| < draft-ietf-jose-json-web-key-20.txt | draft-ietf-jose-json-web-key-21.txt > | |||
|---|---|---|---|---|
| JOSE Working Group M. Jones | JOSE Working Group M. Jones | |||
| Internet-Draft Microsoft | Internet-Draft Microsoft | |||
| Intended status: Standards Track January 20, 2014 | Intended status: Standards Track February 14, 2014 | |||
| Expires: July 24, 2014 | Expires: August 18, 2014 | |||
| JSON Web Key (JWK) | JSON Web Key (JWK) | |||
| draft-ietf-jose-json-web-key-20 | draft-ietf-jose-json-web-key-21 | |||
| Abstract | Abstract | |||
| A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data | A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data | |||
| structure that represents a cryptographic key. This specification | structure that represents a cryptographic key. This specification | |||
| also defines a JSON Web Key Set (JWK Set) JSON data structure for | also defines a JSON Web Key Set (JWK Set) JSON data structure for | |||
| representing a set of JWKs. Cryptographic algorithms and identifiers | representing a set of JWKs. Cryptographic algorithms and identifiers | |||
| for use with this specification are described in the separate JSON | for use with this specification are described in the separate JSON | |||
| Web Algorithms (JWA) specification and IANA registries defined by | Web Algorithms (JWA) specification and IANA registries defined by | |||
| that specification. | that specification. | |||
| skipping to change at page 1, line 36 ¶ | skipping to change at page 1, line 36 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on July 24, 2014. | This Internet-Draft will expire on August 18, 2014. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 7 ¶ | skipping to change at page 3, line 7 ¶ | |||
| Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 21 | Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 21 | |||
| A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 21 | A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 21 | |||
| A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 22 | A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 22 | |||
| A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 24 | A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 24 | |||
| Appendix B. Example Use of "x5c" (X.509 Certificate Chain) | Appendix B. Example Use of "x5c" (X.509 Certificate Chain) | |||
| Parameter . . . . . . . . . . . . . . . . . . . . . . 24 | Parameter . . . . . . . . . . . . . . . . . . . . . . 24 | |||
| Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 25 | Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 25 | |||
| C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 26 | C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 26 | |||
| C.2. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . 29 | C.2. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . 29 | |||
| C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 29 | C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 29 | |||
| C.4. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 30 | C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 30 | |||
| C.5. Initialization Vector . . . . . . . . . . . . . . . . . . 30 | C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 30 | |||
| C.6. Additional Authenticated Data . . . . . . . . . . . . . . 30 | C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 30 | |||
| C.7. Content Encryption . . . . . . . . . . . . . . . . . . . . 31 | C.7. Additional Authenticated Data . . . . . . . . . . . . . . 31 | |||
| C.8. Complete Representation . . . . . . . . . . . . . . . . . 34 | C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 31 | |||
| C.9. Complete Representation . . . . . . . . . . . . . . . . . 34 | ||||
| Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 35 | Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 35 | |||
| Appendix E. Document History . . . . . . . . . . . . . . . . . . 36 | Appendix E. Document History . . . . . . . . . . . . . . . . . . 36 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 40 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 40 | |||
| 1. Introduction | 1. Introduction | |||
| A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) | A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) | |||
| [I-D.ietf-json-rfc4627bis] data structure that represents a | [I-D.ietf-json-rfc4627bis] data structure that represents a | |||
| cryptographic key. This specification also defines a JSON Web Key | cryptographic key. This specification also defines a JSON Web Key | |||
| Set (JWK Set) JSON data structure for representing a set of JWKs. | Set (JWK Set) JSON data structure for representing a set of JWKs. | |||
| skipping to change at page 7, line 4 ¶ | skipping to change at page 7, line 4 ¶ | |||
| Its value is an array of key operation values. Values defined by | Its value is an array of key operation values. Values defined by | |||
| this specification are: | this specification are: | |||
| o "sign" (compute signature or MAC) | o "sign" (compute signature or MAC) | |||
| o "verify" (verify signature or MAC) | o "verify" (verify signature or MAC) | |||
| o "encrypt" (encrypt content) | o "encrypt" (encrypt content) | |||
| o "decrypt" (decrypt content and validate decryption, if applicable) | o "decrypt" (decrypt content and validate decryption, if applicable) | |||
| o "wrap" (encrypt key) | o "wrapKey" (encrypt key) | |||
| o "unwrap" (decrypt key and validate decryption, if applicable) | o "unwrapKey" (decrypt key and validate decryption, if applicable) | |||
| o "deriveKey" (derive key) | o "deriveKey" (derive key) | |||
| o "deriveBits" (derive bits not to be used as a key) | o "deriveBits" (derive bits not to be used as a key) | |||
| (Note that the "key_ops" values intentionally match the "KeyUsage" | (Note that the "key_ops" values intentionally match the "KeyUsage" | |||
| values defined in the Web Cryptography API [WebCrypto] | values defined in the Web Cryptography API [WebCrypto] | |||
| specification.) | specification.) | |||
| Other values MAY be used. Key operation values can be registered in | Other values MAY be used. Key operation values can be registered in | |||
| the IANA JSON Web Key Operations registry defined in Section 7.3. | the IANA JSON Web Key Operations registry defined in Section 7.3. | |||
| The key operation values are case-sensitive strings. Duplicate key | The key operation values are case-sensitive strings. Duplicate key | |||
| operation values MUST NOT be present in the array. | operation values MUST NOT be present in the array. | |||
| Use of the "key_ops" member is OPTIONAL, unless the application | Use of the "key_ops" member is OPTIONAL, unless the application | |||
| requires its presence. | requires its presence. | |||
| Multiple unrelated key operations SHOULD NOT be specified for a key | Multiple unrelated key operations SHOULD NOT be specified for a key | |||
| because of the potential vulnerabilities associated with using the | because of the potential vulnerabilities associated with using the | |||
| same key with multiple algorithms. Thus, the combinations "sign" | same key with multiple algorithms. Thus, the combinations "sign" | |||
| with "verify", "encrypt" with "decrypt", and "wrap" with "unwrap" are | with "verify", "encrypt" with "decrypt", and "wrapKey" with | |||
| permitted, but other combinations SHOULD NOT be used. | "unwrapKey" are permitted, but other combinations SHOULD NOT be used. | |||
| The "use" and "key_ops" JWK members SHOULD NOT be used together. | The "use" and "key_ops" JWK members SHOULD NOT be used together. | |||
| Applications should specify which of these members they use, if | Applications should specify which of these members they use, if | |||
| either are to be used by the application. | either is to be used by the application. | |||
| 3.4. "alg" (Algorithm) Parameter | 3.4. "alg" (Algorithm) Parameter | |||
| The "alg" (algorithm) member identifies the algorithm intended for | The "alg" (algorithm) member identifies the algorithm intended for | |||
| use with the key. The values used should either be registered in the | use with the key. The values used should either be registered in the | |||
| IANA JSON Web Signature and Encryption Algorithms registry defined in | IANA JSON Web Signature and Encryption Algorithms registry defined in | |||
| [JWA] or be a value that contains a Collision-Resistant Name. Use of | [JWA] or be a value that contains a Collision-Resistant Name. Use of | |||
| this member is OPTIONAL. | this member is OPTIONAL. | |||
| 3.5. "kid" (Key ID) Parameter | 3.5. "kid" (Key ID) Parameter | |||
| skipping to change at page 16, line 28 ¶ | skipping to change at page 16, line 28 ¶ | |||
| o Key Operation Description: Encrypt content | o Key Operation Description: Encrypt content | |||
| o Change Controller: IESG | o Change Controller: IESG | |||
| o Specification Document(s): Section 3.3 of [[ this document ]] | o Specification Document(s): Section 3.3 of [[ this document ]] | |||
| o Key Operation Value: "decrypt" | o Key Operation Value: "decrypt" | |||
| o Key Operation Description: Decrypt content and validate | o Key Operation Description: Decrypt content and validate | |||
| decryption, if applicable | decryption, if applicable | |||
| o Change Controller: IESG | o Change Controller: IESG | |||
| o Specification Document(s): Section 3.3 of [[ this document ]] | o Specification Document(s): Section 3.3 of [[ this document ]] | |||
| o Key Operation Value: "wrap" | o Key Operation Value: "wrapKey" | |||
| o Key Operation Description: Encrypt key | o Key Operation Description: Encrypt key | |||
| o Change Controller: IESG | o Change Controller: IESG | |||
| o Specification Document(s): Section 3.3 of [[ this document ]] | o Specification Document(s): Section 3.3 of [[ this document ]] | |||
| o Key Operation Value: "unwrap" | o Key Operation Value: "unwrapKey" | |||
| o Key Operation Description: Decrypt key and validate decryption, if | o Key Operation Description: Decrypt key and validate decryption, if | |||
| applicable | applicable | |||
| o Change Controller: IESG | o Change Controller: IESG | |||
| o Specification Document(s): Section 3.3 of [[ this document ]] | o Specification Document(s): Section 3.3 of [[ this document ]] | |||
| o Key Operation Value: "deriveKey" | o Key Operation Value: "deriveKey" | |||
| o Key Operation Description: Derive key | o Key Operation Description: Derive key | |||
| o Change Controller: IESG | o Change Controller: IESG | |||
| o Specification Document(s): Section 3.3 of [[ this document ]] | o Specification Document(s): Section 3.3 of [[ this document ]] | |||
| skipping to change at page 20, line 9 ¶ | skipping to change at page 20, line 9 ¶ | |||
| [ITU.X690.1994] | [ITU.X690.1994] | |||
| International Telecommunications Union, "Information | International Telecommunications Union, "Information | |||
| Technology - ASN.1 encoding rules: Specification of Basic | Technology - ASN.1 encoding rules: Specification of Basic | |||
| Encoding Rules (BER), Canonical Encoding Rules (CER) and | Encoding Rules (BER), Canonical Encoding Rules (CER) and | |||
| Distinguished Encoding Rules (DER)", ITU-T Recommendation | Distinguished Encoding Rules (DER)", ITU-T Recommendation | |||
| X.690, 1994. | X.690, 1994. | |||
| [JWA] Jones, M., "JSON Web Algorithms (JWA)", | [JWA] Jones, M., "JSON Web Algorithms (JWA)", | |||
| draft-ietf-jose-json-web-algorithms (work in progress), | draft-ietf-jose-json-web-algorithms (work in progress), | |||
| January 2014. | February 2014. | |||
| [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web | [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web | |||
| Encryption (JWE)", draft-ietf-jose-json-web-encryption | Encryption (JWE)", draft-ietf-jose-json-web-encryption | |||
| (work in progress), January 2014. | (work in progress), February 2014. | |||
| [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web | [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web | |||
| Signature (JWS)", draft-ietf-jose-json-web-signature (work | Signature (JWS)", draft-ietf-jose-json-web-signature (work | |||
| in progress), January 2014. | in progress), February 2014. | |||
| [RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic | [RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic | |||
| Mail: Part I: Message Encryption and Authentication | Mail: Part I: Message Encryption and Authentication | |||
| Procedures", RFC 1421, February 1993. | Procedures", RFC 1421, February 1993. | |||
| [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail | [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail | |||
| Extensions (MIME) Part Two: Media Types", RFC 2046, | Extensions (MIME) Part Two: Media Types", RFC 2046, | |||
| November 1996. | November 1996. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| skipping to change at page 20, line 42 ¶ | skipping to change at page 20, line 42 ¶ | |||
| [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO | [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO | |||
| 10646", STD 63, RFC 3629, November 2003. | 10646", STD 63, RFC 3629, November 2003. | |||
| [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | |||
| Resource Identifier (URI): Generic Syntax", STD 66, | Resource Identifier (URI): Generic Syntax", STD 66, | |||
| RFC 3986, January 2005. | RFC 3986, January 2005. | |||
| [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data | [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data | |||
| Encodings", RFC 4648, October 2006. | Encodings", RFC 4648, October 2006. | |||
| [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an | ||||
| IANA Considerations Section in RFCs", BCP 26, RFC 5226, | ||||
| May 2008. | ||||
| [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | |||
| (TLS) Protocol Version 1.2", RFC 5246, August 2008. | (TLS) Protocol Version 1.2", RFC 5246, August 2008. | |||
| [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., | [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., | |||
| Housley, R., and W. Polk, "Internet X.509 Public Key | Housley, R., and W. Polk, "Internet X.509 Public Key | |||
| Infrastructure Certificate and Certificate Revocation List | Infrastructure Certificate and Certificate Revocation List | |||
| (CRL) Profile", RFC 5280, May 2008. | (CRL) Profile", RFC 5280, May 2008. | |||
| [USASCII] American National Standards Institute, "Coded Character | [USASCII] American National Standards Institute, "Coded Character | |||
| Set -- 7-bit American Standard Code for Information | Set -- 7-bit American Standard Code for Information | |||
| Interchange", ANSI X3.4, 1986. | Interchange", ANSI X3.4, 1986. | |||
| [W3C.CR-xmldsig-core2-20120124] | ||||
| Cantor, S., Roessler, T., Eastlake, D., Yiu, K., Reagle, | ||||
| J., Solo, D., Datta, P., and F. Hirsch, "XML Signature | ||||
| Syntax and Processing Version 2.0", World Wide Web | ||||
| Consortium CR CR-xmldsig-core2-20120124, January 2012, | ||||
| <http://www.w3.org/TR/2012/CR-xmldsig-core2-20120124>. | ||||
| 9.2. Informative References | 9.2. Informative References | |||
| [MagicSignatures] | [MagicSignatures] | |||
| Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic | Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic | |||
| Signatures", January 2011. | Signatures", January 2011. | |||
| [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography | [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography | |||
| Standards (PKCS) #1: RSA Cryptography Specifications | Standards (PKCS) #1: RSA Cryptography Specifications | |||
| Version 2.1", RFC 3447, February 2003. | Version 2.1", RFC 3447, February 2003. | |||
| [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an | ||||
| IANA Considerations Section in RFCs", BCP 26, RFC 5226, | ||||
| May 2008. | ||||
| [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric | [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric | |||
| Key Container (PSKC)", RFC 6030, October 2010. | Key Container (PSKC)", RFC 6030, October 2010. | |||
| [W3C.CR-xmldsig-core2-20120124] | ||||
| Cantor, S., Roessler, T., Eastlake, D., Yiu, K., Reagle, | ||||
| J., Solo, D., Datta, P., and F. Hirsch, "XML Signature | ||||
| Syntax and Processing Version 2.0", World Wide Web | ||||
| Consortium CR CR-xmldsig-core2-20120124, January 2012, | ||||
| <http://www.w3.org/TR/2012/CR-xmldsig-core2-20120124>. | ||||
| [WebCrypto] | [WebCrypto] | |||
| Sleevi, R., "Web Cryptography API", World Wide Web | Sleevi, R., "Web Cryptography API", World Wide Web | |||
| Consortium Draft, December 2013, <https://dvcs.w3.org/hg/ | Consortium Draft, December 2013, <https://dvcs.w3.org/hg/ | |||
| webcrypto-api/raw-file/tip/spec/Overview.html>. | webcrypto-api/raw-file/tip/spec/Overview.html>. | |||
| Appendix A. Example JSON Web Key Sets | Appendix A. Example JSON Web Key Sets | |||
| A.1. Example Public Keys | A.1. Example Public Keys | |||
| The following example JWK Set contains two public keys represented as | The following example JWK Set contains two public keys represented as | |||
| skipping to change at page 29, line 15 ¶ | skipping to change at page 29, line 15 ¶ | |||
| 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, | 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, | |||
| 125 ] | 125 ] | |||
| C.2. JWE Header | C.2. JWE Header | |||
| The following example JWE Protected Header declares that: | The following example JWE Protected Header declares that: | |||
| o the Content Encryption Key is encrypted to the recipient using the | o the Content Encryption Key is encrypted to the recipient using the | |||
| PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, | PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, | |||
| o the Salt (p2s) is [ 217, 96, 147, 112, 150, 117, 70, 247, 127, 8, | o the Salt Input ("p2s") value is [ 217, 96, 147, 112, 150, 117, 70, | |||
| 155, 137, 174, 42, 80, 215 ], | 247, 127, 8, 155, 137, 174, 42, 80, 215 ], | |||
| o the Iteration Count (p2c) is 4096, | o the Iteration Count ("p2c") value is 4096, | |||
| o the Plaintext is encrypted using the AES_128_CBC_HMAC_SHA_256 | o the Plaintext is encrypted using the AES_128_CBC_HMAC_SHA_256 | |||
| algorithm to produce the Ciphertext, and | algorithm to produce the Ciphertext, and | |||
| o the content type is application/jwk+json. | o the content type is application/jwk+json. | |||
| { | { | |||
| "alg":"PBES2-HS256+A128KW", | "alg":"PBES2-HS256+A128KW", | |||
| "p2s":"2WCTcJZ1Rvd_CJuJripQ1w", | "p2s":"2WCTcJZ1Rvd_CJuJripQ1w", | |||
| "p2c":4096, | "p2c":4096, | |||
| skipping to change at page 30, line 5 ¶ | skipping to change at page 30, line 5 ¶ | |||
| C.3. Content Encryption Key (CEK) | C.3. Content Encryption Key (CEK) | |||
| Generate a 256 bit random Content Encryption Key (CEK). In this | Generate a 256 bit random Content Encryption Key (CEK). In this | |||
| example, the value is: | example, the value is: | |||
| [ 111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, | [ 111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, | |||
| 112, 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, | 112, 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, | |||
| 48, 253, 182 ] | 48, 253, 182 ] | |||
| C.4. Key Encryption | C.4. Key Derivation | |||
| Encrypt the CEK with a shared passphrase using the | Derive a key from a shared passphrase using the PBKDF2 algorithm with | |||
| "PBES2-HS256+A128KW" algorithm and the specified Salt and Iteration | HMAC SHA-256 and the specified Salt and Iteration Count values and a | |||
| Count values to produce the JWE Encrypted Key. This example uses the | 128 bit requested output key size to produce the PBKDF2 Derived Key. | |||
| following passphrase: | This example uses the following passphrase: | |||
| Thus from my lips, by yours, my sin is purged. | Thus from my lips, by yours, my sin is purged. | |||
| The octets representing the passphrase are: | The octets representing the passphrase are: | |||
| [ 84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108, | [ 84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108, | |||
| 105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, | 105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, | |||
| 109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103, | 109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103, | |||
| 101, 100, 46 ] | 101, 100, 46 ] | |||
| The resulting JWE Encrypted Key value is: | The Salt value (UTF8(Alg) || 0x00 || Salt Input) is: | |||
| [ 201, 236, 143, 112, 12, 234, 200, 211, 33, 241, 255, 65, 112, 63, | [ 80, 66, 69, 83, 50, 45, 72, 83, 50, 53, 54, 43, 65, 49, 50, 56, 75, | |||
| 172, 146, 105, 107, 122, 0, 30, 21, 44, 21, 14, 61, 200, 57, 30, 253, | 87, 0, 217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 155, 137, 174, | |||
| 228, 83, 218, 82, 138, 80, 121, 254, 193, 121 ] | 42, 80, 215 ]. | |||
| The resulting PBKDF2 Derived Key value is: | ||||
| [ 110, 171, 169, 92, 129, 92, 109, 117, 233, 242, 116, 233, 170, 14, | ||||
| 24, 75 ] | ||||
| C.5. Key Encryption | ||||
| Encrypt the CEK with the "A128KW" algorithm using the PBKDF2 Derived | ||||
| Key. The resulting JWE Encrypted Key value is: | ||||
| [ 78, 186, 151, 59, 11, 141, 81, 240, 213, 245, 83, 211, 53, 188, | ||||
| 134, 188, 66, 125, 36, 200, 222, 124, 5, 103, 249, 52, 117, 184, 140, | ||||
| 81, 246, 158, 161, 177, 20, 33, 245, 57, 59, 4 ] | ||||
| Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives | Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives | |||
| this value: | this value: | |||
| yeyPcAzqyNMh8f9BcD-skmlregAeFSwVDj3IOR795FPaUopQef7BeQ | TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA | |||
| C.5. Initialization Vector | C.6. Initialization Vector | |||
| Generate a random 128 bit JWE Initialization Vector. In this | Generate a random 128 bit JWE Initialization Vector. In this | |||
| example, the value is: | example, the value is: | |||
| [ 97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149, | [ 97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149, | |||
| 156 ] | 156 ] | |||
| Encoding this JWE Initialization Vector as BASE64URL(JWE | Encoding this JWE Initialization Vector as BASE64URL(JWE | |||
| Initialization Vector) gives this value: | Initialization Vector) gives this value: | |||
| Ye9j1qs22DmRSAddIh-VnA | Ye9j1qs22DmRSAddIh-VnA | |||
| C.6. Additional Authenticated Data | C.7. Additional Authenticated Data | |||
| Let the Additional Authenticated Data encryption parameter be | Let the Additional Authenticated Data encryption parameter be | |||
| ASCII(BASE64URL(UTF8(JWE Protected Header))). This value is: | ASCII(BASE64URL(UTF8(JWE Protected Header))). This value is: | |||
| [ 123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, | [ 123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, | |||
| 50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, | 50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, | |||
| 58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, | 58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, | |||
| 117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, | 117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, | |||
| 52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, | 52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, | |||
| 66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, | 66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, | |||
| 106, 119, 107, 43, 106, 115, 111, 110, 34, 125 ] | 106, 119, 107, 43, 106, 115, 111, 110, 34, 125 ] | |||
| C.7. Content Encryption | C.8. Content Encryption | |||
| Encrypt the Plaintext with AES_128_CBC_HMAC_SHA_256 using the CEK as | Encrypt the Plaintext with AES_128_CBC_HMAC_SHA_256 using the CEK as | |||
| the encryption key, the JWE Initialization Vector, and the Additional | the encryption key, the JWE Initialization Vector, and the Additional | |||
| Authenticated Data value above. The resulting Ciphertext is: | Authenticated Data value above. The resulting Ciphertext is: | |||
| [ 3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, | [ 3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, | |||
| 131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, | 131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, | |||
| 112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, | 112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, | |||
| 157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, | 157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, | |||
| 129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60, | 129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60, | |||
| skipping to change at page 34, line 45 ¶ | skipping to change at page 34, line 45 ¶ | |||
| 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO | 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO | |||
| v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl | v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl | |||
| 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD | 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD | |||
| IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg | IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg | |||
| Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication | Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication | |||
| Tag) gives this value: | Tag) gives this value: | |||
| ffmPv_AEzIQ-8XGyW1j-Ew | ffmPv_AEzIQ-8XGyW1j-Ew | |||
| C.8. Complete Representation | C.9. Complete Representation | |||
| Assemble the final representation: The Compact Serialization of this | Assemble the final representation: The Compact Serialization of this | |||
| result is the string BASE64URL(UTF8(JWE Protected Header)) || '.' || | result is the string BASE64URL(UTF8(JWE Protected Header)) || '.' || | |||
| BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization | BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization | |||
| Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE | Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE | |||
| Authentication Tag). | Authentication Tag). | |||
| The final result in this example is: | The final result in this example is: | |||
| eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn | eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn | |||
| VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi | VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi | |||
| andrK2pzb24ifQ. | andrK2pzb24ifQ. | |||
| yeyPcAzqyNMh8f9BcD-skmlregAeFSwVDj3IOR795FPaUopQef7BeQ. | TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA. | |||
| Ye9j1qs22DmRSAddIh-VnA. | Ye9j1qs22DmRSAddIh-VnA. | |||
| AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo | AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo | |||
| wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g | wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g | |||
| 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ | 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ | |||
| GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP | GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP | |||
| nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB | nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB | |||
| wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 | wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 | |||
| lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ | lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ | |||
| h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU | h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU | |||
| qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi | qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi | |||
| skipping to change at page 36, line 26 ¶ | skipping to change at page 36, line 26 ¶ | |||
| Turner. | Turner. | |||
| Jim Schaad and Karen O'Donoghue chaired the JOSE working group and | Jim Schaad and Karen O'Donoghue chaired the JOSE working group and | |||
| Sean Turner and Stephen Farrell served as Security area directors | Sean Turner and Stephen Farrell served as Security area directors | |||
| during the creation of this specification. | during the creation of this specification. | |||
| Appendix E. Document History | Appendix E. Document History | |||
| [[ to be removed by the RFC Editor before publication as an RFC ]] | [[ to be removed by the RFC Editor before publication as an RFC ]] | |||
| -21 | ||||
| o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey" | ||||
| and "unwrapKey" to match the "KeyUsage" values defined in the | ||||
| current Web Cryptography API [WebCrypto] editor's draft. | ||||
| o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt | ||||
| Input), where the "p2s" Header Parameter encodes the Salt Input | ||||
| value and Alg is the "alg" Header Parameter value. | ||||
| o Changed some references from being normative to informative, | ||||
| addressing issue #90. | ||||
| -20 | -20 | |||
| o Renamed "use_details" to "key_ops" (key operations). | o Renamed "use_details" to "key_ops" (key operations). | |||
| o Clarified that "use" is meant for public key use cases, "key_ops" | o Clarified that "use" is meant for public key use cases, "key_ops" | |||
| is meant for use cases in which public, private, or symmetric keys | is meant for use cases in which public, private, or symmetric keys | |||
| may be present, and that "use" and "key_ops" should not be used | may be present, and that "use" and "key_ops" should not be used | |||
| together. | together. | |||
| o Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis, | o Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis, | |||
| End of changes. 31 change blocks. | ||||
| 49 lines changed or deleted | 76 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||