< draft-ietf-jose-json-web-key-39.txt   draft-ietf-jose-json-web-key-40.txt >
JOSE Working Group M. Jones JOSE Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track December 30, 2014 Intended status: Standards Track January 13, 2015
Expires: July 3, 2015 Expires: July 17, 2015
JSON Web Key (JWK) JSON Web Key (JWK)
draft-ietf-jose-json-web-key-39 draft-ietf-jose-json-web-key-40
Abstract Abstract
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data
structure that represents a cryptographic key. This specification structure that represents a cryptographic key. This specification
also defines a JSON Web Key Set (JWK Set) JSON data structure that also defines a JSON Web Key Set (JWK Set) JSON data structure that
represents a set of JWKs. Cryptographic algorithms and identifiers represents a set of JWKs. Cryptographic algorithms and identifiers
for use with this specification are described in the separate JSON for use with this specification are described in the separate JSON
Web Algorithms (JWA) specification and IANA registries defined by Web Algorithms (JWA) specification and IANA registries defined by
that specification. that specification.
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 3, 2015. This Internet-Draft will expire on July 17, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 25 skipping to change at page 2, line 25
4.2. "use" (Public Key Use) Parameter . . . . . . . . . . . . . 6 4.2. "use" (Public Key Use) Parameter . . . . . . . . . . . . . 6
4.3. "key_ops" (Key Operations) Parameter . . . . . . . . . . . 7 4.3. "key_ops" (Key Operations) Parameter . . . . . . . . . . . 7
4.4. "alg" (Algorithm) Parameter . . . . . . . . . . . . . . . 8 4.4. "alg" (Algorithm) Parameter . . . . . . . . . . . . . . . 8
4.5. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 8 4.5. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 8
4.6. "x5u" (X.509 URL) Parameter . . . . . . . . . . . . . . . 8 4.6. "x5u" (X.509 URL) Parameter . . . . . . . . . . . . . . . 8
4.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 9 4.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 9
4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 9 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 9
4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint)
Parameter . . . . . . . . . . . . . . . . . . . . . . . . 10 Parameter . . . . . . . . . . . . . . . . . . . . . . . . 10
5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 10 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 10
5.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 10 5.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 11
6. String Comparison Rules . . . . . . . . . . . . . . . . . . . 11 6. String Comparison Rules . . . . . . . . . . . . . . . . . . . 11
7. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 11 7. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 11
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
8.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 13 8.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 13
8.1.1. Registration Template . . . . . . . . . . . . . . . . 13 8.1.1. Registration Template . . . . . . . . . . . . . . . . 13
8.1.2. Initial Registry Contents . . . . . . . . . . . . . . 14 8.1.2. Initial Registry Contents . . . . . . . . . . . . . . 14
8.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 15 8.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 15
8.2.1. Registration Template . . . . . . . . . . . . . . . . 15 8.2.1. Registration Template . . . . . . . . . . . . . . . . 15
8.2.2. Initial Registry Contents . . . . . . . . . . . . . . 16 8.2.2. Initial Registry Contents . . . . . . . . . . . . . . 16
8.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 16 8.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 16
8.3.1. Registration Template . . . . . . . . . . . . . . . . 16 8.3.1. Registration Template . . . . . . . . . . . . . . . . 16
8.3.2. Initial Registry Contents . . . . . . . . . . . . . . 17 8.3.2. Initial Registry Contents . . . . . . . . . . . . . . 17
8.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 18 8.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 18
8.4.1. Registration Template . . . . . . . . . . . . . . . . 18 8.4.1. Registration Template . . . . . . . . . . . . . . . . 18
8.4.2. Initial Registry Contents . . . . . . . . . . . . . . 19 8.4.2. Initial Registry Contents . . . . . . . . . . . . . . 19
8.5. Media Type Registration . . . . . . . . . . . . . . . . . 19 8.5. Media Type Registration . . . . . . . . . . . . . . . . . 19
8.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 19 8.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 19
9. Security Considerations . . . . . . . . . . . . . . . . . . . 20 9. Security Considerations . . . . . . . . . . . . . . . . . . . 20
9.1. Key Provenance and Trust . . . . . . . . . . . . . . . . . 20 9.1. Key Provenance and Trust . . . . . . . . . . . . . . . . . 20
9.2. Preventing Disclosure of Non-Public Key Information . . . 20 9.2. Preventing Disclosure of Non-Public Key Information . . . 21
9.3. RSA Private Key Representations and Blinding . . . . . . . 21 9.3. RSA Private Key Representations and Blinding . . . . . . . 21
9.4. Key Entropy and Random Values . . . . . . . . . . . . . . 21 9.4. Key Entropy and Random Values . . . . . . . . . . . . . . 21
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 22
10.1. Normative References . . . . . . . . . . . . . . . . . . . 21 10.1. Normative References . . . . . . . . . . . . . . . . . . . 22
10.2. Informative References . . . . . . . . . . . . . . . . . . 23 10.2. Informative References . . . . . . . . . . . . . . . . . . 23
Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 24 Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 24
A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 24 A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 24
A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 24 A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 25
A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 26 A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 27
Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Appendix B. Example Use of "x5c" (X.509 Certificate Chain)
Parameter . . . . . . . . . . . . . . . . . . . . . . 26 Parameter . . . . . . . . . . . . . . . . . . . . . . 27
Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 27 Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 28
C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 28 C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 29
C.2. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . 31 C.2. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . 32
C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 31 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 32
C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 32 C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 33
C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 32 C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 33
C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 32 C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 33
C.7. Additional Authenticated Data . . . . . . . . . . . . . . 33 C.7. Additional Authenticated Data . . . . . . . . . . . . . . 34
C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 33 C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 34
C.9. Complete Representation . . . . . . . . . . . . . . . . . 36 C.9. Complete Representation . . . . . . . . . . . . . . . . . 37
Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 37 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 39
Appendix E. Document History . . . . . . . . . . . . . . . . . . 38 Appendix E. Document History . . . . . . . . . . . . . . . . . . 39
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 45 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 46
1. Introduction 1. Introduction
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7159] A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7159]
data structure that represents a cryptographic key. This data structure that represents a cryptographic key. This
specification also defines a JSON Web Key Set (JWK Set) JSON data specification also defines a JSON Web Key Set (JWK Set) JSON data
structure that represents a set of JWKs. Cryptographic algorithms structure that represents a set of JWKs. Cryptographic algorithms
and identifiers for use with this specification are described in the and identifiers for use with this specification are described in the
separate JSON Web Algorithms (JWA) [JWA] specification and IANA separate JSON Web Algorithms (JWA) [JWA] specification and IANA
registries defined by that specification. registries defined by that specification.
skipping to change at page 4, line 38 skipping to change at page 4, line 38
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in Key "OPTIONAL" in this document are to be interpreted as described in Key
words for use in RFCs to Indicate Requirement Levels [RFC2119]. If words for use in RFCs to Indicate Requirement Levels [RFC2119]. If
these words are used without being spelled in uppercase then they are these words are used without being spelled in uppercase then they are
to be interpreted with their normal natural language meanings. to be interpreted with their normal natural language meanings.
BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per
Section 2 of [JWS]. Section 2 of [JWS].
UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation
of STRING. of STRING, where STRING is a sequence of zero or more Unicode
[UNICODE] characters.
ASCII(STRING) denotes the octets of the ASCII [RFC20] representation ASCII(STRING) denotes the octets of the ASCII [RFC20] representation
of STRING. of STRING, where STRING is a sequence of zero or more ASCII
characters.
The concatenation of two values A and B is denoted as A || B. The concatenation of two values A and B is denoted as A || B.
2. Terminology 2. Terminology
These terms defined by the JSON Web Signature (JWS) [JWS] These terms defined by the JSON Web Signature (JWS) [JWS]
specification are incorporated into this specification: "Base64url specification are incorporated into this specification: "Base64url
Encoding", "Collision-Resistant Name", "Header Parameter", and "JOSE Encoding", "Collision-Resistant Name", "Header Parameter", and "JOSE
Header". Header".
skipping to change at page 7, line 40 skipping to change at page 7, line 42
o "sign" (compute digital signature or MAC) o "sign" (compute digital signature or MAC)
o "verify" (verify digital signature or MAC) o "verify" (verify digital signature or MAC)
o "encrypt" (encrypt content) o "encrypt" (encrypt content)
o "decrypt" (decrypt content and validate decryption, if applicable) o "decrypt" (decrypt content and validate decryption, if applicable)
o "wrapKey" (encrypt key) o "wrapKey" (encrypt key)
o "unwrapKey" (decrypt key and validate decryption, if applicable) o "unwrapKey" (decrypt key and validate decryption, if applicable)
o "deriveKey" (derive key) o "deriveKey" (derive key)
o "deriveBits" (derive bits not to be used as a key) o "deriveBits" (derive bits not to be used as a key)
(Note that the "key_ops" values intentionally match the "KeyUsage" (Note that the "key_ops" values intentionally match the "KeyUsage"
values defined in the Web Cryptography API [WebCrypto] values defined in the Web Cryptography API
specification.) [W3C.CR-WebCryptoAPI-20141211] specification.)
Other values MAY be used. The key operation values are case- Other values MAY be used. The key operation values are case-
sensitive strings. Duplicate key operation values MUST NOT be sensitive strings. Duplicate key operation values MUST NOT be
present in the array. Use of the "key_ops" member is OPTIONAL, present in the array. Use of the "key_ops" member is OPTIONAL,
unless the application requires its presence. unless the application requires its presence.
Multiple unrelated key operations SHOULD NOT be specified for a key Multiple unrelated key operations SHOULD NOT be specified for a key
because of the potential vulnerabilities associated with using the because of the potential vulnerabilities associated with using the
same key with multiple algorithms. Thus, the combinations "sign" same key with multiple algorithms. Thus, the combinations "sign"
with "verify", "encrypt" with "decrypt", and "wrapKey" with with "verify", "encrypt" with "decrypt", and "wrapKey" with
skipping to change at page 21, line 34 skipping to change at page 22, line 4
the Handbook of Applied Cryptography [HAC] discusses how to compute the Handbook of Applied Cryptography [HAC] discusses how to compute
the remaining RSA private key parameters, if needed, using only "n", the remaining RSA private key parameters, if needed, using only "n",
"e", and "d". "e", and "d".
9.4. Key Entropy and Random Values 9.4. Key Entropy and Random Values
See Section 10.1 of [JWS] for security considerations on key entropy See Section 10.1 of [JWS] for security considerations on key entropy
and random values. and random values.
10. References 10. References
10.1. Normative References 10.1. Normative References
[ECMAScript] [ECMAScript]
Ecma International, "ECMAScript Language Specification, Ecma International, "ECMAScript Language Specification,
5.1 Edition", ECMA 262, June 2011. 5.1 Edition", ECMA 262, June 2011.
[IANA.MediaTypes] [IANA.MediaTypes]
Internet Assigned Numbers Authority (IANA), "MIME Media Internet Assigned Numbers Authority (IANA), "MIME Media
Types", 2005. Types", 2005.
[ITU.X690.1994] [ITU.X690.1994]
International Telecommunications Union, "Information International Telecommunications Union, "Information
Technology - ASN.1 encoding rules: Specification of Basic Technology - ASN.1 encoding rules: Specification of Basic
Encoding Rules (BER), Canonical Encoding Rules (CER) and Encoding Rules (BER), Canonical Encoding Rules (CER) and
Distinguished Encoding Rules (DER)", ITU-T Recommendation Distinguished Encoding Rules (DER)", ITU-T Recommendation
X.690, 1994. X.690, 1994.
[JWA] Jones, M., "JSON Web Algorithms (JWA)", [JWA] Jones, M., "JSON Web Algorithms (JWA)",
draft-ietf-jose-json-web-algorithms (work in progress), draft-ietf-jose-json-web-algorithms (work in progress),
December 2014. January 2015.
[JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)",
draft-ietf-jose-json-web-encryption (work in progress), draft-ietf-jose-json-web-encryption (work in progress),
December 2014. January 2015.
[JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web
Signature (JWS)", draft-ietf-jose-json-web-signature (work Signature (JWS)", draft-ietf-jose-json-web-signature (work
in progress), December 2014. in progress), January 2015.
[RFC20] Cerf, V., "ASCII format for Network Interchange", RFC 20, [RFC20] Cerf, V., "ASCII format for Network Interchange", RFC 20,
October 1969. October 1969.
[RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part Two: Media Types", RFC 2046, Extensions (MIME) Part Two: Media Types", RFC 2046,
November 1996. November 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
skipping to change at page 23, line 14 skipping to change at page 23, line 31
[RFC6125] Saint-Andre, P. and J. Hodges, "Representation and [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and
Verification of Domain-Based Application Service Identity Verification of Domain-Based Application Service Identity
within Internet Public Key Infrastructure Using X.509 within Internet Public Key Infrastructure Using X.509
(PKIX) Certificates in the Context of Transport Layer (PKIX) Certificates in the Context of Transport Layer
Security (TLS)", RFC 6125, March 2011. Security (TLS)", RFC 6125, March 2011.
[RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data
Interchange Format", RFC 7159, March 2014. Interchange Format", RFC 7159, March 2014.
[UNICODE] The Unicode Consortium, "The Unicode Standard", 1991-,
<http://www.unicode.org/versions/latest/>.
10.2. Informative References 10.2. Informative References
[DSS] National Institute of Standards and Technology, "Digital [DSS] National Institute of Standards and Technology, "Digital
Signature Standard (DSS)", FIPS PUB 186-4, July 2013. Signature Standard (DSS)", FIPS PUB 186-4, July 2013.
[HAC] Menezes, A., van Oorschot, P., and S. Vanstone, "Handbook [HAC] Menezes, A., van Oorschot, P., and S. Vanstone, "Handbook
of Applied Cryptography", CRC Press, 1996, of Applied Cryptography", CRC Press, 1996,
<http://cacr.uwaterloo.ca/hac/about/chap8.pdf>. <http://cacr.uwaterloo.ca/hac/about/chap8.pdf>.
[Kocher] Kocher, P., "Timing Attacks on Implementations of Diffe- [Kocher] Kocher, P., "Timing Attacks on Implementations of Diffe-
skipping to change at page 23, line 48 skipping to change at page 24, line 20
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008. May 2008.
[RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric
Key Container (PSKC)", RFC 6030, October 2010. Key Container (PSKC)", RFC 6030, October 2010.
[RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type [RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type
Specifications and Registration Procedures", BCP 13, Specifications and Registration Procedures", BCP 13,
RFC 6838, January 2013. RFC 6838, January 2013.
[W3C.CR-WebCryptoAPI-20141211]
Sleevi, R. and M. Watson, "Web Cryptography API", World
Wide Web Consortium Candidate Recommendation CR-
WebCryptoAPI-20141211, December 2014,
<http://www.w3.org/TR/2014/CR-WebCryptoAPI-20141211/>.
[W3C.NOTE-xmldsig-core2-20130411] [W3C.NOTE-xmldsig-core2-20130411]
Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Roessler, Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Roessler,
T., Yiu, K., Datta, P., and S. Cantor, "XML Signature T., Yiu, K., Datta, P., and S. Cantor, "XML Signature
Syntax and Processing Version 2.0", World Wide Web Syntax and Processing Version 2.0", World Wide Web
Consortium Note NOTE-xmldsig-core2-20130411, April 2013, Consortium Note NOTE-xmldsig-core2-20130411, April 2013,
<http://www.w3.org/TR/2013/NOTE-xmldsig-core2-20130411/>. <http://www.w3.org/TR/2013/NOTE-xmldsig-core2-20130411/>.
[WebCrypto]
Sleevi, R. and M. Watson, "Web Cryptography API", World
Wide Web Consortium Draft, March 2014,
<http://www.w3.org/TR/2014/WD-WebCryptoAPI-20140325/>.
Appendix A. Example JSON Web Key Sets Appendix A. Example JSON Web Key Sets
A.1. Example Public Keys A.1. Example Public Keys
The following example JWK Set contains two public keys represented as The following example JWK Set contains two public keys represented as
JWKs: one using an Elliptic Curve algorithm and a second one using an JWKs: one using an Elliptic Curve algorithm and a second one using an
RSA algorithm. The first specifies that the key is to be used for RSA algorithm. The first specifies that the key is to be used for
encryption. The second specifies that the key is to be used with the encryption. The second specifies that the key is to be used with the
"RS256" algorithm. Both provide a Key ID for key matching purposes. "RS256" algorithm. Both provide a Key ID for key matching purposes.
In both cases, integers are represented using the base64url encoding In both cases, integers are represented using the base64url encoding
of their big endian representations. (Long lines are broken are for of their big endian representations. (Line breaks within values are
display purposes only.) for display purposes only.)
{"keys": {"keys":
[ [
{"kty":"EC", {"kty":"EC",
"crv":"P-256", "crv":"P-256",
"x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
"y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
"use":"enc", "use":"enc",
"kid":"1"}, "kid":"1"},
{"kty":"RSA", {"kty":"RSA",
skipping to change at page 25, line 5 skipping to change at page 25, line 32
"kid":"2011-04-29"} "kid":"2011-04-29"}
] ]
} }
A.2. Example Private Keys A.2. Example Private Keys
The following example JWK Set contains two keys represented as JWKs The following example JWK Set contains two keys represented as JWKs
containing both public and private key values: one using an Elliptic containing both public and private key values: one using an Elliptic
Curve algorithm and a second one using an RSA algorithm. This Curve algorithm and a second one using an RSA algorithm. This
example extends the example in the previous section, adding private example extends the example in the previous section, adding private
key values. (Line breaks are for display purposes only.) key values. (Line breaks within values are for display purposes
only.)
{"keys": {"keys":
[ [
{"kty":"EC", {"kty":"EC",
"crv":"P-256", "crv":"P-256",
"x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
"y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
"d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE",
"use":"enc", "use":"enc",
"kid":"1"}, "kid":"1"},
skipping to change at page 26, line 9 skipping to change at page 27, line 9
yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU",
"alg":"RS256", "alg":"RS256",
"kid":"2011-04-29"} "kid":"2011-04-29"}
] ]
} }
A.3. Example Symmetric Keys A.3. Example Symmetric Keys
The following example JWK Set contains two symmetric keys represented The following example JWK Set contains two symmetric keys represented
as JWKs: one designated as being for use with the AES Key Wrap as JWKs: one designated as being for use with the AES Key Wrap
algorithm and a second one that is an HMAC key. (Line breaks are for algorithm and a second one that is an HMAC key. (Line breaks within
display purposes only.) values are for display purposes only.)
{"keys": {"keys":
[ [
{"kty":"oct", {"kty":"oct",
"alg":"A128KW", "alg":"A128KW",
"k":"GawgguFyGrWKav7AX4VKUg"}, "k":"GawgguFyGrWKav7AX4VKUg"},
{"kty":"oct", {"kty":"oct",
"k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75 "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75
aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow",
"kid":"HMAC key used in JWS A.1 example"} "kid":"HMAC key used in JWS A.1 example"}
] ]
} }
Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter
The following is an example of a JWK with a RSA signing key The following is an example of a JWK with a RSA signing key
represented both as an RSA public key and as an X.509 certificate represented both as an RSA public key and as an X.509 certificate
using the "x5c" parameter: using the "x5c" parameter (with line breaks within values for display
purposes only):
{"kty":"RSA", {"kty":"RSA",
"use":"sig", "use":"sig",
"kid":"1b94c", "kid":"1b94c",
"n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08 "n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08
PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q
u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a
YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH
MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv
VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ", VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ",
skipping to change at page 28, line 8 skipping to change at page 29, line 8
This example encrypts an RSA private key to the recipient using This example encrypts an RSA private key to the recipient using
"PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for "PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for
content encryption. content encryption.
NOTE: Unless otherwise indicated, all line breaks are included solely NOTE: Unless otherwise indicated, all line breaks are included solely
for readability. for readability.
C.1. Plaintext RSA Private Key C.1. Plaintext RSA Private Key
The following RSA key is the plaintext for the authenticated The following RSA key is the plaintext for the authenticated
encryption operation, formatted as a JWK: encryption operation, formatted as a JWK (with line breaks within
values for display purposes only):
{ {
"kty":"RSA", "kty":"RSA",
"kid":"juliet@capulet.lit", "kid":"juliet@capulet.lit",
"use":"enc", "use":"enc",
"n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy "n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy
O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP
8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0 8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0
Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X
OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1 OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1
skipping to change at page 37, line 5 skipping to change at page 38, line 8
C.9. Complete Representation C.9. Complete Representation
Assemble the final representation: The JWE Compact Serialization of Assemble the final representation: The JWE Compact Serialization of
this result, as defined in Section 7.1 of [JWE], is the string this result, as defined in Section 7.1 of [JWE], is the string
BASE64URL(UTF8(JWE Protected Header)) || '.' || BASE64URL(JWE BASE64URL(UTF8(JWE Protected Header)) || '.' || BASE64URL(JWE
Encrypted Key) || '.' || BASE64URL(JWE Initialization Vector) || '.' Encrypted Key) || '.' || BASE64URL(JWE Initialization Vector) || '.'
|| BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE Authentication || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE Authentication
Tag). Tag).
The final result in this example is: The final result in this example (with line breaks for display
purposes only) is:
eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn
VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi
andrK2pzb24ifQ. andrK2pzb24ifQ.
TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA. TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA.
Ye9j1qs22DmRSAddIh-VnA. Ye9j1qs22DmRSAddIh-VnA.
AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo
wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g
0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_
GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP
skipping to change at page 38, line 30 skipping to change at page 39, line 34
Hannes Tschofenig, and Sean Turner. Hannes Tschofenig, and Sean Turner.
Jim Schaad and Karen O'Donoghue chaired the JOSE working group and Jim Schaad and Karen O'Donoghue chaired the JOSE working group and
Sean Turner, Stephen Farrell, and Kathleen Moriarty served as Sean Turner, Stephen Farrell, and Kathleen Moriarty served as
Security area directors during the creation of this specification. Security area directors during the creation of this specification.
Appendix E. Document History Appendix E. Document History
[[ to be removed by the RFC Editor before publication as an RFC ]] [[ to be removed by the RFC Editor before publication as an RFC ]]
-40
o Clarified the definitions of UTF8(STRING) and ASCII(STRING).
o Stated that line breaks are for display purposes only in places
where this disclaimer was needed and missing.
o Updated the WebCrypto reference to refer to the W3C Candidate
Recommendation.
-39 -39
o No changes were made, other than to the version number and date. o No changes were made, other than to the version number and date.
-38 -38
o Replaced uses of the phrase "JWK object" with "JWK". o Replaced uses of the phrase "JWK object" with "JWK".
-37 -37
skipping to change at page 41, line 4 skipping to change at page 42, line 18
o Corrected the authentication tag value in the encrypted key o Corrected the authentication tag value in the encrypted key
example. example.
o Updated the JSON reference to RFC 7159. o Updated the JSON reference to RFC 7159.
-23 -23
o No changes were made, other than to the version number and date. o No changes were made, other than to the version number and date.
-22 -22
o Corrected RFC 2119 terminology usage. o Corrected RFC 2119 terminology usage.
o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158. o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158.
-21 -21
o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey" o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey"
and "unwrapKey" to match the "KeyUsage" values defined in the and "unwrapKey" to match the "KeyUsage" values defined in the
current Web Cryptography API [WebCrypto] editor's draft. current Web Cryptography API editor's draft.
o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt
Input), where the "p2s" Header Parameter encodes the Salt Input Input), where the "p2s" Header Parameter encodes the Salt Input
value and Alg is the "alg" Header Parameter value. value and Alg is the "alg" Header Parameter value.
o Changed some references from being normative to informative, o Changed some references from being normative to informative,
addressing issue #90. addressing issue #90.
-20 -20
 End of changes. 28 change blocks. 
49 lines changed or deleted 67 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/