idnits 2.17.1 draft-ietf-jose-json-web-key-19.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 29, 2013) is 3764 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ECMAScript' -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.X690.1994' ** Downref: Normative reference to an Historic RFC: RFC 1421 ** Obsolete normative reference: RFC 2818 (Obsoleted by RFC 9110) ** Obsolete normative reference: RFC 4627 (Obsoleted by RFC 7158, RFC 7159) ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) -- Possible downref: Non-RFC (?) normative reference: ref. 'USASCII' -- Obsolete informational reference (is this intentional?): RFC 3447 (Obsoleted by RFC 8017) Summary: 5 errors (**), 0 flaws (~~), 1 warning (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 JOSE Working Group M. Jones 3 Internet-Draft Microsoft 4 Intended status: Standards Track December 29, 2013 5 Expires: July 2, 2014 7 JSON Web Key (JWK) 8 draft-ietf-jose-json-web-key-19 10 Abstract 12 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data 13 structure that represents a cryptographic key. This specification 14 also defines a JSON Web Key Set (JWK Set) JSON data structure for 15 representing a set of JWKs. Cryptographic algorithms and identifiers 16 for use with this specification are described in the separate JSON 17 Web Algorithms (JWA) specification and IANA registries defined by 18 that specification. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on July 2, 2014. 37 Copyright Notice 39 Copyright (c) 2013 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 4 56 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 5 58 3.1. "kty" (Key Type) Parameter . . . . . . . . . . . . . . . . 5 59 3.2. "use" (Key Use) Parameter . . . . . . . . . . . . . . . . 6 60 3.3. "use_details" (Key Use Details) Parameter . . . . . . . . 6 61 3.4. "alg" (Algorithm) Parameter . . . . . . . . . . . . . . . 7 62 3.5. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 7 63 3.6. "x5u" (X.509 URL) Parameter . . . . . . . . . . . . . . . 8 64 3.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 8 65 3.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 9 66 4. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 9 67 4.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 10 68 5. String Comparison Rules . . . . . . . . . . . . . . . . . . . 10 69 6. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 10 70 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 71 7.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 11 72 7.1.1. Registration Template . . . . . . . . . . . . . . . . 12 73 7.1.2. Initial Registry Contents . . . . . . . . . . . . . . 12 74 7.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 14 75 7.2.1. Registration Template . . . . . . . . . . . . . . . . 14 76 7.2.2. Initial Registry Contents . . . . . . . . . . . . . . 14 77 7.3. JSON Web Key Use Details Registry . . . . . . . . . . . . 15 78 7.3.1. Registration Template . . . . . . . . . . . . . . . . 15 79 7.3.2. Initial Registry Contents . . . . . . . . . . . . . . 15 80 7.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 16 81 7.4.1. Registration Template . . . . . . . . . . . . . . . . 17 82 7.4.2. Initial Registry Contents . . . . . . . . . . . . . . 17 83 7.5. Media Type Registration . . . . . . . . . . . . . . . . . 17 84 7.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 17 85 8. Security Considerations . . . . . . . . . . . . . . . . . . . 18 86 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19 87 9.1. Normative References . . . . . . . . . . . . . . . . . . . 19 88 9.2. Informative References . . . . . . . . . . . . . . . . . . 21 89 Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 21 90 A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 21 91 A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 22 92 A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 24 93 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) 94 Parameter . . . . . . . . . . . . . . . . . . . . . . 24 95 Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 25 96 C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 26 97 C.2. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . 29 98 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 29 99 C.4. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 30 100 C.5. Initialization Vector . . . . . . . . . . . . . . . . . . 30 101 C.6. Additional Authenticated Data . . . . . . . . . . . . . . 30 102 C.7. Content Encryption . . . . . . . . . . . . . . . . . . . . 31 103 C.8. Complete Representation . . . . . . . . . . . . . . . . . 34 104 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 35 105 Appendix E. Document History . . . . . . . . . . . . . . . . . . 36 106 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 40 108 1. Introduction 110 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC4627] 111 data structure that represents a cryptographic key. This 112 specification also defines a JSON Web Key Set (JWK Set) JSON data 113 structure for representing a set of JWKs. Cryptographic algorithms 114 and identifiers for use with this specification are described in the 115 separate JSON Web Algorithms (JWA) [JWA] specification and IANA 116 registries defined by that specification. 118 Goals for this specification do not include representing certificate 119 chains, representing certified keys, and replacing X.509 120 certificates. 122 JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and 123 JSON Web Encryption (JWE) [JWE] specifications. 125 Names defined by this specification are short because a core goal is 126 for the resulting representations to be compact. 128 1.1. Notational Conventions 130 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 131 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 132 document are to be interpreted as described in Key words for use in 133 RFCs to Indicate Requirement Levels [RFC2119]. If these words are 134 used without being spelled in uppercase then they are to be 135 interpreted with their normal natural language meanings. 137 BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per 138 Section 2. 140 UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation 141 of STRING. 143 ASCII(STRING) denotes the octets of the ASCII [USASCII] 144 representation of STRING. 146 The concatenation of two values A and B is denoted as A || B. 148 2. Terminology 150 These terms defined by the JSON Web Signature (JWS) [JWS] 151 specification are incorporated into this specification: "Base64url 152 Encoding" and "Collision-Resistant Name". 154 These terms are defined for use by this specification: 156 JSON Web Key (JWK) A JSON object that represents a cryptographic 157 key. 159 JSON Web Key Set (JWK Set) A JSON object that contains an array of 160 JWKs as the value of its "keys" member. 162 3. JSON Web Key (JWK) Format 164 A JSON Web Key (JWK) is a JSON object. The members of the object 165 represent properties of the key, including its value. This document 166 defines the key parameters that are not algorithm specific, and thus 167 common to many keys. 169 In addition to the common parameters, each JWK will have members that 170 are specific to the kind of key being represented. These members 171 represent the parameters of the key. Section 6 of the JSON Web 172 Algorithms (JWA) [JWA] specification defines multiple kinds of 173 cryptographic keys and their associated members. 175 The member names within a JWK MUST be unique; recipients MUST either 176 reject JWKs with duplicate member names or use a JSON parser that 177 returns only the lexically last duplicate member name, as specified 178 in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. 180 Additional members can be present in the JWK. If not understood by 181 implementations encountering them, they MUST be ignored. Member 182 names used for representing key parameters for different keys types 183 need not be distinct. Any new member name should either be 184 registered in the IANA JSON Web Key Parameters registry defined in 185 Section 7.1 or be a value that contains a Collision-Resistant Name. 187 3.1. "kty" (Key Type) Parameter 189 The "kty" (key type) member identifies the cryptographic algorithm 190 family used with the key. "kty" values should either be registered in 191 the IANA JSON Web Key Types registry defined in [JWA] or be a value 192 that contains a Collision-Resistant Name. The "kty" value is a case- 193 sensitive string. This member MUST be present in a JWK. 195 A list of defined "kty" values can be found in the IANA JSON Web Key 196 Types registry defined in [JWA]; the initial contents of this 197 registry are the values defined in Section 6.1 of the JSON Web 198 Algorithms (JWA) [JWA] specification. 200 The key type definitions include specification of the members to be 201 used for those key types. Additional members used with "kty" values 202 can also be found in the IANA JSON Web Key Parameters registry 203 defined in Section 7.1. 205 3.2. "use" (Key Use) Parameter 207 The "use" (key use) member identifies the intended use of the key. 208 Values defined by this specification are: 210 o "sig" (signature or MAC) 212 o "enc" (encryption) 214 Other values MAY be used. Key Use values can be registered in the 215 IANA JSON Web Key Use registry defined in Section 7.2. The "use" 216 value is a case-sensitive string. A "use" member SHOULD be present, 217 unless the application uses another means or convention to determine 218 the intended key usage. 220 When a key is used to wrap another key and a key use designation for 221 the first key is desired, the "enc" (encryption) key use value SHOULD 222 be used, since key wrapping is a kind of encryption. (The "alg" 223 member can be used to specify the particular kind of encryption to be 224 performed, when desired.) 226 3.3. "use_details" (Key Use Details) Parameter 228 The "use_details" (key use details) member identifies the fine- 229 grained details of the intended use of the key. Its value is an 230 array of key use detail values. Values defined by this specification 231 are: 233 o "sign" (compute signature or MAC) 235 o "verify" (verify signature or MAC) 237 o "encrypt" (encrypt content) 239 o "decrypt" (decrypt content and validate decryption, if applicable) 241 o "wrap" (encrypt key) 243 o "unwrap" (decrypt key and validate decryption, if applicable) 245 o "deriveKey" (derive key) 247 o "deriveBits" (derive bits not to be used as a key) 249 Other values MAY be used. Key Use Detail values can be registered in 250 the IANA JSON Web Key Use Details registry defined in Section 7.3. 252 The use detail values are case-sensitive strings. Duplicate use 253 detail values MUST NOT be present in the array. 255 Use of the "use_details" member is OPTIONAL, unless the application 256 requires use this member to record fine-grained key usage details. 257 (Note that the "use_details" values intentionally match the 258 "KeyUsage" values defined in the Web Cryptography API [WebCrypto] 259 specification.) 261 Multiple unrelated uses SHOULD NOT be specified for a key because of 262 the potential vulnerabilities associated with using the same key with 263 multiple algorithms. Thus, the combinations "sign" with "verify", 264 "encrypt" with "decrypt", and "wrap" with "unwrap" are permitted, but 265 other combinations SHOULD NOT be used. 267 If both "use" and "use_details" JWK members are present, the usages 268 specified by them MUST be consistent. In particular, the "use" value 269 "sig" corresponds to "sign" and/or "verify". The "use" value "enc" 270 corresponds to all other values defined above. If "use_details" 271 values corresponding to both "sig" and "enc" "use" values are 272 present, the "use" member SHOULD NOT be present, and if present, its 273 value MUST NOT be either "sig" or "enc". 275 3.4. "alg" (Algorithm) Parameter 277 The "alg" (algorithm) member identifies the algorithm intended for 278 use with the key. The values used should either be registered in the 279 IANA JSON Web Signature and Encryption Algorithms registry defined in 280 [JWA] or be a value that contains a Collision-Resistant Name. Use of 281 this member is OPTIONAL. 283 3.5. "kid" (Key ID) Parameter 285 The "kid" (key ID) member can be used to match a specific key. This 286 can be used, for instance, to choose among a set of keys within a JWK 287 Set during key rollover. The structure of the "kid" value is 288 unspecified. When "kid" values are used within a JWK Set, different 289 keys within the JWK Set SHOULD use distinct "kid" values. (One 290 example in which different keys might use the same "kid" value is if 291 they have different "kty" (key type) values but are considered to be 292 equivalent alternatives by the application using them.) The "kid" 293 value is a case-sensitive string. Use of this member is OPTIONAL. 295 When used with JWS or JWE, the "kid" value is used to match a JWS or 296 JWE "kid" Header Parameter value. 298 3.6. "x5u" (X.509 URL) Parameter 300 The "x5u" (X.509 URL) member is a URI [RFC3986] that refers to a 301 resource for an X.509 public key certificate or certificate chain 302 [RFC5280]. The identified resource MUST provide a representation of 303 the certificate or certificate chain that conforms to RFC 5280 304 [RFC5280] in PEM encoded form [RFC1421]. The key in the first 305 certificate MUST match the public key represented by other members of 306 the JWK. The protocol used to acquire the resource MUST provide 307 integrity protection; an HTTP GET request to retrieve the certificate 308 MUST use TLS [RFC2818] [RFC5246]; the identity of the server MUST be 309 validated, as per Section 3.1 of HTTP Over TLS [RFC2818]. Use of 310 this member is OPTIONAL. 312 While there is no requirement that members other than those 313 representing the public key be populated when an "x5u" member is 314 present, doing so may improve interoperability for applications that 315 do not handle PKIX certificates. If other members are present, the 316 contents of those members MUST be semantically consistent with the 317 related fields in the first certificate. For instance, if the "use" 318 member is present, then it needs to allow for only a subset of the 319 usages that are permitted by the certificate. Similarly, if the 320 "alg" member is present, it should represent an algorithm that the 321 certificate allows. 323 3.7. "x5c" (X.509 Certificate Chain) Parameter 325 The "x5c" (X.509 Certificate Chain) member contains a chain of one or 326 more PKIX certificates [RFC5280]. The certificate chain is 327 represented as a JSON array of certificate value strings. Each 328 string in the array is a base64 encoded ([RFC4648] Section 4 -- not 329 base64url encoded) DER [ITU.X690.1994] PKIX certificate value. The 330 PKIX certificate containing the key value MUST be the first 331 certificate. This MAY be followed by additional certificates, with 332 each subsequent certificate being the one used to certify the 333 previous one. The key in the first certificate MUST match the public 334 key represented by other members of the JWK. Use of this member is 335 OPTIONAL. 337 As with the "x5u" member, members other than those representing the 338 public key may also be populated when an "x5c" member is present. If 339 other members are present, the contents of those members MUST be 340 semantically consistent with the related fields in the first 341 certificate. See the last paragraph of Section 3.6 for additional 342 guidance on this. 344 3.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter 346 The "x5t" (X.509 Certificate SHA-1 Thumbprint) member is a base64url 347 encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an 348 X.509 certificate [RFC5280]. The key in the certificate MUST match 349 the public key represented by other members of the JWK. Use of this 350 member is OPTIONAL. 352 If, in the future, certificate thumbprints need to be computed using 353 hash functions other than SHA-1, it is suggested that additional 354 related JWK parameters be defined for that purpose. For example, it 355 is suggested that a new "x5t#S256" (X.509 Certificate Thumbprint 356 using SHA-256) JWK parameter could be defined by registering it in 357 the IANA JSON Web Key Parameters registry defined in Section 7.1. 359 As with the "x5u" member, members other than those representing the 360 public key may also be populated when an "x5t" member is present. If 361 other members are present, the contents of those members MUST be 362 semantically consistent with the related fields in the referenced 363 certificate. See the last paragraph of Section 3.6 for additional 364 guidance on this. 366 4. JSON Web Key Set (JWK Set) Format 368 A JSON Web Key Set (JWK Set) is a JSON object representing a set of 369 JWKs. The JSON object MUST have a "keys" member, which is an array 370 of JWK objects. 372 The member names within a JWK Set MUST be unique; recipients MUST 373 either reject JWK Sets with duplicate member names or use a JSON 374 parser that returns only the lexically last duplicate member name, as 375 specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 376 [ECMAScript]. 378 Additional members can be present in the JWK Set. If not understood 379 by implementations encountering them, they MUST be ignored. 380 Parameters for representing additional properties of JWK Sets should 381 either be registered in the IANA JSON Web Key Set Parameters registry 382 defined in Section 7.4 or be a value that contains a Collision- 383 Resistant Name. 385 Implementations SHOULD ignore JWKs within a JWK Set that use "kty" 386 (key type) values that are not understood by them, are missing 387 required members, or for which values are out of the supported 388 ranges. 390 4.1. "keys" Parameter 392 The value of the "keys" member is an array of JWK values. By 393 default, the order of the JWK values within the array does not imply 394 an order of preference among them, although applications of JWK Sets 395 can choose to assign a meaning to the order for their purposes, if 396 desired. This member MUST be present in a JWK Set. 398 5. String Comparison Rules 400 The string comparison rules for this specification are the same as 401 those defined in Section 5.3 of [JWS]. 403 6. Encrypted JWK and Encrypted JWK Set Formats 405 JWKs containing non-public key material will need to be encrypted in 406 some contexts to prevent the disclosure of private or symmetric key 407 values to unintended parties. The use of an Encrypted JWK, which is 408 a JWE with the UTF-8 encoding of a JWK as its plaintext value, is 409 recommended for this purpose. The processing of Encrypted JWKs is 410 identical to the processing of other JWEs. A "cty" (content type) 411 Header Parameter value of "jwk+json" MUST be used to indicate that 412 the content of the JWE is a JWK, unless the application knows that 413 the encrypted content is a JWK by another means or convention. 415 JWK Sets containing non-public key material will similarly need to be 416 encrypted. The use of an Encrypted JWK Set, which is a JWE with the 417 UTF-8 encoding of a JWK Set as its plaintext value, is recommended 418 for this purpose. The processing of Encrypted JWK Sets is identical 419 to the processing of other JWEs. A "cty" (content type) Header 420 Parameter value of "jwk-set+json" MUST be used to indicate that the 421 content of the JWE is a JWK Set, unless the application knows that 422 the encrypted content is a JWK Set by another means or convention. 424 See Appendix C for an example encrypted JWK. 426 7. IANA Considerations 428 The following registration procedure is used for all the registries 429 established by this specification. 431 Values are registered with a Specification Required [RFC5226] after a 432 two-week review period on the [TBD]@ietf.org mailing list, on the 433 advice of one or more Designated Experts. However, to allow for the 434 allocation of values prior to publication, the Designated Expert(s) 435 may approve registration once they are satisfied that such a 436 specification will be published. 438 Registration requests must be sent to the [TBD]@ietf.org mailing list 439 for review and comment, with an appropriate subject (e.g., "Request 440 for access token type: example"). [[ Note to the RFC Editor: The name 441 of the mailing list should be determined in consultation with the 442 IESG and IANA. Suggested name: jose-reg-review. ]] 444 Within the review period, the Designated Expert(s) will either 445 approve or deny the registration request, communicating this decision 446 to the review list and IANA. Denials should include an explanation 447 and, if applicable, suggestions as to how to make the request 448 successful. Registration requests that are undetermined for a period 449 longer than 21 days can be brought to the IESG's attention (using the 450 iesg@iesg.org mailing list) for resolution. 452 Criteria that should be applied by the Designated Expert(s) includes 453 determining whether the proposed registration duplicates existing 454 functionality, determining whether it is likely to be of general 455 applicability or whether it is useful only for a single application, 456 and whether the registration makes sense. 458 IANA must only accept registry updates from the Designated Expert(s) 459 and should direct all requests for registration to the review mailing 460 list. 462 It is suggested that multiple Designated Experts be appointed who are 463 able to represent the perspectives of different applications using 464 this specification, in order to enable broadly-informed review of 465 registration decisions. In cases where a registration decision could 466 be perceived as creating a conflict of interest for a particular 467 Expert, that Expert should defer to the judgment of the other 468 Expert(s). 470 7.1. JSON Web Key Parameters Registry 472 This specification establishes the IANA JSON Web Key Parameters 473 registry for JWK parameter names. The registry records the parameter 474 name, the key type(s) that the parameter is used with, and a 475 reference to the specification that defines it. It also records 476 whether the parameter conveys public or private information. This 477 specification registers the parameter names defined in Section 3. 478 The same JWK parameter name may be registered multiple times, 479 provided that duplicate parameter registrations are only for key type 480 specific JWK parameters; in this case, the meaning of the duplicate 481 parameter name is disambiguated by the "kty" value of the JWK 482 containing it. 484 7.1.1. Registration Template 486 Parameter Name: 487 The name requested (e.g., "example"). Because a core goal of this 488 specification is for the resulting representations to be compact, 489 it is RECOMMENDED that the name be short -- not to exceed 8 490 characters without a compelling reason to do so. This name is 491 case-sensitive. Names may not match other registered names in a 492 case-insensitive manner unless the Designated Expert(s) state that 493 there is a compelling reason to allow an exception in this 494 particular case. However, matching names may be registered, 495 provided that the accompanying sets of "kty" values that the 496 Parameter Name is used with are disjoint; for the purposes of 497 matching "kty" values, "*" matches all values. 499 Parameter Description: 500 Brief description of the parameter (e.g., "Example description"). 502 Used with "kty" Value(s): 503 The key type parameter value(s) that the parameter name is to be 504 used with, or the value "*" if the parameter value is used with 505 all key types. Values may not match other registered "kty" values 506 in a case-insensitive manner when the registered Parameter Name is 507 the same (including when the Parameter Name matches in a case- 508 insensitive manner) unless the Designated Expert(s) state that 509 there is a compelling reason to allow an exception in this 510 particular case. 512 Parameter Information Class: 513 Registers whether the parameter conveys public or private 514 information. Its value must be one the words Public or Private. 516 Change Controller: 517 For Standards Track RFCs, state "IESG". For others, give the name 518 of the responsible party. Other details (e.g., postal address, 519 email address, home page URI) may also be included. 521 Specification Document(s): 522 Reference to the document(s) that specify the parameter, 523 preferably including URI(s) that can be used to retrieve copies of 524 the document(s). An indication of the relevant sections may also 525 be included but is not required. 527 7.1.2. Initial Registry Contents 529 o Parameter Name: "kty" 530 o Parameter Description: Key Type 531 o Used with "kty" Value(s): * 532 o Parameter Information Class: Public 533 o Change Controller: IESG 534 o Specification Document(s): Section 3.1 of [[ this document ]] 536 o Parameter Name: "use" 537 o Parameter Description: Key Use 538 o Used with "kty" Value(s): * 539 o Parameter Information Class: Public 540 o Change Controller: IESG 541 o Specification Document(s): Section 3.2 of [[ this document ]] 543 o Parameter Name: "use_details" 544 o Parameter Description: Key Use 545 o Used with "kty" Value(s): * 546 o Parameter Information Class: Public 547 o Change Controller: IESG 548 o Specification Document(s): Section 3.3 of [[ this document ]] 550 o Parameter Name: "alg" 551 o Parameter Description: Algorithm 552 o Used with "kty" Value(s): * 553 o Parameter Information Class: Public 554 o Change Controller: IESG 555 o Specification Document(s): Section 3.4 of [[ this document ]] 557 o Parameter Name: "kid" 558 o Parameter Description: Key ID 559 o Used with "kty" Value(s): * 560 o Parameter Information Class: Public 561 o Change Controller: IESG 562 o Specification Document(s): Section 3.5 of [[ this document ]] 564 o Parameter Name: "x5u" 565 o Parameter Description: X.509 URL 566 o Used with "kty" Value(s): * 567 o Parameter Information Class: Public 568 o Change Controller: IESG 569 o Specification Document(s): Section 3.6 of [[ this document ]] 571 o Parameter Name: "x5c" 572 o Parameter Description: X.509 Certificate Chain 573 o Used with "kty" Value(s): * 574 o Parameter Information Class: Public 575 o Change Controller: IESG 576 o Specification Document(s): Section 3.7 of [[ this document ]] 578 o Parameter Name: "x5t" 579 o Parameter Description: X.509 Certificate SHA-1 Thumbprint 580 o Used with "kty" Value(s): * 581 o Parameter Information Class: Public 582 o Change Controller: IESG 583 o Specification Document(s): Section 3.8 of [[ this document ]] 585 7.2. JSON Web Key Use Registry 587 This specification establishes the IANA JSON Web Key Use registry for 588 JWK "use" member values. The registry records the key use value and 589 a reference to the specification that defines it. This specification 590 registers the parameter names defined in Section 3.2. 592 7.2.1. Registration Template 594 Use Member Value: 595 The name requested (e.g., "example"). Because a core goal of this 596 specification is for the resulting representations to be compact, 597 it is RECOMMENDED that the name be short -- not to exceed 8 598 characters without a compelling reason to do so. This name is 599 case-sensitive. Names may not match other registered names in a 600 case-insensitive manner unless the Designated Expert(s) state that 601 there is a compelling reason to allow an exception in this 602 particular case. 604 Use Description: 605 Brief description of the use (e.g., "Example description"). 607 Change Controller: 608 For Standards Track RFCs, state "IESG". For others, give the name 609 of the responsible party. Other details (e.g., postal address, 610 email address, home page URI) may also be included. 612 Specification Document(s): 613 Reference to the document(s) that specify the parameter, 614 preferably including URI(s) that can be used to retrieve copies of 615 the document(s). An indication of the relevant sections may also 616 be included but is not required. 618 7.2.2. Initial Registry Contents 620 o Use Member Value: "sig" 621 o Use Description: Signature or MAC 622 o Change Controller: IESG 623 o Specification Document(s): Section 3.2 of [[ this document ]] 625 o Use Member Value: "enc" 626 o Use Description: Encryption 627 o Change Controller: IESG 628 o Specification Document(s): Section 3.2 of [[ this document ]] 630 7.3. JSON Web Key Use Details Registry 632 This specification establishes the IANA JSON Web Key Use Details 633 registry for values of JWK "use_details" array elements. The 634 registry records the key use detail value and a reference to the 635 specification that defines it. This specification registers the 636 parameter names defined in Section 3.3. 638 7.3.1. Registration Template 640 Use Detail Value: 641 The name requested (e.g., "example"). Because a core goal of this 642 specification is for the resulting representations to be compact, 643 it is RECOMMENDED that the name be short -- not to exceed 8 644 characters without a compelling reason to do so. This name is 645 case-sensitive. Names may not match other registered names in a 646 case-insensitive manner unless the Designated Expert(s) state that 647 there is a compelling reason to allow an exception in this 648 particular case. 650 Use Detail Description: 651 Brief description of the use detail (e.g., "Example description"). 653 Change Controller: 654 For Standards Track RFCs, state "IESG". For others, give the name 655 of the responsible party. Other details (e.g., postal address, 656 email address, home page URI) may also be included. 658 Specification Document(s): 659 Reference to the document(s) that specify the parameter, 660 preferably including URI(s) that can be used to retrieve copies of 661 the document(s). An indication of the relevant sections may also 662 be included but is not required. 664 7.3.2. Initial Registry Contents 666 o Use Detail Value: "sign" 667 o Use Detail Description: Compute signature or MAC 668 o Change Controller: IESG 669 o Specification Document(s): Section 3.3 of [[ this document ]] 671 o Use Detail Value: "verify" 672 o Use Detail Description: Verify signature or MAC 673 o Change Controller: IESG 674 o Specification Document(s): Section 3.3 of [[ this document ]] 676 o Use Detail Value: "encrypt" 677 o Use Detail Description: Encrypt content 678 o Change Controller: IESG 679 o Specification Document(s): Section 3.3 of [[ this document ]] 681 o Use Detail Value: "decrypt" 682 o Use Detail Description: Decrypt content and validate decryption, 683 if applicable 684 o Change Controller: IESG 685 o Specification Document(s): Section 3.3 of [[ this document ]] 687 o Use Detail Value: "wrap" 688 o Use Detail Description: Encrypt key 689 o Change Controller: IESG 690 o Specification Document(s): Section 3.3 of [[ this document ]] 692 o Use Detail Value: "unwrap" 693 o Use Detail Description: Decrypt key and validate decryption, if 694 applicable 695 o Change Controller: IESG 696 o Specification Document(s): Section 3.3 of [[ this document ]] 698 o Use Detail Value: "deriveKey" 699 o Use Detail Description: Derive key 700 o Change Controller: IESG 701 o Specification Document(s): Section 3.3 of [[ this document ]] 703 o Use Detail Value: "deriveBits" 704 o Use Detail Description: Derive bits not to be used as a key 705 o Change Controller: IESG 706 o Specification Document(s): Section 3.3 of [[ this document ]] 708 7.4. JSON Web Key Set Parameters Registry 710 This specification establishes the IANA JSON Web Key Set Parameters 711 registry for JWK Set parameter names. The registry records the 712 parameter name and a reference to the specification that defines it. 713 This specification registers the parameter names defined in 714 Section 4. 716 7.4.1. Registration Template 718 Parameter Name: 719 The name requested (e.g., "example"). Because a core goal of this 720 specification is for the resulting representations to be compact, 721 it is RECOMMENDED that the name be short -- not to exceed 8 722 characters without a compelling reason to do so. This name is 723 case-sensitive. Names may not match other registered names in a 724 case-insensitive manner unless the Designated Expert(s) state that 725 there is a compelling reason to allow an exception in this 726 particular case. 728 Parameter Description: 729 Brief description of the parameter (e.g., "Example description"). 731 Change Controller: 732 For Standards Track RFCs, state "IESG". For others, give the name 733 of the responsible party. Other details (e.g., postal address, 734 email address, home page URI) may also be included. 736 Specification Document(s): 737 Reference to the document(s) that specify the parameter, 738 preferably including URI(s) that can be used to retrieve copies of 739 the document(s). An indication of the relevant sections may also 740 be included but is not required. 742 7.4.2. Initial Registry Contents 744 o Parameter Name: "keys" 745 o Parameter Description: Array of JWK values 746 o Change Controller: IESG 747 o Specification Document(s): Section 4.1 of [[ this document ]] 749 7.5. Media Type Registration 751 7.5.1. Registry Contents 753 This specification registers the "application/jwk+json" and 754 "application/jwk-set+json" Media Types [RFC2046] in the MIME Media 755 Types registry [IANA.MediaTypes], which can be used to indicate, 756 respectively, that the content is a JWK or a JWK Set. 758 o Type Name: application 759 o Subtype Name: jwk+json 760 o Required Parameters: n/a 761 o Optional Parameters: n/a 762 o Encoding considerations: 8bit; application/jwk+json values are 763 represented as JSON object; UTF-8 encoding SHOULD be employed for 764 the JSON object. 765 o Security Considerations: See the Security Considerations section 766 of [[ this document ]] 767 o Interoperability Considerations: n/a 768 o Published Specification: [[ this document ]] 769 o Applications that use this media type: TBD 770 o Additional Information: Magic number(s): n/a, File extension(s): 771 n/a, Macintosh file type code(s): n/a 772 o Person & email address to contact for further information: Michael 773 B. Jones, mbj@microsoft.com 774 o Intended Usage: COMMON 775 o Restrictions on Usage: none 776 o Author: Michael B. Jones, mbj@microsoft.com 777 o Change Controller: IESG 779 o Type Name: application 780 o Subtype Name: jwk-set+json 781 o Required Parameters: n/a 782 o Optional Parameters: n/a 783 o Encoding considerations: 8bit; application/jwk-set+json values are 784 represented as a JSON Object; UTF-8 encoding SHOULD be employed 785 for the JSON object. 786 o Security Considerations: See the Security Considerations section 787 of [[ this document ]] 788 o Interoperability Considerations: n/a 789 o Published Specification: [[ this document ]] 790 o Applications that use this media type: TBD 791 o Additional Information: Magic number(s): n/a, File extension(s): 792 n/a, Macintosh file type code(s): n/a 793 o Person & email address to contact for further information: Michael 794 B. Jones, mbj@microsoft.com 795 o Intended Usage: COMMON 796 o Restrictions on Usage: none 797 o Author: Michael B. Jones, mbj@microsoft.com 798 o Change Controller: IESG 800 8. Security Considerations 802 All of the security issues faced by any cryptographic application 803 must be faced by a JWS/JWE/JWK agent. Among these issues are 804 protecting the user's private and symmetric keys, preventing various 805 attacks, and helping the user avoid mistakes such as inadvertently 806 encrypting a message for the wrong recipient. The entire list of 807 security considerations is beyond the scope of this document, but 808 some significant considerations are listed here. 810 One should place no more trust in the data associated with a key than 811 in than the method by which it was obtained and in the 812 trustworthiness of the entity asserting an association with the key. 813 Any data associated with a key that is obtained in an untrusted 814 manner should be treated with skepticism. 816 Private and symmetric keys MUST be protected from disclosure to 817 unintended parties. One recommended means of doing so is to encrypt 818 JWKs or JWK Sets containing them by using the JWK or JWK Set value as 819 the plaintext of a JWE. 821 The security considerations in RFC 3447 [RFC3447] and RFC 6030 822 [RFC6030] about protecting private and symmetric keys, key usage, and 823 information leakage also apply to this specification. 825 The security considerations in XML DSIG 2.0 826 [W3C.CR-xmldsig-core2-20120124], about key representations also apply 827 to this specification, other than those that are XML specific. 829 The TLS Requirements in [JWS] also apply to this specification. 831 9. References 833 9.1. Normative References 835 [ECMAScript] 836 Ecma International, "ECMAScript Language Specification, 837 5.1 Edition", ECMA 262, June 2011. 839 [IANA.MediaTypes] 840 Internet Assigned Numbers Authority (IANA), "MIME Media 841 Types", 2005. 843 [ITU.X690.1994] 844 International Telecommunications Union, "Information 845 Technology - ASN.1 encoding rules: Specification of Basic 846 Encoding Rules (BER), Canonical Encoding Rules (CER) and 847 Distinguished Encoding Rules (DER)", ITU-T Recommendation 848 X.690, 1994. 850 [JWA] Jones, M., "JSON Web Algorithms (JWA)", 851 draft-ietf-jose-json-web-algorithms (work in progress), 852 December 2013. 854 [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web 855 Encryption (JWE)", draft-ietf-jose-json-web-encryption 856 (work in progress), December 2013. 858 [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web 859 Signature (JWS)", draft-ietf-jose-json-web-signature (work 860 in progress), December 2013. 862 [RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic 863 Mail: Part I: Message Encryption and Authentication 864 Procedures", RFC 1421, February 1993. 866 [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 867 Extensions (MIME) Part Two: Media Types", RFC 2046, 868 November 1996. 870 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 871 Requirement Levels", BCP 14, RFC 2119, March 1997. 873 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 875 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 876 10646", STD 63, RFC 3629, November 2003. 878 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 879 Resource Identifier (URI): Generic Syntax", STD 66, 880 RFC 3986, January 2005. 882 [RFC4627] Crockford, D., "The application/json Media Type for 883 JavaScript Object Notation (JSON)", RFC 4627, July 2006. 885 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 886 Encodings", RFC 4648, October 2006. 888 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 889 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 890 May 2008. 892 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 893 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 895 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 896 Housley, R., and W. Polk, "Internet X.509 Public Key 897 Infrastructure Certificate and Certificate Revocation List 898 (CRL) Profile", RFC 5280, May 2008. 900 [USASCII] American National Standards Institute, "Coded Character 901 Set -- 7-bit American Standard Code for Information 902 Interchange", ANSI X3.4, 1986. 904 [W3C.CR-xmldsig-core2-20120124] 905 Cantor, S., Roessler, T., Eastlake, D., Yiu, K., Reagle, 906 J., Solo, D., Datta, P., and F. Hirsch, "XML Signature 907 Syntax and Processing Version 2.0", World Wide Web 908 Consortium CR CR-xmldsig-core2-20120124, January 2012, 909 . 911 9.2. Informative References 913 [MagicSignatures] 914 Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic 915 Signatures", January 2011. 917 [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography 918 Standards (PKCS) #1: RSA Cryptography Specifications 919 Version 2.1", RFC 3447, February 2003. 921 [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric 922 Key Container (PSKC)", RFC 6030, October 2010. 924 [WebCrypto] 925 Sleevi, R., "Web Cryptography API", World Wide Web 926 Consortium Draft, December 2013, . 929 Appendix A. Example JSON Web Key Sets 931 A.1. Example Public Keys 933 The following example JWK Set contains two public keys represented as 934 JWKs: one using an Elliptic Curve algorithm and a second one using an 935 RSA algorithm. The first specifies that the key is to be used for 936 encryption. The second specifies that the key is to be used with the 937 "RS256" algorithm. Both provide a Key ID for key matching purposes. 938 In both cases, integers are represented using the base64url encoding 939 of their big endian representations. (Long lines are broken are for 940 display purposes only.) 941 {"keys": 942 [ 943 {"kty":"EC", 944 "crv":"P-256", 945 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 946 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 947 "use":"enc", 948 "kid":"1"}, 950 {"kty":"RSA", 951 "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 952 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs 953 tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 954 QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI 955 SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb 956 w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 957 "e":"AQAB", 958 "alg":"RS256", 959 "kid":"2011-04-29"} 960 ] 961 } 963 A.2. Example Private Keys 965 The following example JWK Set contains two keys represented as JWKs 966 containing both public and private key values: one using an Elliptic 967 Curve algorithm and a second one using an RSA algorithm. This 968 example extends the example in the previous section, adding private 969 key values. (Line breaks are for display purposes only.) 970 {"keys": 971 [ 972 {"kty":"EC", 973 "crv":"P-256", 974 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 975 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 976 "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", 977 "use":"enc", 978 "kid":"1"}, 980 {"kty":"RSA", 981 "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4 982 cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMst 983 n64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2Q 984 vzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbIS 985 D08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw 986 0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 987 "e":"AQAB", 988 "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9 989 M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij 990 wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d 991 _cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz 992 nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz 993 me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", 994 "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV 995 nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV 996 WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", 997 "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum 998 qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx 999 kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", 1000 "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim 1001 YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu 1002 YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", 1003 "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU 1004 vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9 1005 GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", 1006 "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg 1007 UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx 1008 yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", 1009 "alg":"RS256", 1010 "kid":"2011-04-29"} 1011 ] 1012 } 1014 A.3. Example Symmetric Keys 1016 The following example JWK Set contains two symmetric keys represented 1017 as JWKs: one designated as being for use with the AES Key Wrap 1018 algorithm and a second one that is an HMAC key. (Line breaks are for 1019 display purposes only.) 1021 {"keys": 1022 [ 1023 {"kty":"oct", 1024 "alg":"A128KW", 1025 "k":"GawgguFyGrWKav7AX4VKUg"}, 1027 {"kty":"oct", 1028 "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75 1029 aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", 1030 "kid":"HMAC key used in JWS A.1 example"} 1031 ] 1032 } 1034 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter 1035 The following is an example of a JWK with a RSA signing key 1036 represented both as an RSA public key and as an X.509 certificate 1037 using the "x5c" parameter: 1039 {"kty":"RSA", 1040 "use":"sig", 1041 "kid":"1b94c", 1042 "n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08 1043 PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q 1044 u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a 1045 YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH 1046 MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv 1047 VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ", 1048 "e":"AQAB", 1049 "x5c": 1050 ["MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJB 1051 gNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYD 1052 VQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1 1053 wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBg 1054 NVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDV 1055 QQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1w 1056 YmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnH 1057 YMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66 1058 s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6 1059 SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpn 1060 fajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPq 1061 PvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVk 1062 aZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BA 1063 QUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL 1064 +9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1 1065 zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL 1066 2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo 1067 4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTq 1068 gawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA=="] 1069 } 1071 Appendix C. Example Encrypted RSA Private Key 1073 This example encrypts an RSA private key to the recipient using 1074 "PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for 1075 content encryption. 1077 NOTE: Unless otherwise indicated, all line breaks are included solely 1078 for readability. 1080 C.1. Plaintext RSA Private Key 1082 The following RSA key is the plaintext for the encryption operation, 1083 formatted as a JWK object: 1085 { 1086 "kty":"RSA", 1087 "kid":"juliet@capulet.lit", 1088 "use":"enc", 1089 "n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy 1090 O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP 1091 8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0 1092 Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X 1093 OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1 1094 _I8sLGuSiVdt3C_Fn2PZ3Z8i744FPFGGcG1qs2Wz-Q", 1095 "e":"AQAB", 1096 "d":"GRtbIQmhOZtyszfgKdg4u_N-R_mZGU_9k7JQ_jn1DnfTuMdSNprTeaSTyWfS 1097 NkuaAwnOEbIQVy1IQbWVV25NY3ybc_IhUJtfri7bAXYEReWaCl3hdlPKXy9U 1098 vqPYGR0kIXTQRqns-dVJ7jahlI7LyckrpTmrM8dWBo4_PMaenNnPiQgO0xnu 1099 ToxutRZJfJvG4Ox4ka3GORQd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu 1100 rY15k9qMSpG9OX_IJAXmxzAh_tWiZOwk2K4yxH9tS3Lq1yX8C1EWmeRDkK2a 1101 hecG85-oLKQt5VEpWHKmjOi_gJSdSgqcN96X52esAQ", 1102 "p":"2rnSOV4hKSN8sS4CgcQHFbs08XboFDqKum3sc4h3GRxrTmQdl1ZK9uw-PIHf 1103 QP0FkxXVrx-WE-ZEbrqivH_2iCLUS7wAl6XvARt1KkIaUxPPSYB9yk31s0Q8 1104 UK96E3_OrADAYtAJs-M3JxCLfNgqh56HDnETTQhH3rCT5T3yJws", 1105 "q":"1u_RiFDP7LBYh3N4GXLT9OpSKYP0uQZyiaZwBtOCBNJgQxaj10RWjsZu0c6I 1106 edis4S7B_coSKB0Kj9PaPaBzg-IySRvvcQuPamQu66riMhjVtG6TlV8CLCYK 1107 rYl52ziqK0E_ym2QnkwsUX7eYTB7LbAHRK9GqocDE5B0f808I4s", 1108 "dp":"KkMTWqBUefVwZ2_Dbj1pPQqyHSHjj90L5x_MOzqYAJMcLMZtbUtwKqvVDq3 1109 tbEo3ZIcohbDtt6SbfmWzggabpQxNxuBpoOOf_a_HgMXK_lhqigI4y_kqS1w 1110 Y52IwjUn5rgRrJ-yYo1h41KR-vz2pYhEAeYrhttWtxVqLCRViD6c", 1111 "dq":"AvfS0-gRxvn0bwJoMSnFxYcK1WnuEjQFluMGfwGitQBWtfZ1Er7t1xDkbN9 1112 GQTB9yqpDoYaN06H7CFtrkxhJIBQaj6nkF5KKS3TQtQ5qCzkOkmxIe3KRbBy 1113 mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu_lRFCOJ3xDea-ots", 1114 "qi":"lSQi-w9CpyUReMErP1RsBLk7wNtOvs5EQpPqmuMvqW57NBUczScEoPwmUqq 1115 abu9V0-Py4dQ57_bapoKRu1R90bvuFnU63SHWEFglZQvJDMeAvmj4sm-Fp0o 1116 Yu_neotgQ0hzbI5gry7ajdYy9-2lNx_76aBZoOUu9HCJ-UsfSOI8" 1117 } 1119 The octets representing the Plaintext are: 1121 [ 123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107, 1122 105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112, 1123 117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34, 1124 58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56, 1125 80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78, 1126 89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87, 1127 101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49, 1128 103, 80, 78, 113, 70, 77, 83, 81, 82, 121, 79, 49, 50, 53, 71, 112, 1129 45, 84, 69, 107, 111, 100, 104, 87, 114, 48, 105, 117, 106, 106, 72, 1130 86, 120, 55, 66, 99, 86, 48, 108, 108, 83, 52, 119, 53, 65, 67, 71, 1131 103, 80, 114, 99, 65, 100, 54, 90, 99, 83, 82, 48, 45, 73, 113, 111, 1132 109, 45, 81, 70, 99, 78, 80, 56, 83, 106, 103, 48, 56, 54, 77, 119, 1133 111, 113, 81, 85, 95, 76, 89, 121, 119, 108, 65, 71, 90, 50, 49, 87, 1134 83, 100, 83, 95, 80, 69, 82, 121, 71, 70, 105, 78, 110, 106, 51, 81, 1135 81, 108, 79, 56, 89, 110, 115, 53, 106, 67, 116, 76, 67, 82, 119, 76, 1136 72, 76, 48, 80, 98, 49, 102, 69, 118, 52, 53, 65, 117, 82, 73, 117, 1137 85, 102, 86, 99, 80, 121, 83, 66, 87, 89, 110, 68, 121, 71, 120, 118, 1138 106, 89, 71, 68, 83, 77, 45, 65, 113, 87, 83, 57, 122, 73, 81, 50, 1139 90, 105, 108, 103, 84, 45, 71, 113, 85, 109, 105, 112, 103, 48, 88, 1140 79, 67, 48, 67, 99, 50, 48, 114, 103, 76, 101, 50, 121, 109, 76, 72, 1141 106, 112, 72, 99, 105, 67, 75, 86, 65, 98, 89, 53, 45, 76, 51, 50, 1142 45, 108, 83, 101, 90, 79, 45, 79, 115, 54, 85, 49, 53, 95, 97, 88, 1143 114, 107, 57, 71, 119, 56, 99, 80, 85, 97, 88, 49, 95, 73, 56, 115, 1144 76, 71, 117, 83, 105, 86, 100, 116, 51, 67, 95, 70, 110, 50, 80, 90, 1145 51, 90, 56, 105, 55, 52, 52, 70, 80, 70, 71, 71, 99, 71, 49, 113, 1146 115, 50, 87, 122, 45, 81, 34, 44, 34, 101, 34, 58, 34, 65, 81, 65, 1147 66, 34, 44, 34, 100, 34, 58, 34, 71, 82, 116, 98, 73, 81, 109, 104, 1148 79, 90, 116, 121, 115, 122, 102, 103, 75, 100, 103, 52, 117, 95, 78, 1149 45, 82, 95, 109, 90, 71, 85, 95, 57, 107, 55, 74, 81, 95, 106, 110, 1150 49, 68, 110, 102, 84, 117, 77, 100, 83, 78, 112, 114, 84, 101, 97, 1151 83, 84, 121, 87, 102, 83, 78, 107, 117, 97, 65, 119, 110, 79, 69, 98, 1152 73, 81, 86, 121, 49, 73, 81, 98, 87, 86, 86, 50, 53, 78, 89, 51, 121, 1153 98, 99, 95, 73, 104, 85, 74, 116, 102, 114, 105, 55, 98, 65, 88, 89, 1154 69, 82, 101, 87, 97, 67, 108, 51, 104, 100, 108, 80, 75, 88, 121, 57, 1155 85, 118, 113, 80, 89, 71, 82, 48, 107, 73, 88, 84, 81, 82, 113, 110, 1156 115, 45, 100, 86, 74, 55, 106, 97, 104, 108, 73, 55, 76, 121, 99, 1157 107, 114, 112, 84, 109, 114, 77, 56, 100, 87, 66, 111, 52, 95, 80, 1158 77, 97, 101, 110, 78, 110, 80, 105, 81, 103, 79, 48, 120, 110, 117, 1159 84, 111, 120, 117, 116, 82, 90, 74, 102, 74, 118, 71, 52, 79, 120, 1160 52, 107, 97, 51, 71, 79, 82, 81, 100, 57, 67, 115, 67, 90, 50, 118, 1161 115, 85, 68, 109, 115, 88, 79, 102, 85, 69, 78, 79, 121, 77, 113, 65, 1162 68, 67, 54, 112, 49, 77, 51, 104, 51, 51, 116, 115, 117, 114, 89, 49, 1163 53, 107, 57, 113, 77, 83, 112, 71, 57, 79, 88, 95, 73, 74, 65, 88, 1164 109, 120, 122, 65, 104, 95, 116, 87, 105, 90, 79, 119, 107, 50, 75, 1165 52, 121, 120, 72, 57, 116, 83, 51, 76, 113, 49, 121, 88, 56, 67, 49, 1166 69, 87, 109, 101, 82, 68, 107, 75, 50, 97, 104, 101, 99, 71, 56, 53, 1167 45, 111, 76, 75, 81, 116, 53, 86, 69, 112, 87, 72, 75, 109, 106, 79, 1168 105, 95, 103, 74, 83, 100, 83, 103, 113, 99, 78, 57, 54, 88, 53, 50, 1169 101, 115, 65, 81, 34, 44, 34, 112, 34, 58, 34, 50, 114, 110, 83, 79, 1170 86, 52, 104, 75, 83, 78, 56, 115, 83, 52, 67, 103, 99, 81, 72, 70, 1171 98, 115, 48, 56, 88, 98, 111, 70, 68, 113, 75, 117, 109, 51, 115, 99, 1172 52, 104, 51, 71, 82, 120, 114, 84, 109, 81, 100, 108, 49, 90, 75, 57, 1173 117, 119, 45, 80, 73, 72, 102, 81, 80, 48, 70, 107, 120, 88, 86, 114, 1174 120, 45, 87, 69, 45, 90, 69, 98, 114, 113, 105, 118, 72, 95, 50, 105, 1175 67, 76, 85, 83, 55, 119, 65, 108, 54, 88, 118, 65, 82, 116, 49, 75, 1176 107, 73, 97, 85, 120, 80, 80, 83, 89, 66, 57, 121, 107, 51, 49, 115, 1177 48, 81, 56, 85, 75, 57, 54, 69, 51, 95, 79, 114, 65, 68, 65, 89, 116, 1178 65, 74, 115, 45, 77, 51, 74, 120, 67, 76, 102, 78, 103, 113, 104, 53, 1179 54, 72, 68, 110, 69, 84, 84, 81, 104, 72, 51, 114, 67, 84, 53, 84, 1180 51, 121, 74, 119, 115, 34, 44, 34, 113, 34, 58, 34, 49, 117, 95, 82, 1181 105, 70, 68, 80, 55, 76, 66, 89, 104, 51, 78, 52, 71, 88, 76, 84, 57, 1182 79, 112, 83, 75, 89, 80, 48, 117, 81, 90, 121, 105, 97, 90, 119, 66, 1183 116, 79, 67, 66, 78, 74, 103, 81, 120, 97, 106, 49, 48, 82, 87, 106, 1184 115, 90, 117, 48, 99, 54, 73, 101, 100, 105, 115, 52, 83, 55, 66, 95, 1185 99, 111, 83, 75, 66, 48, 75, 106, 57, 80, 97, 80, 97, 66, 122, 103, 1186 45, 73, 121, 83, 82, 118, 118, 99, 81, 117, 80, 97, 109, 81, 117, 54, 1187 54, 114, 105, 77, 104, 106, 86, 116, 71, 54, 84, 108, 86, 56, 67, 76, 1188 67, 89, 75, 114, 89, 108, 53, 50, 122, 105, 113, 75, 48, 69, 95, 121, 1189 109, 50, 81, 110, 107, 119, 115, 85, 88, 55, 101, 89, 84, 66, 55, 76, 1190 98, 65, 72, 82, 75, 57, 71, 113, 111, 99, 68, 69, 53, 66, 48, 102, 1191 56, 48, 56, 73, 52, 115, 34, 44, 34, 100, 112, 34, 58, 34, 75, 107, 1192 77, 84, 87, 113, 66, 85, 101, 102, 86, 119, 90, 50, 95, 68, 98, 106, 1193 49, 112, 80, 81, 113, 121, 72, 83, 72, 106, 106, 57, 48, 76, 53, 120, 1194 95, 77, 79, 122, 113, 89, 65, 74, 77, 99, 76, 77, 90, 116, 98, 85, 1195 116, 119, 75, 113, 118, 86, 68, 113, 51, 116, 98, 69, 111, 51, 90, 1196 73, 99, 111, 104, 98, 68, 116, 116, 54, 83, 98, 102, 109, 87, 122, 1197 103, 103, 97, 98, 112, 81, 120, 78, 120, 117, 66, 112, 111, 79, 79, 1198 102, 95, 97, 95, 72, 103, 77, 88, 75, 95, 108, 104, 113, 105, 103, 1199 73, 52, 121, 95, 107, 113, 83, 49, 119, 89, 53, 50, 73, 119, 106, 85, 1200 110, 53, 114, 103, 82, 114, 74, 45, 121, 89, 111, 49, 104, 52, 49, 1201 75, 82, 45, 118, 122, 50, 112, 89, 104, 69, 65, 101, 89, 114, 104, 1202 116, 116, 87, 116, 120, 86, 113, 76, 67, 82, 86, 105, 68, 54, 99, 34, 1203 44, 34, 100, 113, 34, 58, 34, 65, 118, 102, 83, 48, 45, 103, 82, 120, 1204 118, 110, 48, 98, 119, 74, 111, 77, 83, 110, 70, 120, 89, 99, 75, 49, 1205 87, 110, 117, 69, 106, 81, 70, 108, 117, 77, 71, 102, 119, 71, 105, 1206 116, 81, 66, 87, 116, 102, 90, 49, 69, 114, 55, 116, 49, 120, 68, 1207 107, 98, 78, 57, 71, 81, 84, 66, 57, 121, 113, 112, 68, 111, 89, 97, 1208 78, 48, 54, 72, 55, 67, 70, 116, 114, 107, 120, 104, 74, 73, 66, 81, 1209 97, 106, 54, 110, 107, 70, 53, 75, 75, 83, 51, 84, 81, 116, 81, 53, 1210 113, 67, 122, 107, 79, 107, 109, 120, 73, 101, 51, 75, 82, 98, 66, 1211 121, 109, 88, 120, 107, 98, 53, 113, 119, 85, 112, 88, 53, 69, 76, 1212 68, 53, 120, 70, 99, 54, 70, 101, 105, 97, 102, 87, 89, 89, 54, 51, 1213 84, 109, 109, 69, 65, 117, 95, 108, 82, 70, 67, 79, 74, 51, 120, 68, 1214 101, 97, 45, 111, 116, 115, 34, 44, 34, 113, 105, 34, 58, 34, 108, 1215 83, 81, 105, 45, 119, 57, 67, 112, 121, 85, 82, 101, 77, 69, 114, 80, 1216 49, 82, 115, 66, 76, 107, 55, 119, 78, 116, 79, 118, 115, 53, 69, 81, 1217 112, 80, 113, 109, 117, 77, 118, 113, 87, 53, 55, 78, 66, 85, 99, 1218 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, 1219 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, 1220 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, 1221 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, 1222 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, 1223 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, 1224 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, 1225 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, 1226 125 ] 1228 C.2. JWE Header 1230 The following example JWE Protected Header declares that: 1232 o the Content Encryption Key is encrypted to the recipient using the 1233 PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, 1235 o the Salt (p2s) is [ 217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 1236 155, 137, 174, 42, 80, 215 ], 1238 o the Iteration Count (p2c) is 4096, 1240 o the Plaintext is encrypted using the AES_128_CBC_HMAC_SHA_256 1241 algorithm to produce the Ciphertext, and 1243 o the content type is application/jwk+json. 1245 { 1246 "alg":"PBES2-HS256+A128KW", 1247 "p2s":"2WCTcJZ1Rvd_CJuJripQ1w", 1248 "p2c":4096, 1249 "enc":"A128CBC-HS256", 1250 "cty":"jwk+json" 1251 } 1253 Encoding this JWE Protected Header as BASE64URL(UTF8(JWE Protected 1254 Header)) gives this value: 1256 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1257 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1258 andrK2pzb24ifQ 1260 C.3. Content Encryption Key (CEK) 1262 Generate a 256 bit random Content Encryption Key (CEK). In this 1263 example, the value is: 1265 [ 111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 1266 112, 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 1267 48, 253, 182 ] 1269 C.4. Key Encryption 1271 Encrypt the CEK with a shared passphrase using the 1272 "PBES2-HS256+A128KW" algorithm and the specified Salt and Iteration 1273 Count values to produce the JWE Encrypted Key. This example uses the 1274 following passphrase: 1276 Thus from my lips, by yours, my sin is purged. 1278 The octets representing the passphrase are: 1280 [ 84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108, 1281 105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, 1282 109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103, 1283 101, 100, 46 ] 1285 The resulting JWE Encrypted Key value is: 1287 [ 201, 236, 143, 112, 12, 234, 200, 211, 33, 241, 255, 65, 112, 63, 1288 172, 146, 105, 107, 122, 0, 30, 21, 44, 21, 14, 61, 200, 57, 30, 253, 1289 228, 83, 218, 82, 138, 80, 121, 254, 193, 121 ] 1291 Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives 1292 this value: 1294 yeyPcAzqyNMh8f9BcD-skmlregAeFSwVDj3IOR795FPaUopQef7BeQ 1296 C.5. Initialization Vector 1298 Generate a random 128 bit JWE Initialization Vector. In this 1299 example, the value is: 1301 [ 97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149, 1302 156 ] 1304 Encoding this JWE Initialization Vector as BASE64URL(JWE 1305 Initialization Vector) gives this value: 1307 Ye9j1qs22DmRSAddIh-VnA 1309 C.6. Additional Authenticated Data 1311 Let the Additional Authenticated Data encryption parameter be 1312 ASCII(BASE64URL(UTF8(JWE Protected Header))). This value is: 1314 [ 123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, 1315 50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, 1316 58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, 1317 117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, 1318 52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, 1319 66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, 1320 106, 119, 107, 43, 106, 115, 111, 110, 34, 125 ] 1322 C.7. Content Encryption 1324 Encrypt the Plaintext with AES_128_CBC_HMAC_SHA_256 using the CEK as 1325 the encryption key, the JWE Initialization Vector, and the Additional 1326 Authenticated Data value above. The resulting Ciphertext is: 1328 [ 3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, 1329 131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, 1330 112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, 1331 157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, 1332 129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60, 1333 60, 47, 233, 132, 121, 13, 35, 188, 53, 19, 172, 77, 59, 54, 211, 1334 158, 172, 25, 60, 111, 0, 80, 201, 158, 160, 210, 68, 55, 12, 67, 1335 136, 130, 87, 216, 197, 95, 62, 20, 155, 205, 5, 140, 27, 168, 221, 1336 65, 114, 78, 157, 254, 46, 206, 182, 52, 135, 87, 239, 3, 34, 186, 1337 126, 220, 151, 17, 33, 237, 57, 96, 172, 183, 58, 45, 248, 103, 241, 1338 142, 136, 7, 53, 16, 173, 181, 7, 93, 92, 252, 1, 53, 212, 242, 8, 1339 255, 11, 239, 181, 24, 148, 136, 111, 24, 161, 244, 23, 106, 69, 157, 1340 215, 243, 189, 240, 166, 169, 249, 72, 38, 201, 99, 223, 173, 229, 9, 1341 222, 82, 79, 157, 176, 248, 85, 239, 121, 163, 1, 31, 48, 98, 206, 1342 61, 249, 104, 216, 201, 227, 105, 48, 194, 193, 10, 36, 160, 159, 1343 241, 166, 84, 54, 188, 211, 243, 242, 40, 46, 45, 193, 193, 160, 169, 1344 101, 201, 1, 73, 47, 105, 142, 88, 28, 42, 132, 26, 61, 58, 63, 142, 1345 243, 77, 26, 179, 153, 166, 46, 203, 208, 49, 55, 229, 34, 178, 4, 1346 109, 180, 204, 204, 115, 1, 103, 193, 5, 91, 215, 214, 195, 1, 110, 1347 208, 53, 144, 36, 105, 12, 54, 25, 129, 101, 15, 183, 150, 250, 147, 1348 115, 227, 58, 250, 5, 128, 232, 63, 15, 14, 19, 141, 124, 253, 142, 1349 137, 189, 135, 26, 44, 240, 27, 88, 132, 105, 127, 6, 71, 37, 41, 1350 124, 187, 165, 140, 34, 200, 123, 80, 228, 24, 231, 176, 132, 171, 1351 138, 145, 152, 116, 224, 50, 141, 51, 147, 91, 186, 7, 246, 106, 217, 1352 148, 244, 227, 244, 45, 220, 121, 165, 224, 148, 181, 17, 181, 128, 1353 197, 101, 237, 11, 169, 229, 149, 199, 78, 56, 15, 14, 190, 91, 216, 1354 222, 247, 213, 74, 40, 8, 96, 20, 168, 119, 96, 26, 24, 52, 37, 82, 1355 127, 57, 176, 147, 118, 59, 7, 224, 33, 117, 72, 155, 29, 82, 26, 1356 215, 189, 140, 119, 28, 152, 118, 93, 222, 194, 192, 148, 115, 83, 1357 253, 216, 212, 108, 88, 83, 175, 172, 220, 97, 79, 110, 42, 223, 170, 1358 161, 34, 164, 144, 193, 76, 122, 92, 160, 41, 178, 175, 6, 35, 96, 1359 113, 96, 158, 90, 129, 101, 26, 45, 70, 180, 189, 230, 15, 5, 247, 1360 150, 209, 94, 171, 26, 13, 142, 212, 129, 1, 176, 5, 0, 112, 203, 1361 174, 185, 119, 76, 233, 189, 54, 172, 189, 245, 223, 253, 205, 12, 1362 88, 9, 126, 157, 225, 90, 40, 229, 191, 63, 30, 160, 224, 69, 3, 140, 1363 109, 70, 89, 37, 213, 245, 194, 210, 180, 188, 63, 210, 139, 221, 2, 1364 144, 200, 20, 177, 216, 29, 227, 242, 106, 12, 135, 142, 139, 144, 1365 82, 225, 162, 171, 176, 108, 99, 6, 43, 193, 161, 116, 234, 216, 1, 1366 242, 21, 124, 162, 98, 205, 124, 193, 38, 12, 242, 90, 101, 76, 204, 1367 184, 124, 58, 180, 16, 240, 26, 76, 195, 250, 212, 191, 185, 191, 97, 1368 198, 186, 73, 225, 75, 14, 90, 123, 121, 172, 101, 50, 160, 221, 141, 1369 253, 205, 126, 77, 9, 87, 198, 110, 104, 182, 141, 120, 51, 25, 232, 1370 3, 32, 80, 6, 156, 8, 18, 4, 135, 221, 142, 25, 135, 2, 129, 132, 1371 115, 227, 74, 141, 28, 119, 11, 141, 117, 134, 198, 62, 150, 254, 97, 1372 75, 197, 251, 99, 89, 204, 224, 226, 67, 83, 175, 89, 0, 81, 29, 38, 1373 207, 89, 140, 255, 197, 177, 164, 128, 62, 116, 224, 180, 109, 169, 1374 28, 2, 59, 176, 130, 252, 44, 178, 81, 24, 181, 176, 75, 44, 61, 91, 1375 12, 37, 21, 255, 83, 130, 197, 16, 231, 60, 217, 56, 131, 118, 168, 1376 202, 58, 52, 84, 124, 162, 185, 174, 162, 226, 242, 112, 68, 246, 1377 202, 16, 208, 52, 154, 58, 129, 80, 102, 33, 171, 6, 186, 177, 14, 1378 195, 88, 136, 6, 0, 155, 28, 100, 162, 207, 162, 222, 117, 248, 170, 1379 208, 114, 87, 31, 57, 176, 33, 57, 83, 253, 12, 168, 110, 194, 59, 1380 22, 86, 48, 227, 196, 22, 176, 218, 122, 149, 21, 249, 195, 178, 174, 1381 250, 20, 34, 120, 60, 139, 201, 99, 40, 18, 177, 17, 54, 54, 6, 3, 1382 222, 128, 160, 88, 11, 27, 0, 81, 192, 36, 41, 169, 146, 8, 47, 64, 1383 136, 28, 64, 209, 67, 135, 202, 20, 234, 182, 91, 204, 146, 195, 187, 1384 0, 72, 77, 11, 111, 152, 204, 252, 177, 212, 89, 33, 50, 132, 184, 1385 44, 183, 186, 19, 250, 69, 176, 201, 102, 140, 14, 143, 212, 212, 1386 160, 123, 208, 185, 27, 155, 68, 77, 133, 198, 2, 126, 155, 215, 22, 1387 91, 30, 217, 176, 172, 244, 156, 174, 143, 75, 90, 21, 102, 1, 160, 1388 59, 253, 188, 88, 57, 185, 197, 83, 24, 22, 180, 174, 47, 207, 52, 1, 1389 141, 146, 119, 233, 68, 228, 224, 228, 193, 248, 155, 202, 90, 7, 1390 213, 88, 33, 108, 107, 14, 86, 8, 120, 250, 58, 142, 35, 164, 238, 1391 221, 219, 35, 123, 88, 199, 192, 143, 104, 83, 17, 166, 243, 247, 11, 1392 166, 67, 68, 204, 132, 23, 110, 103, 228, 14, 55, 122, 88, 57, 180, 1393 178, 237, 52, 130, 214, 245, 102, 123, 67, 73, 175, 1, 127, 112, 148, 1394 94, 132, 164, 197, 153, 217, 87, 25, 89, 93, 63, 22, 66, 166, 90, 1395 251, 101, 10, 145, 66, 17, 124, 36, 255, 165, 226, 97, 16, 86, 112, 1396 154, 88, 105, 253, 56, 209, 229, 122, 103, 51, 24, 228, 190, 3, 236, 1397 48, 182, 121, 176, 140, 128, 117, 87, 251, 224, 37, 23, 248, 21, 218, 1398 85, 251, 136, 84, 147, 143, 144, 46, 155, 183, 251, 89, 86, 23, 26, 1399 237, 100, 167, 32, 130, 173, 237, 89, 55, 110, 70, 142, 127, 65, 230, 1400 208, 109, 69, 19, 253, 84, 130, 130, 193, 92, 58, 108, 150, 42, 136, 1401 249, 234, 86, 241, 182, 19, 117, 246, 26, 181, 92, 101, 155, 44, 103, 1402 235, 173, 30, 140, 90, 29, 183, 190, 77, 53, 206, 127, 5, 87, 8, 187, 1403 184, 92, 4, 157, 22, 18, 105, 251, 39, 88, 182, 181, 103, 148, 233, 1404 6, 63, 70, 188, 7, 101, 216, 127, 77, 31, 12, 233, 7, 147, 106, 30, 1405 150, 77, 145, 13, 205, 48, 56, 245, 220, 89, 252, 127, 51, 180, 36, 1406 31, 55, 18, 214, 230, 254, 217, 197, 65, 247, 27, 215, 117, 247, 108, 1407 157, 121, 11, 63, 150, 195, 83, 6, 134, 242, 41, 24, 105, 204, 5, 63, 1408 192, 14, 159, 113, 72, 140, 128, 51, 215, 80, 215, 39, 149, 94, 79, 1409 128, 34, 5, 129, 82, 83, 121, 187, 37, 146, 27, 32, 177, 167, 71, 9, 1410 195, 30, 199, 196, 205, 252, 207, 69, 8, 120, 27, 190, 51, 43, 75, 1411 249, 234, 167, 116, 206, 203, 199, 43, 108, 87, 48, 155, 140, 228, 1412 210, 85, 25, 161, 96, 67, 8, 205, 64, 39, 75, 88, 44, 238, 227, 16, 1413 0, 100, 93, 129, 18, 4, 149, 50, 68, 72, 99, 35, 111, 254, 27, 102, 1414 175, 108, 233, 87, 181, 44, 169, 18, 139, 79, 208, 14, 202, 192, 5, 1415 162, 222, 231, 149, 24, 211, 49, 120, 101, 39, 206, 87, 147, 204, 1416 200, 251, 104, 115, 5, 127, 117, 195, 79, 151, 18, 224, 52, 0, 245, 1417 4, 85, 255, 103, 217, 0, 116, 198, 80, 91, 167, 192, 154, 199, 197, 1418 149, 237, 51, 2, 131, 30, 226, 95, 105, 48, 68, 135, 208, 144, 120, 1419 176, 145, 157, 8, 171, 80, 94, 61, 92, 92, 220, 157, 13, 138, 51, 23, 1420 185, 124, 31, 77, 1, 87, 241, 43, 239, 55, 122, 86, 210, 48, 208, 1421 204, 112, 144, 80, 147, 106, 219, 47, 253, 31, 134, 176, 16, 135, 1422 219, 95, 17, 129, 83, 236, 125, 136, 112, 86, 228, 252, 71, 129, 218, 1423 174, 156, 236, 12, 27, 159, 11, 138, 252, 253, 207, 31, 115, 214, 1424 118, 239, 203, 16, 211, 205, 99, 22, 51, 163, 107, 162, 246, 199, 67, 1425 127, 34, 108, 197, 53, 117, 58, 199, 3, 190, 74, 70, 190, 65, 235, 1426 175, 97, 157, 215, 252, 189, 245, 100, 229, 248, 46, 90, 126, 237, 4, 1427 159, 128, 58, 7, 156, 236, 69, 191, 85, 240, 179, 224, 249, 152, 49, 1428 195, 223, 60, 78, 186, 157, 155, 217, 58, 105, 116, 164, 217, 111, 1429 215, 150, 218, 252, 84, 86, 248, 140, 240, 226, 61, 106, 208, 95, 60, 1430 163, 6, 0, 235, 253, 162, 96, 62, 234, 251, 249, 35, 21, 7, 211, 233, 1431 86, 50, 33, 203, 67, 248, 60, 190, 123, 48, 167, 226, 90, 191, 71, 1432 56, 183, 165, 17, 85, 76, 238, 140, 211, 168, 53, 223, 194, 4, 97, 1433 149, 156, 120, 137, 76, 33, 229, 243, 194, 208, 198, 202, 139, 28, 1434 114, 46, 224, 92, 254, 83, 100, 134, 158, 92, 70, 78, 61, 62, 138, 1435 24, 173, 216, 66, 198, 70, 254, 47, 59, 193, 53, 6, 139, 19, 153, 1436 253, 28, 199, 122, 160, 27, 67, 234, 209, 227, 139, 4, 50, 7, 178, 1437 183, 89, 252, 32, 128, 137, 55, 52, 29, 89, 12, 111, 42, 181, 51, 1438 170, 132, 132, 207, 170, 228, 254, 178, 213, 0, 136, 175, 8 ] 1440 The resulting Authentication Tag value is: 1442 [ 125, 249, 143, 191, 240, 4, 204, 132, 62, 241, 113, 178, 91, 88, 1443 254, 19 ] 1445 Encoding this JWE Ciphertext as BASE64URL(JWE Ciphertext) gives this 1446 value: 1448 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1449 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1450 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1451 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1452 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1453 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1454 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1455 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1456 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1457 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1458 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1459 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1460 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1461 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1462 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1463 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1464 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1465 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1466 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1467 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1468 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1469 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1470 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1471 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1472 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1473 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1474 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1475 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1476 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1477 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1478 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1479 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1480 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1481 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg 1483 Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication 1484 Tag) gives this value: 1486 ffmPv_AEzIQ-8XGyW1j-Ew 1488 C.8. Complete Representation 1490 Assemble the final representation: The Compact Serialization of this 1491 result is the string BASE64URL(UTF8(JWE Protected Header)) || '.' || 1492 BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization 1493 Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE 1494 Authentication Tag). 1496 The final result in this example is: 1498 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1499 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1500 andrK2pzb24ifQ. 1501 yeyPcAzqyNMh8f9BcD-skmlregAeFSwVDj3IOR795FPaUopQef7BeQ. 1502 Ye9j1qs22DmRSAddIh-VnA. 1503 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1504 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1505 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1506 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1507 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1508 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1509 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1510 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1511 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1512 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1513 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1514 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1515 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1516 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1517 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1518 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1519 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1520 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1521 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1522 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1523 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1524 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1525 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1526 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1527 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1528 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1529 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1530 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1531 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1532 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1533 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1534 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1535 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1536 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg. 1537 ffmPv_AEzIQ-8XGyW1j-Ew 1539 Appendix D. Acknowledgements 1541 A JSON representation for RSA public keys was previously introduced 1542 by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures 1544 [MagicSignatures]. 1546 This specification is the work of the JOSE Working Group, which 1547 includes dozens of active and dedicated participants. In particular, 1548 the following individuals contributed ideas, feedback, and wording 1549 that influenced this specification: 1551 Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de 1552 Medeiros, Joe Hildebrand, Edmund Jay, Ben Laurie, James Manger, Matt 1553 Miller, Tony Nadalin, Axel Nennker, John Panzer, Eric Rescorla, Nat 1554 Sakimura, Jim Schaad, Paul Tarjan, Hannes Tschofenig, and Sean 1555 Turner. 1557 Jim Schaad and Karen O'Donoghue chaired the JOSE working group and 1558 Sean Turner and Stephen Farrell served as Security area directors 1559 during the creation of this specification. 1561 Appendix E. Document History 1563 [[ to be removed by the RFC Editor before publication as an RFC ]] 1565 -19 1567 o Added optional "use_details" (key use details) JWK member. 1569 o Reordered the key selection parameters. 1571 -18 1573 o Changes to address editorial and minor issues #68, #69, #73, #74, 1574 #76, #77, #78, #79, #82, #85, #89, and #135. 1576 o Added and used Description registry fields. 1578 -17 1580 o Refined the "typ" and "cty" definitions to always be MIME Media 1581 Types, with the omission of "application/" prefixes recommended 1582 for brevity, addressing issue #50. 1584 o Added an example encrypting an RSA private key with 1585 "PBES2-HS256+A128KW" and "A128CBC-HS256". Thanks to Matt Miller 1586 for producing this! 1588 o Processing rules occurring in both JWS and JWK are now referenced 1589 in JWS by JWK, rather than duplicated, addressing issue #57. 1591 o Terms used in multiple documents are now defined in one place and 1592 incorporated by reference. Some lightly used or obvious terms 1593 were also removed. This addresses issue #58. 1595 -16 1597 o Changes to address editorial and minor issues #41, #42, #43, #47, 1598 #51, #67, #71, #76, #80, #83, #84, #85, #86, #87, and #88. 1600 -15 1602 o Changes to address editorial issues #48, #64, #65, #66, and #91. 1604 -14 1606 o Relaxed language introducing key parameters since some parameters 1607 are applicable to multiple, but not all, key types. 1609 -13 1611 o Applied spelling and grammar corrections. 1613 -12 1615 o Stated that recipients MUST either reject JWKs and JWK Sets with 1616 duplicate member names or use a JSON parser that returns only the 1617 lexically last duplicate member name. 1619 -11 1621 o Stated that when "kid" values are used within a JWK Set, different 1622 keys within the JWK Set SHOULD use distinct "kid" values. 1624 o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate 1625 Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters. 1627 o Added section on Encrypted JWK and Encrypted JWK Set Formats. 1629 o Added a Parameter Information Class value to the JSON Web Key 1630 Parameters registry, which registers whether the parameter conveys 1631 public or private information. 1633 o Registered "application/jwk+json" and "application/jwk-set+json" 1634 MIME types and "JWK" and "JWK-SET" typ header parameter values, 1635 addressing issue #21. 1637 -10 1638 o No changes were made, other than to the version number and date. 1640 -09 1642 o Expanded the scope of the JWK specification to include private and 1643 symmetric key representations, as specified by 1644 draft-jones-jose-json-private-and-symmetric-key-00. 1646 o Defined that members that are not understood must be ignored. 1648 -08 1650 o Changed the name of the JWK key type parameter from "alg" to "kty" 1651 to enable use of "alg" to indicate the particular algorithm that 1652 the key is intended to be used with. 1654 o Clarified statements of the form "This member is OPTIONAL" to "Use 1655 of this member is OPTIONAL". 1657 o Referenced String Comparison Rules in JWS. 1659 o Added seriesInfo information to Internet Draft references. 1661 -07 1663 o Changed the name of the JWK RSA modulus parameter from "mod" to 1664 "n" and the name of the JWK RSA exponent parameter from "xpo" to 1665 "e", so that the identifiers are the same as those used in RFC 1666 3447. 1668 -06 1670 o Changed the name of the JWK RSA exponent parameter from "exp" to 1671 "xpo" so as to allow the potential use of the name "exp" for a 1672 future extension that might define an expiration parameter for 1673 keys. (The "exp" name is already used for this purpose in the JWT 1674 specification.) 1676 o Clarify that the "alg" (algorithm family) member is REQUIRED. 1678 o Correct an instance of "JWK" that should have been "JWK Set". 1680 o Applied changes made by the RFC Editor to RFC 6749's registry 1681 language to this specification. 1683 -05 1684 o Indented artwork elements to better distinguish them from the body 1685 text. 1687 -04 1689 o Refer to the registries as the primary sources of defined values 1690 and then secondarily reference the sections defining the initial 1691 contents of the registries. 1693 o Normatively reference XML DSIG 2.0 [W3C.CR-xmldsig-core2-20120124] 1694 for its security considerations. 1696 o Added this language to Registration Templates: "This name is case 1697 sensitive. Names that match other registered names in a case 1698 insensitive manner SHOULD NOT be accepted." 1700 o Described additional open issues. 1702 o Applied editorial suggestions. 1704 -03 1706 o Clarified that "kid" values need not be unique within a JWK Set. 1708 o Moved JSON Web Key Parameters registry to the JWK specification. 1710 o Added "Collision Resistant Namespace" to the terminology section. 1712 o Changed registration requirements from RFC Required to 1713 Specification Required with Expert Review. 1715 o Added Registration Template sections for defined registries. 1717 o Added Registry Contents sections to populate registry values. 1719 o Numerous editorial improvements. 1721 -02 1723 o Simplified JWK terminology to get replace the "JWK Key Object" and 1724 "JWK Container Object" terms with simply "JSON Web Key (JWK)" and 1725 "JSON Web Key Set (JWK Set)" and to eliminate potential confusion 1726 between single keys and sets of keys. As part of this change, the 1727 top-level member name for a set of keys was changed from "jwk" to 1728 "keys". 1730 o Clarified that values with duplicate member names MUST be 1731 rejected. 1733 o Established JSON Web Key Set Parameters registry. 1735 o Explicitly listed non-goals in the introduction. 1737 o Moved algorithm-specific definitions from JWK to JWA. 1739 o Reformatted to give each member definition its own section 1740 heading. 1742 -01 1744 o Corrected the Magic Signatures reference. 1746 -00 1748 o Created the initial IETF draft based upon 1749 draft-jones-json-web-key-03 with no normative changes. 1751 Author's Address 1753 Michael B. Jones 1754 Microsoft 1756 Email: mbj@microsoft.com 1757 URI: http://self-issued.info/