idnits 2.17.1 draft-ietf-jose-cookbook-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 24, 2014) is 3409 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-40) exists of draft-ietf-jose-json-web-algorithms-38 == Outdated reference: A later version (-40) exists of draft-ietf-jose-json-web-encryption-38 == Outdated reference: A later version (-41) exists of draft-ietf-jose-json-web-key-38 == Outdated reference: A later version (-41) exists of draft-ietf-jose-json-web-signature-38 Summary: 0 errors (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 JOSE Working Group M. Miller 3 Internet-Draft Cisco Systems, Inc. 4 Intended status: Informational December 24, 2014 5 Expires: June 27, 2015 7 Examples of Protecting Content using JavaScript Object Signing and 8 Encryption (JOSE) 9 draft-ietf-jose-cookbook-08 11 Abstract 13 This document contains a set of examples using JavaScript Object 14 Signing and Encryption (JOSE) technology to protect data. These 15 examples present a representative sampling JSON Web Key (JWK) 16 objects, as well as various JSON Web Signature (JWS) and JSON Web 17 Encryption (JWE) results given similar inputs. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on June 27, 2015. 36 Copyright Notice 38 Copyright (c) 2014 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 54 1.1. Conventions Used in this Document . . . . . . . . . . . . 5 55 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6 56 3. JSON Web Key Examples . . . . . . . . . . . . . . . . . . . . 6 57 3.1. EC Public Key . . . . . . . . . . . . . . . . . . . . . . 6 58 3.2. EC Private Key . . . . . . . . . . . . . . . . . . . . . 7 59 3.3. RSA Public Key . . . . . . . . . . . . . . . . . . . . . 8 60 3.4. RSA Private Key . . . . . . . . . . . . . . . . . . . . . 9 61 3.5. Symmetric Key (MAC Computation) . . . . . . . . . . . . . 11 62 3.6. Symmetric Key (Encryption) . . . . . . . . . . . . . . . 11 63 4. JSON Web Signature Examples . . . . . . . . . . . . . . . . . 12 64 4.1. RSA v1.5 Signature . . . . . . . . . . . . . . . . . . . 12 65 4.1.1. Input Factors . . . . . . . . . . . . . . . . . . . . 13 66 4.1.2. Signing Operation . . . . . . . . . . . . . . . . . . 13 67 4.1.3. Output Results . . . . . . . . . . . . . . . . . . . 14 68 4.2. RSA-PSS Signature . . . . . . . . . . . . . . . . . . . . 16 69 4.2.1. Input Factors . . . . . . . . . . . . . . . . . . . . 16 70 4.2.2. Signing Operation . . . . . . . . . . . . . . . . . . 16 71 4.2.3. Output Results . . . . . . . . . . . . . . . . . . . 17 72 4.3. ECDSA Signature . . . . . . . . . . . . . . . . . . . . . 19 73 4.3.1. Input Factors . . . . . . . . . . . . . . . . . . . . 19 74 4.3.2. Signing Operation . . . . . . . . . . . . . . . . . . 19 75 4.3.3. Output Results . . . . . . . . . . . . . . . . . . . 20 76 4.4. HMAC-SHA2 Integrity Protection . . . . . . . . . . . . . 22 77 4.4.1. Input Factors . . . . . . . . . . . . . . . . . . . . 22 78 4.4.2. Signing Operation . . . . . . . . . . . . . . . . . . 22 79 4.4.3. Output Results . . . . . . . . . . . . . . . . . . . 23 80 4.5. Signature with Detached Content . . . . . . . . . . . . . 25 81 4.5.1. Input Factors . . . . . . . . . . . . . . . . . . . . 25 82 4.5.2. Signing Operation . . . . . . . . . . . . . . . . . . 25 83 4.5.3. Output Results . . . . . . . . . . . . . . . . . . . 26 84 4.6. Protecting Specific Header Fields . . . . . . . . . . . . 27 85 4.6.1. Input Factors . . . . . . . . . . . . . . . . . . . . 27 86 4.6.2. Signing Operation . . . . . . . . . . . . . . . . . . 28 87 4.6.3. Output Results . . . . . . . . . . . . . . . . . . . 29 88 4.7. Protecting Content Only . . . . . . . . . . . . . . . . . 30 89 4.7.1. Input Factors . . . . . . . . . . . . . . . . . . . . 30 90 4.7.2. Signing Operation . . . . . . . . . . . . . . . . . . 30 91 4.7.3. Output Results . . . . . . . . . . . . . . . . . . . 31 92 4.8. Multiple Signatures . . . . . . . . . . . . . . . . . . . 32 93 4.8.1. Input Factors . . . . . . . . . . . . . . . . . . . . 33 94 4.8.2. First Signing Operation . . . . . . . . . . . . . . . 33 95 4.8.3. Second Signing Operation . . . . . . . . . . . . . . 35 96 4.8.4. Third Signing Operation . . . . . . . . . . . . . . . 36 97 4.8.5. Output Results . . . . . . . . . . . . . . . . . . . 37 98 5. JSON Web Encryption Examples . . . . . . . . . . . . . . . . 38 99 5.1. Key Encryption using RSA v1.5 and AES-HMAC-SHA2 . . . . . 39 100 5.1.1. Input Factors . . . . . . . . . . . . . . . . . . . . 39 101 5.1.2. Generated Factors . . . . . . . . . . . . . . . . . . 41 102 5.1.3. Encrypting the Key . . . . . . . . . . . . . . . . . 41 103 5.1.4. Encrypting the Content . . . . . . . . . . . . . . . 41 104 5.1.5. Output Results . . . . . . . . . . . . . . . . . . . 42 105 5.2. Key Encryption using RSA-OAEP with AES-GCM . . . . . . . 45 106 5.2.1. Input Factors . . . . . . . . . . . . . . . . . . . . 45 107 5.2.2. Generated Factors . . . . . . . . . . . . . . . . . . 47 108 5.2.3. Encrypting the Key . . . . . . . . . . . . . . . . . 48 109 5.2.4. Encrypting the Content . . . . . . . . . . . . . . . 48 110 5.2.5. Output Results . . . . . . . . . . . . . . . . . . . 49 111 5.3. Key Wrap using PBES2-AES-KeyWrap with AES-CBC-HMAC-SHA2 . 52 112 5.3.1. Input Factors . . . . . . . . . . . . . . . . . . . . 53 113 5.3.2. Generated Factors . . . . . . . . . . . . . . . . . . 54 114 5.3.3. Encrypting the Key . . . . . . . . . . . . . . . . . 54 115 5.3.4. Encrypting the Content . . . . . . . . . . . . . . . 55 116 5.3.5. Output Results . . . . . . . . . . . . . . . . . . . 56 117 5.4. Key Agreement with Key Wrapping using ECDH-ES and AES- 118 KeyWrap with AES-GCM . . . . . . . . . . . . . . . . . . 59 119 5.4.1. Input Factors . . . . . . . . . . . . . . . . . . . . 59 120 5.4.2. Generated Factors . . . . . . . . . . . . . . . . . . 60 121 5.4.3. Encrypting the Key . . . . . . . . . . . . . . . . . 60 122 5.4.4. Encrypting the Content . . . . . . . . . . . . . . . 61 123 5.4.5. Output Results . . . . . . . . . . . . . . . . . . . 62 124 5.5. Key Agreement using ECDH-ES with AES-CBC-HMAC-SHA2 . . . 65 125 5.5.1. Input Factors . . . . . . . . . . . . . . . . . . . . 65 126 5.5.2. Generated Factors . . . . . . . . . . . . . . . . . . 66 127 5.5.3. Key Agreement . . . . . . . . . . . . . . . . . . . . 66 128 5.5.4. Encrypting the Content . . . . . . . . . . . . . . . 67 129 5.5.5. Output Results . . . . . . . . . . . . . . . . . . . 68 130 5.6. Direct Encryption using AES-GCM . . . . . . . . . . . . . 70 131 5.6.1. Input Factors . . . . . . . . . . . . . . . . . . . . 70 132 5.6.2. Generated Factors . . . . . . . . . . . . . . . . . . 70 133 5.6.3. Encrypting the Content . . . . . . . . . . . . . . . 70 134 5.6.4. Output Results . . . . . . . . . . . . . . . . . . . 72 135 5.7. Key Wrap using AES-GCM KeyWrap with AES-CBC-HMAC-SHA2 . . 73 136 5.7.1. Input Factors . . . . . . . . . . . . . . . . . . . . 73 137 5.7.2. Generated Factors . . . . . . . . . . . . . . . . . . 74 138 5.7.3. Encrypting the Key . . . . . . . . . . . . . . . . . 74 139 5.7.4. Encrypting the Content . . . . . . . . . . . . . . . 75 140 5.7.5. Output Results . . . . . . . . . . . . . . . . . . . 76 141 5.8. Key Wrap using AES-KeyWrap with AES-GCM . . . . . . . . . 78 142 5.8.1. Input Factors . . . . . . . . . . . . . . . . . . . . 78 143 5.8.2. Generated Factors . . . . . . . . . . . . . . . . . . 79 144 5.8.3. Encrypting the Key . . . . . . . . . . . . . . . . . 79 145 5.8.4. Encrypting the Content . . . . . . . . . . . . . . . 79 146 5.8.5. Output Results . . . . . . . . . . . . . . . . . . . 80 147 5.9. Compressed Content . . . . . . . . . . . . . . . . . . . 82 148 5.9.1. Input Factors . . . . . . . . . . . . . . . . . . . . 83 149 5.9.2. Generated Factors . . . . . . . . . . . . . . . . . . 83 150 5.9.3. Encrypting the Key . . . . . . . . . . . . . . . . . 84 151 5.9.4. Encrypting the Content . . . . . . . . . . . . . . . 84 152 5.9.5. Output Results . . . . . . . . . . . . . . . . . . . 85 153 5.10. Including Additional Authenticated Data . . . . . . . . . 86 154 5.10.1. Input Factors . . . . . . . . . . . . . . . . . . . 87 155 5.10.2. Generated Factors . . . . . . . . . . . . . . . . . 87 156 5.10.3. Encrypting the Key . . . . . . . . . . . . . . . . . 88 157 5.10.4. Encrypting the Content . . . . . . . . . . . . . . . 88 158 5.10.5. Output Results . . . . . . . . . . . . . . . . . . . 89 159 5.11. Protecting Specific Header Fields . . . . . . . . . . . . 91 160 5.11.1. Input Factors . . . . . . . . . . . . . . . . . . . 91 161 5.11.2. Generated Factors . . . . . . . . . . . . . . . . . 92 162 5.11.3. Encrypting the Key . . . . . . . . . . . . . . . . . 92 163 5.11.4. Encrypting the Content . . . . . . . . . . . . . . . 92 164 5.11.5. Output Results . . . . . . . . . . . . . . . . . . . 93 165 5.12. Protecting Content Only . . . . . . . . . . . . . . . . . 95 166 5.12.1. Input Factors . . . . . . . . . . . . . . . . . . . 95 167 5.12.2. Generated Factors . . . . . . . . . . . . . . . . . 95 168 5.12.3. Encrypting the Key . . . . . . . . . . . . . . . . . 96 169 5.12.4. Encrypting the Content . . . . . . . . . . . . . . . 96 170 5.12.5. Output Results . . . . . . . . . . . . . . . . . . . 97 171 5.13. Encrypting to Multiple Recipients . . . . . . . . . . . . 99 172 5.13.1. Input Factors . . . . . . . . . . . . . . . . . . . 99 173 5.13.2. Generated Factors . . . . . . . . . . . . . . . . . 99 174 5.13.3. Encrypting the Key to the First Recipient . . . . . 100 175 5.13.4. Encrypting the Key to the Second Recipient . . . . . 101 176 5.13.5. Encrypting the Key to the Third Recipient . . . . . 103 177 5.13.6. Encrypting the Content . . . . . . . . . . . . . . . 104 178 5.13.7. Output Results . . . . . . . . . . . . . . . . . . . 105 179 6. Nesting Signatures and Encryption . . . . . . . . . . . . . . 107 180 6.1. Signing Input Factors . . . . . . . . . . . . . . . . . . 107 181 6.2. Signing Operation . . . . . . . . . . . . . . . . . . . . 109 182 6.3. Signing Output . . . . . . . . . . . . . . . . . . . . . 109 183 6.4. Encryption Input Factors . . . . . . . . . . . . . . . . 110 184 6.5. Encryption Generated Factors . . . . . . . . . . . . . . 110 185 6.6. Encrypting the Key . . . . . . . . . . . . . . . . . . . 111 186 6.7. Encrypting the Content . . . . . . . . . . . . . . . . . 111 187 6.8. Encryption Output . . . . . . . . . . . . . . . . . . . . 112 188 7. Security Considerations . . . . . . . . . . . . . . . . . . . 115 189 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 116 190 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 116 191 9.1. Normative References . . . . . . . . . . . . . . . . . . 116 192 9.2. Informative References . . . . . . . . . . . . . . . . . 116 193 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 117 194 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 117 196 1. Introduction 198 The JavaScript Object Signing and Encryption (JOSE) technologies - 199 JSON Web Signature (JWS) [I-D.ietf-jose-json-web-signature], JSON Web 200 Encryption (JWE) [I-D.ietf-jose-json-web-encryption], JSON Web Key 201 (JWK) [I-D.ietf-jose-json-web-key], and JSON Web Algorithms (JWA) 202 [I-D.ietf-jose-json-web-algorithms] - collectively can be used to 203 encrypt and/or sign content using a variety of algorithms. While the 204 full set of permutations is extremely large, and might be daunting to 205 some, it is expected that most applications will only use a small set 206 of algorithms to meet their needs. 208 This document provides a number of examples of signing or encrypting 209 content using JOSE. While not exhaustive, it does compile a 210 representative sample of JOSE features. As much as possible, the 211 same signature payload or encryption plaintext content is used to 212 illustrate differences in various signing and encryption results. 214 This document also provides a number of example JWK objects. These 215 examples illustrate the distinguishing properties of various key 216 types, and emphasize important characteristics. Most of the JWK 217 examples are then used in the signature or encryption examples that 218 follow. 220 All of the examples contained herein are available in a machine- 221 readable format at https://github.com/ietf-jose/cookbook. 223 1.1. Conventions Used in this Document 225 This document separates data that are expected to be input to an 226 implementation of JOSE from data that are expected to be generated by 227 an implementation of JOSE. Each example, wherever possible, provides 228 enough information to both replicate the results of this document or 229 to validate the results by running its inverse operation (e.g., 230 signature results can be validated by performing the JWS verify). 231 However, some algorithms inherently use random data and therefore 232 computations employing them cannot be exactly replicated; such cases 233 are explicitly stated in the relevant sections. 235 All instances of binary octet strings are represented using [RFC4648] 236 base64url encoding. 238 Wherever possible and unless otherwise noted, the examples include 239 the Compact serialization, JSON General Serialization, and JSON 240 Flattened Serialization. 242 All of the examples in this document have whitespace added to improve 243 formatting and readability. Except for JWE plaintext or JWS payload 244 content, whitespace is not part of the cryptographic operations nor 245 the exchange results. 247 Unless otherwise noted, the JWE plaintext or JWS payload content does 248 include " " (U+0020 SPACE) characters. Line breaks (U+000A LINE 249 FEED) replace some " " (U+0020 SPACE) characters to improve 250 readability but are not present in the JWE plaintext or JWS payload. 252 2. Terminology 254 This document inherits terminology regarding JSON Web Signature (JWS) 255 technology from [I-D.ietf-jose-json-web-signature], terminology 256 regarding JSON Web Encryption (JWE) technology from 257 [I-D.ietf-jose-json-web-encryption], terminology regarding JSON Web 258 Key (JWK) technology from [I-D.ietf-jose-json-web-key], and 259 terminology regarding algorithms from 260 [I-D.ietf-jose-json-web-algorithms]. 262 3. JSON Web Key Examples 264 The following sections demonstrate how to represent various JWK and 265 JWK-set objects. 267 3.1. EC Public Key 269 This example illustrates an Elliptic Curve public key. This example 270 is the public key corresponding to Figure 2. 272 Note that whitespace is added for readability as described in 273 Section 1.1. 275 { 276 "kty": "EC", 277 "kid": "bilbo.baggins@hobbiton.example", 278 "use": "sig", 279 "crv": "P-521", 280 "x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9 281 A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt", 282 "y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVy 283 SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1" 284 } 286 Figure 1: Elliptic Curve P-521 Public Key 288 The field "kty" value of "EC" identifies this as an elliptic curve 289 key. The field "crv" identifies the curve, which is curve P-521 for 290 this example. The fields "x" and "y" values are the base64url- 291 encoded X and Y coordinates (respectively). 293 The values of the fields "x" and "y" decoded are the octets necessary 294 to represent each full coordinate to the order of the curve. For a 295 key over curve P-521, the values of the fields "x" and "y" are 296 exactly 66 octets in length when decoded, padded with leading zero 297 (0x00) octets to reach the expected length. 299 3.2. EC Private Key 301 This example illustrates an Elliptic Curve private key. This example 302 is the private key corresponding to Figure 1. 304 Note that whitespace is added for readability as described in 305 Section 1.1. 307 { 308 "kty": "EC", 309 "kid": "bilbo.baggins@hobbiton.example", 310 "use": "sig", 311 "crv": "P-521", 312 "x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9 313 A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt", 314 "y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVy 315 SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1", 316 "d": "AAhRON2r9cqXX1hg-RoI6R1tX5p2rUAYdmpHZoC1XNM56KtscrX6zb 317 KipQrCW9CGZH3T4ubpnoTKLDYJ_fF3_rJt" 318 } 320 Figure 2: Elliptic Curve P-521 Private Key 322 The field "kty" value of "EC" identifies this as an elliptic curve 323 key. The field "crv" identifies the curve, which is curve P-521 324 (also known as SECG curve secp521r1) for this example. The fields 325 "x" and "y" values are the base64url-encoded X and Y coordinates 326 (respectively). The field "d" value is the base64url-encoded private 327 key. 329 The values of the fields "d", "x", and "y" decoded are the octets 330 necessary to represent the private key or each full coordinate 331 (respectively) to the order of the curve. For a key over curve 332 "P-521", the values of the "d", "x", and "y" fields are each exactly 333 66 octets in length when decoded, padded with leading zero (0x00) 334 octets to reach the expected length. 336 3.3. RSA Public Key 338 This example illustrates an RSA public key. This example is the 339 public key corresponding to Figure 4. 341 Note that whitespace is added for readability as described in 342 Section 1.1. 344 { 345 "kty": "RSA", 346 "kid": "bilbo.baggins@hobbiton.example", 347 "use": "sig", 348 "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT 349 -O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqV 350 wGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj- 351 oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde 352 3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuC 353 LqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5g 354 HdrNP5zw", 355 "e": "AQAB" 356 } 358 Figure 3: RSA 2048-bit Public Key 360 The field "kty" value of "RSA" identifies this as a RSA key. The 361 fields "n" and "e" values are the modulus and (public) exponent 362 (respectively) using the minimum octets necessary. 364 For a 2048-bit key, the field "n" value is 256 octets in length when 365 decoded. 367 3.4. RSA Private Key 369 This example illustrates an RSA private key. This example is the 370 private key corresponding to Figure 3. 372 Note that whitespace is added for readability as described in 373 Section 1.1. 375 { 376 "kty": "RSA", 377 "kid": "bilbo.baggins@hobbiton.example", 378 "use": "sig", 379 "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT 380 -O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqV 381 wGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj- 382 oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde 383 3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuC 384 LqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5g 385 HdrNP5zw", 386 "e": "AQAB", 387 "d": "bWUC9B-EFRIo8kpGfh0ZuyGPvMNKvYWNtB_ikiH9k20eT-O1q_I78e 388 iZkpXxXQ0UTEs2LsNRS-8uJbvQ-A1irkwMSMkK1J3XTGgdrhCku9gRld 389 Y7sNA_AKZGh-Q661_42rINLRCe8W-nZ34ui_qOfkLnK9QWDDqpaIsA-b 390 MwWWSDFu2MUBYwkHTMEzLYGqOe04noqeq1hExBTHBOBdkMXiuFhUq1BU 391 6l-DqEiWxqg82sXt2h-LMnT3046AOYJoRioz75tSUQfGCshWTBnP5uDj 392 d18kKhyv07lhfSJdrPdM5Plyl21hsFf4L_mHCuoFau7gdsPfHPxxjVOc 393 OpBrQzwQ", 394 "p": "3Slxg_DwTXJcb6095RoXygQCAZ5RnAvZlno1yhHtnUex_fp7AZ_9nR 395 aO7HX_-SFfGQeutao2TDjDAWU4Vupk8rw9JR0AzZ0N2fvuIAmr_WCsmG 396 peNqQnev1T7IyEsnh8UMt-n5CafhkikzhEsrmndH6LxOrvRJlsPp6Zv8 397 bUq0k", 398 "q": "uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs6grT 399 8bR_cu0Dm1MZwWmtdqDyI95HrUeq3MP15vMMON8lHTeZu2lmKvwqW7an 400 V5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxHlSqAZ192zB3pVFJ0 401 s7pFc", 402 "dp": "B8PVvXkvJrj2L-GYQ7v3y9r6Kw5g9SahXBwsWUzp19TVlgI-YV85q 403 1NIb1rxQtD-IsXXR3-TanevuRPRt5OBOdiMGQp8pbt26gljYfKU_E9xn 404 -RULHz0-ed9E9gXLKD4VGngpz-PfQ_q29pk5xWHoJp009Qf1HvChixRX 405 59ehik", 406 "dq": "CLDmDGduhylc9o7r84rEUVn7pzQ6PF83Y-iBZx5NT-TpnOZKF1pEr 407 AMVeKzFEl41DlHHqqBLSM0W1sOFbwTxYWZDm6sI6og5iTbwQGIC3gnJK 408 bi_7k_vJgGHwHxgPaX2PnvP-zyEkDERuf-ry4c_Z11Cq9AqC2yeL6kdK 409 T1cYF8", 410 "qi": "3PiqvXQN0zwMeE-sBvZgi289XP9XCQF3VWqPzMKnIgQp7_Tugo6-N 411 ZBKCQsMf3HaEGBjTVJs_jcK8-TRXvaKe-7ZMaQj8VfBdYkssbu0NKDDh 412 jJ-GtiseaDVWt7dcH0cfwxgFUHpQh7FoCrjFJ6h6ZEpMF6xmujs4qMpP 413 z8aaI4" 414 } 416 Figure 4: RSA 2048-bit Private Key 418 The field "kty" value of "RSA" identifies this as a RSA key. The 419 fields "n" and "e" values are the base64url-encoded modulus and 420 (public) exponent (respectively) using the minimum number of octets 421 necessary. The field "d" value is the base64url-encoded private 422 exponent using the minimum number of octets necessary. The fields 423 "p", "q", "dp", "dq", and "qi" are the base64url-encoded additional 424 private information using the minimum number of octets necessary. 426 For a 2048-bit key, the field "n" is 256 octets in length when 427 decoded and the field "d" is not longer than 256 octets in length 428 when decoded. 430 3.5. Symmetric Key (MAC Computation) 432 This example illustrates a symmetric key used for computing MACs. 434 Note that whitespace is added for readability as described in 435 Section 1.1. 437 { 438 "kty": "oct", 439 "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037", 440 "use": "sig", 441 "alg": "HS256", 442 "k": "hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg" 443 } 445 Figure 5: AES 256-bit symmetric signing key 447 The field "kty" value of "oct" identifies this as a symmetric key. 448 The field "k" value is the symmetric key. 450 When used for the signing algorithm "HS256" (HMAC-SHA256), the field 451 "k" value is 32 octets (or more) in length when decoded, padded with 452 leading zero (0x00) octets to reach the minimum expected length. 454 3.6. Symmetric Key (Encryption) 456 This example illustrates a symmetric key used for encryption. 458 Note that whitespace is added for readability as described in 459 Section 1.1. 461 { 462 "kty": "oct", 463 "kid": "1e571774-2e08-40da-8308-e8d68773842d", 464 "use": "enc", 465 "alg": "A256GCM", 466 "k": "AAPapAv4LbFbiVawEjagUBluYqN5rhna-8nuldDvOx8" 467 } 469 Figure 6: AES 256-bit symmetric encryption key 471 The field "kty" value of "oct" identifies this as a symmetric key. 472 The field "k" value is the symmetric key. 474 For the content encryption algorithm "A256GCM", the field "k" value 475 is exactly 32 octets in length when decoded, padded with leading zero 476 (0x00) octets to reach the expected length. 478 4. JSON Web Signature Examples 480 The following sections demonstrate how to generate various JWS 481 objects. 483 All of the succeeding examples use the following payload plaintext 484 (an abridged quote from "The Fellowship of the Ring" 485 [LOTR-FELLOWSHIP]), serialized as UTF-8. The sequence "\xe2\x80\x99" 486 is substituted for (U+2019 RIGHT SINGLE QUOTATION MARK), and line 487 breaks (U+000A LINE FEED) replace some " " (U+0020 SPACE) to improve 488 readability: 490 It\xe2\x80\x99s a dangerous business, Frodo, going out your 491 door. You step onto the road, and if you don't keep your feet, 492 there\xe2\x80\x99s no knowing where you might be swept off 493 to. 495 Figure 7: Payload content plaintext 497 The Payload - with the sequence "\xe2\x80\x99" replaced with (U+2019 498 RIGHT SINGLE QUOTATION MARK) and line breaks (U+000A LINE FEED) 499 replaced with " " (U+0020 SPACE) - encoded as UTF-8 then as [RFC4648] 500 base64url: 502 SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH 503 lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk 504 b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm 505 UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 507 Figure 8: Payload content, base64url-encoded 509 4.1. RSA v1.5 Signature 511 This example illustrates signing content using the "RS256" (RSASSA- 512 PKCS1-v1_5 with SHA-256) algorithm. 514 Note that whitespace is added for readability as described in 515 Section 1.1. 517 4.1.1. Input Factors 519 The following are supplied before beginning the signing operation: 521 o Payload content; this example uses the content from Figure 7, 522 encoded using [RFC4648] base64url to produce Figure 8. 524 o RSA private key; this example uses the key from Figure 4. 526 o "alg" parameter of "RS256". 528 4.1.2. Signing Operation 530 The following are generated to complete the signing operation: 532 o JWS Protected Header; this example uses the header from Figure 9, 533 encoded using [RFC4648] base64url to produce Figure 10. 535 { 536 "alg": "RS256", 537 "kid": "bilbo.baggins@hobbiton.example" 538 } 540 Figure 9: JWS Protected Header JSON 542 eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX 543 hhbXBsZSJ9 545 Figure 10: JWS Protected Header, base64url-encoded 547 The JWS Protected Header (Figure 10) and Payload content (Figure 8) 548 are combined as described in section 5.1 of 549 [I-D.ietf-jose-json-web-signature] to produce the JWS Signing Input 550 Figure 11. 552 eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX 553 hhbXBsZSJ9 554 . 555 SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH 556 lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk 557 b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm 558 UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 560 Figure 11: JWS Signing Input 562 Performing the signature operation over the JWS Signing Input 563 (Figure 11) produces the JWS Signature (Figure 12). 565 MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmK 566 ZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4J 567 IwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8w 568 W1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluP 569 xUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_f 570 cIe8u9ipH84ogoree7vjbU5y18kDquDg 572 Figure 12: JWS Signature, base64url-encoded 574 4.1.3. Output Results 576 The following compose the resulting JWS object: 578 o JWS Protected Header (Figure 9) 580 o Payload content (Figure 8) 582 o Signature (Figure 12) 584 The resulting JWS object using the Compact serialization: 586 eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX 587 hhbXBsZSJ9 588 . 589 SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH 590 lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk 591 b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm 592 UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 593 . 594 MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmK 595 ZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4J 596 IwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8w 597 W1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluP 598 xUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_f 599 cIe8u9ipH84ogoree7vjbU5y18kDquDg 601 Figure 13: Compact Serialization 603 The resulting JWS object using the JSON General Serialization: 605 { 606 "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg 607 Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h 608 ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi 609 gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m 610 ZiB0by4", 611 "signatures": [ 612 { 613 "protected": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2 614 dpbnNAaG9iYml0b24uZXhhbXBsZSJ9", 615 "signature": "MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHo 616 xnW2e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII 617 7PNDi84wnB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0Rnlt 618 uYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPo 619 cSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxU 620 Ahb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJush 621 Z41Axf_fcIe8u9ipH84ogoree7vjbU5y18kDquDg" 622 } 623 ] 624 } 626 Figure 14: JSON General Serialization 628 The resulting JWS object using the JSON Flattened Serialization: 630 { 631 "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg 632 Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h 633 ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi 634 gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m 635 ZiB0by4", 636 "protected": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbn 637 NAaG9iYml0b24uZXhhbXBsZSJ9", 638 "signature": "MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2 639 e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84w 640 nB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0RnltuYv746iYTh_q 641 HRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPocSadnHXFxnt8Is9U 642 zpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxUAhb6L2aXic1U12podGU0 643 KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_fcIe8u9ipH84ogore 644 e7vjbU5y18kDquDg" 645 } 647 Figure 15: JSON Flattened Serialization 649 4.2. RSA-PSS Signature 651 This example illustrates signing content using the "PS384" (RSASSA- 652 PSS with SHA-384) algorithm. 654 Note that RSASSA-PSS uses random data to generate the signature; it 655 might not be possible to exactly replicate the results in this 656 section. 658 Note that whitespace is added for readability as described in 659 Section 1.1. 661 4.2.1. Input Factors 663 The following are supplied before beginning the signing operation: 665 o Payload content; this example uses the content from Figure 7, 666 encoded using [RFC4648] base64url to produce Figure 8. 668 o RSA private key; this example uses the key from Figure 4. 670 o "alg" parameter of "PS384". 672 4.2.2. Signing Operation 674 The following are generated to complete the signing operation: 676 o JWS Protected Header; this example uses the header from Figure 16, 677 encoded using [RFC4648] base64url to produce Figure 17. 679 { 680 "alg": "PS384", 681 "kid": "bilbo.baggins@hobbiton.example" 682 } 684 Figure 16: JWS Protected Header JSON 686 eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX 687 hhbXBsZSJ9 689 Figure 17: JWS Protected Header, base64url-encoded 691 The JWS Protected Header (Figure 17) and Payload content (Figure 8) 692 are combined as described in [I-D.ietf-jose-json-web-signature] to 693 produce the JWS Signing Input Figure 18. 695 eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX 696 hhbXBsZSJ9 697 . 698 SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH 699 lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk 700 b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm 701 UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 703 Figure 18: JWS Signing Input 705 Performing the signature operation over the JWS Signing Input 706 (Figure 18) produces the JWS Signature (Figure 19). 708 cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2I 709 pN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXU 710 vdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRX 711 e8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT 712 0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a 713 6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw 715 Figure 19: JWS Signature, base64url-encoded 717 4.2.3. Output Results 719 The following compose the resulting JWS object: 721 o JWS Protected Header (Figure 17) 723 o Payload content (Figure 8) 725 o Signature (Figure 19) 727 The resulting JWS object using the Compact serialization: 729 eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX 730 hhbXBsZSJ9 731 . 732 SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH 733 lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk 734 b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm 735 UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 736 . 737 cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2I 738 pN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXU 739 vdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRX 740 e8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT 741 0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a 742 6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw 744 Figure 20: Compact Serialization 746 The resulting JWS object using the JSON General Serialization: 748 { 749 "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg 750 Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h 751 ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi 752 gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m 753 ZiB0by4", 754 "signatures": [ 755 { 756 "protected": "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2 757 dpbnNAaG9iYml0b24uZXhhbXBsZSJ9", 758 "signature": "cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy 759 42miAh2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5 760 dDDItllVo6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz2 761 8zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vd 762 z0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0q 763 I0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uT 764 OcbH510a6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw" 765 } 766 ] 767 } 769 Figure 21: JSON General Serialization 771 The resulting JWS object using the JSON Flattened Serialization: 773 { 774 "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg 775 Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h 776 ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi 777 gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m 778 ZiB0by4", 779 "protected": "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbn 780 NAaG9iYml0b24uZXhhbXBsZSJ9", 781 "signature": "cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42mi 782 Ah2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllV 783 o6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf 784 8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vdz0TTrxUeT3lm8d9s 785 hnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0qI0n6uiP1aCN_2_jLAeQT 786 lqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a6GYmJUAfmWjwZ6oD 787 4ifKo8DYM-X72Eaw" 788 } 790 Figure 22: JSON Flattened Serialization 792 4.3. ECDSA Signature 794 This example illustrates signing content using the "ES512" (ECDSA 795 with curve P-521 and SHA-512) algorithm. 797 Note that ECDSA uses random data to generate the signature; it might 798 not be possible to exactly replicate the results in this section. 800 Note that whitespace is added for readability as described in 801 Section 1.1. 803 4.3.1. Input Factors 805 The following are supplied before beginning the signing operation: 807 o Payload content; this example uses the content from Figure 7, 808 encoded using [RFC4648] base64url to produce Figure 8. 810 o EC private key on the curve P-521; this example uses the key from 811 Figure 2. 813 o "alg" parameter of "ES512" 815 4.3.2. Signing Operation 817 The following are generated before beginning the signature process: 819 o JWS Protected Header; this example uses the header from Figure 23, 820 encoded using [RFC4648] base64url to produce Figure 24. 822 { 823 "alg": "ES512", 824 "kid": "bilbo.baggins@hobbiton.example" 825 } 827 Figure 23: JWS Protected Header JSON 829 eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX 830 hhbXBsZSJ9 832 Figure 24: JWS Protected Header, base64url-encoded 834 The JWS Protected Header (Figure 24) and Payload content (Figure 8) 835 are combined as described in [I-D.ietf-jose-json-web-signature] to 836 produce the JWS Signing Input Figure 25. 838 eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX 839 hhbXBsZSJ9 840 . 841 SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH 842 lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk 843 b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm 844 UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 846 Figure 25: JWS Signing Input 848 Performing the signature operation over the JWS Signing Input 849 (Figure 25) produces the JWS Signature (Figure 26). 851 AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb 852 u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv 853 AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2 855 Figure 26: JWS Signature, base64url-encoded 857 4.3.3. Output Results 859 The following compose the resulting JWS object: 861 o JWS Protected Header (Figure 24) 863 o Payload content (Figure 8) 865 o Signature (Figure 26) 867 The resulting JWS object using the Compact serialization: 869 eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX 870 hhbXBsZSJ9 871 . 872 SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH 873 lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk 874 b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm 875 UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 876 . 877 AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb 878 u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv 879 AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2 881 Figure 27: Compact Serialization 883 The resulting JWS object using the JSON General Serialization: 885 { 886 "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg 887 Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h 888 ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi 889 gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m 890 ZiB0by4", 891 "signatures": [ 892 { 893 "protected": "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2 894 dpbnNAaG9iYml0b24uZXhhbXBsZSJ9", 895 "signature": "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNl 896 aAjP2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mt 897 PBu_u_sDDyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBp 898 HABlsbEPX6sFY8OcGDqoRuBomu9xQ2" 899 } 900 ] 901 } 903 Figure 28: JSON General Serialization 905 The resulting JWS object using the JSON Flattened Serialization: 907 { 908 "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg 909 Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h 910 ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi 911 gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m 912 ZiB0by4", 913 "protected": "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbn 914 NAaG9iYml0b24uZXhhbXBsZSJ9", 915 "signature": "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP 916 2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sD 917 DyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBpHABlsbEPX6sF 918 Y8OcGDqoRuBomu9xQ2" 919 } 921 Figure 29: JSON Flattened Serialization 923 4.4. HMAC-SHA2 Integrity Protection 925 This example illustrates integrity protecting content using the 926 "HS256" (HMAC-SHA-256) algorithm. 928 Note that whitespace is added for readability as described in 929 Section 1.1. 931 4.4.1. Input Factors 933 The following are supplied before beginning the signing operation: 935 o Payload content; this example uses the content from Figure 7, 936 encoded using [RFC4648] base64url to produce Figure 8. 938 o HMAC symmetric key; this example uses the key from Figure 5. 940 o "alg" parameter of "HS256". 942 4.4.2. Signing Operation 944 The following are generated before completing the signing operation: 946 o JWS Protected Header; this example uses the header from Figure 30, 947 encoded using [RFC4648] base64url to produce Figure 31. 949 { 950 "alg": "HS256", 951 "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" 952 } 954 Figure 30: JWS Protected Header JSON 956 eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW 957 VlZjMxNGJjNzAzNyJ9 959 Figure 31: JWS Protected Header, base64url-encoded 961 The JWS Protected Header (Figure 31) and Payload content (Figure 8) 962 are combined as described in [I-D.ietf-jose-json-web-signature] to 963 produce the JWS Signing Input Figure 32. 965 eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW 966 VlZjMxNGJjNzAzNyJ9 967 . 968 SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH 969 lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk 970 b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm 971 UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 973 Figure 32: JWS Signing Input 975 Performing the signature operation over the JWS Signing Input 976 (Figure 32) produces the JWS Signature (Figure 33). 978 s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0 980 Figure 33: JWS Signature, base64url-encoded 982 4.4.3. Output Results 984 The following compose the resulting JWS object: 986 o JWS Protected Header (Figure 31) 988 o Payload content (Figure 8) 990 o Signature (Figure 33) 992 The resulting JWS object using the Compact serialization: 994 eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW 995 VlZjMxNGJjNzAzNyJ9 996 . 997 SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH 998 lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk 999 b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm 1000 UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 1001 . 1002 s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0 1004 Figure 34: Compact Serialization 1006 The resulting JWS object using the JSON General Serialization: 1008 { 1009 "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg 1010 Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h 1011 ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi 1012 gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m 1013 ZiB0by4", 1014 "signatures": [ 1015 { 1016 "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT 1017 RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9", 1018 "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p 1019 0" 1020 } 1021 ] 1022 } 1024 Figure 35: JSON General Serialization 1026 The resulting JWS object using the JSON Flattened Serialization: 1028 { 1029 "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg 1030 Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h 1031 ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi 1032 gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m 1033 ZiB0by4", 1034 "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW 1035 ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9", 1036 "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0" 1037 } 1039 Figure 36: JSON Flattened Serialization 1041 4.5. Signature with Detached Content 1043 This example illustrates a signature with detached content. This 1044 example is identical others, except the resulting JWS objects do not 1045 include the Payload field. Instead, the application is expected to 1046 locate it elsewhere. For example, the signature might be in a meta- 1047 data section, with the payload being the content. 1049 Note that whitespace is added for readability as described in 1050 Section 1.1. 1052 4.5.1. Input Factors 1054 The following are supplied before beginning the signing operation: 1056 o Payload content; this example uses the content from Figure 7, 1057 encoded using [RFC4648] base64url to produce Figure 8. 1059 o Signing key; this example uses the AES symmetric key from 1060 Figure 5. 1062 o Signing algorithm; this example uses "HS256". 1064 4.5.2. Signing Operation 1066 The following are generated before completing the signing operation: 1068 o JWS Protected Header; this example uses the header from Figure 37, 1069 encoded using [RFC4648] base64url to produce Figure 38. 1071 The JWS Protected Header parameters: 1073 { 1074 "alg": "HS256", 1075 "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" 1076 } 1078 Figure 37: JWS Protected Header JSON 1080 eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW 1081 VlZjMxNGJjNzAzNyJ9 1083 Figure 38: JWS Protected Header, base64url-encoded 1085 The JWS Protected Header (Figure 38) and Payload content (Figure 8) 1086 are combined as described in [I-D.ietf-jose-json-web-signature] to 1087 produce the JWS Signing Input Figure 39. 1089 eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW 1090 VlZjMxNGJjNzAzNyJ9 1091 . 1092 SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH 1093 lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk 1094 b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm 1095 UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 1097 Figure 39: JWS Signing Input 1099 Performing the signature operation over the JWS Signing Input 1100 (Figure 39) produces the JWS Signature (Figure 40). 1102 s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0 1104 Figure 40: JWS Signature, base64url-encoded 1106 4.5.3. Output Results 1108 The following compose the resulting JWS object: 1110 o JWS Protected Header (Figure 38) 1112 o Signature (Figure 40) 1114 The resulting JWS object using the Compact serialization: 1116 eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW 1117 VlZjMxNGJjNzAzNyJ9 1118 . 1119 . 1120 s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0 1122 Figure 41: JSON General Serialization 1124 The resulting JWS object using the JSON General Serialization: 1126 { 1127 "signatures": [ 1128 { 1129 "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT 1130 RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9", 1131 "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p 1132 0" 1133 } 1134 ] 1135 } 1137 Figure 42: JSON General Serialization 1139 The resulting JWS object using the JSON Flattened Serialization: 1141 { 1142 "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW 1143 ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9", 1144 "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0" 1145 } 1147 Figure 43: JSON Flattened Serialization 1149 4.6. Protecting Specific Header Fields 1151 This example illustrates a signature where only certain header 1152 parameters are protected. Since this example contains both 1153 unprotected and protected header parameters, only the JSON General 1154 Serialization and JSON Flattened Serialization are possible. 1156 Note that whitespace is added for readability as described in 1157 Section 1.1. 1159 4.6.1. Input Factors 1161 The following are supplied before beginning the signing operation: 1163 o Payload content; this example uses the content from Figure 7, 1164 encoded using [RFC4648] base64url to produce Figure 8. 1166 o Signing key; this example uses the AES symmetric key from 1167 Figure 5. 1169 o Signing algorithm; this example uses "HS256". 1171 4.6.2. Signing Operation 1173 The following are generated before completing the signing operation: 1175 o JWS Protected Header; this example uses the header from Figure 44, 1176 encoded using [RFC4648] base64url to produce Figure 45. 1178 o JWS unprotected Header; this example uses the header from 1179 Figure 46. 1181 The JWS Protected Header parameters: 1183 { 1184 "alg": "HS256" 1185 } 1187 Figure 44: JWS Protected Header JSON 1189 eyJhbGciOiJIUzI1NiJ9 1191 Figure 45: JWS Protected Header, base64url-encoded 1193 { 1194 "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" 1195 } 1197 Figure 46: JWS Unprotected Header JSON 1199 The JWS Protected Header (Figure 45) and Payload content (Figure 8) 1200 are combined as described in [I-D.ietf-jose-json-web-signature] to 1201 produce the JWS Signing Input Figure 47. 1203 eyJhbGciOiJIUzI1NiJ9 1204 . 1205 SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH 1206 lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk 1207 b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm 1208 UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 1210 Figure 47: JWS Signing Input 1212 Performing the signature operation over the JWS Signing Input 1213 (Figure 47) produces the JWS Signature (Figure 48). 1215 bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr20 1217 Figure 48: JWS Signature, base64url-encoded 1219 4.6.3. Output Results 1221 The following compose the resulting JWS object: 1223 o JWS Protected Header (Figure 45) 1225 o JWS Unprotected Header (Figure 46) 1227 o Payload content (Figure 8) 1229 o Signature (Figure 48) 1231 The Compact Serialization is not presented because it does not 1232 support this use case. 1234 The resulting JWS object using the JSON General Serialization: 1236 { 1237 "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg 1238 Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h 1239 ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi 1240 gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m 1241 ZiB0by4", 1242 "signatures": [ 1243 { 1244 "protected": "eyJhbGciOiJIUzI1NiJ9", 1245 "header": { 1246 "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" 1247 }, 1248 "signature": "bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr2 1249 0" 1250 } 1251 ] 1252 } 1254 Figure 49: JSON General Serialization 1256 The resulting JWS object using the JSON Flattened Serialization: 1258 { 1259 "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg 1260 Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h 1261 ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi 1262 gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m 1263 ZiB0by4", 1264 "protected": "eyJhbGciOiJIUzI1NiJ9", 1265 "header": { 1266 "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" 1267 }, 1268 "signature": "bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr20" 1269 } 1271 Figure 50: JSON Flattened Serialization 1273 4.7. Protecting Content Only 1275 This example illustrates a signature where none of the header 1276 parameters are protected. Since this example contains only 1277 unprotected header parameters, only the JSON General Serialization 1278 and JSON Flattened Serialization are possible. 1280 Note that whitespace is added for readability as described in 1281 Section 1.1. 1283 4.7.1. Input Factors 1285 The following are supplied before beginning the signing operation: 1287 o Payload content; this example uses the content from Figure 7, 1288 encoded using [RFC4648] base64url to produce Figure 8. 1290 o Signing key; this example uses the AES key from Figure 5. 1292 o Signing algorithm; this example uses "HS256" 1294 4.7.2. Signing Operation 1296 The following are generated before completing the signing operation: 1298 o JWS Unprotected Header; this example uses the header from 1299 Figure 51. 1301 { 1302 "alg": "HS256", 1303 "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" 1304 } 1306 Figure 51: JWS Unprotected Header JSON 1308 The empty string (as there is no JWS Protected Header) and Payload 1309 content (Figure 8) are combined as described in 1310 [I-D.ietf-jose-json-web-signature] to produce the JWS Signing Input 1311 Figure 52. 1313 . 1314 SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH 1315 lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk 1316 b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm 1317 UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 1319 Figure 52: JWS Signing Input 1321 Performing the signature operation over the JWS Signing Input 1322 (Figure 52) produces the JWS Signature (Figure 53). 1324 xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZuk 1326 Figure 53: JWS Signature, base64url-encoded 1328 4.7.3. Output Results 1330 The following compose the resulting JWS object: 1332 o JWS Unprotected Header (Figure 51) 1334 o Payload content (Figure 8) 1336 o Signature (Figure 53) 1338 The Compact Serialization is not presented because it does not 1339 support this use case. 1341 The resulting JWS object using the JSON General Serialization: 1343 { 1344 "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg 1345 Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h 1346 ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi 1347 gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m 1348 ZiB0by4", 1349 "signatures": [ 1350 { 1351 "header": { 1352 "alg": "HS256", 1353 "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" 1354 }, 1355 "signature": "xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZu 1356 k" 1357 } 1358 ] 1359 } 1361 Figure 54: JSON General Serialization 1363 The resulting JWS object using the JSON Flattened Serialization: 1365 { 1366 "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg 1367 Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h 1368 ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi 1369 gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m 1370 ZiB0by4", 1371 "header": { 1372 "alg": "HS256", 1373 "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" 1374 }, 1375 "signature": "xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZuk" 1376 } 1378 Figure 55: JSON Flattened Serialization 1380 4.8. Multiple Signatures 1382 This example illustrates multiple signatures applied to the same 1383 payload. Since this example contains more than one signature, only 1384 the JSON serialization is possible. 1386 Note that whitespace is added for readability as described in 1387 Section 1.1. 1389 4.8.1. Input Factors 1391 The following are supplied before beginning the signing operation: 1393 o Payload content; this example uses the content from Figure 7, 1394 encoded using [RFC4648] base64url to produce Figure 8. 1396 o Signing keys; this example uses the following: 1398 * RSA private key from Figure 4 for the first signature 1400 * EC private key from Figure 2 for the second signature 1402 * AES symmetric key from Figure 5 for the third signature 1404 o Signing algorithms; this example uses the following: 1406 * "RS256" for the first signature 1408 * "ES512" for the second signature 1410 * "HS256" for the third signature 1412 4.8.2. First Signing Operation 1414 The following are generated before completing the first signing 1415 operation: 1417 o JWS Protected Header; this example uses the header from Figure 56, 1418 encoded using [RFC4648] base64url to produce Figure 57. 1420 o JWS Unprotected Header; this example uses the header from 1421 Figure 58. 1423 { 1424 "alg": "RS256" 1425 } 1427 Figure 56: Signature #1 JWS Protected Header JSON 1429 eyJhbGciOiJSUzI1NiJ9 1431 Figure 57: Signature #1 JWS Protected Header, base64url-encoded 1433 { 1434 "kid": "bilbo.baggins@hobbiton.example" 1435 } 1437 Figure 58: Signature #1 JWS Unprotected Header JSON 1439 The JWS Protected Header (Figure 57) and Payload content (Figure 8) 1440 are combined as described in [I-D.ietf-jose-json-web-signature] to 1441 produce the JWS Signing Input Figure 59. 1443 eyJhbGciOiJSUzI1NiJ9 1444 . 1445 SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH 1446 lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk 1447 b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm 1448 UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 1450 Figure 59: JWS Signing Input 1452 Performing the signature operation over the JWS Signing Input 1453 (Figure 59) produces the JWS Signature (Figure 60). 1455 MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5NvyG53uoimic1tcMdSg-qpt 1456 rzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFcryNFiHkSw129EghGpwkpxaTn_THJTC 1457 glNbADko1MZBCdwzJxwqZc-1RlpO2HibUYyXSwO97BSe0_evZKdjvvKSgsIqjy 1458 tKSeAMbhMBdMma622_BG5t4sdbuCHtFjp9iJmkio47AIwqkZV1aIZsv33uPUqB 1459 BCXbYoQJwt7mxPftHmNlGoOSMxR_3thmXTCm4US-xiNOyhbm8afKK64jU6_TPt 1460 QHiJeQJxz9G3Tx-083B745_AfYOnlC9w 1462 Figure 60: JWS Signature #1, base64url-encoded 1464 The following is the assembled first signature serialized as JSON: 1466 { 1467 "protected": "eyJhbGciOiJSUzI1NiJ9", 1468 "header": { 1469 "kid": "bilbo.baggins@hobbiton.example" 1470 }, 1471 "signature": "MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5NvyG53u 1472 oimic1tcMdSg-qptrzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFcryNFiHkS 1473 w129EghGpwkpxaTn_THJTCglNbADko1MZBCdwzJxwqZc-1RlpO2HibUY 1474 yXSwO97BSe0_evZKdjvvKSgsIqjytKSeAMbhMBdMma622_BG5t4sdbuC 1475 HtFjp9iJmkio47AIwqkZV1aIZsv33uPUqBBCXbYoQJwt7mxPftHmNlGo 1476 OSMxR_3thmXTCm4US-xiNOyhbm8afKK64jU6_TPtQHiJeQJxz9G3Tx-0 1477 83B745_AfYOnlC9w" 1478 } 1480 Figure 61: Signature #1 JSON 1482 4.8.3. Second Signing Operation 1484 The following are generated before completing the second signing 1485 operation: 1487 o JWS Unprotected Header; this example uses the header from 1488 Figure 62. 1490 { 1491 "alg": "ES512", 1492 "kid": "bilbo.baggins@hobbiton.example" 1493 } 1495 Figure 62: Signature #2 JWS Unprotected Header JSON 1497 The empty string (as there is no JWS Protected Header) and Payload 1498 content (Figure 8) are combined as described in 1499 [I-D.ietf-jose-json-web-signature] to produce the JWS Signing Input 1500 Figure 63. 1502 . 1503 SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH 1504 lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk 1505 b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm 1506 UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 1508 Figure 63: JWS Signing Input 1510 Performing the signature operation over the JWS Signing Input 1511 (Figure 63) produces the JWS Signature (Figure 64). 1513 ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhcdCoFZFFjfISu0Cdkn9Yb 1514 dlmi54ho0x924DUz8sK7ZXkhc7AFM8ObLfTvNCrqcI3Jkl2U5IX3utNhODH6v7 1515 xgy1Qahsn0fyb4zSAkje8bAWz4vIfj5pCMYxxm4fgV3q7ZYhm5eD 1517 Figure 64: JWS Signature #2, base64url-encoded 1519 The following is the assembled second signature serialized as JSON: 1521 { 1522 "header": { 1523 "alg": "ES512", 1524 "kid": "bilbo.baggins@hobbiton.example" 1525 }, 1526 "signature": "ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhcdCoF 1527 ZFFjfISu0Cdkn9Ybdlmi54ho0x924DUz8sK7ZXkhc7AFM8ObLfTvNCrq 1528 cI3Jkl2U5IX3utNhODH6v7xgy1Qahsn0fyb4zSAkje8bAWz4vIfj5pCM 1529 Yxxm4fgV3q7ZYhm5eD" 1530 } 1532 Figure 65: Signature #2 JSON 1534 4.8.4. Third Signing Operation 1536 The following are generated before completing the third signing 1537 operation: 1539 o JWS Protected Header; this example uses the header from Figure 66, 1540 encoded using [RFC4648] base64url to produce Figure 67. 1542 { 1543 "alg": "HS256", 1544 "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" 1545 } 1547 Figure 66: Signature #3 JWS Protected Header JSON 1549 eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW 1550 VlZjMxNGJjNzAzNyJ9 1552 Figure 67: Signature #3 JWS Protected Header, base64url-encoded 1554 The JWS Protected Header (Figure 67) and Payload content (Figure 8) 1555 are combined as described in [I-D.ietf-jose-json-web-signature] to 1556 produce the JWS Signing Input Figure 68. 1558 eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW 1559 VlZjMxNGJjNzAzNyJ9 1560 . 1561 SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH 1562 lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk 1563 b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm 1564 UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 1566 Figure 68: JWS Signing Input 1568 Performing the signature operation over the JWS Signing Input 1569 (Figure 68) produces the JWS Signature (Figure 69). 1571 s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0 1573 Figure 69: JWS Signature #3, base64url-encoded 1575 The following is the assembled third signature serialized as JSON: 1577 { 1578 "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW 1579 ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9", 1580 "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0" 1581 } 1583 Figure 70: Signature #3 JSON 1585 4.8.5. Output Results 1587 The following compose the resulting JWS object: 1589 o Payload content (Figure 8) 1591 o Signature #1 JSON (Figure 61) 1593 o Signature #2 JSON (Figure 65) 1595 o Signature #3 JSON (Figure 70) 1597 The Compact Serialization is not presented because it does not 1598 support this use case; the JSON Flattened Serialization is not 1599 presented because there is more than one signature. 1601 The resulting JWS object using the JSON General Serialization: 1603 { 1604 "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg 1605 Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h 1606 ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi 1607 gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m 1608 ZiB0by4", 1609 "signatures": [ 1610 { 1611 "protected": "eyJhbGciOiJSUzI1NiJ9", 1612 "header": { 1613 "kid": "bilbo.baggins@hobbiton.example" 1614 }, 1615 "signature": "MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5Nvy 1616 G53uoimic1tcMdSg-qptrzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFc 1617 ryNFiHkSw129EghGpwkpxaTn_THJTCglNbADko1MZBCdwzJxwqZc 1618 -1RlpO2HibUYyXSwO97BSe0_evZKdjvvKSgsIqjytKSeAMbhMBdM 1619 ma622_BG5t4sdbuCHtFjp9iJmkio47AIwqkZV1aIZsv33uPUqBBC 1620 XbYoQJwt7mxPftHmNlGoOSMxR_3thmXTCm4US-xiNOyhbm8afKK6 1621 4jU6_TPtQHiJeQJxz9G3Tx-083B745_AfYOnlC9w" 1622 }, 1623 { 1624 "header": { 1625 "alg": "ES512", 1626 "kid": "bilbo.baggins@hobbiton.example" 1627 }, 1628 "signature": "ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhc 1629 dCoFZFFjfISu0Cdkn9Ybdlmi54ho0x924DUz8sK7ZXkhc7AFM8Ob 1630 LfTvNCrqcI3Jkl2U5IX3utNhODH6v7xgy1Qahsn0fyb4zSAkje8b 1631 AWz4vIfj5pCMYxxm4fgV3q7ZYhm5eD" 1632 }, 1633 { 1634 "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT 1635 RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9", 1636 "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p 1637 0" 1638 } 1639 ] 1640 } 1642 Figure 71: JSON General Serialization 1644 5. JSON Web Encryption Examples 1646 The following sections demonstrate how to generate various JWE 1647 objects. 1649 All of the succeeding examples (unless otherwise noted) use the 1650 following plaintext content (an abridged quote from "The Fellowship 1651 of the Ring" [LOTR-FELLOWSHIP]), serialized as UTF-8. The sequence 1652 "\xe2\x80\x93" is substituted for (U+2013 EN DASH), and line breaks 1653 (U+000A LINE FEED) replace some " " (U+0020 SPACE) characters to 1654 improve formatting: 1656 You can trust us to stick with you through thick and 1657 thin\xe2\x80\x93to the bitter end. And you can trust us to 1658 keep any secret of yours\xe2\x80\x93closer than you keep it 1659 yourself. But you cannot trust us to let you face trouble 1660 alone, and go off without a word. We are your friends, Frodo. 1662 Figure 72: Plaintext content 1664 5.1. Key Encryption using RSA v1.5 and AES-HMAC-SHA2 1666 This example illustrates encrypting content using the "RSA1_5" 1667 (RSAES-PKCS1-v1_5) key encryption algorithm and the "A128CBC-HS256" 1668 (AES-128-CBC-HMAC-SHA-256) content encryption algorithm. 1670 Note that RSAES-PKCS1-v1_5 uses random data to generate the 1671 ciphertext; it might not be possible to exactly replicate the results 1672 in this section. 1674 Note that only the RSA public key is necessary to perform the 1675 encryption. However, the example includes the RSA private key to 1676 allow readers to validate the output. 1678 Note that whitespace is added for readability as described in 1679 Section 1.1. 1681 5.1.1. Input Factors 1683 The following are supplied before beginning the encryption process: 1685 o Plaintext content; this example uses the content from Figure 72. 1687 o RSA public key; this example uses the key from Figure 73. 1689 o "alg" parameter of "RSA1_5". 1691 o "enc" parameter of "A128CBC-HS256". 1693 { 1694 "kty": "RSA", 1695 "kid": "frodo.baggins@hobbiton.example", 1696 "use": "enc", 1697 "n": "maxhbsmBtdQ3CNrKvprUE6n9lYcregDMLYNeTAWcLj8NnPU9XIYegT 1698 HVHQjxKDSHP2l-F5jS7sppG1wgdAqZyhnWvXhYNvcM7RfgKxqNx_xAHx 1699 6f3yy7s-M9PSNCwPC2lh6UAkR4I00EhV9lrypM9Pi4lBUop9t5fS9W5U 1700 NwaAllhrd-osQGPjIeI1deHTwx-ZTHu3C60Pu_LJIl6hKn9wbwaUmA4c 1701 R5Bd2pgbaY7ASgsjCUbtYJaNIHSoHXprUdJZKUMAzV0WOKPfA6OPI4oy 1702 pBadjvMZ4ZAj3BnXaSYsEZhaueTXvZB4eZOAjIyh2e_VOIKVMsnDrJYA 1703 VotGlvMQ", 1704 "e": "AQAB", 1705 "d": "Kn9tgoHfiTVi8uPu5b9TnwyHwG5dK6RE0uFdlpCGnJN7ZEi963R7wy 1706 bQ1PLAHmpIbNTztfrheoAniRV1NCIqXaW_qS461xiDTp4ntEPnqcKsyO 1707 5jMAji7-CL8vhpYYowNFvIesgMoVaPRYMYT9TW63hNM0aWs7USZ_hLg6 1708 Oe1mY0vHTI3FucjSM86Nff4oIENt43r2fspgEPGRrdE6fpLc9Oaq-qeP 1709 1GFULimrRdndm-P8q8kvN3KHlNAtEgrQAgTTgz80S-3VD0FgWfgnb1PN 1710 miuPUxO8OpI9KDIfu_acc6fg14nsNaJqXe6RESvhGPH2afjHqSy_Fd2v 1711 pzj85bQQ", 1712 "p": "2DwQmZ43FoTnQ8IkUj3BmKRf5Eh2mizZA5xEJ2MinUE3sdTYKSLtaE 1713 oekX9vbBZuWxHdVhM6UnKCJ_2iNk8Z0ayLYHL0_G21aXf9-unynEpUsH 1714 7HHTklLpYAzOOx1ZgVljoxAdWNn3hiEFrjZLZGS7lOH-a3QQlDDQoJOJ 1715 2VFmU", 1716 "q": "te8LY4-W7IyaqH1ExujjMqkTAlTeRbv0VLQnfLY2xINnrWdwiQ93_V 1717 F099aP1ESeLja2nw-6iKIe-qT7mtCPozKfVtUYfz5HrJ_XY2kfexJINb 1718 9lhZHMv5p1skZpeIS-GPHCC6gRlKo1q-idn_qxyusfWv7WAxlSVfQfk8 1719 d6Et0", 1720 "dp": "UfYKcL_or492vVc0PzwLSplbg4L3-Z5wL48mwiswbpzOyIgd2xHTH 1721 QmjJpFAIZ8q-zf9RmgJXkDrFs9rkdxPtAsL1WYdeCT5c125Fkdg317JV 1722 RDo1inX7x2Kdh8ERCreW8_4zXItuTl_KiXZNU5lvMQjWbIw2eTx1lpsf 1723 lo0rYU", 1724 "dq": "iEgcO-QfpepdH8FWd7mUFyrXdnOkXJBCogChY6YKuIHGc_p8Le9Mb 1725 pFKESzEaLlN1Ehf3B6oGBl5Iz_ayUlZj2IoQZ82znoUrpa9fVYNot87A 1726 CfzIG7q9Mv7RiPAderZi03tkVXAdaBau_9vs5rS-7HMtxkVrxSUvJY14 1727 TkXlHE", 1728 "qi": "kC-lzZOqoFaZCr5l0tOVtREKoVqaAYhQiqIRGL-MzS4sCmRkxm5vZ 1729 lXYx6RtE1n_AagjqajlkjieGlxTTThHD8Iga6foGBMaAr5uR1hGQpSc7 1730 Gl7CF1DZkBJMTQN6EshYzZfxW08mIO8M6Rzuh0beL6fG9mkDcIyPrBXx 1731 2bQ_mM" 1732 } 1734 Figure 73: RSA 2048-bit Key, in JWK format 1736 (*NOTE*: While the key includes the private parameters, only the 1737 public parameters "e" and "n" are necessary for the encryption 1738 operation.) 1740 5.1.2. Generated Factors 1742 The following are generated before encrypting: 1744 o AES symmetric key as the Content Encryption Key (CEK); this 1745 example uses the key from Figure 74 1747 o Initialization vector/nonce; this example uses the initialization 1748 vector from Figure 75 1750 3qyTVhIWt5juqZUCpfRqpvauwB956MEJL2Rt-8qXKSo 1752 Figure 74: Content Encryption Key, base64url-encoded 1754 bbd5sTkYwhAIqfHsx8DayA 1756 Figure 75: Initialization Vector, base64url-encoded 1758 5.1.3. Encrypting the Key 1760 Performing the key encryption operation over the CEK (Figure 74) with 1761 the RSA key (Figure 73) results in the following encrypted key: 1763 laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePF 1764 vG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2G 1765 Xfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcG 1766 TSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8Vl 1767 zNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOh 1768 MBs9M8XL223Fg47xlGsMXdfuY-4jaqVw 1770 Figure 76: Encrypted Key, base64url-encoded 1772 5.1.4. Encrypting the Content 1774 The following are generated before encrypting the plaintext: 1776 o JWE Protected Header; this example uses the header from Figure 77, 1777 encoded using [RFC4648] base64url to produce Figure 78. 1779 { 1780 "alg": "RSA1_5", 1781 "kid": "frodo.baggins@hobbiton.example", 1782 "enc": "A128CBC-HS256" 1783 } 1785 Figure 77: JWE Protected Header JSON 1787 eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm 1788 V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0 1790 Figure 78: JWE Protected Header, base64url-encoded 1792 Performing the content encryption operation on the Plaintext 1793 (Figure 72) using the following: 1795 o CEK (Figure 74); 1797 o Initialization vector/nonce (Figure 75); and 1799 o JWE Protected Header (Figure 77) as authenticated data 1801 produces the following: 1803 o Ciphertext from Figure 79. 1805 o Authentication tag from Figure 80. 1807 0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_r 1808 aa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8O 1809 WzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZV 1810 yeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0 1811 zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2 1812 O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VW 1813 i7lzA6BP430m 1815 Figure 79: Ciphertext, base64url-encoded 1817 kvKuFBXHe5mQr4lqgobAUg 1819 Figure 80: Authentication Tag, base64url-encoded 1821 5.1.5. Output Results 1823 The following compose the resulting JWE object: 1825 o JWE Protected Header (Figure 78). 1827 o Encrypted Key (Figure 76). 1829 o Initialization vector/nonce (Figure 75). 1831 o Ciphertext (Figure 79). 1833 o Authentication Tag (Figure 80). 1835 The resulting JWE object using the Compact serialization: 1837 eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm 1838 V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0 1839 . 1840 laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePF 1841 vG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2G 1842 Xfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcG 1843 TSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8Vl 1844 zNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOh 1845 MBs9M8XL223Fg47xlGsMXdfuY-4jaqVw 1846 . 1847 bbd5sTkYwhAIqfHsx8DayA 1848 . 1849 0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_r 1850 aa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8O 1851 WzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZV 1852 yeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0 1853 zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2 1854 O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VW 1855 i7lzA6BP430m 1856 . 1857 kvKuFBXHe5mQr4lqgobAUg 1859 Figure 81: Compact Serialization 1861 The resulting JWE object using the JSON General Serialization: 1863 { 1864 "recipients": [ 1865 { 1866 "encrypted_key": "laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzf 1867 TihJBuuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai_ 1868 _3TDON395H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WX 1869 C2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt 1870 36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8 1871 VlzNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx 1872 1BpyIfgvfjOhMBs9M8XL223Fg47xlGsMXdfuY-4jaqVw" 1873 } 1874 ], 1875 "protected": "eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW 1876 5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In 1877 0", 1878 "iv": "bbd5sTkYwhAIqfHsx8DayA", 1879 "ciphertext": "0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62 1880 JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wn 1881 I3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc 1882 2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtm 1883 RdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0y 1884 KVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4c 1885 tHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP4 1886 30m", 1887 "tag": "kvKuFBXHe5mQr4lqgobAUg" 1888 } 1890 Figure 82: JSON General Serialization 1892 The resulting JWE object using the JSON Flattened Serialization: 1894 { 1895 "protected": "eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW 1896 5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In 1897 0", 1898 "encrypted_key": "laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJ 1899 Buuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai__3TDON39 1900 5H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WXC2F5Xbb71ClQ 1901 1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt36r1Kt3OSj7EyBQX 1902 oZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8VlzNmoxaGMny3YnGir5W 1903 f6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOhMBs9M8XL223F 1904 g47xlGsMXdfuY-4jaqVw", 1905 "iv": "bbd5sTkYwhAIqfHsx8DayA", 1906 "ciphertext": "0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62 1907 JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wn 1908 I3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc 1909 2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtm 1910 RdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0y 1911 KVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4c 1912 tHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP4 1913 30m", 1914 "tag": "kvKuFBXHe5mQr4lqgobAUg" 1915 } 1917 Figure 83: JSON Flattened Serialization 1919 5.2. Key Encryption using RSA-OAEP with AES-GCM 1921 This example illustrates encrypting content using the "RSA-OAEP" 1922 (RSAES-OAEP) key encryption algorithm and the "A256GCM" (AES-GCM) 1923 content encryption algorithm. 1925 Note that RSAES-OAEP uses random data to generate the ciphertext; it 1926 might not be possible to exactly replicate the results in this 1927 section. 1929 Note that only the RSA public key is necessary to perform the 1930 encryption. However, the example includes the RSA private key to 1931 allow readers to validate the output. 1933 Note that whitespace is added for readability as described in 1934 Section 1.1. 1936 5.2.1. Input Factors 1938 The following are supplied before beginning the encryption process: 1940 o Plaintext content; this example uses the plaintext from Figure 72. 1942 o RSA public key; this example uses the key from Figure 84. 1944 o "alg" parameter of "RSA-OAEP" 1946 o "enc" parameter of "A256GCM" 1948 { 1949 "kty": "RSA", 1950 "kid": "samwise.gamgee@hobbiton.example", 1951 "use": "enc", 1952 "n": "wbdxI55VaanZXPY29Lg5hdmv2XhvqAhoxUkanfzf2-5zVUxa6prHRr 1953 I4pP1AhoqJRlZfYtWWd5mmHRG2pAHIlh0ySJ9wi0BioZBl1XP2e-C-Fy 1954 XJGcTy0HdKQWlrfhTm42EW7Vv04r4gfao6uxjLGwfpGrZLarohiWCPnk 1955 Nrg71S2CuNZSQBIPGjXfkmIy2tl_VWgGnL22GplyXj5YlBLdxXp3XeSt 1956 sqo571utNfoUTU8E4qdzJ3U1DItoVkPGsMwlmmnJiwA7sXRItBCivR4M 1957 5qnZtdw-7v4WuR4779ubDuJ5nalMv2S66-RPcnFAzWSKxtBDnFJJDGIU 1958 e7Tzizjg1nms0Xq_yPub_UOlWn0ec85FCft1hACpWG8schrOBeNqHBOD 1959 FskYpUc2LC5JA2TaPF2dA67dg1TTsC_FupfQ2kNGcE1LgprxKHcVWYQb 1960 86B-HozjHZcqtauBzFNV5tbTuB-TpkcvJfNcFLlH3b8mb-H_ox35FjqB 1961 SAjLKyoeqfKTpVjvXhd09knwgJf6VKq6UC418_TOljMVfFTWXUxlnfhO 1962 OnzW6HSSzD1c9WrCuVzsUMv54szidQ9wf1cYWf3g5qFDxDQKis99gcDa 1963 iCAwM3yEBIzuNeeCa5dartHDb1xEB_HcHSeYbghbMjGfasvKn0aZRsnT 1964 yC0xhWBlsolZE", 1965 "e": "AQAB", 1966 "alg": "RSA-OAEP", 1967 "d": "n7fzJc3_WG59VEOBTkayzuSMM780OJQuZjN_KbH8lOZG25ZoA7T4Bx 1968 cc0xQn5oZE5uSCIwg91oCt0JvxPcpmqzaJZg1nirjcWZ-oBtVk7gCAWq 1969 -B3qhfF3izlbkosrzjHajIcY33HBhsy4_WerrXg4MDNE4HYojy68TcxT 1970 2LYQRxUOCf5TtJXvM8olexlSGtVnQnDRutxEUCwiewfmmrfveEogLx9E 1971 A-KMgAjTiISXxqIXQhWUQX1G7v_mV_Hr2YuImYcNcHkRvp9E7ook0876 1972 DhkO8v4UOZLwA1OlUX98mkoqwc58A_Y2lBYbVx1_s5lpPsEqbbH-nqIj 1973 h1fL0gdNfihLxnclWtW7pCztLnImZAyeCWAG7ZIfv-Rn9fLIv9jZ6r7r 1974 -MSH9sqbuziHN2grGjD_jfRluMHa0l84fFKl6bcqN1JWxPVhzNZo01yD 1975 F-1LiQnqUYSepPf6X3a2SOdkqBRiquE6EvLuSYIDpJq3jDIsgoL8Mo1L 1976 oomgiJxUwL_GWEOGu28gplyzm-9Q0U0nyhEf1uhSR8aJAQWAiFImWH5W 1977 _IQT9I7-yrindr_2fWQ_i1UgMsGzA7aOGzZfPljRy6z-tY_KuBG00-28 1978 S_aWvjyUc-Alp8AUyKjBZ-7CWH32fGWK48j1t-zomrwjL_mnhsPbGs0c 1979 9WsWgRzI-K8gE", 1980 "p": "7_2v3OQZzlPFcHyYfLABQ3XP85Es4hCdwCkbDeltaUXgVy9l9etKgh 1981 vM4hRkOvbb01kYVuLFmxIkCDtpi-zLCYAdXKrAK3PtSbtzld_XZ9nlsY 1982 a_QZWpXB_IrtFjVfdKUdMz94pHUhFGFj7nr6NNxfpiHSHWFE1zD_AC3m 1983 Y46J961Y2LRnreVwAGNw53p07Db8yD_92pDa97vqcZOdgtybH9q6uma- 1984 RFNhO1AoiJhYZj69hjmMRXx-x56HO9cnXNbmzNSCFCKnQmn4GQLmRj9s 1985 fbZRqL94bbtE4_e0Zrpo8RNo8vxRLqQNwIy85fc6BRgBJomt8QdQvIgP 1986 gWCv5HoQ", 1987 "q": "zqOHk1P6WN_rHuM7ZF1cXH0x6RuOHq67WuHiSknqQeefGBA9PWs6Zy 1988 KQCO-O6mKXtcgE8_Q_hA2kMRcKOcvHil1hqMCNSXlflM7WPRPZu2qCDc 1989 qssd_uMbP-DqYthH_EzwL9KnYoH7JQFxxmcv5An8oXUtTwk4knKjkIYG 1990 RuUwfQTus0w1NfjFAyxOOiAQ37ussIcE6C6ZSsM3n41UlbJ7TCqewzVJ 1991 aPJN5cxjySPZPD3Vp01a9YgAD6a3IIaKJdIxJS1ImnfPevSJQBE79-EX 1992 e2kSwVgOzvt-gsmM29QQ8veHy4uAqca5dZzMs7hkkHtw1z0jHV90epQJ 1993 JlXXnH8Q", 1994 "dp": "19oDkBh1AXelMIxQFm2zZTqUhAzCIr4xNIGEPNoDt1jK83_FJA-xn 1995 x5kA7-1erdHdms_Ef67HsONNv5A60JaR7w8LHnDiBGnjdaUmmuO8XAxQ 1996 J_ia5mxjxNjS6E2yD44USo2JmHvzeeNczq25elqbTPLhUpGo1IZuG72F 1997 ZQ5gTjXoTXC2-xtCDEUZfaUNh4IeAipfLugbpe0JAFlFfrTDAMUFpC3i 1998 XjxqzbEanflwPvj6V9iDSgjj8SozSM0dLtxvu0LIeIQAeEgT_yXcrKGm 1999 pKdSO08kLBx8VUjkbv_3Pn20Gyu2YEuwpFlM_H1NikuxJNKFGmnAq9Lc 2000 nwwT0jvoQ", 2001 "dq": "S6p59KrlmzGzaQYQM3o0XfHCGvfqHLYjCO557HYQf72O9kLMCfd_1 2002 VBEqeD-1jjwELKDjck8kOBl5UvohK1oDfSP1DleAy-cnmL29DqWmhgwM 2003 1ip0CCNmkmsmDSlqkUXDi6sAaZuntyukyflI-qSQ3C_BafPyFaKrt1fg 2004 dyEwYa08pESKwwWisy7KnmoUvaJ3SaHmohFS78TJ25cfc10wZ9hQNOrI 2005 ChZlkiOdFCtxDqdmCqNacnhgE3bZQjGp3n83ODSz9zwJcSUvODlXBPc2 2006 AycH6Ci5yjbxt4Ppox_5pjm6xnQkiPgj01GpsUssMmBN7iHVsrE7N2iz 2007 nBNCeOUIQ", 2008 "qi": "FZhClBMywVVjnuUud-05qd5CYU0dK79akAgy9oX6RX6I3IIIPckCc 2009 iRrokxglZn-omAY5CnCe4KdrnjFOT5YUZE7G_Pg44XgCXaarLQf4hl80 2010 oPEf6-jJ5Iy6wPRx7G2e8qLxnh9cOdf-kRqgOS3F48Ucvw3ma5V6KGMw 2011 QqWFeV31XtZ8l5cVI-I3NzBS7qltpUVgz2Ju021eyc7IlqgzR98qKONl 2012 27DuEES0aK0WE97jnsyO27Yp88Wa2RiBrEocM89QZI1seJiGDizHRUP4 2013 UZxw9zsXww46wy0P6f9grnYp7t8LkyDDk8eoI4KX6SNMNVcyVS9IWjlq 2014 8EzqZEKIA" 2015 } 2017 Figure 84: RSA 4096-bit Key 2019 (*NOTE*: While the key includes the private parameters, only the 2020 public parameters "e" and "n" are necessary for the encryption 2021 operation.) 2023 5.2.2. Generated Factors 2025 The following are generated before encrypting: 2027 o AES symmetric key as the Content Encryption Key (CEK); this 2028 example uses the key from Figure 85. 2030 o Initialization vector/nonce; this example uses the initialization 2031 vector/nonce from Figure 86. 2033 mYMfsggkTAm0TbvtlFh2hyoXnbEzJQjMxmgLN3d8xXA 2035 Figure 85: Content Encryption Key, base64url-encoded 2037 -nBoKLH0YkLZPSI9 2039 Figure 86: Initialization Vector, base64url-encoded 2041 5.2.3. Encrypting the Key 2043 Performing the key encryption operation over the CEK (Figure 85)) 2044 with the RSA key (Figure 84) produces the following encrypted key: 2046 rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQi 2047 beYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyu 2048 cvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58 2049 -Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8Bpx 2050 KdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pK 2051 IIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7 2052 pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ 2053 fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe3 2054 8UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU 2055 06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5 2056 Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDR 2057 s 2059 Figure 87: Encrypted Key, base64url-encoded 2061 5.2.4. Encrypting the Content 2063 The following are generated before encrypting the plaintext: 2065 o JWE Protected Header; this example uses the the header from 2066 Figure 88, encoded using [RFC4648] base64url to produce Figure 89. 2068 { 2069 "alg": "RSA-OAEP", 2070 "kid": "samwise.gamgee@hobbiton.example", 2071 "enc": "A256GCM" 2072 } 2074 Figure 88: JWE Protected Header JSON 2076 eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG 2077 9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0 2079 Figure 89: JWE Protected Header, base64url-encoded 2081 Performing the content encryption operation over the Plaintext 2082 (Figure 72) with the following: 2084 o CEK (Figure 85); 2085 o Initialization vector/nonce (Figure 86); and 2087 o JWE Protected Header (Figure 89) as authenticated data 2089 produces the following: 2091 o Ciphertext from Figure 90. 2093 o Authentication tag from Figure 91. 2095 o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgR 2096 L-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEw 2097 P7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8 2098 iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML 2099 7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSV 2100 maPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw 2102 Figure 90: Ciphertext, base64url-encoded 2104 UCGiqJxhBI3IFVdPalHHvA 2106 Figure 91: Authentication Tag, base64url-encoded 2108 5.2.5. Output Results 2110 The following compose the resulting JWE object: 2112 o JWE Protected Header (Figure 89) 2114 o Encrypted key (Figure 87) 2116 o Initialization vector/nonce (Figure 86) 2118 o Ciphertext (Figure 90) 2120 o Authentication tag (Figure 91) 2122 The resulting JWE object using the Compact serialization: 2124 eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG 2125 9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0 2126 . 2127 rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQi 2128 beYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyu 2129 cvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58 2130 -Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8Bpx 2131 KdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pK 2132 IIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7 2133 pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ 2134 fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe3 2135 8UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU 2136 06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5 2137 Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDR 2138 s 2139 . 2140 -nBoKLH0YkLZPSI9 2141 . 2142 o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgR 2143 L-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEw 2144 P7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8 2145 iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML 2146 7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSV 2147 maPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw 2148 . 2149 UCGiqJxhBI3IFVdPalHHvA 2151 Figure 92: Compact Serialization 2153 The resulting JWE object using the JSON General Serialization: 2155 { 2156 "recipients": [ 2157 { 2158 "encrypted_key": "rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNu 2159 h7lCiud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-Bb 2160 tsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4 2161 v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzM 2162 uo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8B 2163 pxKdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1 2164 asnuHtVMt2pKIIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq 2165 5pGqFmW2k8zpO878TRlZx7pZfPYDSXZyS0CfKKkMozT_qiCwZTSz 2166 4duYnt8hS4Z9sGthXn9uDqd6wycMagnQfOTs_lycTWmY-aqWVDKh 2167 jYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe38UjQb0lvXn 2168 1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU 2169 06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8a 2170 KaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xD 2171 EdHAVCGRzN3woEI2ozDRs" 2172 } 2173 ], 2174 "protected": "eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2 2175 FtZ2VlQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0", 2176 "iv": "-nBoKLH0YkLZPSI9", 2177 "ciphertext": "o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6 2178 UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYx 2179 rXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lh 2180 hNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz 2181 6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7a 2182 CflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525Dx 2183 DfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw", 2184 "tag": "UCGiqJxhBI3IFVdPalHHvA" 2185 } 2187 Figure 93: JSON General Serialization 2189 The resulting JWE object using the JSON Flattened Serialization: 2191 { 2192 "protected": "eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2 2193 FtZ2VlQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0", 2194 "encrypted_key": "rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lC 2195 iud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2U 2196 sPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4v1zx2k7O1D89 2197 mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzMuo3Fn9buEP2yXakL 2198 XYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8BpxKdUV9ScfJQTcYm6eJE 2199 Bz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pKIIfux5BC6huI 2200 vmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7pZfPYD 2201 SXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ 2202 fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO 2203 2AWBe38UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G 2204 7S2rscw5lQQU06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDP 2205 Tr6Cbo8aKaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ 2206 69xDEdHAVCGRzN3woEI2ozDRs", 2207 "iv": "-nBoKLH0YkLZPSI9", 2208 "ciphertext": "o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6 2209 UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYx 2210 rXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lh 2211 hNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz 2212 6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7a 2213 CflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525Dx 2214 DfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw", 2215 "tag": "UCGiqJxhBI3IFVdPalHHvA" 2216 } 2218 Figure 94: JSON Flattened Serialization 2220 5.3. Key Wrap using PBES2-AES-KeyWrap with AES-CBC-HMAC-SHA2 2222 The example illustrates encrypting content using the 2223 "PBES2-HS512+A256KW" (PBES2 Password-based Encryption using HMAC- 2224 SHA-512 and AES-256-KeyWrap) key encryption algorithm with the 2225 "A128CBC-HS256" (AES-128-CBC-HMAC-SHA-256) content encryption 2226 algorithm. 2228 A common use of password-based encryption is the import/export of 2229 keys. Therefore this example uses a JWK Set for the plaintext 2230 content instead of the plaintext from Figure 72. 2232 Note that if password-based encryption is used for multiple 2233 recipients, it is expected that each recipient use different values 2234 for the PBES2 parameters "p2s" and "p2c". 2236 Note that whitespace is added for readability as described in 2237 Section 1.1. 2239 5.3.1. Input Factors 2241 The following are supplied before beginning the encryption process: 2243 o Plaintext content; this example uses the plaintext from Figure 95 2244 (*NOTE* all whitespace added for readability) 2246 o Password; this example uses the password from Figure 96 - with the 2247 sequence "\xe2\x80\x93" replaced with (U+2013 EN DASH) 2249 o "alg" parameter of "PBES2-HS512+A256KW" 2251 o "enc" parameter of "A128CBC-HS256" 2253 { 2254 "keys": [ 2255 { 2256 "kty": "oct", 2257 "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a", 2258 "use": "enc", 2259 "alg": "A128GCM", 2260 "k": "XctOhJAkA-pD9Lh7ZgW_2A" 2261 }, 2262 { 2263 "kty": "oct", 2264 "kid": "81b20965-8332-43d9-a468-82160ad91ac8", 2265 "use": "enc", 2266 "alg": "A128KW", 2267 "k": "GZy6sIZ6wl9NJOKB-jnmVQ" 2268 }, 2269 { 2270 "kty": "oct", 2271 "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d", 2272 "use": "enc", 2273 "alg": "A256GCMKW", 2274 "k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8" 2275 } 2276 ] 2277 } 2279 Figure 95: Plaintext Content 2281 entrap_o\xe2\x80\x93peter_long\xe2\x80\x93credit_tun 2283 Figure 96: Password 2285 5.3.2. Generated Factors 2287 The following are generated before encrypting: 2289 o AES symmetric key as the Content Encryption Key (CEK); this 2290 example uses the key from Figure 97. 2292 o Initialization vector/nonce; this example uses the initialization 2293 vector/nonce from Figure 98. 2295 uwsjJXaBK407Qaf0_zpcpmr1Cs0CC50hIUEyGNEt3m0 2297 Figure 97: Content Encryption Key, base64url-encoded 2299 VBiCzVHNoLiR3F4V82uoTQ 2301 Figure 98: Initialization Vector, base64url-encoded 2303 5.3.3. Encrypting the Key 2305 The following are generated before encrypting the CEK: 2307 o Salt; this example uses the salt from Figure 99. 2309 o Iteration count; this example uses the iteration count 8192. 2311 8Q1SzinasR3xchYz6ZZcHA 2313 Figure 99: Salt, base64url-encoded 2315 Performing the key encryption operation over the CEK (Figure 97)) 2316 with the following: 2318 o Password (Figure 96); 2320 o Salt (Figure 99), encoded as an octet string; and 2322 o Iteration count (8192) 2324 produces the following encrypted key: 2326 d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g 2328 Figure 100: Encrypted Key, base64url-encoded 2330 5.3.4. Encrypting the Content 2332 The following are generated before encrypting the content: 2334 o JWE Protected Header; this example uses the header from 2335 Figure 101, encoded using [RFC4648] base64url to produce 2336 Figure 102. 2338 { 2339 "alg": "PBES2-HS512+A256KW", 2340 "p2s": "8Q1SzinasR3xchYz6ZZcHA", 2341 "p2c": 8192, 2342 "cty": "jwk-set+json", 2343 "enc": "A128CBC-HS256" 2344 } 2346 Figure 101: JWE Protected Header JSON 2348 eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3 2349 hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJl 2350 bmMiOiJBMTI4Q0JDLUhTMjU2In0 2352 Figure 102: JWE Protected Header, base64url-encoded 2354 Performing the content encryption operation over the Plaintext 2355 (Figure 95) with the the following: 2357 o CEK (Figure 97); 2359 o Initialization vector/nonce (Figure 98); and 2361 o JWE Protected Header (Figure 102) as authenticated data 2363 produces the following: 2365 o Ciphertext from Figure 103. 2367 o Authentication tag from Figure 104. 2369 23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IR 2370 sfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6l 2371 TF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb 2372 6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL 2373 _SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKd 2374 PQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrok 2375 AKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N- 2376 zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V 2377 3kobXZ77ulMwDs4p 2379 Figure 103: Ciphertext, base64url-encoded 2381 0HlwodAhOCILG5SQ2LQ9dg 2383 Figure 104: Authentication Tag, base64url-encoded 2385 5.3.5. Output Results 2387 The following compose the resulting JWE object: 2389 o JWE Protected Header (Figure 102) 2391 o Encrypted key (Figure 100) 2393 o Initialization vector/nonce (Figure 98) 2395 o Ciphertext (Figure 103) 2397 o Authentication tag (Figure 104) 2399 The resulting JWE object using the Compact serialization: 2401 eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3 2402 hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJl 2403 bmMiOiJBMTI4Q0JDLUhTMjU2In0 2404 . 2405 d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g 2406 . 2407 VBiCzVHNoLiR3F4V82uoTQ 2408 . 2409 23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IR 2410 sfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6l 2411 TF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb 2412 6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL 2413 _SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKd 2414 PQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrok 2415 AKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N- 2416 zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V 2417 3kobXZ77ulMwDs4p 2418 . 2419 0HlwodAhOCILG5SQ2LQ9dg 2421 Figure 105: Compact Serialization 2423 The resulting JWE object using the JSON General Serialization: 2425 { 2426 "recipients": [ 2427 { 2428 "encrypted_key": "d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlU 2429 tFPWdgtURtmeDV1g" 2430 } 2431 ], 2432 "protected": "eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOi 2433 I4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOi 2434 Jqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0", 2435 "iv": "VBiCzVHNoLiR3F4V82uoTQ", 2436 "ciphertext": "23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2 2437 nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpD 2438 jEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_ 2439 hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz42 2440 4givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ 2441 7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru 2442 5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUe 2443 RdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5 2444 tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdT 2445 w8V3kobXZ77ulMwDs4p", 2446 "tag": "0HlwodAhOCILG5SQ2LQ9dg" 2447 } 2449 Figure 106: JSON General Serialization 2451 The resulting JWE object using the JSON Flattened Serialization: 2453 { 2454 "protected": "eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOi 2455 I4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOi 2456 Jqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0", 2457 "encrypted_key": "d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPW 2458 dgtURtmeDV1g", 2459 "iv": "VBiCzVHNoLiR3F4V82uoTQ", 2460 "ciphertext": "23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2 2461 nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpD 2462 jEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_ 2463 hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz42 2464 4givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ 2465 7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru 2466 5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUe 2467 RdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5 2468 tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdT 2469 w8V3kobXZ77ulMwDs4p", 2470 "tag": "0HlwodAhOCILG5SQ2LQ9dg" 2471 } 2473 Figure 107: JSON Flattened Serialization 2475 5.4. Key Agreement with Key Wrapping using ECDH-ES and AES-KeyWrap with 2476 AES-GCM 2478 This example illustrates encrypting content using the "ECDH- 2479 ES+A128KW" (Elliptic Curve Diffie-Hellman Ephemeral-Static with AES- 2480 128-KeyWrap) key encryption algorithm and the "A128GCM" (AES-GCM) 2481 content encryption algorithm. 2483 Note that only the EC public key is necessary to perform the key 2484 agreement. However, the example includes the EC private key to allow 2485 readers to validate the output. 2487 Note that whitespace is added for readability as described in 2488 Section 1.1. 2490 5.4.1. Input Factors 2492 The following are supplied before beginning the encryption process: 2494 o Plaintext content; this example uses the content from Figure 72 2496 o EC public key; this example uses the public key from Figure 108 2498 o "alg" parameter of "ECDH-ES+A128KW" 2500 o "enc" parameter of "A128GCM" 2501 { 2502 "kty": "EC", 2503 "kid": "peregrin.took@tuckborough.example", 2504 "use": "enc", 2505 "crv": "P-384", 2506 "x": "YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGaQL 2507 pe2FpxBmu2", 2508 "y": "A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D5- 2509 SkgaFL1ETP", 2510 "d": "iTx2pk7wW-GqJkHcEkFQb2EFyYcO7RugmaW3mRrQVAOUiPommT0Idn 2511 YK2xDlZh-j" 2512 } 2514 Figure 108: Elliptic Curve P-384 Key, in JWK format 2516 (*NOTE*: While the key includes the private parameters, only the 2517 public parameters "crv", "x", and "y" are necessary for the 2518 encryption operation.) 2520 5.4.2. Generated Factors 2522 The following are generated before encrypting: 2524 o Symmetric AES key as the Content Encryption Key (CEK); this 2525 example uses the key from Figure 109. 2527 o Initialization vector/nonce; this example uses the initialization 2528 vector/nonce from Figure 110 2530 Nou2ueKlP70ZXDbq9UrRwg 2532 Figure 109: Content Encryption Key, base64url-encoded 2534 mH-G2zVqgztUtnW_ 2536 Figure 110: Initialization Vector, base64url-encoded 2538 5.4.3. Encrypting the Key 2540 To encrypt the Content Encryption Key, the following are generated: 2542 o Ephemeral EC private key on the same curve as the EC public key; 2543 this example uses the private key from Figure 111. 2545 { 2546 "kty": "EC", 2547 "crv": "P-384", 2548 "x": "uBo4kHPw6kbjx5l0xowrd_oYzBmaz-GKFZu4xAFFkbYiWgutEK6iuE 2549 DsQ6wNdNg3", 2550 "y": "sp3p5SGhZVC2faXumI-e9JU2Mo8KpoYrFDr5yPNVtW4PgEwZOyQTA- 2551 JdaY8tb7E0", 2552 "d": "D5H4Y_5PSKZvhfVFbcCYJOtcGZygRgfZkpsBr59Icmmhe9sW6nkZ8W 2553 fwhinUfWJg" 2554 } 2556 Figure 111: Ephemeral Elliptic Curve P-384 Key, in JWK format 2558 Performing the key encryption operation over the CEK (Figure 109) 2559 with the following: 2561 o The static Elliptic Curve public key (Figure 108); and 2563 o The ephemeral Elliptic Curve private key (Figure 111); 2565 produces the following JWE encrypted key: 2567 0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2 2569 Figure 112: Encrypted Key, base64url-encoded 2571 5.4.4. Encrypting the Content 2573 The following are generated before encrypting the content: 2575 o JWE Protected Header; this example uses the header from 2576 Figure 113, encoded to [RFC4648] base64url as Figure 114. 2578 { 2579 "alg": "ECDH-ES+A128KW", 2580 "kid": "peregrin.took@tuckborough.example", 2581 "epk": { 2582 "kty": "EC", 2583 "crv": "P-384", 2584 "x": "uBo4kHPw6kbjx5l0xowrd_oYzBmaz-GKFZu4xAFFkbYiWgutEK6i 2585 uEDsQ6wNdNg3", 2586 "y": "sp3p5SGhZVC2faXumI-e9JU2Mo8KpoYrFDr5yPNVtW4PgEwZOyQT 2587 A-JdaY8tb7E0" 2588 }, 2589 "enc": "A128GCM" 2590 } 2592 Figure 113: JWE Protected Header JSON 2594 eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdH 2595 Vja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAt 2596 Mzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NH 2597 hBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMy 2598 ZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWT 2599 h0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0 2601 Figure 114: JWE Protected Header, base64url-encoded 2603 Performing the content encryption operation on the Plaintext 2604 (Figure 72) using the following: 2606 o CEK (Figure 109); 2608 o Initialization vector/nonce (Figure 110); and 2610 o JWE Protected Header (Figure 114) as authenticated data 2612 produces the following: 2614 o Ciphertext from Figure 115. 2616 o Authentication tag from Figure 116. 2618 tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cP 2619 WJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0 2620 IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkc 2621 Y9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w0 2622 3XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu 2623 07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ 2625 Figure 115: Ciphertext, base64url-encoded 2627 WuGzxmcreYjpHGJoa17EBg 2629 Figure 116: Authentication Tag, base64url-encoded 2631 5.4.5. Output Results 2633 The following compose the resulting JWE object: 2635 o JWE Protected Header (Figure 114) 2637 o Encrypted key (Figure 112) 2639 o Initialization vector/nonce (Figure 110) 2641 o Ciphertext (Figure 115) 2642 o Authentication tag (Figure 116) 2644 The resulting JWE object using the Compact serialization: 2646 eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdH 2647 Vja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAt 2648 Mzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NH 2649 hBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMy 2650 ZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWT 2651 h0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0 2652 . 2653 0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2 2654 . 2655 mH-G2zVqgztUtnW_ 2656 . 2657 tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cP 2658 WJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0 2659 IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkc 2660 Y9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w0 2661 3XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu 2662 07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ 2663 . 2664 WuGzxmcreYjpHGJoa17EBg 2666 Figure 117: Compact Serialization 2668 The resulting JWE object using the JSON General Serialization: 2670 { 2671 "recipients": [ 2672 { 2673 "encrypted_key": "0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2" 2674 } 2675 ], 2676 "protected": "eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcm 2677 VncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdH 2678 kiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bD 2679 B4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUT 2680 Z3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3 2681 BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbm 2682 MiOiJBMTI4R0NNIn0", 2683 "iv": "mH-G2zVqgztUtnW_", 2684 "ciphertext": "tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz 2685 5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzs 2686 XaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05 2687 jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93Y 2688 cdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkU 2689 ZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVn 2690 tRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ", 2691 "tag": "WuGzxmcreYjpHGJoa17EBg" 2692 } 2694 Figure 118: JSON General Serialization 2696 The resulting JWE object using the JSON Flattened Serialization: 2698 { 2699 "protected": "eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcm 2700 VncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdH 2701 kiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bD 2702 B4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUT 2703 Z3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3 2704 BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbm 2705 MiOiJBMTI4R0NNIn0", 2706 "encrypted_key": "0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2", 2707 "iv": "mH-G2zVqgztUtnW_", 2708 "ciphertext": "tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz 2709 5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzs 2710 XaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05 2711 jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93Y 2712 cdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkU 2713 ZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVn 2714 tRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ", 2715 "tag": "WuGzxmcreYjpHGJoa17EBg" 2716 } 2718 Figure 119: JSON Flattened Serialization 2720 5.5. Key Agreement using ECDH-ES with AES-CBC-HMAC-SHA2 2722 This example illustrates encrypting content using the "ECDH-ES" 2723 (Elliptic Curve Diffie-Hellman Ephemeral-Static) key agreement 2724 algorithm and the "A128CBC-HS256" (AES-128-CBC-HMAC-SHA-256) content 2725 encryption algorithm. 2727 Note that only the EC public key is necessary to perform the key 2728 agreement. However, the example includes the EC private key to allow 2729 readers to validate the output. 2731 Note that whitespace is added for readability as described in 2732 Section 1.1. 2734 5.5.1. Input Factors 2736 The following are supplied before beginning the encryption process: 2738 o Plaintext content; this example uses the content from Figure 72. 2740 o EC public key; this example uses the public key from Figure 120. 2742 o "alg" parameter of "ECDH-ES" 2744 o "enc" parameter of "A128CBC-HS256" 2745 { 2746 "kty": "EC", 2747 "kid": "meriadoc.brandybuck@buckland.example", 2748 "use": "enc", 2749 "crv": "P-256", 2750 "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", 2751 "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", 2752 "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8" 2753 } 2755 Figure 120: Elliptic Curve P-256 Key 2757 (*NOTE*: While the key includes the private parameters, only the 2758 public parameters "crv", "x", and "y" are necessary for the 2759 encryption operation.) 2761 5.5.2. Generated Factors 2763 The following are generated before encrypting: 2765 o Initialization vector/nonce; this examples uses the initialization 2766 vector/nonce from Figure 121. 2768 yc9N8v5sYyv3iGQT926IUg 2770 Figure 121: Initialization Vector, base64url-encoded 2772 *NOTE*: The Content Encryption Key (CEK) is not randomly generated; 2773 instead it is determined using ECDH-ES key agreement. 2775 5.5.3. Key Agreement 2777 The following are generated to agree on a CEK: 2779 o Ephemeral private key; this example uses the private key from 2780 Figure 122. 2782 { 2783 "kty": "EC", 2784 "crv": "P-256", 2785 "x": "mPUKT_bAWGHIhg0TpjjqVsP1rXWQu_vwVOHHtNkdYoA", 2786 "y": "8BQAsImGeAS46fyWw5MhYfGTT0IjBpFw2SS34Dv4Irs", 2787 "d": "AtH35vJsQ9SGjYfOsjUxYXQKrPH3FjZHmEtSKoSN8cM" 2788 } 2790 Figure 122: Ephemeral public key, in JWK format 2792 Performing the ECDH operation using the static EC public key 2793 (Figure 120) over the ephemeral private key Figure 122) produces the 2794 following CEK: 2796 hzHdlfQIAEehb8Hrd_mFRhKsKLEzPfshfXs9l6areCc 2798 Figure 123: Agreed to Content Encryption Key, base64url-encoded 2800 5.5.4. Encrypting the Content 2802 The following are generated before encrypting the content: 2804 o JWE Protected Header; this example uses the header from 2805 Figure 124, encoded to [RFC4648] as Figure 125. 2807 { 2808 "alg": "ECDH-ES", 2809 "kid": "meriadoc.brandybuck@buckland.example", 2810 "epk": { 2811 "kty": "EC", 2812 "crv": "P-256", 2813 "x": "mPUKT_bAWGHIhg0TpjjqVsP1rXWQu_vwVOHHtNkdYoA", 2814 "y": "8BQAsImGeAS46fyWw5MhYfGTT0IjBpFw2SS34Dv4Irs" 2815 }, 2816 "enc": "A128CBC-HS256" 2817 } 2819 Figure 124: JWE Protected Header JSON 2821 eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidW 2822 NrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYi 2823 LCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqanFWc1AxclhXUXVfdndWT0hIdE5rZF 2824 lvQSIsInkiOiI4QlFBc0ltR2VBUzQ2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0 2825 RHY0SXJzIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ 2827 Figure 125: JWE Protected Header, base64url-encoded 2829 Performing the content encryption operation on the Plaintext 2830 (Figure 72) using the following: 2832 o CEK (Figure 123); 2834 o Initialization vector/nonce (Figure 121); and 2836 o JWE Protected Header (Figure 125) as authenticated data 2838 produces the following: 2840 o Ciphertext from Figure 126. 2842 o Authentication tag from Figure 127. 2844 BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9 2845 IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_e 2846 vAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7- 2847 IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI 2848 -sD5PZ3l4NDCCei9XkoIAfsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7 2849 MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ61 2850 95_JGG2m9Csg 2852 Figure 126: Ciphertext, base64url-encoded 2854 WCCkNa-x4BeB9hIDIfFuhg 2856 Figure 127: Authentication Tag, base64url-encoded 2858 5.5.5. Output Results 2860 The following compose the resulting JWE object: 2862 o JWE Protected Header (Figure 114) 2864 o Initialization vector/nonce (Figure 110) 2866 o Ciphertext (Figure 115) 2868 o Authentication tag (Figure 116) 2870 Only the JSON General Serialization is presented because the JSON 2871 Flattened Serialization is identical. 2873 the resulting JWE object using the Compact serialization: 2875 eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidW 2876 NrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYi 2877 LCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqanFWc1AxclhXUXVfdndWT0hIdE5rZF 2878 lvQSIsInkiOiI4QlFBc0ltR2VBUzQ2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0 2879 RHY0SXJzIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ 2880 . 2881 . 2882 yc9N8v5sYyv3iGQT926IUg 2883 . 2884 BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9 2885 IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_e 2886 vAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7- 2887 IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI 2888 -sD5PZ3l4NDCCei9XkoIAfsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7 2889 MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ61 2890 95_JGG2m9Csg 2891 . 2892 WCCkNa-x4BeB9hIDIfFuhg 2894 Figure 128: Compact Serialization 2896 the resulting JWE object using the JSON General Serialization: 2898 { 2899 "protected": "eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYn 2900 JhbmR5YnVja0BidWNrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6Ik 2901 VDIiwiY3J2IjoiUC0yNTYiLCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqan 2902 FWc1AxclhXUXVfdndWT0hIdE5rZFlvQSIsInkiOiI4QlFBc0ltR2VBUz 2903 Q2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0RHY0SXJzIn0sImVuYyI6Ik 2904 ExMjhDQkMtSFMyNTYifQ", 2905 "iv": "yc9N8v5sYyv3iGQT926IUg", 2906 "ciphertext": "BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4O 2907 PKbWE1zSTEFjDfhU9IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEs 2908 DIqAYtskTTmzmzNa-_q4F_evAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolq 2909 ZSF3xGNNkpOMQKF1Cl8i8wjzRli7-IXgyirlKQsbhhqRzkv8IcY6aHl2 2910 4j03C-AR2le1r7URUhArM79BY8soZU0lzwI-sD5PZ3l4NDCCei9XkoIA 2911 fsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7MsFfI_K767G9C9A 2912 zp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ6195_JGG2m9 2913 Csg", 2914 "tag": "WCCkNa-x4BeB9hIDIfFuhg" 2915 } 2917 Figure 129: JSON General Serialization 2919 5.6. Direct Encryption using AES-GCM 2921 This example illustrates encrypting content using a previously 2922 exchanged key directly and the "A128GCM" (AES-GCM) content encryption 2923 algorithm. 2925 Note that whitespace is added for readability as described in 2926 Section 1.1. 2928 5.6.1. Input Factors 2930 The following are supplied before beginning the encryption process: 2932 o Plaintext content; this example uses the content from Figure 72. 2934 o AES symmetric key as the Content Encryption Key (CEK); this 2935 example uses the key from Figure 130. 2937 o "alg" parameter of "dir" 2939 o "enc" parameter of "A128GCM" 2941 { 2942 "kty": "oct", 2943 "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a", 2944 "use": "enc", 2945 "alg": "A128GCM", 2946 "k": "XctOhJAkA-pD9Lh7ZgW_2A" 2947 } 2949 Figure 130: AES 128-bit key, in JWK format 2951 5.6.2. Generated Factors 2953 The following are generated before encrypting: 2955 o Initialization vector/nonce; this example uses the initialization 2956 vector/nonce from Figure 131. 2958 refa467QzzKx6QAB 2960 Figure 131: Initialization Vector, base64url-encoded 2962 5.6.3. Encrypting the Content 2964 The following are generated before encrypting the content: 2966 o JWE Protected Header; this example uses the header from 2967 Figure 132, encoded as [RFC4648] base64url to produce Figure 133. 2969 { 2970 "alg": "dir", 2971 "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a", 2972 "enc": "A128GCM" 2973 } 2975 Figure 132: JWE Protected Header JSON 2977 Encoded as [RFC4648] base64url: 2979 eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MT 2980 diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0 2982 Figure 133: JWE Protected Header, base64url-encoded 2984 Performing the encryption operation on the Plaintext (Figure 72) 2985 using the following: 2987 o CEK (Figure 130); 2989 o Initialization vector/nonce (Figure 131); and 2991 o JWE Protected Header (Figure 133) as authenticated data 2993 produces the following: 2995 o Ciphertext from Figure 134. 2997 o Authentication tag from Figure 135. 2999 JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJoBcW29rHP8yZOZG7Y 3000 hLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zM 3001 DB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_ 3002 BIwCPTjb9o0SbdcdREEMJMyZBH8ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5 3003 g-NJsUPbjk29-s7LJAGb15wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSIn 3004 ZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp 3006 Figure 134: Ciphertext, base64url-encoded 3008 vbb32Xvllea2OtmHAdccRQ 3010 Figure 135: Authentication Tag, base64url-encoded 3012 5.6.4. Output Results 3014 The following compose the resulting JWE object: 3016 o JWE Protected Header (Figure 133) 3018 o Initialization vector/nonce (Figure 131) 3020 o Ciphertext (Figure 134) 3022 o Authentication tag (Figure 135) 3024 Only the JSON General Serialization is presented because the JSON 3025 Flattened Serialization is identical. 3027 The resulting JWE object using the Compact serialization: 3029 eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MT 3030 diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0 3031 . 3032 . 3033 refa467QzzKx6QAB 3034 . 3035 JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJoBcW29rHP8yZOZG7Y 3036 hLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zM 3037 DB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_ 3038 BIwCPTjb9o0SbdcdREEMJMyZBH8ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5 3039 g-NJsUPbjk29-s7LJAGb15wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSIn 3040 ZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp 3041 . 3042 vbb32Xvllea2OtmHAdccRQ 3044 Figure 136: Compact Serialization 3046 The resulting JWE object using the JSON General Serialization: 3048 { 3049 "protected": "eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLT 3050 Q1Y2YtODY3Mi02MTdiNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0", 3051 "iv": "refa467QzzKx6QAB", 3052 "ciphertext": "JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJ 3053 oBcW29rHP8yZOZG7YhLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9 3054 HRUYkshtrMmIUAyGmUnd9zMDB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdc 3055 qMyiBoCO-FBdE-Nceb4h3-FtBP-c_BIwCPTjb9o0SbdcdREEMJMyZBH8 3056 ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5g-NJsUPbjk29-s7LJAGb1 3057 5wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSInZI-wjsY0yu3cT4_ 3058 aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp", 3059 "tag": "vbb32Xvllea2OtmHAdccRQ" 3060 } 3062 Figure 137: JSON General Serialization 3064 5.7. Key Wrap using AES-GCM KeyWrap with AES-CBC-HMAC-SHA2 3066 This example illustrates encrypting content using the "A256GCMKW" 3067 (AES-256-GCM-KeyWrap) key encryption algorithm with the "A128CBC- 3068 HS256" (AES-128-CBC-HMAC-SHA-256) content encryption algorithm. 3070 Note that whitespace is added for readability as described in 3071 Section 1.1. 3073 5.7.1. Input Factors 3075 The following are supplied before beginning the encryption process: 3077 o Plaintext content; this example uses the content from Figure 72. 3079 o AES symmetric key; this example uses the key from Figure 138. 3081 o "alg" parameter of "A256GCMKW" 3083 o "enc" parameter of "A128CBC-HS256" 3085 { 3086 "kty": "oct", 3087 "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d", 3088 "use": "enc", 3089 "alg": "A256GCMKW", 3090 "k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8" 3091 } 3093 Figure 138: AES 256-bit Key 3095 5.7.2. Generated Factors 3097 The following are generated before encrypting: 3099 o AES symmetric key as the Content Encryption Key (CEK); this 3100 example uses the key from Figure 139. 3102 o Initialization vector/nonce for content encryption; this example 3103 uses the initialization vector/nonce from Figure 140. 3105 UWxARpat23nL9ReIj4WG3D1ee9I4r-Mv5QLuFXdy_rE 3107 Figure 139: Content Encryption Key, base64url-encoded 3109 gz6NjyEFNm_vm8Gj6FwoFQ 3111 Figure 140: Initialization Vector, base64url-encoded 3113 5.7.3. Encrypting the Key 3115 The following are generated before encrypting the CEK: 3117 o Initialization vector/nonce for key wrapping; this example uses 3118 the initialization vector/nonce from Figure 141. 3120 KkYT0GX_2jHlfqN_ 3122 Figure 141: Key Wrap Initialization Vector, base64url-encoded 3124 Performing the key encryption operation over the CEK (Figure 139) 3125 with the following: 3127 o AES symmetric key (Figure 138); 3129 o Key wrap initialization vector/nonce (Figure 141); and 3131 o The empty string as authenticated data 3133 produces the following: 3135 o Encrypted Key from Figure 142. 3137 o Key wrap authentication tag from Figure 143. 3139 lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok 3141 Figure 142: Encrypted Key, base64url-encoded 3143 kfPduVQ3T3H6vnewt--ksw 3145 Figure 143: Key Wrap Authentication Tag, base64url-encoded 3147 5.7.4. Encrypting the Content 3149 The following are generated before encrypting the content: 3151 o JWE Protected Header; this example uses the header from 3152 Figure 144, encoded to [RFC4648] base64url as Figure 145. 3154 { 3155 "alg": "A256GCMKW", 3156 "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d", 3157 "tag": "kfPduVQ3T3H6vnewt--ksw", 3158 "iv": "KkYT0GX_2jHlfqN_", 3159 "enc": "A128CBC-HS256" 3160 } 3162 Figure 144: JWE Protected Header JSON 3164 eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYj 3165 IwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3 3166 IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIiwiZW5jIjoiQTEyOENCQy1IUzI1Ni 3167 J9 3169 Figure 145: JWE Protected Header, base64url-encoded 3171 Performing the content encryption operation over the Plaintext 3172 (Figure 72) with the following: 3174 o CEK (Figure 139); 3176 o Initialization vector/nonce (Figure 140); and 3178 o JWE Protected Header (Figure 145) as authenticated data 3180 produces the following: 3182 o Ciphertext from Figure 146. 3184 o Authentication tag from Figure 147. 3186 Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8EqoDZHyFKFBupS8iaE 3187 eVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyWtZKX0gxKdy6HgLvqoGNbZCz 3188 LjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQHLcqAHxy51449xkjZ7ewzZaGV3eFq 3189 hpco8o4DijXaG5_7kp3h2cajRfDgymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hde 3190 b6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0Jtj 3191 xAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR 3192 1B-gxpNk3xWU 3194 Figure 146: Ciphertext, base64url-encoded 3196 DKW7jrb4WaRSNfbXVPlT5g 3198 Figure 147: Authentication Tag, base64url-encoded 3200 5.7.5. Output Results 3202 The following compose the resulting JWE object: 3204 o JWE Protected Header (Figure 145) 3206 o encrypted key (Figure 142) 3208 o Initialization vector/nonce (Figure 140) 3210 o Ciphertext (Figure 146) 3212 o Authentication tag (Figure 147) 3214 The resulting JWE object using the Compact serialization: 3216 eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYj 3217 IwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3 3218 IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIiwiZW5jIjoiQTEyOENCQy1IUzI1Ni 3219 J9 3220 . 3221 lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok 3222 . 3223 gz6NjyEFNm_vm8Gj6FwoFQ 3224 . 3225 Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8EqoDZHyFKFBupS8iaE 3226 eVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyWtZKX0gxKdy6HgLvqoGNbZCz 3227 LjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQHLcqAHxy51449xkjZ7ewzZaGV3eFq 3228 hpco8o4DijXaG5_7kp3h2cajRfDgymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hde 3229 b6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0Jtj 3230 xAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR 3231 1B-gxpNk3xWU 3232 . 3233 DKW7jrb4WaRSNfbXVPlT5g 3235 Figure 148: Compact Serialization 3237 The resulting JWE object using the JSON General Serialization: 3239 { 3240 "recipients": [ 3241 { 3242 "encrypted_key": "lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElL 3243 vYNok" 3244 } 3245 ], 3246 "protected": "eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS 3247 1iZmE5LTRkOTUtYjIwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdV 3248 ZRM1QzSDZ2bmV3dC0ta3N3IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIi 3249 wiZW5jIjoiQTEyOENCQy1IUzI1NiJ9", 3250 "iv": "gz6NjyEFNm_vm8Gj6FwoFQ", 3251 "ciphertext": "Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8E 3252 qoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyW 3253 tZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQ 3254 HLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfD 3255 gymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec 3256 4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7z 3257 zFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3 3258 xWU", 3259 "tag": "DKW7jrb4WaRSNfbXVPlT5g" 3260 } 3262 Figure 149: JSON General Serialization 3264 The resulting JWE object using the JSON Flattened Serialization: 3266 { 3267 "protected": "eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6IktrWVQwR1hfMm 3268 pIbGZxTl8iLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYjIwNS0yYj 3269 RkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3Ii 3270 wiZW5jIjoiQTEyOENCQy1IUzI1NiJ9", 3271 "encrypted_key": "lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNo 3272 k", 3273 "iv": "gz6NjyEFNm_vm8Gj6FwoFQ", 3274 "ciphertext": "Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8E 3275 qoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyW 3276 tZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQ 3277 HLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfD 3278 gymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec 3279 4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7z 3280 zFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3 3281 xWU", 3282 "tag": "NvBveHr_vonkvflfnUrmBQ" 3283 } 3285 Figure 150: JSON Flattened Serialization 3287 5.8. Key Wrap using AES-KeyWrap with AES-GCM 3289 The following example illustrates content encryption using the 3290 "A128KW" (AES-128-KeyWrap) key encryption algorithm and the "A128GCM" 3291 (AES-128-GCM) content encryption algorithm. 3293 Note that whitespace is added for readability as described in 3294 Section 1.1. 3296 5.8.1. Input Factors 3298 The following are supplied before beginning the encryption process: 3300 o Plaintext content; this example uses the content from Figure 72. 3302 o AES symmetric key; this example uses the key from Figure 151. 3304 o "alg" parameter of "A128KW" 3306 o "enc" parameter of "A128GCM" 3307 { 3308 "kty": "oct", 3309 "kid": "81b20965-8332-43d9-a468-82160ad91ac8", 3310 "use": "enc", 3311 "alg": "A128KW", 3312 "k": "GZy6sIZ6wl9NJOKB-jnmVQ" 3313 } 3315 Figure 151: AES 128-Bit Key 3317 5.8.2. Generated Factors 3319 The following are generated before encrypting: 3321 o AES symmetric key as the Content Encryption Key; this example uses 3322 the key from Figure 152. 3324 o Initialization vector/nonce; this example uses the initialization 3325 vector/nonce from Figure 153. 3327 aY5_Ghmk9KxWPBLu_glx1w 3329 Figure 152: Content Encryption Key, base64url-encoded 3331 Qx0pmsDa8KnJc9Jo 3333 Figure 153: Initialization Vector, base64url-encoded 3335 5.8.3. Encrypting the Key 3337 Performing the key encryption operation over the CEK (Figure 152) 3338 with the AES key (Figure 151) produces the following encrypted key: 3340 CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx 3342 Figure 154: Encrypted Key, base64url-encoded 3344 5.8.4. Encrypting the Content 3346 The following are generated before encrypting the content: 3348 o JWE Protected Header; this example uses the header from 3349 Figure 155, encoded to [RFC4648] base64url as Figure 156. 3351 { 3352 "alg": "A128KW", 3353 "kid": "81b20965-8332-43d9-a468-82160ad91ac8", 3354 "enc": "A128GCM" 3355 } 3357 Figure 155: JWE Protected Header JSON 3359 eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC 3360 04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0 3362 Figure 156: JWE Protected Header, base64url-encoded 3364 Performing the content encryption over the Plaintext (Figure 72) with 3365 the following: 3367 o CEK (Figure 152); 3369 o Initialization vector/nonce (Figure 153); and 3371 o JWE Protected Header (Figure 156) as authenticated data 3373 produces the following: 3375 o Ciphertext from Figure 157. 3377 o Authentication tag from Figure 158. 3379 AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD6 3380 1A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfe 3381 F0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8RE 3382 wOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-p 3383 uQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRa 3384 a8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF 3386 Figure 157: Ciphertext, base64url-encoded 3388 And authentication tag: 3390 ER7MWJZ1FBI_NKvn7Zb1Lw 3392 Figure 158: Authentication Tag, base64url-encoded 3394 5.8.5. Output Results 3396 The following compose the resulting JWE object: 3398 o JWE Protected Header (Figure 156) 3399 o encrypted key (Figure 154) 3401 o Initialization vector/nonce (Figure 153) 3403 o Ciphertext (Figure 157) 3405 o Authentication tag (Figure 158) 3407 The resulting JWE object using the Compact serialization: 3409 eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC 3410 04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0 3411 . 3412 CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx 3413 . 3414 Qx0pmsDa8KnJc9Jo 3415 . 3416 AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD6 3417 1A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfe 3418 F0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8RE 3419 wOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-p 3420 uQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRa 3421 a8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF 3422 . 3423 ER7MWJZ1FBI_NKvn7Zb1Lw 3425 Figure 159: Compact Serialization 3427 The resulting JWE object using the JSON General Serialization: 3429 { 3430 "recipients": [ 3431 { 3432 "encrypted_key": "CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx" 3433 } 3434 ], 3435 "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz 3436 MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn 3437 0", 3438 "iv": "Qx0pmsDa8KnJc9Jo", 3439 "ciphertext": "AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1b 3440 TdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGk 3441 d3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiY 3442 SoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7 3443 PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvE 3444 TUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMv 3445 EmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF", 3446 "tag": "ER7MWJZ1FBI_NKvn7Zb1Lw" 3447 } 3449 Figure 160: JSON General Serialization 3451 The resulting JWE object using the JSON Flattened Serialization: 3453 { 3454 "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz 3455 MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn 3456 0", 3457 "encrypted_key": "CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx", 3458 "iv": "Qx0pmsDa8KnJc9Jo", 3459 "ciphertext": "AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1b 3460 TdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGk 3461 d3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiY 3462 SoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7 3463 PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvE 3464 TUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMv 3465 EmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF", 3466 "tag": "ER7MWJZ1FBI_NKvn7Zb1Lw" 3467 } 3469 Figure 161: JSON Flattened Serialization 3471 5.9. Compressed Content 3473 This example illustrates encrypting content that is first compressed. 3474 It reuses the AES key, key encryption algorithm, and content 3475 encryption algorithm from Section 5.8. 3477 Note that whitespace is added for readability as described in 3478 Section 1.1. 3480 5.9.1. Input Factors 3482 The following are supplied before beginning the encryption process: 3484 o Plaintext content; this example uses the content from Figure 72. 3486 o Recipient encryption key; this example uses the key from 3487 Figure 151. 3489 o Key encryption algorithm; this example uses "A128KW". 3491 o Content encryption algorithm; this example uses "A128GCM". 3493 o "zip" parameter as "DEF". 3495 5.9.2. Generated Factors 3497 The following are generated before encrypting: 3499 o Compressed plaintext from the original plaintext content; 3500 compressing Figure 72 using the DEFLATE [RFC1951] algorithm 3501 produces the compressed plaintext from Figure 162. 3503 o AES symmetric key as the Content Encryption Key (CEK); this 3504 example uses the key from Figure 163. 3506 o Initialization vector/nonce; this example uses the initialization 3507 vector/nonce from Figure 164. 3509 bY_BDcIwDEVX-QNU3QEOrIA4pqlDokYxchxVvbEDGzIJbioOSJwc-f___HPjBu 3510 8KVFpVtAplVE1-wZo0YjNZo3C7R5v72pV5f5X382VWjYQpqZKAyjziZOr2B7kQ 3511 PSy6oZIXUnDYbVKN4jNXi2u0yB7t1qSHTjmMODf9QgvrDzfTIQXnyQRuUya4zI 3512 WG3vTOdir0v7BRHFYWq3k1k1A_gSDJqtcBF-GZxw8 3514 Figure 162: Compressed Plaintext, base64url-encoded 3516 hC-MpLZSuwWv8sexS6ydfw 3518 Figure 163: Content Encryption Key, base64url-encoded 3520 p9pUq6XHY0jfEZIl 3522 Figure 164: Initialization Vector, base64url-encoded 3524 5.9.3. Encrypting the Key 3526 Performing the key encryption operation over the CEK (Figure 163) 3527 with the AES key (Figure 151) produces the following encrypted key: 3529 5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi 3531 Figure 165: Encrypted Key, base64url-encoded 3533 5.9.4. Encrypting the Content 3535 The following are generated before encrypting the content: 3537 o JWE Protected Header; this example uses the header from 3538 Figure 166, encoded as [RFC4648] base64url as Figure 167. 3540 { 3541 "alg": "A128KW", 3542 "kid": "81b20965-8332-43d9-a468-82160ad91ac8", 3543 "enc": "A128GCM", 3544 "zip": "DEF" 3545 } 3547 Figure 166: JWE Protected Header JSON 3549 eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC 3550 04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0 3552 Figure 167: JWE Protected Header, base64url-encoded 3554 Performing the content encryption operation over the compressed 3555 Plaintext (Figure 162, encoded as an octet string) with the 3556 following: 3558 o CEK (Figure 163); 3560 o Initialization vector/nonce (Figure 164); and 3562 o JWE Protected Header (Figure 167) as authenticated data 3564 produces the following: 3566 o Ciphertext from Figure 168. 3568 o Authentication tag from Figure 169. 3570 HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6VB8hry57tDZ61jXyez 3571 SPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0 3572 m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDHj0aBMG6152PsM-w5E_o2B3jDbrYBK 3573 hpYA7qi3AyijnCJ7BP9rr3U8kxExCpG3mK420TjOw 3575 Figure 168: Ciphertext, base64url-encoded 3577 And authentication tag: 3579 VILuUwuIxaLVmh5X-T7kmA 3581 Figure 169: Authentication Tag, base64url-encoded 3583 5.9.5. Output Results 3585 The following compose the resulting JWE object: 3587 o JWE Protected Header (Figure 167) 3589 o encrypted key (Figure 165) 3591 o Initialization vector/nonce (Figure 164) 3593 o Ciphertext (Figure 168) 3595 o Authentication tag (Figure 169) 3597 The resulting JWE object using the Compact serialization: 3599 eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC 3600 04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0 3601 . 3602 5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi 3603 . 3604 p9pUq6XHY0jfEZIl 3605 . 3606 HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6VB8hry57tDZ61jXyez 3607 SPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0 3608 m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDHj0aBMG6152PsM-w5E_o2B3jDbrYBK 3609 hpYA7qi3AyijnCJ7BP9rr3U8kxExCpG3mK420TjOw 3610 . 3611 VILuUwuIxaLVmh5X-T7kmA 3613 Figure 170: Compact Serialization 3615 The resulting JWE object using the JSON General Serialization: 3617 { 3618 "recipients": [ 3619 { 3620 "encrypted_key": "5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi" 3621 } 3622 ], 3623 "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz 3624 MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIi 3625 wiemlwIjoiREVGIn0", 3626 "iv": "p9pUq6XHY0jfEZIl", 3627 "ciphertext": "HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6V 3628 B8hry57tDZ61jXyezSPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWG 3629 ml8blyiMQmOn9J--XhhlYg0m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDH 3630 j0aBMG6152PsM-w5E_o2B3jDbrYBKhpYA7qi3AyijnCJ7BP9rr3U8kxE 3631 xCpG3mK420TjOw", 3632 "tag": "VILuUwuIxaLVmh5X-T7kmA" 3633 } 3635 Figure 171: JSON General Serialization 3637 The resulting JWE object using the JSON Flattened Serialization: 3639 { 3640 "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz 3641 MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIi 3642 wiemlwIjoiREVGIn0", 3643 "encrypted_key": "5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi", 3644 "iv": "p9pUq6XHY0jfEZIl", 3645 "ciphertext": "HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6V 3646 B8hry57tDZ61jXyezSPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWG 3647 ml8blyiMQmOn9J--XhhlYg0m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDH 3648 j0aBMG6152PsM-w5E_o2B3jDbrYBKhpYA7qi3AyijnCJ7BP9rr3U8kxE 3649 xCpG3mK420TjOw", 3650 "tag": "VILuUwuIxaLVmh5X-T7kmA" 3651 } 3653 Figure 172: JSON Flattened Serialization 3655 5.10. Including Additional Authenticated Data 3657 This example illustrates encrypting content that includes additional 3658 authenticated data. As this example includes an additional top-level 3659 property not present in the Compact serialization, only the JSON 3660 serialization is possible. 3662 Note that whitespace is added for readability as described in 3663 Section 1.1. 3665 5.10.1. Input Factors 3667 The following are supplied before beginning the encryption process: 3669 o Plaintext content; this example uses the content from Figure 72. 3671 o Recipient encryption key; this example uses the key from 3672 Figure 151. 3674 o Key encryption algorithm; this example uses "A128KW". 3676 o Content encryption algorithm; this example uses "A128GCM". 3678 o Additional authenticated data; this example uses a [RFC7095] vCard 3679 from Figure 173, serialized to UTF-8. 3681 [ 3682 "vcard", 3683 [ 3684 [ "version", {}, "text", "4.0" ], 3685 [ "fn", {}, "text", "Meriadoc Brandybuck" ], 3686 [ "n", {}, 3687 "text", [ 3688 "Brandybuck", "Meriadoc", "Mr.", "" 3689 ] 3690 ], 3691 [ "bday", {}, "text", "TA 2982" ], 3692 [ "gender", {}, "text", "M" ] 3693 ] 3694 ] 3696 Figure 173: Additional Authenticated Data, in JSON format 3698 *NOTE* whitespace between JSON values added for readability. 3700 5.10.2. Generated Factors 3702 The following are generated before encrypting: 3704 o AES symmetric key as the Content Encryption Key (CEK); this 3705 example uses the key from Figure 174. 3707 o Initialization vector/nonce; this example uses the initialization 3708 vector/nonce from Figure 175. 3710 o Encoded additional authenticated data (AAD); this example uses the 3711 additional authenticated data from Figure 173, encoded to 3712 [RFC4648] base64url as Figure 176. 3714 75m1ALsYv10pZTKPWrsqdg 3716 Figure 174: Content Encryption Key, base64url-encoded 3718 veCx9ece2orS7c_N 3720 Figure 175: Initialization Vector, base64url-encoded 3722 WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuIix7fS 3723 widGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4iLHt9LCJ0ZXh0Iixb 3724 IkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbImJkYXkiLHt9LC 3725 J0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV4dCIsIk0iXV1d 3727 Figure 176: Additional Authenticated Data, base64url-encoded 3729 5.10.3. Encrypting the Key 3731 Performing the key encryption operation over the CEK (Figure 174) 3732 with the AES key (Figure 151) produces the following encrypted key: 3734 4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X 3736 Figure 177: Encrypted Key, base64url-encoded 3738 5.10.4. Encrypting the Content 3740 The following are generated before encrypting the content: 3742 o JWE Protected Header; this example uses the header from 3743 Figure 178, encoded to [RFC4648] base64url as Figure 179. 3745 { 3746 "alg": "A128KW", 3747 "kid": "81b20965-8332-43d9-a468-82160ad91ac8", 3748 "enc": "A128GCM" 3749 } 3751 Figure 178: JWE Protected Header JSON 3753 eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC 3754 04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0 3756 Figure 179: JWE Protected Header, base64url-encoded 3758 Performing the content encryption operation over the Plaintext with 3759 the following: 3761 o CEK (Figure 174); 3762 o Initialization vector/nonce (Figure 175); and 3764 o Concatenation of the JWE Protected Header (Figure 179), ".", and 3765 the [RFC4648] base64url encoding of Figure 173 as authenticated 3766 data 3768 produces the following: 3770 o Ciphertext from Figure 180. 3772 o Authentication tag from Figure 181. 3774 Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0Ui8p74SchQP8xygM1 3775 oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14T_4NFqF-p2Mx8zkbKxI7oPK 3776 8KNarFbyxIDvICNqBLba-v3uzXBdB89fzOI-Lv4PjOFAQGHrgv1rjXAmKbgkft 3777 9cB4WeyZw8MldbBhc-V_KWZslrsLNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4a 3778 q3FXBxOxCys35PhCdaggy2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHr 3779 RDQeHyMRoBljoV3X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV 3781 Figure 180: Ciphertext, base64url-encoded 3783 vOaH_Rajnpy_3hOtqvZHRA 3785 Figure 181: Authentication Tag, base64url-encoded 3787 5.10.5. Output Results 3789 The following compose the resulting JWE object: 3791 o JWE Protected Header (Figure 179) 3793 o encrypted key (Figure 177) 3795 o Initialization vector/nonce (Figure 175) 3797 o Additional authenticated data (Figure 176) 3799 o Ciphertext (Figure 180) 3801 o Authentication tag (Figure 181) 3803 The Compact Serialization is not presented because it does not 3804 support this use case. 3806 The resulting JWE object using the JSON General Serialization: 3808 { 3809 "recipients": [ 3810 { 3811 "encrypted_key": "4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X" 3812 } 3813 ], 3814 "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz 3815 MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn 3816 0", 3817 "iv": "veCx9ece2orS7c_N", 3818 "aad": "WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxb 3819 ImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4i 3820 LHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIs 3821 IiJdXSxbImJkYXkiLHt9LCJ0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVy 3822 Iix7fSwidGV4dCIsIk0iXV1d", 3823 "ciphertext": "Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0 3824 Ui8p74SchQP8xygM1oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14 3825 T_4NFqF-p2Mx8zkbKxI7oPK8KNarFbyxIDvICNqBLba-v3uzXBdB89fz 3826 OI-Lv4PjOFAQGHrgv1rjXAmKbgkft9cB4WeyZw8MldbBhc-V_KWZslrs 3827 LNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4aq3FXBxOxCys35PhCdaggy 3828 2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHrRDQeHyMRoBljoV3 3829 X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV", 3830 "tag": "vOaH_Rajnpy_3hOtqvZHRA" 3831 } 3833 Figure 182: JSON General Serialization 3835 The resulting JWE object using the JSON Flattened Serialization: 3837 { 3838 "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz 3839 MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn 3840 0", 3841 "encrypted_key": "4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X", 3842 "aad": "WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxb 3843 ImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4i 3844 LHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIs 3845 IiJdXSxbImJkYXkiLHt9LCJ0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVy 3846 Iix7fSwidGV4dCIsIk0iXV1d", 3847 "iv": "veCx9ece2orS7c_N", 3848 "ciphertext": "Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0 3849 Ui8p74SchQP8xygM1oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14 3850 T_4NFqF-p2Mx8zkbKxI7oPK8KNarFbyxIDvICNqBLba-v3uzXBdB89fz 3851 OI-Lv4PjOFAQGHrgv1rjXAmKbgkft9cB4WeyZw8MldbBhc-V_KWZslrs 3852 LNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4aq3FXBxOxCys35PhCdaggy 3853 2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHrRDQeHyMRoBljoV3 3854 X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV", 3855 "tag": "vOaH_Rajnpy_3hOtqvZHRA" 3856 } 3858 Figure 183: JSON Flattened Serialization 3860 5.11. Protecting Specific Header Fields 3862 This example illustrates encrypting content where only certain JOSE 3863 header parameters are protected. As this example includes parameters 3864 in the JWE Shared Unprotected Header, only the JSON General 3865 Serialization and JSON Flattened Serialization are possible. 3867 Note that whitespace is added for readability as described in 3868 Section 1.1. 3870 5.11.1. Input Factors 3872 The following are supplied before beginning the encryption process: 3874 o Plaintext content; this example uses the content from Figure 72. 3876 o Recipient encryption key; this example uses the key from 3877 Figure 151. 3879 o Key encryption algorithm; this example uses "A128KW". 3881 o Content encryption algorithm; this example uses "A128GCM". 3883 5.11.2. Generated Factors 3885 The following are generated before encrypting: 3887 o AES symmetric key as the Content Encryption Key (CEK); this 3888 example uses the key from Figure 184. 3890 o Initialization vector/nonce; this example uses the initialization 3891 vector/nonce from Figure 185. 3893 WDgEptBmQs9ouUvArz6x6g 3895 Figure 184: Content Encryption Key, base64url-encoded 3897 WgEJsDS9bkoXQ3nR 3899 Figure 185: Initialization Vector, base64url-encoded 3901 5.11.3. Encrypting the Key 3903 Performing the key encryption operation over the CEK (Figure 184) 3904 with the AES key (Figure 151) produces the following encrypted key: 3906 jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H 3908 Figure 186: Encrypted Key, base64url-encoded 3910 5.11.4. Encrypting the Content 3912 The following are generated before encrypting the content: 3914 o JWE Protected Header; this example uses the header from 3915 Figure 187, encoded to [RFC4648] base64url as Figure 188. 3917 { 3918 "enc": "A128GCM" 3919 } 3921 Figure 187: JWE Protected Header JSON 3923 eyJlbmMiOiJBMTI4R0NNIn0 3925 Figure 188: JWE Protected Header, base64url-encoded 3927 Performing the content encryption operation over the Plaintext with 3928 the following: 3930 o CEK (Figure 184); 3931 o Initialization vector/nonce (Figure 185); and 3933 o JWE Protected Header (Figure 188) as authenticated data 3935 produces the following: 3937 o Ciphertext from Figure 189. 3939 o Authentication tag from Figure 190. 3941 lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2DM3swKkjOwQyZtWsFL 3942 YMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9OCCJ1IHAolUv4MyOt80MoPb8 3943 fZYbNKqplzYJgIL58g8N2v46OgyG637d6uuKPwhAnTGm_zWhqc_srOvgiLkzyF 3944 XPq1hBAURbc3-8BqeRb48iR1-_5g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nO 3945 WL4teUPS8yHLbWeL83olU4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWL 3946 Hs1NqBbre0dEwK3HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf 3948 Figure 189: Ciphertext, base64url-encoded 3950 fNYLqpUe84KD45lvDiaBAQ 3952 Figure 190: Authentication Tag, base64url-encoded 3954 5.11.5. Output Results 3956 The following compose the resulting JWE object: 3958 o JWE Shared Unprotected Header (Figure 191) 3960 o JWE Protected Header (Figure 188) 3962 o encrypted key (Figure 186) 3964 o Initialization vector/nonce (Figure 185) 3966 o Ciphertext (Figure 189) 3968 o Authentication tag (Figure 190) 3970 The Compact Serialization is not presented because it does not 3971 support this use case. 3973 The following JWE Shared Unprotected Header is generated before 3974 assembling the output results: 3976 { 3977 "alg": "A128KW", 3978 "kid": "81b20965-8332-43d9-a468-82160ad91ac8" 3979 } 3981 Figure 191: JWE Shared Unprotected Header JSON 3983 The resulting JWE object using the JSON General Serialization: 3985 { 3986 "recipients": [ 3987 { 3988 "encrypted_key": "jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H" 3989 } 3990 ], 3991 "unprotected": { 3992 "alg": "A128KW", 3993 "kid": "81b20965-8332-43d9-a468-82160ad91ac8" 3994 }, 3995 "protected": "eyJlbmMiOiJBMTI4R0NNIn0", 3996 "iv": "WgEJsDS9bkoXQ3nR", 3997 "ciphertext": "lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2D 3998 M3swKkjOwQyZtWsFLYMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9O 3999 CCJ1IHAolUv4MyOt80MoPb8fZYbNKqplzYJgIL58g8N2v46OgyG637d6 4000 uuKPwhAnTGm_zWhqc_srOvgiLkzyFXPq1hBAURbc3-8BqeRb48iR1-_5 4001 g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nOWL4teUPS8yHLbWeL83olU 4002 4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWLHs1NqBbre0dEwK3 4003 HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf", 4004 "tag": "fNYLqpUe84KD45lvDiaBAQ" 4005 } 4007 Figure 192: JSON General Serialization 4009 The resulting JWE object using the JSON Flattened Serialization: 4011 { 4012 "protected": "eyJlbmMiOiJBMTI4R0NNIn0", 4013 "unprotected": { 4014 "alg": "A128KW", 4015 "kid": "81b20965-8332-43d9-a468-82160ad91ac8" 4016 }, 4017 "encrypted_key": "jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H", 4018 "iv": "WgEJsDS9bkoXQ3nR", 4019 "ciphertext": "lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2D 4020 M3swKkjOwQyZtWsFLYMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9O 4021 CCJ1IHAolUv4MyOt80MoPb8fZYbNKqplzYJgIL58g8N2v46OgyG637d6 4022 uuKPwhAnTGm_zWhqc_srOvgiLkzyFXPq1hBAURbc3-8BqeRb48iR1-_5 4023 g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nOWL4teUPS8yHLbWeL83olU 4024 4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWLHs1NqBbre0dEwK3 4025 HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf", 4026 "tag": "fNYLqpUe84KD45lvDiaBAQ" 4027 } 4029 Figure 193: JSON Flattened Serialization 4031 5.12. Protecting Content Only 4033 This example illustrates encrypting content where none of the JOSE 4034 header parameters are protected. As this example includes parameters 4035 only in the JWE Shared Unprotected Header, only the JSON 4036 serialization is possible. 4038 Note that whitespace is added for readability as described in 4039 Section 1.1. 4041 5.12.1. Input Factors 4043 The following are supplied before beginning the encryption process: 4045 o Plaintext content; this example uses the content from Figure 72. 4047 o Recipient encryption key; this example uses the key from 4048 Figure 151. 4050 o Key encryption algorithm; this example uses "A128KW". 4052 o Content encryption algorithm; this example uses "A128GCM". 4054 5.12.2. Generated Factors 4056 The following are generated before encrypting: 4058 o AES symmetric key as the Content Encryption Key; this example the 4059 key from Figure 194. 4061 o Initialization vector/nonce; this example uses the initialization 4062 vector/nonce from Figure 195. 4064 KBooAFl30QPV3vkcZlXnzQ 4066 Figure 194: Content Encryption Key, base64url-encoded 4068 YihBoVOGsR1l7jCD 4070 Figure 195: Initialization Vector, base64url-encoded 4072 5.12.3. Encrypting the Key 4074 Performing the key encryption operation over the CEK (Figure 194 with 4075 the AES key (Figure 151 produces the following encrypted key: 4077 244YHfO_W7RMpQW81UjQrZcq5LSyqiPv 4079 Figure 196: Encrypted Key, base64url-encoded 4081 5.12.4. Encrypting the Content 4083 Performing the content encryption operation over the Plaintext 4084 (Figure 72) using the following: 4086 o CEK (Figure 194); 4088 o Initialization vector/nonce (Figure 195); and 4090 o Empty string as authenticated data 4092 produces the following: 4094 o Ciphertext from Figure 197. 4096 o Authenticated data from Figure 198. 4098 qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-arsVCPaIeFwQfzrSS 4099 6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHFSP3eqQPb4Ic1SDSqyXjw_L3 4100 svybhHYUGyQuTmUQEDjgjJfBOifwHIsDsRPeBz1NomqeifVPq5GTCWFo5k_MNI 4101 QURR2Wj0AHC2k7JZfu2iWjUHLF8ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISO 4102 a6O73yPZtL04k_1FI7WDfrb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z 4103 4KX9lfz1cne31N4-8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF 4105 Figure 197: Ciphertext, base64url-encoded 4107 e2m0Vm7JvjK2VpCKXS-kyg 4109 Figure 198: Authentication Tag, base64url-encoded 4111 5.12.5. Output Results 4113 The Compact Serialization is not presented because it does not 4114 support this use case. 4116 The following JWE Shared Unprotected Header is generated before 4117 assembling the output results: 4119 { 4120 "alg": "A128KW", 4121 "kid": "81b20965-8332-43d9-a468-82160ad91ac8", 4122 "enc": "A128GCM" 4123 } 4125 Figure 199: JWE Shared Unprotected Header JSON 4127 The following compose the resulting JWE object: 4129 o JWE Shared Unprotected Header (Figure 199) 4131 o encrypted key (Figure 196) 4133 o Initialization vector/nonce (Figure 195) 4135 o Ciphertext (Figure 197) 4137 o Authentication tag (Figure 198) 4139 The resulting JWE object using the JSON General Serialization: 4141 { 4142 "recipients": [ 4143 { 4144 "encrypted_key": "244YHfO_W7RMpQW81UjQrZcq5LSyqiPv" 4145 } 4146 ], 4147 "unprotected": { 4148 "alg": "A128KW", 4149 "kid": "81b20965-8332-43d9-a468-82160ad91ac8", 4150 "enc": "A128GCM" 4151 }, 4152 "iv": "YihBoVOGsR1l7jCD", 4153 "ciphertext": "qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq- 4154 arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHF 4155 SP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDs 4156 RPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8 4157 ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDf 4158 rb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4 4159 -8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF", 4160 "tag": "e2m0Vm7JvjK2VpCKXS-kyg" 4161 } 4163 Figure 200: JSON General Serialization 4165 The resulting JWE object using the JSON Flattened Serialization: 4167 { 4168 "unprotected": { 4169 "alg": "A128KW", 4170 "kid": "81b20965-8332-43d9-a468-82160ad91ac8", 4171 "enc": "A128GCM" 4172 }, 4173 "encrypted_key": "244YHfO_W7RMpQW81UjQrZcq5LSyqiPv", 4174 "iv": "YihBoVOGsR1l7jCD", 4175 "ciphertext": "qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq- 4176 arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHF 4177 SP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDs 4178 RPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8 4179 ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDf 4180 rb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4 4181 -8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF", 4182 "tag": "e2m0Vm7JvjK2VpCKXS-kyg" 4183 } 4185 Figure 201: JSON Flattened Serialization 4187 5.13. Encrypting to Multiple Recipients 4189 This example illustrates encryption content for multiple recipients. 4190 As this example has multiple recipients, only the JSON serialization 4191 is possible. 4193 Note that RSAES-PKCS1-v1_5 uses random data to generate the 4194 ciphertext; it might not be possible to exactly replicate the results 4195 in this section. 4197 Note that whitespace is added for readability as described in 4198 Section 1.1. 4200 5.13.1. Input Factors 4202 The following are supplied before beginning the encryption process: 4204 o Plaintext content; this example uses the plaintext from Figure 72. 4206 o Recipient keys; this example uses the following: 4208 * The RSA public key from Figure 73 for the first recipient. 4210 * The EC public key from Figure 108 for the second recipient. 4212 * The AES symmetric key from Figure 138 for the third recipient. 4214 o Key encryption algorithms; this example uses the following: 4216 * "RSA1_5" for the first recipient. 4218 * "ECDH-ES+A256KW" for the second recipient. 4220 * "A256GCMKW" for the third recipient. 4222 o Content encryption algorithm; this example uses "A128CBC-HS256" 4224 5.13.2. Generated Factors 4226 The following are generated before encrypting: 4228 o AES symmetric key as the Content Encryption Key (CEK); this 4229 example uses the key from Figure 202. 4231 o Initialization vector/nonce; this example uses the initialization 4232 vector/nonce from Figure 203. 4234 zXayeJ4gvm8NJr3IUInyokTUO-LbQNKEhe_zWlYbdpQ 4236 Figure 202: Content Encryption Key, base64url-encoded 4238 VgEIHY20EnzUtZFl2RpB1g 4240 Figure 203: Initialization Vector, base64url-encoded 4242 5.13.3. Encrypting the Key to the First Recipient 4244 Performing the "RSA1_5" key encryption operation over the CEK 4245 (Figure 202 with the first recipient's RSA key (Figure 73 produces 4246 the following encrypted key: 4248 dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zjwj4w6Y5G4XJQsNNIBiqyvUUA 4249 OcpL7S7-cFe7Pio7gV_Q06WmCSa-vhW6me4bWrBf7cHwEQJdXihidAYWVajJIa 4250 KMXMvFRMV6iDlRr076DFthg2_AV0_tSiV6xSEIFqt1xnYPpmP91tc5WJDOGb-w 4251 qjw0-b-S1laS11QVbuP78dQ7Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbeYS 4252 rRicJK5xodvWgkpIdkMHo4LvdhRRvzoKzlic89jFWPlnBq_V4n5trGuExtp_-d 4253 bHcGlihqc_wGgho9fLMK8JOArYLcMDNQ 4255 Figure 204: Recipient #1 Encrypted Key, base64url-encoded 4257 The following are generated after encrypting the CEK for the first 4258 recipient: 4260 o Recipient JWE Unprotected Header from Figure 205 4262 { 4263 "alg": "RSA1_5", 4264 "kid": "frodo.baggins@hobbiton.example" 4265 } 4267 Figure 205: Recipient #1 JWE Per-recipient Unprotected Header JSON 4269 The following is the assembled first recipient JSON: 4271 { 4272 "encrypted_key": "dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zjwj4w 4273 6Y5G4XJQsNNIBiqyvUUAOcpL7S7-cFe7Pio7gV_Q06WmCSa-vhW6me4b 4274 WrBf7cHwEQJdXihidAYWVajJIaKMXMvFRMV6iDlRr076DFthg2_AV0_t 4275 SiV6xSEIFqt1xnYPpmP91tc5WJDOGb-wqjw0-b-S1laS11QVbuP78dQ7 4276 Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbeYSrRicJK5xodvWgkpIdk 4277 MHo4LvdhRRvzoKzlic89jFWPlnBq_V4n5trGuExtp_-dbHcGlihqc_wG 4278 gho9fLMK8JOArYLcMDNQ", 4279 "header": { 4280 "alg": "RSA1_5", 4281 "kid": "frodo.baggins@hobbiton.example" 4282 } 4283 } 4285 Figure 206: Recipient #1 JSON 4287 5.13.4. Encrypting the Key to the Second Recipient 4289 The following are generated before encrypting the CEK for the second 4290 recipient: 4292 o Ephemeral EC private key on the same curve as the EC public key; 4293 this example uses the private key from Figure 207. 4295 { 4296 "kty": "EC", 4297 "crv": "P-384", 4298 "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xAn2Dt 4299 MRb25Ma2CX", 4300 "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pOMbw9 4301 1fzZ84pbfm", 4302 "d": "1DKHfTv-PiifVw2VBHM_ZiVcwOMxkOyANS_lQHJcrDxVY3jhVCvZPw 4303 MxJKIE793C" 4304 } 4306 Figure 207: Ephemeral public key for Recipient #2, in JWK format 4308 Performing the "ECDH-ES+A256KW" key encryption operation over the CEK 4309 (Figure 202 with the following: 4311 o Static Elliptic Curve public key (Figure 108). 4313 o Ephemeral Elliptic Curve private key (Figure 207. 4315 produces the following encrypted key: 4317 ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHixJuw_elY4gSSId_w 4319 Figure 208: Recipient #2 Encrypted Key, base64url-encoded 4321 The following are generated after encrypting the CEK for the second 4322 recipient: 4324 o Recipient JWE Unprotected Header from Figure 209. 4326 { 4327 "alg": "ECDH-ES+A256KW", 4328 "kid": "peregrin.took@tuckborough.example", 4329 "epk": { 4330 "kty": "EC", 4331 "crv": "P-384", 4332 "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xAn2 4333 DtMRb25Ma2CX", 4334 "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pOMb 4335 w91fzZ84pbfm" 4336 } 4337 } 4339 Figure 209: Recipient #2 JWE Per-recipient Unprotected Header JSON 4341 The following is the assembled second recipient JSON: 4343 { 4344 "encrypted_key": "ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHixJuw 4345 _elY4gSSId_w", 4346 "header": { 4347 "alg": "ECDH-ES+A256KW", 4348 "kid": "peregrin.took@tuckborough.example", 4349 "epk": { 4350 "kty": "EC", 4351 "crv": "P-384", 4352 "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xA 4353 n2DtMRb25Ma2CX", 4354 "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pO 4355 Mbw91fzZ84pbfm" 4356 } 4357 } 4358 } 4360 Figure 210: Recipient #2 JSON 4362 5.13.5. Encrypting the Key to the Third Recipient 4364 The following are generated before encrypting the CEK for the third 4365 recipient: 4367 o Initialization vector/nonce for key wrapping; this example uses 4368 the initialization vector/nonce from Figure 211 4370 AvpeoPZ9Ncn9mkBn 4372 Figure 211: Recipient #2 Initialization Vector, base64url-encoded 4374 Performing the "A256GCMKW" key encryption operation over the CEK 4375 (Figure 202) with the following: 4377 o AES symmetric key (Figure 138; and 4379 o Initialization vector/nonce ((Figure 211 4381 produces the following: 4383 o Encrypted key from Figure 212. 4385 o Key wrap authentication tag from Figure 213 4387 a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-WyTpS1E 4389 Figure 212: Recipient #3 Encrypted Key, base64url-encoded 4391 59Nqh1LlYtVIhfD3pgRGvw 4393 Figure 213: Recipient #3 Authentication Tag, base64url-encoded 4395 The following are generated after encrypting the CEK for the third 4396 recipient: 4398 o Recipient JWE Unprotected Header; this example uses the header 4399 from Figure 214. 4401 { 4402 "alg": "A256GCMKW", 4403 "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d", 4404 "tag": "59Nqh1LlYtVIhfD3pgRGvw", 4405 "iv": "AvpeoPZ9Ncn9mkBn" 4406 } 4408 Figure 214: Recipient #3 JWE Per-recipient Unprotected Header JSON 4410 The following is the assembled third recipient JSON: 4412 { 4413 "encrypted_key": "a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-WyTpS1 4414 E", 4415 "header": { 4416 "alg": "A256GCMKW", 4417 "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d", 4418 "tag": "59Nqh1LlYtVIhfD3pgRGvw", 4419 "iv": "AvpeoPZ9Ncn9mkBn" 4420 } 4421 } 4423 Figure 215: Recipient #3 JSON 4425 5.13.6. Encrypting the Content 4427 The following are generated before encrypting the content: 4429 o JWE Protected Header; this example uses the header from 4430 Figure 216, encoded to [RFC4648] base64url as Figure 217. 4432 { 4433 "enc": "A128CBC-HS256" 4434 } 4436 Figure 216: JWE Protected Header JSON 4438 eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0 4440 Figure 217: JWE Protected Header, base64url-encoded 4442 Performing the content encryption operation over the Plaintext 4443 (Figure 72) with the following: 4445 o CEK (Figure 202), 4447 o Initialization vector/nonce (Figure 203), and 4449 o JWE Protected Header (Figure 217) as the authenticated data 4451 produces the following: 4453 o Ciphertext from Figure 218 4455 o Authentication tag from Figure 219 4456 ajm2Q-OpPXCr7-MHXicknb1lsxLdXxK_yLds0KuhJzfWK04SjdxQeSw2L9mu3a 4457 _k1C55kCQ_3xlkcVKC5yr__Is48VOoK0k63_QRM9tBURMFqLByJ8vOYQX0oJW4 4458 VUHJLmGhF-tVQWB7Kz8mr8zeE7txF0MSaP6ga7-siYxStR7_G07Thd1jh-zGT0 4459 wxM5g-VRORtq0K6AXpLlwEqRp7pkt2zRM0ZAXqSpe1O6FJ7FHLDyEFnD-zDIZu 4460 kLpCbzhzMDLLw2-8I14FQrgi-iEuzHgIJFIJn2wh9Tj0cg_kOZy9BqMRZbmYXM 4461 Y9YQjorZ_P_JYG3ARAIF3OjDNqpdYe-K_5Q5crGJSDNyij_ygEiItR5jssQVH2 4462 ofDQdLChtazE 4464 Figure 218: Ciphertext, base64url-encoded 4466 BESYyFN7T09KY7i8zKs5_g 4468 Figure 219: Authentication Tag, base64url-encoded 4470 The following is generated after encrypting the plaintext: 4472 o JWE Shared Unprotected Header parameters; this example uses the 4473 header from Figure 220. 4475 { 4476 "cty": "text/plain" 4477 } 4479 Figure 220: JWE Shared Unprotected Header JSON 4481 5.13.7. Output Results 4483 The following compose the resulting JWE object: 4485 o Recipient #1 JSON (Figure 206) 4487 o Recipient #2 JSON (Figure 210) 4489 o Recipient #3 JSON (Figure 215) 4491 o Initialization vector/nonce (Figure 203) 4493 o Ciphertext (Figure 218) 4495 o Authentication tag (Figure 219) 4497 The Compact Serialization is not presented because it does not 4498 support this use case; the JSON Flattened Serialization is not 4499 presented because there is more than one recipient. 4501 The resulting JWE object using the JSON General Serialization: 4503 { 4504 "recipients": [ 4505 { 4506 "encrypted_key": "dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zj 4507 wj4w6Y5G4XJQsNNIBiqyvUUAOcpL7S7-cFe7Pio7gV_Q06WmCSa- 4508 vhW6me4bWrBf7cHwEQJdXihidAYWVajJIaKMXMvFRMV6iDlRr076 4509 DFthg2_AV0_tSiV6xSEIFqt1xnYPpmP91tc5WJDOGb-wqjw0-b-S 4510 1laS11QVbuP78dQ7Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbe 4511 YSrRicJK5xodvWgkpIdkMHo4LvdhRRvzoKzlic89jFWPlnBq_V4n 4512 5trGuExtp_-dbHcGlihqc_wGgho9fLMK8JOArYLcMDNQ", 4513 "header": { 4514 "alg": "RSA1_5", 4515 "kid": "frodo.baggins@hobbiton.example" 4516 } 4517 }, 4518 { 4519 "encrypted_key": "ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHi 4520 xJuw_elY4gSSId_w", 4521 "header": { 4522 "alg": "ECDH-ES+A256KW", 4523 "kid": "peregrin.took@tuckborough.example", 4524 "epk": { 4525 "kty": "EC", 4526 "crv": "P-384", 4527 "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhs 4528 E2xAn2DtMRb25Ma2CX", 4529 "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEj 4530 I1pOMbw91fzZ84pbfm" 4531 } 4532 } 4533 }, 4534 { 4535 "encrypted_key": "a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-Wy 4536 TpS1E", 4537 "header": { 4538 "alg": "A256GCMKW", 4539 "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d", 4540 "tag": "59Nqh1LlYtVIhfD3pgRGvw", 4541 "iv": "AvpeoPZ9Ncn9mkBn" 4542 } 4543 } 4544 ], 4545 "unprotected": { 4546 "cty": "text/plain" 4547 }, 4548 "protected": "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0", 4549 "iv": "VgEIHY20EnzUtZFl2RpB1g", 4550 "ciphertext": "ajm2Q-OpPXCr7-MHXicknb1lsxLdXxK_yLds0KuhJzfWK 4551 04SjdxQeSw2L9mu3a_k1C55kCQ_3xlkcVKC5yr__Is48VOoK0k63_QRM 4552 9tBURMFqLByJ8vOYQX0oJW4VUHJLmGhF-tVQWB7Kz8mr8zeE7txF0MSa 4553 P6ga7-siYxStR7_G07Thd1jh-zGT0wxM5g-VRORtq0K6AXpLlwEqRp7p 4554 kt2zRM0ZAXqSpe1O6FJ7FHLDyEFnD-zDIZukLpCbzhzMDLLw2-8I14FQ 4555 rgi-iEuzHgIJFIJn2wh9Tj0cg_kOZy9BqMRZbmYXMY9YQjorZ_P_JYG3 4556 ARAIF3OjDNqpdYe-K_5Q5crGJSDNyij_ygEiItR5jssQVH2ofDQdLCht 4557 azE", 4558 "tag": "BESYyFN7T09KY7i8zKs5_g" 4559 } 4561 Figure 221: JSON General Serialization 4563 6. Nesting Signatures and Encryption 4565 This example illustrates nesting a JSON Web Signature (JWS) structure 4566 within a JSON Web Encryption (JWE) structure. The signature uses the 4567 "PS256" (RSASSA-PSS) algorithm; the encryption uses the "RSA-OAEP" 4568 (RSAES-OAEP) key encryption algorithm and the "A128GCM" (AES-GCM) 4569 content encryption algorithm. 4571 Note that RSASSA-PSS uses random data to generate the signature, and 4572 RSAES-OAEP uses random data to generate the ciphertext; it might not 4573 be possible to exactly replicate the results in this section. 4575 Note that whitespace is added for readability as described in 4576 Section 1.1. 4578 6.1. Signing Input Factors 4580 The following are supplied before beginning the signing operation: 4582 o Payload content; this example uses the JSON Web Token (JWT) 4583 [I-D.ietf-oauth-json-web-token] content from Figure 222, encoded 4584 as [RFC4648] base64url to produce Figure 223. 4586 o RSA private key; this example uses the key from Figure 224. 4588 o "alg" parameter of "PS256". 4590 { 4591 "iss": "hobbiton.example", 4592 "exp": 1300819380, 4593 "http://example.com/is_root": true 4594 } 4596 Figure 222: Payload content, in JSON format 4598 eyJpc3MiOiJob2JiaXRvbi5leGFtcGxlIiwiZXhwIjoxMzAwODE5MzgwLCJodH 4599 RwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZX0 4601 Figure 223: Payload content, base64url-encoded 4603 { 4604 "kty": "RSA", 4605 "kid": "hobbiton.example", 4606 "use": "sig", 4607 "n": "kNrPIBDXMU6fcyv5i-QHQAQ-K8gsC3HJb7FYhYaw8hXbNJa-t8q0lD 4608 KwLZgQXYV-ffWxXJv5GGrlZE4GU52lfMEegTDzYTrRQ3tepgKFjMGg6I 4609 y6fkl1ZNsx2gEonsnlShfzA9GJwRTmtKPbk1s-hwx1IU5AT-AIelNqBg 4610 cF2vE5W25_SGGBoaROVdUYxqETDggM1z5cKV4ZjDZ8-lh4oVB07bkac6 4611 LQdHpJUUySH_Er20DXx30Kyi97PciXKTS-QKXnmm8ivyRCmux22ZoPUi 4612 nd2BKC5OiG4MwALhaL2Z2k8CsRdfy-7dg7z41Rp6D0ZeEvtaUp4bX4aK 4613 raL4rTfw", 4614 "e": "AQAB", 4615 "d": "ZLe_TIxpE9-W_n2VBa-HWvuYPtjvxwVXClJFOpJsdea8g9RMx34qEO 4616 EtnoYc2un3CZ3LtJi-mju5RAT8YSc76YJds3ZVw0UiO8mMBeG6-iOnvg 4617 obobNx7K57-xjTJZU72EjOr9kB7z6ZKwDDq7HFyCDhUEcYcHFVc7iL_6 4618 TibVhAhOFONWlqlJgEgwVYd0rybNGKifdnpEbwyHoMwY6HM1qvnEFgP7 4619 iZ0YzHUT535x6jj4VKcdA7ZduFkhUauysySEW7mxZM6fj1vdjJIy9LD1 4620 fIz30Xv4ckoqhKF5GONU6tNmMmNgAD6gIViyEle1PrIxl1tBhCI14bRW 4621 -zrpHgAQ", 4622 "p": "yKWYoNIAqwMRQlgIBOdT1NIcbDNUUs2Rh-pBaxD_mIkweMt4Mg-0-B 4623 2iSYvMrs8horhonV7vxCQagcBAATGW-hAafUehWjxWSH-3KccRM8toL4 4624 e0q7M-idRDOBXSoe7Z2-CV2x_ZCY3RP8qp642R13WgXqGDIM4MbUkZSj 4625 cY9-c", 4626 "q": "uND4o15V30KDzf8vFJw589p1vlQVQ3NEilrinRUPHkkxaAzDzccGgr 4627 WMWpGxGFFnNL3w5CqPLeU76-5IVYQq0HwYVl0hVXQHr7sgaGu-483Ad3 4628 ENcL23FrOnF45m7_2ooAstJDe49MeLTTQKrSIBl_SKvqpYvfSPTczPcZ 4629 kh9Kk", 4630 "dp": "jmTnEoq2qqa8ouaymjhJSCnsveUXnMQC2gAneQJRQkFqQu-zV2PKP 4631 KNbPvKVyiF5b2-L3tM3OW2d2iNDyRUWXlT7V5l0KwPTABSTOnTqAmYCh 4632 Gi8kXXdlhcrtSvXldBakC6saxwI_TzGGY2MVXzc2ZnCvCXHV4qjSxOrf 4633 P3pHFU", 4634 "dq": "R9FUvU88OVzEkTkXl3-5-WusE4DjHmndeZIlu3rifBdfLpq_P-iWP 4635 BbGaq9wzQ1c-J7SzCdJqkEJDv5yd2C7rnZ6kpzwBh_nmL8zscAk1qsun 4636 nt9CJGAYz7-sGWy1JGShFazfP52ThB4rlCJ0YuEaQMrIzpY77_oLAhpm 4637 DA0hLk", 4638 "qi": "S8tC7ZknW6hPITkjcwttQOPLVmRfwirRlFAViuDb8NW9CrV_7F2Oq 4639 UZCqmzHTYAumwGFHI1WVRep7anleWaJjxC_1b3fq_al4qH3Pe-EKiHg6 4640 IMazuRtZLUROcThrExDbF5dYbsciDnfRUWLErZ4N1Be0bnxYuPqxwKd9 4641 QZwMo0" 4642 } 4644 Figure 224: RSA 2048-bit Private Key, in JWK format 4646 6.2. Signing Operation 4648 The following are generated to complete the signing operation: 4650 o JWS Protected Header; this example uses header from Figure 225, 4651 encoded using [RFC4648] base64url to produce Figure 226. 4653 { 4654 "alg": "PS256", 4655 "typ": "JWT" 4656 } 4658 Figure 225: JWS Protected Header JSON 4660 eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9 4662 Figure 226: JWS Protected Header, base64url-encoded 4664 Performing the signature operation over the combined JWS Protected 4665 Header (Figure 226) and Payload content (Figure 222) produces the 4666 following signature: 4668 dPpMqwRZxFYi1UfcDAaf8M99o7kwUWtiXZ-ByvVuJih4MhJ_aZqciprz0OWaIA 4669 kIvn1qskChirjKvY9ESZNUCP4JjvfyPS-nqjJxYoA5ztWOyFk2cZNIPXjcJXSQ 4670 wXPO9tEe-v4VSqgD0aKHqPxYog4N6Cz1lKph1U1sYDSI67_bLL7elg_vkjfMp5 4671 _W5l5LuUYGMeh6hxQIaIUXf9EwV2JmvTMuZ-vBOWy0Sniy1EFo72CRTvmtrIf5 4672 AROo5MNliY3KtUxeP-SOmD-LEYwW9SlkohYzMVAZDDOrVbv7KVRHpeYNaK75KE 4673 QqdCEEkS_rskZS-Qtt_nlegTWh1mEYaA 4675 Figure 227: JWS Signature, base64url-encoded 4677 6.3. Signing Output 4679 The following compose the resulting JWS object: 4681 o JWS Protected Header (Figure 226)) 4683 o Payload content (Figure 223) 4685 o Signature (Figure 227) 4687 The resulting JWS object using the Compact Serialization (which is 4688 the plaintext input to the proceeding encryption operation): 4690 eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9 4691 . 4692 eyJpc3MiOiJob2JiaXRvbi5leGFtcGxlIiwiZXhwIjoxMzAwODE5MzgwLCJodH 4693 RwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZX0 4694 . 4695 dPpMqwRZxFYi1UfcDAaf8M99o7kwUWtiXZ-ByvVuJih4MhJ_aZqciprz0OWaIA 4696 kIvn1qskChirjKvY9ESZNUCP4JjvfyPS-nqjJxYoA5ztWOyFk2cZNIPXjcJXSQ 4697 wXPO9tEe-v4VSqgD0aKHqPxYog4N6Cz1lKph1U1sYDSI67_bLL7elg_vkjfMp5 4698 _W5l5LuUYGMeh6hxQIaIUXf9EwV2JmvTMuZ-vBOWy0Sniy1EFo72CRTvmtrIf5 4699 AROo5MNliY3KtUxeP-SOmD-LEYwW9SlkohYzMVAZDDOrVbv7KVRHpeYNaK75KE 4700 QqdCEEkS_rskZS-Qtt_nlegTWh1mEYaA 4702 Figure 228: Compact Serialization 4704 6.4. Encryption Input Factors 4706 The following are supplied before beginning the encryption process: 4708 o Plaintext content; this example uses the content from Figure 228. 4710 o RSA public key; this example use the key from Figure 84. 4712 o "alg" parameter of "RSA-OAEP". 4714 o "enc" parameter of "A128GCM". 4716 6.5. Encryption Generated Factors 4718 The following are generated before encrypting: 4720 o AES symmetric key as the Content Encryption Key (CEK); this 4721 example uses the key from Figure 229. 4723 o Initialization vector/nonce; this example uses the initialization 4724 vector/nonce from Figure 230. 4726 0RHSNYwN-6-2QBGsYTZLSQ 4728 Figure 229: Content Encryption Key, base64url-encoded 4730 GbX1i9kXz0sxXPmA 4732 Figure 230: Initialization vector, base64url-encoded 4734 6.6. Encrypting the Key 4736 Performing the key encryption operation over the CEK (Figure 229) 4737 with the RSA key (Figure 84) produces the following encrypted key: 4739 a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurCyrBg3I7YhCRYjphDOOS4 4740 E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4g 4741 zMedpiJHQVeyI-zkZV7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21 4742 O0ul4YxSHV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5I 4743 R7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDU 4744 F_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-I 4745 apSjVFnMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ 4746 a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAa 4747 mBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp 4748 ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDhi1smxS_X_x 4749 pkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_GnVrNwlK7Lgxw6FSQvDO 4750 0 4752 Figure 231: Encrypted Key, base64url-encoded 4754 6.7. Encrypting the Content 4756 The following are generated before encrypting the plaintext: 4758 o JWE Protected Header; this example uses the the header from 4759 Figure 232, encoded using [RFC4648] base64url to produce 4760 Figure 233. 4762 { 4763 "alg": "RSA-OAEP", 4764 "cty": "JWT", 4765 "enc": "A128GCM" 4766 } 4768 Figure 232: JWE Protected Header JSON 4770 eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYyI6IkExMjhHQ00ifQ 4772 Figure 233: JWE Protected Header, base64url-encoded 4774 Performing the content encryption operation over the Plaintext 4775 (Figure 228) with the following: 4777 o CEK (Figure 229); 4779 o Initialization vector/nonce (Figure 230); and 4781 o JWE Protected Header (Figure 233) as authenticated data. 4783 produces the following: 4785 o Ciphertext from Figure 234. 4787 o Authentication tag from Figure 235. 4789 SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBNgCe2OFMf66cSJ8k2Q 4790 kxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAvVLsAXB0_UTCBGyBg3C2bWLX 4791 qZlfJAAoJRUPRk-BimYZY81zVBuIhc7HsQePCpu33SzMsFHjn4lP_idrJz_glZ 4792 TNgKDt8zdnUPauKTKDNOH1DD4fuzvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9C 4793 hMPqW1QNhzuX_Zul3bvrJwr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEa 4794 ulV18l4Fg9tLejdkAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2 4795 zI3Q_1sYjKUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUr 4796 lx4gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gYjLf 4797 hn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5XmnwZMyNc 4798 9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMxtlMizR88NKU1WkB 4799 siXMCjy1Noue7MD-ShDp5dmM 4801 Figure 234: Ciphertext, base64url-encoded 4803 KnIKEhN8U-3C9s4gtSpjSw 4805 Figure 235: Authentication tag, base64url-encoded 4807 6.8. Encryption Output 4809 The following compose the resulting JWE object: 4811 o JWE Protected Header (Figure 233) 4813 o Encrypted key (Figure 231) 4815 o Initialization vector/nonce (Figure 230) 4817 o Ciphertext (Figure 234) 4819 o Authentication Tag (Figure 235) 4821 The resulting JWE object using the Compact serialization: 4823 eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYyI6IkExMjhHQ00ifQ 4824 . 4825 a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurCyrBg3I7YhCRYjphDOOS4 4826 E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4g 4827 zMedpiJHQVeyI-zkZV7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21 4828 O0ul4YxSHV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5I 4829 R7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDU 4830 F_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-I 4831 apSjVFnMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ 4832 a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAa 4833 mBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp 4834 ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDhi1smxS_X_x 4835 pkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_GnVrNwlK7Lgxw6FSQvDO 4836 0 4837 . 4838 GbX1i9kXz0sxXPmA 4839 . 4840 SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBNgCe2OFMf66cSJ8k2Q 4841 kxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAvVLsAXB0_UTCBGyBg3C2bWLX 4842 qZlfJAAoJRUPRk-BimYZY81zVBuIhc7HsQePCpu33SzMsFHjn4lP_idrJz_glZ 4843 TNgKDt8zdnUPauKTKDNOH1DD4fuzvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9C 4844 hMPqW1QNhzuX_Zul3bvrJwr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEa 4845 ulV18l4Fg9tLejdkAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2 4846 zI3Q_1sYjKUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUr 4847 lx4gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gYjLf 4848 hn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5XmnwZMyNc 4849 9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMxtlMizR88NKU1WkB 4850 siXMCjy1Noue7MD-ShDp5dmM 4851 . 4852 KnIKEhN8U-3C9s4gtSpjSw 4854 Figure 236: Compact Serialization 4856 The resulting JWE object using the JSON General Serialization: 4858 { 4859 "recipients": [ 4860 { 4861 "encrypted_key": "a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVh 4862 jurCyrBg3I7YhCRYjphDOOS4E7rXbr2Fn6NyQq-A-gqT0FXqNjVO 4863 GrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4gzMedpiJHQVeyI-zkZV 4864 7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21O0ul4YxS 4865 HV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e 4866 5IR7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5 4867 o6yV64x6yzDUF_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBq 4868 XxXvIjLeZivjNkzogCq3-IapSjVFnMjBxjpYLT8muaawo1yy1XXM 4869 uinIpNcOY3n4KKrXLrCcteX85m4IIHMZa38s1Hpr56fPPseMA-Jl 4870 tmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAamBKOYwfk7J 4871 hLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp 4872 ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDh 4873 i1smxS_X_xpkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_ 4874 GnVrNwlK7Lgxw6FSQvDO0" 4875 } 4876 ], 4877 "protected": "eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYy 4878 I6IkExMjhHQ00ifQ", 4879 "iv": "GbX1i9kXz0sxXPmA", 4880 "ciphertext": "SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBN 4881 gCe2OFMf66cSJ8k2QkxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAv 4882 VLsAXB0_UTCBGyBg3C2bWLXqZlfJAAoJRUPRk-BimYZY81zVBuIhc7Hs 4883 QePCpu33SzMsFHjn4lP_idrJz_glZTNgKDt8zdnUPauKTKDNOH1DD4fu 4884 zvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9ChMPqW1QNhzuX_Zul3bvrJ 4885 wr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEaulV18l4Fg9tLejd 4886 kAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2zI3Q_1sYj 4887 KUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUrlx4 4888 gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gY 4889 jLfhn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5 4890 XmnwZMyNc9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMx 4891 tlMizR88NKU1WkBsiXMCjy1Noue7MD-ShDp5dmM", 4892 "tag": "KnIKEhN8U-3C9s4gtSpjSw" 4893 } 4895 Figure 237: JSON General Serialization 4897 The resulting JWE object using the JSON Flattened Serialization: 4899 { 4900 "encrypted_key": "a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurC 4901 yrBg3I7YhCRYjphDOOS4E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13 4902 mwy7RoYhjTkBEC6P7sMYMXXx4gzMedpiJHQVeyI-zkZV7A9matpgevAJ 4903 WrXzOUysYGTtwoSN6gtUVtlLaivjvb21O0ul4YxSHV-ByK1kyeetRp_f 4904 uYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5IR7nany-25_UmC2uros 4905 NkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDUF_5JCIdl-Qv6 4906 H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-IapSjVF 4907 nMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ 4908 a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3 4909 kJusAamBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15q 4910 JIEXNJtqnblpymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TX 4911 uPC8yDDhi1smxS_X_xpkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX 4912 2Fo_GnVrNwlK7Lgxw6FSQvDO0", 4913 "protected": "eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYy 4914 I6IkExMjhHQ00ifQ", 4915 "iv": "GbX1i9kXz0sxXPmA", 4916 "ciphertext": "SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBN 4917 gCe2OFMf66cSJ8k2QkxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAv 4918 VLsAXB0_UTCBGyBg3C2bWLXqZlfJAAoJRUPRk-BimYZY81zVBuIhc7Hs 4919 QePCpu33SzMsFHjn4lP_idrJz_glZTNgKDt8zdnUPauKTKDNOH1DD4fu 4920 zvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9ChMPqW1QNhzuX_Zul3bvrJ 4921 wr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEaulV18l4Fg9tLejd 4922 kAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2zI3Q_1sYj 4923 KUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUrlx4 4924 gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gY 4925 jLfhn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5 4926 XmnwZMyNc9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMx 4927 tlMizR88NKU1WkBsiXMCjy1Noue7MD-ShDp5dmM", 4928 "tag": "KnIKEhN8U-3C9s4gtSpjSw" 4929 } 4931 Figure 238: JSON Flattened Serialization 4933 7. Security Considerations 4935 This document is designed to provide examples for developers to use 4936 in checking their implementations. As such it does not follow some 4937 of the security considerations and recommendations in the core 4938 documents. For instance: 4940 o it does not always generate a new CEK value for every encrypted 4941 example; 4943 o it does not always generate a new IV value for every encrypted 4944 example; and 4946 o it does not always generate a new ephemeral key for every 4947 ephemeral key example. 4949 For each example, data that is expected to be generated for each 4950 signing or encryption operation is isolated to sections titled 4951 "Generated Factors". 4953 8. IANA Considerations 4955 This document has no actions for IANA. 4957 9. References 4959 9.1. Normative References 4961 [I-D.ietf-jose-json-web-algorithms] 4962 Jones, M., "JSON Web Algorithms (JWA)", draft-ietf-jose- 4963 json-web-algorithms-38 (work in progress), December 2014. 4965 [I-D.ietf-jose-json-web-encryption] 4966 Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", 4967 draft-ietf-jose-json-web-encryption-38 (work in progress), 4968 December 2014. 4970 [I-D.ietf-jose-json-web-key] 4971 Jones, M., "JSON Web Key (JWK)", draft-ietf-jose-json-web- 4972 key-38 (work in progress), December 2014. 4974 [I-D.ietf-jose-json-web-signature] 4975 Jones, M., Bradley, J., and N. Sakimura, "JSON Web 4976 Signature (JWS)", draft-ietf-jose-json-web-signature-38 4977 (work in progress), December 2014. 4979 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 4980 Encodings", RFC 4648, October 2006. 4982 9.2. Informative References 4984 [I-D.ietf-oauth-json-web-token] 4985 Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token 4986 (JWT)", draft-ietf-oauth-json-web-token-32 (work in 4987 progress), December 2014. 4989 [LOTR-FELLOWSHIP] 4990 Tolkien, J. and C. Tolkien, "The Fellowship of the Ring", 4991 ISBN 9780061917702, March 2009. 4993 [RFC1951] Deutsch, P., "DEFLATE Compressed Data Format Specification 4994 version 1.3", RFC 1951, May 1996. 4996 [RFC7095] Kewisch, P., "jCard: The JSON Format for vCard", RFC 7095, 4997 January 2014. 4999 Appendix A. Acknowledgements 5001 Most of the examples herein use quotes and character names found in 5002 the novel "The Fellowship of the Ring" [LOTR-FELLOWSHIP], written by 5003 J. R. R. Tolkien. 5005 Thanks to Richard Barnes, Brian Campbell, Mike Jones, and Jim Schaad 5006 for input and review of text. Thanks to Brian Campbell for verifying 5007 Compact Serialization examples. 5009 Author's Address 5011 Matthew Miller 5012 Cisco Systems, Inc. 5014 Email: mamille2@cisco.com