< draft-ietf-jose-json-web-encryption-23.txt   draft-ietf-jose-json-web-encryption-24.txt >
JOSE Working Group M. Jones JOSE Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track E. Rescorla Intended status: Standards Track J. Hildebrand
Expires: September 4, 2014 RTFM Expires: September 19, 2014 Cisco
J. Hildebrand March 18, 2014
Cisco
March 3, 2014
JSON Web Encryption (JWE) JSON Web Encryption (JWE)
draft-ietf-jose-json-web-encryption-23 draft-ietf-jose-json-web-encryption-24
Abstract Abstract
JSON Web Encryption (JWE) represents encrypted content using JSON Web Encryption (JWE) represents encrypted content using
JavaScript Object Notation (JSON) based data structures. JavaScript Object Notation (JSON) based data structures.
Cryptographic algorithms and identifiers for use with this Cryptographic algorithms and identifiers for use with this
specification are described in the separate JSON Web Algorithms (JWA) specification are described in the separate JSON Web Algorithms (JWA)
specification and IANA registries defined by that specification. specification and IANA registries defined by that specification.
Related digital signature and MAC capabilities are described in the Related digital signature and MAC capabilities are described in the
separate JSON Web Signature (JWS) specification. separate JSON Web Signature (JWS) specification.
skipping to change at page 1, line 39 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 4, 2014. This Internet-Draft will expire on September 19, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 5 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. JSON Web Encryption (JWE) Overview . . . . . . . . . . . . . . 9 3. JSON Web Encryption (JWE) Overview . . . . . . . . . . . . . . 8
3.1. Example JWE . . . . . . . . . . . . . . . . . . . . . . . 11 3.1. Example JWE . . . . . . . . . . . . . . . . . . . . . . . 10
4. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . . . 12 4. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . . . 11
4.1. Registered Header Parameter Names . . . . . . . . . . . . 13 4.1. Registered Header Parameter Names . . . . . . . . . . . . 12
4.1.1. "alg" (Algorithm) Header Parameter . . . . . . . . . . 13 4.1.1. "alg" (Algorithm) Header Parameter . . . . . . . . . . 12
4.1.2. "enc" (Encryption Algorithm) Header Parameter . . . . 13 4.1.2. "enc" (Encryption Algorithm) Header Parameter . . . . 12
4.1.3. "zip" (Compression Algorithm) Header Parameter . . . . 13 4.1.3. "zip" (Compression Algorithm) Header Parameter . . . . 12
4.1.4. "jku" (JWK Set URL) Header Parameter . . . . . . . . . 14 4.1.4. "jku" (JWK Set URL) Header Parameter . . . . . . . . . 13
4.1.5. "jwk" (JSON Web Key) Header Parameter . . . . . . . . 14 4.1.5. "jwk" (JSON Web Key) Header Parameter . . . . . . . . 13
4.1.6. "kid" (Key ID) Header Parameter . . . . . . . . . . . 14 4.1.6. "kid" (Key ID) Header Parameter . . . . . . . . . . . 13
4.1.7. "x5u" (X.509 URL) Header Parameter . . . . . . . . . . 14 4.1.7. "x5u" (X.509 URL) Header Parameter . . . . . . . . . . 13
4.1.8. "x5c" (X.509 Certificate Chain) Header Parameter . . . 15 4.1.8. "x5c" (X.509 Certificate Chain) Header Parameter . . . 14
4.1.9. "x5t" (X.509 Certificate SHA-1 Thumbprint) Header 4.1.9. "x5t" (X.509 Certificate SHA-1 Thumbprint) Header
Parameter . . . . . . . . . . . . . . . . . . . . . . 15 Parameter . . . . . . . . . . . . . . . . . . . . . . 14
4.1.10. "typ" (Type) Header Parameter . . . . . . . . . . . . 15 4.1.10. "typ" (Type) Header Parameter . . . . . . . . . . . . 14
4.1.11. "cty" (Content Type) Header Parameter . . . . . . . . 15 4.1.11. "cty" (Content Type) Header Parameter . . . . . . . . 14
4.1.12. "crit" (Critical) Header Parameter . . . . . . . . . . 15 4.1.12. "crit" (Critical) Header Parameter . . . . . . . . . . 14
4.2. Public Header Parameter Names . . . . . . . . . . . . . . 15 4.2. Public Header Parameter Names . . . . . . . . . . . . . . 14
4.3. Private Header Parameter Names . . . . . . . . . . . . . . 16 4.3. Private Header Parameter Names . . . . . . . . . . . . . . 15
5. Producing and Consuming JWEs . . . . . . . . . . . . . . . . . 16 5. Producing and Consuming JWEs . . . . . . . . . . . . . . . . . 15
5.1. Message Encryption . . . . . . . . . . . . . . . . . . . . 16 5.1. Message Encryption . . . . . . . . . . . . . . . . . . . . 15
5.2. Message Decryption . . . . . . . . . . . . . . . . . . . . 18 5.2. Message Decryption . . . . . . . . . . . . . . . . . . . . 17
5.3. String Comparison Rules . . . . . . . . . . . . . . . . . 21 5.3. String Comparison Rules . . . . . . . . . . . . . . . . . 20
6. Key Identification . . . . . . . . . . . . . . . . . . . . . . 21 6. Key Identification . . . . . . . . . . . . . . . . . . . . . . 20
7. Serializations . . . . . . . . . . . . . . . . . . . . . . . . 21 7. Serializations . . . . . . . . . . . . . . . . . . . . . . . . 20
7.1. JWE Compact Serialization . . . . . . . . . . . . . . . . 21 7.1. JWE Compact Serialization . . . . . . . . . . . . . . . . 20
7.2. JWE JSON Serialization . . . . . . . . . . . . . . . . . . 21 7.2. JWE JSON Serialization . . . . . . . . . . . . . . . . . . 20
8. TLS Requirements . . . . . . . . . . . . . . . . . . . . . . . 24 8. TLS Requirements . . . . . . . . . . . . . . . . . . . . . . . 23
9. Distinguishing between JWS and JWE Objects . . . . . . . . . . 24 9. Distinguishing between JWS and JWE Objects . . . . . . . . . . 23
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24
10.1. JSON Web Signature and Encryption Header Parameters 10.1. JSON Web Signature and Encryption Header Parameters
Registration . . . . . . . . . . . . . . . . . . . . . . . 25 Registration . . . . . . . . . . . . . . . . . . . . . . . 24
10.1.1. Registry Contents . . . . . . . . . . . . . . . . . . 25 10.1.1. Registry Contents . . . . . . . . . . . . . . . . . . 24
11. Security Considerations . . . . . . . . . . . . . . . . . . . 27 11. Security Considerations . . . . . . . . . . . . . . . . . . . 26
12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 28 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 27
12.1. Normative References . . . . . . . . . . . . . . . . . . . 28 12.1. Normative References . . . . . . . . . . . . . . . . . . . 27
12.2. Informative References . . . . . . . . . . . . . . . . . . 28 12.2. Informative References . . . . . . . . . . . . . . . . . . 27
Appendix A. JWE Examples . . . . . . . . . . . . . . . . . . . . 29 Appendix A. JWE Examples . . . . . . . . . . . . . . . . . . . . 28
A.1. Example JWE using RSAES OAEP and AES GCM . . . . . . . . . 29 A.1. Example JWE using RSAES OAEP and AES GCM . . . . . . . . . 28
A.1.1. JWE Header . . . . . . . . . . . . . . . . . . . . . . 29 A.1.1. JWE Header . . . . . . . . . . . . . . . . . . . . . . 28
A.1.2. Content Encryption Key (CEK) . . . . . . . . . . . . . 30 A.1.2. Content Encryption Key (CEK) . . . . . . . . . . . . . 29
A.1.3. Key Encryption . . . . . . . . . . . . . . . . . . . . 30 A.1.3. Key Encryption . . . . . . . . . . . . . . . . . . . . 29
A.1.4. Initialization Vector . . . . . . . . . . . . . . . . 31 A.1.4. Initialization Vector . . . . . . . . . . . . . . . . 30
A.1.5. Additional Authenticated Data . . . . . . . . . . . . 31 A.1.5. Additional Authenticated Data . . . . . . . . . . . . 30
A.1.6. Content Encryption . . . . . . . . . . . . . . . . . . 32 A.1.6. Content Encryption . . . . . . . . . . . . . . . . . . 31
A.1.7. Complete Representation . . . . . . . . . . . . . . . 32 A.1.7. Complete Representation . . . . . . . . . . . . . . . 31
A.1.8. Validation . . . . . . . . . . . . . . . . . . . . . . 33 A.1.8. Validation . . . . . . . . . . . . . . . . . . . . . . 32
A.2. Example JWE using RSAES-PKCS1-V1_5 and A.2. Example JWE using RSAES-PKCS1-V1_5 and
AES_128_CBC_HMAC_SHA_256 . . . . . . . . . . . . . . . . . 33 AES_128_CBC_HMAC_SHA_256 . . . . . . . . . . . . . . . . . 32
A.2.1. JWE Header . . . . . . . . . . . . . . . . . . . . . . 33 A.2.1. JWE Header . . . . . . . . . . . . . . . . . . . . . . 32
A.2.2. Content Encryption Key (CEK) . . . . . . . . . . . . . 34 A.2.2. Content Encryption Key (CEK) . . . . . . . . . . . . . 33
A.2.3. Key Encryption . . . . . . . . . . . . . . . . . . . . 34 A.2.3. Key Encryption . . . . . . . . . . . . . . . . . . . . 33
A.2.4. Initialization Vector . . . . . . . . . . . . . . . . 35 A.2.4. Initialization Vector . . . . . . . . . . . . . . . . 34
A.2.5. Additional Authenticated Data . . . . . . . . . . . . 35 A.2.5. Additional Authenticated Data . . . . . . . . . . . . 34
A.2.6. Content Encryption . . . . . . . . . . . . . . . . . . 35 A.2.6. Content Encryption . . . . . . . . . . . . . . . . . . 34
A.2.7. Complete Representation . . . . . . . . . . . . . . . 36 A.2.7. Complete Representation . . . . . . . . . . . . . . . 35
A.2.8. Validation . . . . . . . . . . . . . . . . . . . . . . 36 A.2.8. Validation . . . . . . . . . . . . . . . . . . . . . . 35
A.3. Example JWE using AES Key Wrap and A.3. Example JWE using AES Key Wrap and
AES_128_CBC_HMAC_SHA_256 . . . . . . . . . . . . . . . . . 37 AES_128_CBC_HMAC_SHA_256 . . . . . . . . . . . . . . . . . 36
A.3.1. JWE Header . . . . . . . . . . . . . . . . . . . . . . 37 A.3.1. JWE Header . . . . . . . . . . . . . . . . . . . . . . 36
A.3.2. Content Encryption Key (CEK) . . . . . . . . . . . . . 37 A.3.2. Content Encryption Key (CEK) . . . . . . . . . . . . . 36
A.3.3. Key Encryption . . . . . . . . . . . . . . . . . . . . 37 A.3.3. Key Encryption . . . . . . . . . . . . . . . . . . . . 36
A.3.4. Initialization Vector . . . . . . . . . . . . . . . . 38 A.3.4. Initialization Vector . . . . . . . . . . . . . . . . 37
A.3.5. Additional Authenticated Data . . . . . . . . . . . . 38 A.3.5. Additional Authenticated Data . . . . . . . . . . . . 37
A.3.6. Content Encryption . . . . . . . . . . . . . . . . . . 38 A.3.6. Content Encryption . . . . . . . . . . . . . . . . . . 37
A.3.7. Complete Representation . . . . . . . . . . . . . . . 39 A.3.7. Complete Representation . . . . . . . . . . . . . . . 38
A.3.8. Validation . . . . . . . . . . . . . . . . . . . . . . 39 A.3.8. Validation . . . . . . . . . . . . . . . . . . . . . . 38
A.4. Example JWE using JWE JSON Serialization . . . . . . . . . 40 A.4. Example JWE using JWE JSON Serialization . . . . . . . . . 39
A.4.1. JWE Per-Recipient Unprotected Headers . . . . . . . . 40 A.4.1. JWE Per-Recipient Unprotected Headers . . . . . . . . 39
A.4.2. JWE Protected Header . . . . . . . . . . . . . . . . . 40 A.4.2. JWE Protected Header . . . . . . . . . . . . . . . . . 39
A.4.3. JWE Unprotected Header . . . . . . . . . . . . . . . . 41 A.4.3. JWE Unprotected Header . . . . . . . . . . . . . . . . 40
A.4.4. Complete JWE Header Values . . . . . . . . . . . . . . 41 A.4.4. Complete JWE Header Values . . . . . . . . . . . . . . 40
A.4.5. Additional Authenticated Data . . . . . . . . . . . . 41 A.4.5. Additional Authenticated Data . . . . . . . . . . . . 40
A.4.6. Content Encryption . . . . . . . . . . . . . . . . . . 41 A.4.6. Content Encryption . . . . . . . . . . . . . . . . . . 40
A.4.7. Complete JWE JSON Serialization Representation . . . . 42 A.4.7. Complete JWE JSON Serialization Representation . . . . 41
Appendix B. Example AES_128_CBC_HMAC_SHA_256 Computation . . . . 42 Appendix B. Example AES_128_CBC_HMAC_SHA_256 Computation . . . . 41
B.1. Extract MAC_KEY and ENC_KEY from Key . . . . . . . . . . . 43 B.1. Extract MAC_KEY and ENC_KEY from Key . . . . . . . . . . . 42
B.2. Encrypt Plaintext to Create Ciphertext . . . . . . . . . . 43 B.2. Encrypt Plaintext to Create Ciphertext . . . . . . . . . . 42
B.3. 64 Bit Big Endian Representation of AAD Length . . . . . . 44 B.3. 64 Bit Big Endian Representation of AAD Length . . . . . . 43
B.4. Initialization Vector Value . . . . . . . . . . . . . . . 44 B.4. Initialization Vector Value . . . . . . . . . . . . . . . 43
B.5. Create Input to HMAC Computation . . . . . . . . . . . . . 44 B.5. Create Input to HMAC Computation . . . . . . . . . . . . . 43
B.6. Compute HMAC Value . . . . . . . . . . . . . . . . . . . . 44 B.6. Compute HMAC Value . . . . . . . . . . . . . . . . . . . . 43
B.7. Truncate HMAC Value to Create Authentication Tag . . . . . 44 B.7. Truncate HMAC Value to Create Authentication Tag . . . . . 43
Appendix C. Acknowledgements . . . . . . . . . . . . . . . . . . 45 Appendix C. Acknowledgements . . . . . . . . . . . . . . . . . . 44
Appendix D. Document History . . . . . . . . . . . . . . . . . . 45 Appendix D. Document History . . . . . . . . . . . . . . . . . . 44
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 54 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 54
1. Introduction 1. Introduction
JSON Web Encryption (JWE) represents encrypted content using JSON Web Encryption (JWE) represents encrypted content using
JavaScript Object Notation (JSON) [RFC7158] based data structures. JavaScript Object Notation (JSON) [RFC7159] based data structures.
The JWE cryptographic mechanisms encrypt and provide integrity The JWE cryptographic mechanisms encrypt and provide integrity
protection for an arbitrary sequence of octets. protection for an arbitrary sequence of octets.
Two closely related serializations for JWE objects are defined. The Two closely related serializations for JWE objects are defined. The
JWE Compact Serialization is a compact, URL-safe representation JWE Compact Serialization is a compact, URL-safe representation
intended for space constrained environments such as HTTP intended for space constrained environments such as HTTP
Authorization headers and URI query parameters. The JWE JSON Authorization headers and URI query parameters. The JWE JSON
Serialization represents JWE objects as JSON objects and enables the Serialization represents JWE objects as JSON objects and enables the
same content to be encrypted to multiple parties. Both share the same content to be encrypted to multiple parties. Both share the
same cryptographic underpinnings. same cryptographic underpinnings.
skipping to change at page 7, line 27 skipping to change at page 6, line 27
JWE AAD JWE AAD
Additional value to be integrity protected by the authenticated Additional value to be integrity protected by the authenticated
encryption operation. This can only be present when using the JWE encryption operation. This can only be present when using the JWE
JSON Serialization. (Note that this can also be achieved when JSON Serialization. (Note that this can also be achieved when
using either serialization by including the AAD value as an using either serialization by including the AAD value as an
integrity protected Header Parameter value, but at the cost of the integrity protected Header Parameter value, but at the cost of the
value being double base64url encoded.) value being double base64url encoded.)
JWE Ciphertext JWE Ciphertext
Ciphertext value resulting from authenticated encryption of the Ciphertext value resulting from authenticated encryption of the
plaintext with additional associated data. plaintext with additional authenticated data.
JWE Authentication Tag JWE Authentication Tag
Authentication Tag value resulting from authenticated encryption Authentication Tag value resulting from authenticated encryption
of the plaintext with additional associated data. of the plaintext with additional authenticated data.
Header Parameter Header Parameter
A name/value pair that is member of the JWE Header. A name/value pair that is member of the JWE Header.
JWE Protected Header JWE Protected Header
JSON object that contains the JWE Header Parameters that are JSON object that contains the JWE Header Parameters that are
integrity protected by the authenticated encryption operation. integrity protected by the authenticated encryption operation.
These parameters apply to all recipients of the JWE. For the JWE These parameters apply to all recipients of the JWE. For the JWE
Compact Serialization, this comprises the entire JWE Header. For Compact Serialization, this comprises the entire JWE Header. For
the JWE JSON Serialization, this is one component of the JWE the JWE JSON Serialization, this is one component of the JWE
skipping to change at page 9, line 29 skipping to change at page 8, line 29
JWE Initialization Vector JWE Initialization Vector
Initialization Vector value used when encrypting the plaintext. Initialization Vector value used when encrypting the plaintext.
JWE AAD JWE AAD
Additional value to be integrity protected by the authenticated Additional value to be integrity protected by the authenticated
encryption operation. encryption operation.
JWE Ciphertext JWE Ciphertext
Ciphertext value resulting from authenticated encryption of the Ciphertext value resulting from authenticated encryption of the
plaintext with additional associated data. plaintext with additional authenticated data.
JWE Authentication Tag JWE Authentication Tag
Authentication Tag value resulting from authenticated encryption Authentication Tag value resulting from authenticated encryption
of the plaintext with additional associated data. of the plaintext with additional authenticated data.
The JWE Header represents the combination of these logical values: The JWE Header represents the combination of these logical values:
JWE Protected Header JWE Protected Header
JSON object that contains the JWE Header Parameters that are JSON object that contains the JWE Header Parameters that are
integrity protected by the authenticated encryption operation. integrity protected by the authenticated encryption operation.
These parameters apply to all recipients of the JWE. These parameters apply to all recipients of the JWE.
JWE Shared Unprotected Header JWE Shared Unprotected Header
JSON object that contains the JWE Header Parameters that apply to JSON object that contains the JWE Header Parameters that apply to
skipping to change at page 19, line 8 skipping to change at page 18, line 8
JWE JSON Serialization is described in Section 7.2. JWE JSON Serialization is described in Section 7.2.
2. The encoded representations of the JWE Protected Header, the JWE 2. The encoded representations of the JWE Protected Header, the JWE
Encrypted Key, the JWE Initialization Vector, the JWE Encrypted Key, the JWE Initialization Vector, the JWE
Ciphertext, the JWE Authentication Tag, and the JWE AAD MUST be Ciphertext, the JWE Authentication Tag, and the JWE AAD MUST be
successfully base64url decoded following the restriction that no successfully base64url decoded following the restriction that no
padding characters have been used. padding characters have been used.
3. The octet sequence resulting from decoding the encoded JWE 3. The octet sequence resulting from decoding the encoded JWE
Protected Header MUST be a UTF-8 encoded representation of a Protected Header MUST be a UTF-8 encoded representation of a
completely valid JSON object conforming to [RFC7158], which is completely valid JSON object conforming to [RFC7159], which is
the JWE Protected Header. the JWE Protected Header.
4. If using the JWE Compact Serialization, let the JWE Header be 4. If using the JWE Compact Serialization, let the JWE Header be
the JWE Protected Header; otherwise, when using the JWE JSON the JWE Protected Header; otherwise, when using the JWE JSON
Serialization, let the JWE Header be the union of the members of Serialization, let the JWE Header be the union of the members of
the JWE Protected Header, the JWE Shared Unprotected Header and the JWE Protected Header, the JWE Shared Unprotected Header and
the corresponding JWE Per-Recipient Unprotected Header, all of the corresponding JWE Per-Recipient Unprotected Header, all of
which must be completely valid JSON objects. which must be completely valid JSON objects.
5. The resulting JWE Header MUST NOT contain duplicate Header 5. The resulting JWE Header MUST NOT contain duplicate Header
skipping to change at page 28, line 36 skipping to change at page 27, line 36
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003. 10646", STD 63, RFC 3629, November 2003.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, May 2008. (CRL) Profile", RFC 5280, May 2008.
[RFC7158] Bray, T., "The JavaScript Object Notation (JSON) Data [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data
Interchange Format", RFC 7158, March 2014. Interchange Format", RFC 7159, March 2014.
[USASCII] American National Standards Institute, "Coded Character [USASCII] American National Standards Institute, "Coded Character
Set -- 7-bit American Standard Code for Information Set -- 7-bit American Standard Code for Information
Interchange", ANSI X3.4, 1986. Interchange", ANSI X3.4, 1986.
12.2. Informative References 12.2. Informative References
[I-D.mcgrew-aead-aes-cbc-hmac-sha2] [I-D.mcgrew-aead-aes-cbc-hmac-sha2]
McGrew, D. and K. Paterson, "Authenticated Encryption with McGrew, D. and K. Paterson, "Authenticated Encryption with
AES-CBC and HMAC-SHA", AES-CBC and HMAC-SHA",
skipping to change at page 42, line 27 skipping to change at page 41, line 27
The complete JSON Web Encryption JSON Serialization for these values The complete JSON Web Encryption JSON Serialization for these values
is as follows (with line breaks for display purposes only): is as follows (with line breaks for display purposes only):
{"protected": {"protected":
"eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0", "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
"unprotected": "unprotected":
{"jku":"https://server.example.com/keys.jwks"}, {"jku":"https://server.example.com/keys.jwks"},
"recipients":[ "recipients":[
{"header": {"header":
{"alg":"RSA1_5"}, {"alg":"RSA1_5","kid":"2011-04-29"},
"encrypted_key": "encrypted_key":
"UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0- "UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-
kFm1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKx kFm1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKx
GHZ7PcHALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3 GHZ7PcHALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3
YvkkysZIFNPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPh YvkkysZIFNPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPh
cCdZ6XDP0_F8rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPg cCdZ6XDP0_F8rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPg
wCp6X-nZZd9OHBv-B3oWh2TbqmScqXMR4gp_A"}, wCp6X-nZZd9OHBv-B3oWh2TbqmScqXMR4gp_A"},
{"header": {"header":
{"alg":"A128KW"}, {"alg":"A128KW","kid":"7"},
"encrypted_key": "encrypted_key":
"6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ"}], "6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ"}],
"iv": "iv":
"AxY8DCtDaGlsbGljb3RoZQ", "AxY8DCtDaGlsbGljb3RoZQ",
"ciphertext": "ciphertext":
"KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY", "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY",
"tag": "tag":
"Mz-VPPyU4RlcuYv1IwIvzw" "Mz-VPPyU4RlcuYv1IwIvzw"
} }
skipping to change at page 45, line 18 skipping to change at page 44, line 18
Appendix C. Acknowledgements Appendix C. Acknowledgements
Solutions for encrypting JSON content were also explored by JSON Solutions for encrypting JSON content were also explored by JSON
Simple Encryption [JSE] and JavaScript Message Security Format Simple Encryption [JSE] and JavaScript Message Security Format
[I-D.rescorla-jsms], both of which significantly influenced this [I-D.rescorla-jsms], both of which significantly influenced this
draft. This draft attempts to explicitly reuse as many of the draft. This draft attempts to explicitly reuse as many of the
relevant concepts from XML Encryption 1.1 relevant concepts from XML Encryption 1.1
[W3C.CR-xmlenc-core1-20120313] and RFC 5652 [RFC5652] as possible, [W3C.CR-xmlenc-core1-20120313] and RFC 5652 [RFC5652] as possible,
while utilizing simple, compact JSON-based data structures. while utilizing simple, compact JSON-based data structures.
Special thanks are due to John Bradley and Nat Sakimura for the Special thanks are due to John Bradley, Eric Rescorla, and Nat
discussions that helped inform the content of this specification and Sakimura for the discussions that helped inform the content of this
to Eric Rescorla and Joe Hildebrand for allowing the reuse of text specification, to Eric Rescorla and Joe Hildebrand for allowing the
from [I-D.rescorla-jsms] in this document. reuse of text from [I-D.rescorla-jsms] in this document, and to Eric
Rescorla for co-authoring many drafts of this specification.
Thanks to Axel Nennker, Emmanuel Raviart, Brian Campbell, and Edmund Thanks to Axel Nennker, Emmanuel Raviart, Brian Campbell, and Edmund
Jay for validating the examples in this specification. Jay for validating the examples in this specification.
This specification is the work of the JOSE Working Group, which This specification is the work of the JOSE Working Group, which
includes dozens of active and dedicated participants. In particular, includes dozens of active and dedicated participants. In particular,
the following individuals contributed ideas, feedback, and wording the following individuals contributed ideas, feedback, and wording
that influenced this specification: that influenced this specification:
Richard Barnes, John Bradley, Brian Campbell, Breno de Medeiros, Dick Richard Barnes, John Bradley, Brian Campbell, Breno de Medeiros, Dick
Hardt, Jeff Hodges, Edmund Jay, James Manger, Matt Miller, Tony Hardt, Jeff Hodges, Edmund Jay, James Manger, Matt Miller, Tony
Nadalin, Axel Nennker, Emmanuel Raviart, Nat Sakimura, Jim Schaad, Nadalin, Hideki Nara, Axel Nennker, Emmanuel Raviart, Eric Rescorla,
Hannes Tschofenig, and Sean Turner. Nat Sakimura, Jim Schaad, Hannes Tschofenig, and Sean Turner.
Jim Schaad and Karen O'Donoghue chaired the JOSE working group and Jim Schaad and Karen O'Donoghue chaired the JOSE working group and
Sean Turner and Stephen Farrell served as Security area directors Sean Turner and Stephen Farrell served as Security area directors
during the creation of this specification. during the creation of this specification.
Appendix D. Document History Appendix D. Document History
[[ to be removed by the RFC Editor before publication as an RFC ]] [[ to be removed by the RFC Editor before publication as an RFC ]]
-24
o Corrected complete JSON Serialization example.
o Replaced uses of the term "associated data" wherever it was used
to refer to a data value with "additional authenticated data",
since both terms were being used as synonyms, causing confusion.
o Updated the JSON reference to RFC 7159.
o Thanked Eric Rescorla for helping to author of most of the drafts
of this specification and removed him from the current author
list.
-23 -23
o Corrected a use of the word "payload" to "plaintext". o Corrected a use of the word "payload" to "plaintext".
-22 -22
o Corrected RFC 2119 terminology usage. o Corrected RFC 2119 terminology usage.
o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158. o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158.
-21 -21
o Changed some references from being normative to informative, o Changed some references from being normative to informative,
addressing issue #90. addressing issue #90.
o Applied review comments to the JSON Serialization section, o Applied review comments to the JSON Serialization section,
skipping to change at page 54, line 41 skipping to change at page 54, line 13
HMACs "signatures". HMACs "signatures".
Authors' Addresses Authors' Addresses
Michael B. Jones Michael B. Jones
Microsoft Microsoft
Email: mbj@microsoft.com Email: mbj@microsoft.com
URI: http://self-issued.info/ URI: http://self-issued.info/
Eric Rescorla
RTFM, Inc.
Email: ekr@rtfm.com
Joe Hildebrand Joe Hildebrand
Cisco Systems, Inc. Cisco Systems, Inc.
Email: jhildebr@cisco.com Email: jhildebr@cisco.com
 End of changes. 22 change blocks. 
111 lines changed or deleted 121 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/