.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The array representation MUST not be shortened
to omit any leading zero bytes.
For instance, when representing 2048 bit integers,
the byte array to be base64url encoded MUST contain 256 bytes,
including any leading zero bytes.
The p (first prime factor) member contains
the first prime factor, a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The q (second prime factor) member contains
the second prime factor, a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The dp (first factor CRT exponent)
member contains the Chinese Remainder Theorem (CRT) exponent
of the first factor, a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The dq (second factor CRT exponent)
member contains the Chinese Remainder Theorem (CRT) exponent
of the second factor, a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The dp (first CRT coefficient)
member contains the Chinese Remainder Theorem (CRT)
coefficient of the second factor, a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The oth (other primes info)
member contains an array of information about any third and subsequent
primes, should they exist.
When only two primes have been used (the normal case),
this parameter MUST be omitted.
When three or more primes have been used, the number of array
elements MUST be the number of primes used minus two.
Each array element MUST be an object with the following members:
The r (prime factor) parameter
within an oth array member
represents the value of a subsequent prime factor,
a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The d (Factor CRT Exponent) parameter
within an oth array member
represents the CRT exponent of the corresponding prime factor,
a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The t (factor CRT coefficient) parameter
within an oth array member
represents the CRT coefficient of the corresponding prime factor,
a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The following example JWK Set contains two keys represented
as JWKs containing both public and private key values:
one using an Elliptic Curve algorithm and
a second one using an RSA algorithm.
This example extends the example in
Section 3 of ,
adding private key values.
(Line breaks are for display purposes only.)
This specification registers the parameter names defined in
and in the
IANA JSON Web Key Parameters registry .
Parameter Name: d
Change Controller: IETF
Specification Document(s): of [[ this document ]]
Parameter Name: d
Change Controller: IETF
Specification Document(s): of [[ this document ]]
Parameter Name: p
Change Controller: IETF
Specification Document(s): of [[ this document ]]
Parameter Name: q
Change Controller: IETF
Specification Document(s): of [[ this document ]]
Parameter Name: dp
Change Controller: IETF
Specification Document(s): of [[ this document ]]
Parameter Name: dq
Change Controller: IETF
Specification Document(s): of [[ this document ]]
Parameter Name: qi
Change Controller: IETF
Specification Document(s): of [[ this document ]]
Parameter Name: oth
Change Controller: IETF
Specification Document(s): of [[ this document ]]
The security considerations for this specification are the
same as those for the
JSON Web Key (JWK) specification and
the portion of the JSON Web Algorithms (JWA)
specification that pertains to key representations.
JSON Web Key (JWK)Microsoftmbj@microsoft.comhttp://self-issued.info/JSON Web Algorithms (JWA)Microsoftmbj@microsoft.comhttp://self-issued.info/
[[ to be removed by the RFC editor before publication as an RFC ]]
-01
Changed the names of the RSA key parameters
so that the identifiers are the same as those used in RFC 3447.
Added the RSA private key fields enabling Chinese Remainder Theorem (CRT)
calculations, based upon their use in RFC 3447.
-00
Created draft-jones-jose-json-private-key to facilitate discussion
of the question from the W3C WebCrypto WG to the IETF JOSE WG of whether
JOSE plans to support a format for representing private keys.