| < draft-ietf-jose-json-web-key-27.txt | draft-ietf-jose-json-web-key-28.txt > | |||
|---|---|---|---|---|
| JOSE Working Group M. Jones | JOSE Working Group M. Jones | |||
| Internet-Draft Microsoft | Internet-Draft Microsoft | |||
| Intended status: Standards Track June 10, 2014 | Intended status: Standards Track June 20, 2014 | |||
| Expires: December 12, 2014 | Expires: December 22, 2014 | |||
| JSON Web Key (JWK) | JSON Web Key (JWK) | |||
| draft-ietf-jose-json-web-key-27 | draft-ietf-jose-json-web-key-28 | |||
| Abstract | Abstract | |||
| A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data | A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data | |||
| structure that represents a cryptographic key. This specification | structure that represents a cryptographic key. This specification | |||
| also defines a JSON Web Key Set (JWK Set) JSON data structure that | also defines a JSON Web Key Set (JWK Set) JSON data structure that | |||
| represents a set of JWKs. Cryptographic algorithms and identifiers | represents a set of JWKs. Cryptographic algorithms and identifiers | |||
| for use with this specification are described in the separate JSON | for use with this specification are described in the separate JSON | |||
| Web Algorithms (JWA) specification and IANA registries defined by | Web Algorithms (JWA) specification and IANA registries defined by | |||
| that specification. | that specification. | |||
| skipping to change at page 1, line 36 ¶ | skipping to change at page 1, line 36 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on December 12, 2014. | This Internet-Draft will expire on December 22, 2014. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 33 ¶ | skipping to change at page 2, line 33 ¶ | |||
| Parameter . . . . . . . . . . . . . . . . . . . . . . . . 9 | Parameter . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 9 | 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 9 | |||
| 5.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 10 | 5.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 6. String Comparison Rules . . . . . . . . . . . . . . . . . . . 10 | 6. String Comparison Rules . . . . . . . . . . . . . . . . . . . 10 | |||
| 7. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 10 | 7. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 10 | |||
| 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 | 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 8.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 12 | 8.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 12 | |||
| 8.1.1. Registration Template . . . . . . . . . . . . . . . . 12 | 8.1.1. Registration Template . . . . . . . . . . . . . . . . 12 | |||
| 8.1.2. Initial Registry Contents . . . . . . . . . . . . . . 13 | 8.1.2. Initial Registry Contents . . . . . . . . . . . . . . 13 | |||
| 8.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 14 | 8.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 14 | |||
| 8.2.1. Registration Template . . . . . . . . . . . . . . . . 14 | 8.2.1. Registration Template . . . . . . . . . . . . . . . . 15 | |||
| 8.2.2. Initial Registry Contents . . . . . . . . . . . . . . 15 | 8.2.2. Initial Registry Contents . . . . . . . . . . . . . . 15 | |||
| 8.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 15 | 8.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 15 | |||
| 8.3.1. Registration Template . . . . . . . . . . . . . . . . 15 | 8.3.1. Registration Template . . . . . . . . . . . . . . . . 16 | |||
| 8.3.2. Initial Registry Contents . . . . . . . . . . . . . . 16 | 8.3.2. Initial Registry Contents . . . . . . . . . . . . . . 16 | |||
| 8.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 17 | 8.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 17 | |||
| 8.4.1. Registration Template . . . . . . . . . . . . . . . . 17 | 8.4.1. Registration Template . . . . . . . . . . . . . . . . 17 | |||
| 8.4.2. Initial Registry Contents . . . . . . . . . . . . . . 18 | 8.4.2. Initial Registry Contents . . . . . . . . . . . . . . 18 | |||
| 8.5. Media Type Registration . . . . . . . . . . . . . . . . . 18 | 8.5. Media Type Registration . . . . . . . . . . . . . . . . . 18 | |||
| 8.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 18 | 8.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 18 | |||
| 9. Security Considerations . . . . . . . . . . . . . . . . . . . 19 | 9. Security Considerations . . . . . . . . . . . . . . . . . . . 19 | |||
| 9.1. Key Provenance and Trust . . . . . . . . . . . . . . . . . 19 | 9.1. Key Provenance and Trust . . . . . . . . . . . . . . . . . 19 | |||
| 9.2. Preventing Disclosure of Non-Public Key Information . . . 20 | 9.2. Preventing Disclosure of Non-Public Key Information . . . 20 | |||
| 9.3. RSA Private Key Representations and Blinding . . . . . . . 20 | 9.3. RSA Private Key Representations and Blinding . . . . . . . 20 | |||
| skipping to change at page 3, line 21 ¶ | skipping to change at page 3, line 21 ¶ | |||
| C.2. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . 30 | C.2. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . 30 | |||
| C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 30 | C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 30 | |||
| C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 31 | C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 31 | |||
| C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 31 | C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 31 | |||
| C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 31 | C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 31 | |||
| C.7. Additional Authenticated Data . . . . . . . . . . . . . . 32 | C.7. Additional Authenticated Data . . . . . . . . . . . . . . 32 | |||
| C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 32 | C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 32 | |||
| C.9. Complete Representation . . . . . . . . . . . . . . . . . 35 | C.9. Complete Representation . . . . . . . . . . . . . . . . . 35 | |||
| Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 36 | Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 36 | |||
| Appendix E. Document History . . . . . . . . . . . . . . . . . . 37 | Appendix E. Document History . . . . . . . . . . . . . . . . . . 37 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 42 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 43 | |||
| 1. Introduction | 1. Introduction | |||
| A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7159] | A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7159] | |||
| data structure that represents a cryptographic key. This | data structure that represents a cryptographic key. This | |||
| specification also defines a JSON Web Key Set (JWK Set) JSON data | specification also defines a JSON Web Key Set (JWK Set) JSON data | |||
| structure that represents a set of JWKs. Cryptographic algorithms | structure that represents a set of JWKs. Cryptographic algorithms | |||
| and identifiers for use with this specification are described in the | and identifiers for use with this specification are described in the | |||
| separate JSON Web Algorithms (JWA) [JWA] specification and IANA | separate JSON Web Algorithms (JWA) [JWA] specification and IANA | |||
| registries defined by that specification. | registries defined by that specification. | |||
| Goals for this specification do not include representing new kinds of | ||||
| certificate chains, representing new kinds of certified keys, or | ||||
| replacing X.509 certificates. | ||||
| JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and | JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and | |||
| JSON Web Encryption (JWE) [JWE] specifications. | JSON Web Encryption (JWE) [JWE] specifications. | |||
| Names defined by this specification are short because a core goal is | Names defined by this specification are short because a core goal is | |||
| for the resulting representations to be compact. | for the resulting representations to be compact. | |||
| 1.1. Notational Conventions | 1.1. Notational Conventions | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| skipping to change at page 5, line 16 ¶ | skipping to change at page 5, line 16 ¶ | |||
| A JSON object that represents a cryptographic key. The members of | A JSON object that represents a cryptographic key. The members of | |||
| the object represent properties of the key, including its value. | the object represent properties of the key, including its value. | |||
| JSON Web Key Set (JWK Set) | JSON Web Key Set (JWK Set) | |||
| A JSON object that represents a set of JWKs. The JSON object MUST | A JSON object that represents a set of JWKs. The JSON object MUST | |||
| have a "keys" member, which is an array of JWK objects. | have a "keys" member, which is an array of JWK objects. | |||
| 3. Example JWK | 3. Example JWK | |||
| This section provides an example of a JWK. The following example JWK | This section provides an example of a JWK. The following example JWK | |||
| declares that the key is an an elliptic curve key, it is used with | declares that the key is an elliptic curve key, it is used with the | |||
| the P-256 elliptic curve, and its x and y coordinates are the | P-256 elliptic curve, and its x and y coordinates are the base64url | |||
| base64url encoded values shown. A key identifier is also provided | encoded values shown. A key identifier is also provided for the key. | |||
| for the key. | ||||
| {"kty":"EC", | {"kty":"EC", | |||
| "crv":"P-256", | "crv":"P-256", | |||
| "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", | "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", | |||
| "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", | "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", | |||
| "kid":"Public key used in JWS A.3 example" | "kid":"Public key used in JWS A.3 example" | |||
| } | } | |||
| Additional example JWK values can be found in Appendix A. | Additional example JWK values can be found in Appendix A. | |||
| skipping to change at page 10, line 39 ¶ | skipping to change at page 10, line 39 ¶ | |||
| can choose to assign a meaning to the order for their purposes, if | can choose to assign a meaning to the order for their purposes, if | |||
| desired. This member MUST be present in a JWK Set. | desired. This member MUST be present in a JWK Set. | |||
| 6. String Comparison Rules | 6. String Comparison Rules | |||
| The string comparison rules for this specification are the same as | The string comparison rules for this specification are the same as | |||
| those defined in Section 5.3 of [JWS]. | those defined in Section 5.3 of [JWS]. | |||
| 7. Encrypted JWK and Encrypted JWK Set Formats | 7. Encrypted JWK and Encrypted JWK Set Formats | |||
| JWKs containing non-public key material will need to be encrypted | Access to JWKs containing non-public key material by parties without | |||
| when potentially observable by parties without legitimate access to | legitimate access to the non-public information MUST be prevented. | |||
| the non-public information to prevent the disclosure of private or | This can be accomplished by encrypting the JWK when potentially | |||
| symmetric key values to unintended parties. The use of an Encrypted | observable by such parties to prevent the disclosure of private or | |||
| JWK, which is a JWE with the UTF-8 encoding of a JWK as its plaintext | symmetric key values. The use of an Encrypted JWK, which is a JWE | |||
| value, is recommended for this purpose. The processing of Encrypted | with the UTF-8 encoding of a JWK as its plaintext value, is | |||
| JWKs is identical to the processing of other JWEs. A "cty" (content | recommended for this purpose. The processing of Encrypted JWKs is | |||
| type) Header Parameter value of "jwk+json" MUST be used to indicate | identical to the processing of other JWEs. A "cty" (content type) | |||
| that the content of the JWE is a JWK, unless the application knows | Header Parameter value of "jwk+json" MUST be used to indicate that | |||
| that the encrypted content is a JWK by another means or convention. | the content of the JWE is a JWK, unless the application knows that | |||
| the encrypted content is a JWK by another means or convention, in | ||||
| which case the "cty" value would typically be omitted. | ||||
| JWK Sets containing non-public key material will also need to be | JWK Sets containing non-public key material will also need to be | |||
| encrypted under these circumstances. The use of an Encrypted JWK | encrypted under these circumstances. The use of an Encrypted JWK | |||
| Set, which is a JWE with the UTF-8 encoding of a JWK Set as its | Set, which is a JWE with the UTF-8 encoding of a JWK Set as its | |||
| plaintext value, is recommended for this purpose. The processing of | plaintext value, is recommended for this purpose. The processing of | |||
| Encrypted JWK Sets is identical to the processing of other JWEs. A | Encrypted JWK Sets is identical to the processing of other JWEs. A | |||
| "cty" (content type) Header Parameter value of "jwk-set+json" MUST be | "cty" (content type) Header Parameter value of "jwk-set+json" MUST be | |||
| used to indicate that the content of the JWE is a JWK Set, unless the | used to indicate that the content of the JWE is a JWK Set, unless the | |||
| application knows that the encrypted content is a JWK Set by another | application knows that the encrypted content is a JWK Set by another | |||
| means or convention. | means or convention, in which case the "cty" value would typically be | |||
| omitted. | ||||
| See Appendix C for an example encrypted JWK. | See Appendix C for an example encrypted JWK. | |||
| 8. IANA Considerations | 8. IANA Considerations | |||
| The following registration procedure is used for all the registries | The following registration procedure is used for all the registries | |||
| established by this specification. | established by this specification. | |||
| Values are registered with a Specification Required [RFC5226] after a | Values are registered with a Specification Required [RFC5226] after a | |||
| two-week review period on the [TBD]@ietf.org mailing list, on the | two-week review period on the [TBD]@ietf.org mailing list, on the | |||
| skipping to change at page 19, line 31 ¶ | skipping to change at page 19, line 31 ¶ | |||
| B. Jones, mbj@microsoft.com | B. Jones, mbj@microsoft.com | |||
| o Intended Usage: COMMON | o Intended Usage: COMMON | |||
| o Restrictions on Usage: none | o Restrictions on Usage: none | |||
| o Author: Michael B. Jones, mbj@microsoft.com | o Author: Michael B. Jones, mbj@microsoft.com | |||
| o Change Controller: IESG | o Change Controller: IESG | |||
| 9. Security Considerations | 9. Security Considerations | |||
| All of the security issues faced by any cryptographic application | All of the security issues faced by any cryptographic application | |||
| must be faced by a JWS/JWE/JWK agent. Among these issues are | must be faced by a JWS/JWE/JWK agent. Among these issues are | |||
| protecting the user's private and symmetric keys, preventing various | protecting the user's asymmetric private and symmetric secret keys, | |||
| attacks, and helping the user avoid mistakes such as inadvertently | preventing various attacks, and helping avoid mistakes such as | |||
| encrypting a message for the wrong recipient. The entire list of | inadvertently encrypting a message to the wrong recipient. The | |||
| security considerations is beyond the scope of this document, but | entire list of security considerations is beyond the scope of this | |||
| some significant considerations are listed here. | document, but some significant considerations are listed here. | |||
| 9.1. Key Provenance and Trust | 9.1. Key Provenance and Trust | |||
| One should place no more trust in the data associated with a key than | One should place no more trust in the data associated with a key than | |||
| in than the method by which it was obtained and in the | in than the method by which it was obtained and in the | |||
| trustworthiness of the entity asserting an association with the key. | trustworthiness of the entity asserting an association with the key. | |||
| Any data associated with a key that is obtained in an untrusted | Any data associated with a key that is obtained in an untrusted | |||
| manner should be treated with skepticism. | manner should be treated with skepticism. | |||
| The security considerations in Section 12.3 of XML DSIG 2.0 | The security considerations in Section 12.3 of XML DSIG 2.0 | |||
| skipping to change at page 37, line 29 ¶ | skipping to change at page 37, line 29 ¶ | |||
| and Sean Turner. | and Sean Turner. | |||
| Jim Schaad and Karen O'Donoghue chaired the JOSE working group and | Jim Schaad and Karen O'Donoghue chaired the JOSE working group and | |||
| Sean Turner, Stephen Farrell, and Kathleen Moriarty served as | Sean Turner, Stephen Farrell, and Kathleen Moriarty served as | |||
| Security area directors during the creation of this specification. | Security area directors during the creation of this specification. | |||
| Appendix E. Document History | Appendix E. Document History | |||
| [[ to be removed by the RFC Editor before publication as an RFC ]] | [[ to be removed by the RFC Editor before publication as an RFC ]] | |||
| -28 | ||||
| o Revised the introduction to the Security Considerations section. | ||||
| o Refined the text about when applications using encrypted JWKs and | ||||
| JWK Sets would not need to use the "cty" header parameter. | ||||
| -27 | -27 | |||
| o Added an example JWK early in the draft. | o Added an example JWK early in the draft. | |||
| o Described additional security considerations. | o Described additional security considerations. | |||
| o Added the "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) JWK | o Added the "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) JWK | |||
| member. | member. | |||
| o Addressed a few editorial issues. | o Addressed a few editorial issues. | |||
| End of changes. 12 change blocks. | ||||
| 27 lines changed or deleted | 40 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||