| < draft-ietf-jose-json-web-key-28.txt | draft-ietf-jose-json-web-key-29.txt > | |||
|---|---|---|---|---|
| JOSE Working Group M. Jones | JOSE Working Group M. Jones | |||
| Internet-Draft Microsoft | Internet-Draft Microsoft | |||
| Intended status: Standards Track June 20, 2014 | Intended status: Standards Track June 20, 2014 | |||
| Expires: December 22, 2014 | Expires: December 22, 2014 | |||
| JSON Web Key (JWK) | JSON Web Key (JWK) | |||
| draft-ietf-jose-json-web-key-28 | draft-ietf-jose-json-web-key-29 | |||
| Abstract | Abstract | |||
| A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data | A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data | |||
| structure that represents a cryptographic key. This specification | structure that represents a cryptographic key. This specification | |||
| also defines a JSON Web Key Set (JWK Set) JSON data structure that | also defines a JSON Web Key Set (JWK Set) JSON data structure that | |||
| represents a set of JWKs. Cryptographic algorithms and identifiers | represents a set of JWKs. Cryptographic algorithms and identifiers | |||
| for use with this specification are described in the separate JSON | for use with this specification are described in the separate JSON | |||
| Web Algorithms (JWA) specification and IANA registries defined by | Web Algorithms (JWA) specification and IANA registries defined by | |||
| that specification. | that specification. | |||
| skipping to change at page 3, line 11 ¶ | skipping to change at page 3, line 11 ¶ | |||
| 10.1. Normative References . . . . . . . . . . . . . . . . . . . 20 | 10.1. Normative References . . . . . . . . . . . . . . . . . . . 20 | |||
| 10.2. Informative References . . . . . . . . . . . . . . . . . . 22 | 10.2. Informative References . . . . . . . . . . . . . . . . . . 22 | |||
| Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 23 | Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 23 | |||
| A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 23 | A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 23 | |||
| A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 23 | A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 23 | |||
| A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 25 | A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 25 | |||
| Appendix B. Example Use of "x5c" (X.509 Certificate Chain) | Appendix B. Example Use of "x5c" (X.509 Certificate Chain) | |||
| Parameter . . . . . . . . . . . . . . . . . . . . . . 25 | Parameter . . . . . . . . . . . . . . . . . . . . . . 25 | |||
| Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 26 | Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 26 | |||
| C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 27 | C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 27 | |||
| C.2. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . 30 | C.2. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . 30 | |||
| C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 30 | C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 30 | |||
| C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 31 | C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 31 | |||
| C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 31 | C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 31 | |||
| C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 31 | C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 31 | |||
| C.7. Additional Authenticated Data . . . . . . . . . . . . . . 32 | C.7. Additional Authenticated Data . . . . . . . . . . . . . . 32 | |||
| C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 32 | C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 32 | |||
| C.9. Complete Representation . . . . . . . . . . . . . . . . . 35 | C.9. Complete Representation . . . . . . . . . . . . . . . . . 35 | |||
| Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 36 | Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 36 | |||
| Appendix E. Document History . . . . . . . . . . . . . . . . . . 37 | Appendix E. Document History . . . . . . . . . . . . . . . . . . 37 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 43 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 43 | |||
| skipping to change at page 4, line 49 ¶ | skipping to change at page 4, line 49 ¶ | |||
| ASCII(STRING) denotes the octets of the ASCII [USASCII] | ASCII(STRING) denotes the octets of the ASCII [USASCII] | |||
| representation of STRING. | representation of STRING. | |||
| The concatenation of two values A and B is denoted as A || B. | The concatenation of two values A and B is denoted as A || B. | |||
| 2. Terminology | 2. Terminology | |||
| These terms defined by the JSON Web Signature (JWS) [JWS] | These terms defined by the JSON Web Signature (JWS) [JWS] | |||
| specification are incorporated into this specification: "Base64url | specification are incorporated into this specification: "Base64url | |||
| Encoding" and "Collision-Resistant Name". | Encoding", "Collision-Resistant Name", "Header Parameter", and "JOSE | |||
| Header". | ||||
| These terms are defined for use by this specification: | These terms are defined by this specification: | |||
| JSON Web Key (JWK) | JSON Web Key (JWK) | |||
| A JSON object that represents a cryptographic key. The members of | A JSON object that represents a cryptographic key. The members of | |||
| the object represent properties of the key, including its value. | the object represent properties of the key, including its value. | |||
| JSON Web Key Set (JWK Set) | JSON Web Key Set (JWK Set) | |||
| A JSON object that represents a set of JWKs. The JSON object MUST | A JSON object that represents a set of JWKs. The JSON object MUST | |||
| have a "keys" member, which is an array of JWK objects. | have a "keys" member, which is an array of JWK objects. | |||
| 3. Example JWK | 3. Example JWK | |||
| skipping to change at page 30, line 9 ¶ | skipping to change at page 30, line 9 ¶ | |||
| 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, | 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, | |||
| 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, | 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, | |||
| 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, | 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, | |||
| 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, | 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, | |||
| 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, | 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, | |||
| 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, | 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, | |||
| 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, | 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, | |||
| 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, | 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, | |||
| 125] | 125] | |||
| C.2. JWE Header | C.2. JOSE Header | |||
| The following example JWE Protected Header declares that: | The following example JWE Protected Header declares that: | |||
| o the Content Encryption Key is encrypted to the recipient using the | o the Content Encryption Key is encrypted to the recipient using the | |||
| PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, | PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, | |||
| o the Salt Input ("p2s") value is [217, 96, 147, 112, 150, 117, 70, | o the Salt Input ("p2s") value is [217, 96, 147, 112, 150, 117, 70, | |||
| 247, 127, 8, 155, 137, 174, 42, 80, 215], | 247, 127, 8, 155, 137, 174, 42, 80, 215], | |||
| o the Iteration Count ("p2c") value is 4096, | o the Iteration Count ("p2c") value is 4096, | |||
| skipping to change at page 37, line 29 ¶ | skipping to change at page 37, line 29 ¶ | |||
| and Sean Turner. | and Sean Turner. | |||
| Jim Schaad and Karen O'Donoghue chaired the JOSE working group and | Jim Schaad and Karen O'Donoghue chaired the JOSE working group and | |||
| Sean Turner, Stephen Farrell, and Kathleen Moriarty served as | Sean Turner, Stephen Farrell, and Kathleen Moriarty served as | |||
| Security area directors during the creation of this specification. | Security area directors during the creation of this specification. | |||
| Appendix E. Document History | Appendix E. Document History | |||
| [[ to be removed by the RFC Editor before publication as an RFC ]] | [[ to be removed by the RFC Editor before publication as an RFC ]] | |||
| -29 | ||||
| o Replaced the terms JWS Header, JWE Header, and JWT Header with a | ||||
| single JOSE Header term defined in the JWS specification. This | ||||
| also enabled a single Header Parameter definition to be used and | ||||
| reduced other areas of duplication between specifications. | ||||
| -28 | -28 | |||
| o Revised the introduction to the Security Considerations section. | o Revised the introduction to the Security Considerations section. | |||
| o Refined the text about when applications using encrypted JWKs and | o Refined the text about when applications using encrypted JWKs and | |||
| JWK Sets would not need to use the "cty" header parameter. | JWK Sets would not need to use the "cty" header parameter. | |||
| -27 | -27 | |||
| o Added an example JWK early in the draft. | o Added an example JWK early in the draft. | |||
| End of changes. 6 change blocks. | ||||
| 5 lines changed or deleted | 13 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||