idnits 2.17.1 draft-ietf-jose-json-web-key-23.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 3, 2014) is 3706 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ECMAScript' -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.X690.1994' ** Downref: Normative reference to an Historic RFC: RFC 1421 ** Obsolete normative reference: RFC 2818 (Obsoleted by RFC 9110) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 7158 (Obsoleted by RFC 7159) -- Possible downref: Non-RFC (?) normative reference: ref. 'USASCII' -- Obsolete informational reference (is this intentional?): RFC 3447 (Obsoleted by RFC 8017) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 4 errors (**), 0 flaws (~~), 1 warning (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 JOSE Working Group M. Jones 3 Internet-Draft Microsoft 4 Intended status: Standards Track March 3, 2014 5 Expires: September 4, 2014 7 JSON Web Key (JWK) 8 draft-ietf-jose-json-web-key-23 10 Abstract 12 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data 13 structure that represents a cryptographic key. This specification 14 also defines a JSON Web Key Set (JWK Set) JSON data structure for 15 representing a set of JWKs. Cryptographic algorithms and identifiers 16 for use with this specification are described in the separate JSON 17 Web Algorithms (JWA) specification and IANA registries defined by 18 that specification. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on September 4, 2014. 37 Copyright Notice 39 Copyright (c) 2014 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 4 56 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 5 58 3.1. "kty" (Key Type) Parameter . . . . . . . . . . . . . . . . 5 59 3.2. "use" (Public Key Use) Parameter . . . . . . . . . . . . . 6 60 3.3. "key_ops" (Key Operations) Parameter . . . . . . . . . . . 6 61 3.4. "alg" (Algorithm) Parameter . . . . . . . . . . . . . . . 7 62 3.5. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 7 63 3.6. "x5u" (X.509 URL) Parameter . . . . . . . . . . . . . . . 8 64 3.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 8 65 3.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 9 66 4. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 9 67 4.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 10 68 5. String Comparison Rules . . . . . . . . . . . . . . . . . . . 10 69 6. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 10 70 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 71 7.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 11 72 7.1.1. Registration Template . . . . . . . . . . . . . . . . 12 73 7.1.2. Initial Registry Contents . . . . . . . . . . . . . . 13 74 7.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 14 75 7.2.1. Registration Template . . . . . . . . . . . . . . . . 14 76 7.2.2. Initial Registry Contents . . . . . . . . . . . . . . 15 77 7.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 15 78 7.3.1. Registration Template . . . . . . . . . . . . . . . . 15 79 7.3.2. Initial Registry Contents . . . . . . . . . . . . . . 16 80 7.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 16 81 7.4.1. Registration Template . . . . . . . . . . . . . . . . 17 82 7.4.2. Initial Registry Contents . . . . . . . . . . . . . . 17 83 7.5. Media Type Registration . . . . . . . . . . . . . . . . . 17 84 7.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 17 85 8. Security Considerations . . . . . . . . . . . . . . . . . . . 18 86 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19 87 9.1. Normative References . . . . . . . . . . . . . . . . . . . 19 88 9.2. Informative References . . . . . . . . . . . . . . . . . . 21 89 Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 21 90 A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 21 91 A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 22 92 A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 24 93 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) 94 Parameter . . . . . . . . . . . . . . . . . . . . . . 24 95 Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 25 96 C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 26 97 C.2. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . 29 98 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 29 99 C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 30 100 C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 30 101 C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 30 102 C.7. Additional Authenticated Data . . . . . . . . . . . . . . 31 103 C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 31 104 C.9. Complete Representation . . . . . . . . . . . . . . . . . 34 105 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 35 106 Appendix E. Document History . . . . . . . . . . . . . . . . . . 36 107 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 41 109 1. Introduction 111 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7158] 112 data structure that represents a cryptographic key. This 113 specification also defines a JSON Web Key Set (JWK Set) JSON data 114 structure for representing a set of JWKs. Cryptographic algorithms 115 and identifiers for use with this specification are described in the 116 separate JSON Web Algorithms (JWA) [JWA] specification and IANA 117 registries defined by that specification. 119 Goals for this specification do not include representing certificate 120 chains, representing certified keys, and replacing X.509 121 certificates. 123 JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and 124 JSON Web Encryption (JWE) [JWE] specifications. 126 Names defined by this specification are short because a core goal is 127 for the resulting representations to be compact. 129 1.1. Notational Conventions 131 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 132 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 133 "OPTIONAL" in this document are to be interpreted as described in Key 134 words for use in RFCs to Indicate Requirement Levels [RFC2119]. If 135 these words are used without being spelled in uppercase then they are 136 to be interpreted with their normal natural language meanings. 138 BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per 139 Section 2. 141 UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation 142 of STRING. 144 ASCII(STRING) denotes the octets of the ASCII [USASCII] 145 representation of STRING. 147 The concatenation of two values A and B is denoted as A || B. 149 2. Terminology 151 These terms defined by the JSON Web Signature (JWS) [JWS] 152 specification are incorporated into this specification: "Base64url 153 Encoding" and "Collision-Resistant Name". 155 These terms are defined for use by this specification: 157 JSON Web Key (JWK) 158 A JSON object that represents a cryptographic key. 160 JSON Web Key Set (JWK Set) 161 A JSON object that contains an array of JWKs as the value of its 162 "keys" member. 164 3. JSON Web Key (JWK) Format 166 A JSON Web Key (JWK) is a JSON object. The members of the object 167 represent properties of the key, including its value. This document 168 defines the key parameters that are not algorithm specific, and thus 169 common to many keys. 171 In addition to the common parameters, each JWK will have members that 172 are specific to the kind of key being represented. These members 173 represent the parameters of the key. Section 6 of the JSON Web 174 Algorithms (JWA) [JWA] specification defines multiple kinds of 175 cryptographic keys and their associated members. 177 The member names within a JWK MUST be unique; recipients MUST either 178 reject JWKs with duplicate member names or use a JSON parser that 179 returns only the lexically last duplicate member name, as specified 180 in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. 182 Additional members can be present in the JWK; if not understood by 183 implementations encountering them, they MUST be ignored. Member 184 names used for representing key parameters for different keys types 185 need not be distinct. Any new member name should either be 186 registered in the IANA JSON Web Key Parameters registry defined in 187 Section 7.1 or be a value that contains a Collision-Resistant Name. 189 3.1. "kty" (Key Type) Parameter 191 The "kty" (key type) member identifies the cryptographic algorithm 192 family used with the key. "kty" values should either be registered in 193 the IANA JSON Web Key Types registry defined in [JWA] or be a value 194 that contains a Collision-Resistant Name. The "kty" value is a case- 195 sensitive string. This member MUST be present in a JWK. 197 A list of defined "kty" values can be found in the IANA JSON Web Key 198 Types registry defined in [JWA]; the initial contents of this 199 registry are the values defined in Section 6.1 of the JSON Web 200 Algorithms (JWA) [JWA] specification. 202 The key type definitions include specification of the members to be 203 used for those key types. Additional members used with "kty" values 204 can also be found in the IANA JSON Web Key Parameters registry 205 defined in Section 7.1. 207 3.2. "use" (Public Key Use) Parameter 209 The "use" (public key use) member identifies the intended use of the 210 public key. The "use" parameter is intended for use cases in which 211 it is useful to distinguish between public signing keys and public 212 encryption keys. It is not intended for use cases in which private 213 or symmetric keys may also be present. 215 Values defined by this specification are: 217 o "sig" (signature) 219 o "enc" (encryption) 221 Other values MAY be used. Public Key Use values can be registered in 222 the IANA JSON Web Key Use registry defined in Section 7.2. The "use" 223 value is a case-sensitive string. Use of the "use" member is 224 OPTIONAL, unless the application requires its presence. 226 When a key is used to wrap another key and a key use designation for 227 the first key is desired, the "enc" (encryption) key use value SHOULD 228 be used, since key wrapping is a kind of encryption. The "enc" value 229 SHOULD also be used for public keys used for key agreement 230 operations. (The "alg" member can be used to specify the particular 231 cryptographic operation to be performed, when desired.) 233 3.3. "key_ops" (Key Operations) Parameter 235 The "key_ops" (key operations) member identifies the operations(s) 236 that the key is intended to be used for. The "key_ops" parameter is 237 intended for use cases in which public, private, or symmetric keys 238 may be present. 240 Its value is an array of key operation values. Values defined by 241 this specification are: 243 o "sign" (compute signature or MAC) 245 o "verify" (verify signature or MAC) 247 o "encrypt" (encrypt content) 249 o "decrypt" (decrypt content and validate decryption, if applicable) 250 o "wrapKey" (encrypt key) 252 o "unwrapKey" (decrypt key and validate decryption, if applicable) 254 o "deriveKey" (derive key) 256 o "deriveBits" (derive bits not to be used as a key) 258 (Note that the "key_ops" values intentionally match the "KeyUsage" 259 values defined in the Web Cryptography API [WebCrypto] 260 specification.) 262 Other values MAY be used. Key operation values can be registered in 263 the IANA JSON Web Key Operations registry defined in Section 7.3. 264 The key operation values are case-sensitive strings. Duplicate key 265 operation values MUST NOT be present in the array. 267 Use of the "key_ops" member is OPTIONAL, unless the application 268 requires its presence. 270 Multiple unrelated key operations SHOULD NOT be specified for a key 271 because of the potential vulnerabilities associated with using the 272 same key with multiple algorithms. Thus, the combinations "sign" 273 with "verify", "encrypt" with "decrypt", and "wrapKey" with 274 "unwrapKey" are permitted, but other combinations SHOULD NOT be used. 276 The "use" and "key_ops" JWK members SHOULD NOT be used together. 277 Applications should specify which of these members they use, if 278 either is to be used by the application. 280 3.4. "alg" (Algorithm) Parameter 282 The "alg" (algorithm) member identifies the algorithm intended for 283 use with the key. The values used should either be registered in the 284 IANA JSON Web Signature and Encryption Algorithms registry defined in 285 [JWA] or be a value that contains a Collision-Resistant Name. Use of 286 this member is OPTIONAL. 288 3.5. "kid" (Key ID) Parameter 290 The "kid" (key ID) member can be used to match a specific key. This 291 can be used, for instance, to choose among a set of keys within a JWK 292 Set during key rollover. The structure of the "kid" value is 293 unspecified. When "kid" values are used within a JWK Set, different 294 keys within the JWK Set SHOULD use distinct "kid" values. (One 295 example in which different keys might use the same "kid" value is if 296 they have different "kty" (key type) values but are considered to be 297 equivalent alternatives by the application using them.) The "kid" 298 value is a case-sensitive string. Use of this member is OPTIONAL. 300 When used with JWS or JWE, the "kid" value is used to match a JWS or 301 JWE "kid" Header Parameter value. 303 3.6. "x5u" (X.509 URL) Parameter 305 The "x5u" (X.509 URL) member is a URI [RFC3986] that refers to a 306 resource for an X.509 public key certificate or certificate chain 307 [RFC5280]. The identified resource MUST provide a representation of 308 the certificate or certificate chain that conforms to RFC 5280 309 [RFC5280] in PEM encoded form [RFC1421]. The key in the first 310 certificate MUST match the public key represented by other members of 311 the JWK. The protocol used to acquire the resource MUST provide 312 integrity protection; an HTTP GET request to retrieve the certificate 313 MUST use TLS [RFC2818] [RFC5246]; the identity of the server MUST be 314 validated, as per Section 3.1 of HTTP Over TLS [RFC2818]. Use of 315 this member is OPTIONAL. 317 While there is no requirement that members other than those 318 representing the public key be populated when an "x5u" member is 319 present, doing so may improve interoperability for applications that 320 do not handle PKIX certificates. If other members are present, the 321 contents of those members MUST be semantically consistent with the 322 related fields in the first certificate. For instance, if the "use" 323 member is present, then it needs to allow for only a subset of the 324 usages that are permitted by the certificate. Similarly, if the 325 "alg" member is present, it should represent an algorithm that the 326 certificate allows. 328 3.7. "x5c" (X.509 Certificate Chain) Parameter 330 The "x5c" (X.509 Certificate Chain) member contains a chain of one or 331 more PKIX certificates [RFC5280]. The certificate chain is 332 represented as a JSON array of certificate value strings. Each 333 string in the array is a base64 encoded ([RFC4648] Section 4 -- not 334 base64url encoded) DER [ITU.X690.1994] PKIX certificate value. The 335 PKIX certificate containing the key value MUST be the first 336 certificate. This MAY be followed by additional certificates, with 337 each subsequent certificate being the one used to certify the 338 previous one. The key in the first certificate MUST match the public 339 key represented by other members of the JWK. Use of this member is 340 OPTIONAL. 342 As with the "x5u" member, members other than those representing the 343 public key may also be populated when an "x5c" member is present. If 344 other members are present, the contents of those members MUST be 345 semantically consistent with the related fields in the first 346 certificate. See the last paragraph of Section 3.6 for additional 347 guidance on this. 349 3.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter 351 The "x5t" (X.509 Certificate SHA-1 Thumbprint) member is a base64url 352 encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an 353 X.509 certificate [RFC5280]. The key in the certificate MUST match 354 the public key represented by other members of the JWK. Use of this 355 member is OPTIONAL. 357 If, in the future, certificate thumbprints need to be computed using 358 hash functions other than SHA-1, it is suggested that additional 359 related JWK parameters be defined for that purpose. For example, it 360 is suggested that a new "x5t#S256" (X.509 Certificate Thumbprint 361 using SHA-256) JWK parameter could be defined by registering it in 362 the IANA JSON Web Key Parameters registry defined in Section 7.1. 364 As with the "x5u" member, members other than those representing the 365 public key may also be populated when an "x5t" member is present. If 366 other members are present, the contents of those members MUST be 367 semantically consistent with the related fields in the referenced 368 certificate. See the last paragraph of Section 3.6 for additional 369 guidance on this. 371 4. JSON Web Key Set (JWK Set) Format 373 A JSON Web Key Set (JWK Set) is a JSON object representing a set of 374 JWKs. The JSON object MUST have a "keys" member, which is an array 375 of JWK objects. 377 The member names within a JWK Set MUST be unique; recipients MUST 378 either reject JWK Sets with duplicate member names or use a JSON 379 parser that returns only the lexically last duplicate member name, as 380 specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 381 [ECMAScript]. 383 Additional members can be present in the JWK Set; if not understood 384 by implementations encountering them, they MUST be ignored. 385 Parameters for representing additional properties of JWK Sets should 386 either be registered in the IANA JSON Web Key Set Parameters registry 387 defined in Section 7.4 or be a value that contains a Collision- 388 Resistant Name. 390 Implementations SHOULD ignore JWKs within a JWK Set that use "kty" 391 (key type) values that are not understood by them, are missing 392 required members, or for which values are out of the supported 393 ranges. 395 4.1. "keys" Parameter 397 The value of the "keys" member is an array of JWK values. By 398 default, the order of the JWK values within the array does not imply 399 an order of preference among them, although applications of JWK Sets 400 can choose to assign a meaning to the order for their purposes, if 401 desired. This member MUST be present in a JWK Set. 403 5. String Comparison Rules 405 The string comparison rules for this specification are the same as 406 those defined in Section 5.3 of [JWS]. 408 6. Encrypted JWK and Encrypted JWK Set Formats 410 JWKs containing non-public key material will need to be encrypted in 411 some contexts to prevent the disclosure of private or symmetric key 412 values to unintended parties. The use of an Encrypted JWK, which is 413 a JWE with the UTF-8 encoding of a JWK as its plaintext value, is 414 recommended for this purpose. The processing of Encrypted JWKs is 415 identical to the processing of other JWEs. A "cty" (content type) 416 Header Parameter value of "jwk+json" MUST be used to indicate that 417 the content of the JWE is a JWK, unless the application knows that 418 the encrypted content is a JWK by another means or convention. 420 JWK Sets containing non-public key material will similarly need to be 421 encrypted. The use of an Encrypted JWK Set, which is a JWE with the 422 UTF-8 encoding of a JWK Set as its plaintext value, is recommended 423 for this purpose. The processing of Encrypted JWK Sets is identical 424 to the processing of other JWEs. A "cty" (content type) Header 425 Parameter value of "jwk-set+json" MUST be used to indicate that the 426 content of the JWE is a JWK Set, unless the application knows that 427 the encrypted content is a JWK Set by another means or convention. 429 See Appendix C for an example encrypted JWK. 431 7. IANA Considerations 433 The following registration procedure is used for all the registries 434 established by this specification. 436 Values are registered with a Specification Required [RFC5226] after a 437 two-week review period on the [TBD]@ietf.org mailing list, on the 438 advice of one or more Designated Experts. However, to allow for the 439 allocation of values prior to publication, the Designated Expert(s) 440 may approve registration once they are satisfied that such a 441 specification will be published. 443 Registration requests must be sent to the [TBD]@ietf.org mailing list 444 for review and comment, with an appropriate subject (e.g., "Request 445 for access token type: example"). [[ Note to the RFC Editor: The name 446 of the mailing list should be determined in consultation with the 447 IESG and IANA. Suggested name: jose-reg-review. ]] 449 Within the review period, the Designated Expert(s) will either 450 approve or deny the registration request, communicating this decision 451 to the review list and IANA. Denials should include an explanation 452 and, if applicable, suggestions as to how to make the request 453 successful. Registration requests that are undetermined for a period 454 longer than 21 days can be brought to the IESG's attention (using the 455 iesg@iesg.org mailing list) for resolution. 457 Criteria that should be applied by the Designated Expert(s) includes 458 determining whether the proposed registration duplicates existing 459 functionality, determining whether it is likely to be of general 460 applicability or whether it is useful only for a single application, 461 and whether the registration makes sense. 463 IANA must only accept registry updates from the Designated Expert(s) 464 and should direct all requests for registration to the review mailing 465 list. 467 It is suggested that multiple Designated Experts be appointed who are 468 able to represent the perspectives of different applications using 469 this specification, in order to enable broadly-informed review of 470 registration decisions. In cases where a registration decision could 471 be perceived as creating a conflict of interest for a particular 472 Expert, that Expert should defer to the judgment of the other 473 Expert(s). 475 7.1. JSON Web Key Parameters Registry 477 This specification establishes the IANA JSON Web Key Parameters 478 registry for JWK parameter names. The registry records the parameter 479 name, the key type(s) that the parameter is used with, and a 480 reference to the specification that defines it. It also records 481 whether the parameter conveys public or private information. This 482 specification registers the parameter names defined in Section 3. 483 The same JWK parameter name may be registered multiple times, 484 provided that duplicate parameter registrations are only for key type 485 specific JWK parameters; in this case, the meaning of the duplicate 486 parameter name is disambiguated by the "kty" value of the JWK 487 containing it. 489 7.1.1. Registration Template 491 Parameter Name: 492 The name requested (e.g., "example"). Because a core goal of this 493 specification is for the resulting representations to be compact, 494 it is RECOMMENDED that the name be short -- not to exceed 8 495 characters without a compelling reason to do so. This name is 496 case-sensitive. Names may not match other registered names in a 497 case-insensitive manner unless the Designated Expert(s) state that 498 there is a compelling reason to allow an exception in this 499 particular case. However, matching names may be registered, 500 provided that the accompanying sets of "kty" values that the 501 Parameter Name is used with are disjoint; for the purposes of 502 matching "kty" values, "*" matches all values. 504 Parameter Description: 505 Brief description of the parameter (e.g., "Example description"). 507 Used with "kty" Value(s): 508 The key type parameter value(s) that the parameter name is to be 509 used with, or the value "*" if the parameter value is used with 510 all key types. Values may not match other registered "kty" values 511 in a case-insensitive manner when the registered Parameter Name is 512 the same (including when the Parameter Name matches in a case- 513 insensitive manner) unless the Designated Expert(s) state that 514 there is a compelling reason to allow an exception in this 515 particular case. 517 Parameter Information Class: 518 Registers whether the parameter conveys public or private 519 information. Its value must be one the words Public or Private. 521 Change Controller: 522 For Standards Track RFCs, state "IESG". For others, give the name 523 of the responsible party. Other details (e.g., postal address, 524 email address, home page URI) may also be included. 526 Specification Document(s): 527 Reference to the document(s) that specify the parameter, 528 preferably including URI(s) that can be used to retrieve copies of 529 the document(s). An indication of the relevant sections may also 530 be included but is not required. 532 7.1.2. Initial Registry Contents 534 o Parameter Name: "kty" 535 o Parameter Description: Key Type 536 o Used with "kty" Value(s): * 537 o Parameter Information Class: Public 538 o Change Controller: IESG 539 o Specification Document(s): Section 3.1 of [[ this document ]] 541 o Parameter Name: "use" 542 o Parameter Description: Public Key Use 543 o Used with "kty" Value(s): * 544 o Parameter Information Class: Public 545 o Change Controller: IESG 546 o Specification Document(s): Section 3.2 of [[ this document ]] 548 o Parameter Name: "key_ops" 549 o Parameter Description: Key Operations 550 o Used with "kty" Value(s): * 551 o Parameter Information Class: Public 552 o Change Controller: IESG 553 o Specification Document(s): Section 3.3 of [[ this document ]] 555 o Parameter Name: "alg" 556 o Parameter Description: Algorithm 557 o Used with "kty" Value(s): * 558 o Parameter Information Class: Public 559 o Change Controller: IESG 560 o Specification Document(s): Section 3.4 of [[ this document ]] 562 o Parameter Name: "kid" 563 o Parameter Description: Key ID 564 o Used with "kty" Value(s): * 565 o Parameter Information Class: Public 566 o Change Controller: IESG 567 o Specification Document(s): Section 3.5 of [[ this document ]] 569 o Parameter Name: "x5u" 570 o Parameter Description: X.509 URL 571 o Used with "kty" Value(s): * 572 o Parameter Information Class: Public 573 o Change Controller: IESG 574 o Specification Document(s): Section 3.6 of [[ this document ]] 576 o Parameter Name: "x5c" 577 o Parameter Description: X.509 Certificate Chain 578 o Used with "kty" Value(s): * 579 o Parameter Information Class: Public 580 o Change Controller: IESG 581 o Specification Document(s): Section 3.7 of [[ this document ]] 583 o Parameter Name: "x5t" 584 o Parameter Description: X.509 Certificate SHA-1 Thumbprint 585 o Used with "kty" Value(s): * 586 o Parameter Information Class: Public 587 o Change Controller: IESG 588 o Specification Document(s): Section 3.8 of [[ this document ]] 590 7.2. JSON Web Key Use Registry 592 This specification establishes the IANA JSON Web Key Use registry for 593 JWK "use" (public key use) member values. The registry records the 594 public key use value and a reference to the specification that 595 defines it. This specification registers the parameter names defined 596 in Section 3.2. 598 7.2.1. Registration Template 600 Use Member Value: 601 The name requested (e.g., "example"). Because a core goal of this 602 specification is for the resulting representations to be compact, 603 it is RECOMMENDED that the name be short -- not to exceed 8 604 characters without a compelling reason to do so. This name is 605 case-sensitive. Names may not match other registered names in a 606 case-insensitive manner unless the Designated Expert(s) state that 607 there is a compelling reason to allow an exception in this 608 particular case. 610 Use Description: 611 Brief description of the use (e.g., "Example description"). 613 Change Controller: 614 For Standards Track RFCs, state "IESG". For others, give the name 615 of the responsible party. Other details (e.g., postal address, 616 email address, home page URI) may also be included. 618 Specification Document(s): 619 Reference to the document(s) that specify the parameter, 620 preferably including URI(s) that can be used to retrieve copies of 621 the document(s). An indication of the relevant sections may also 622 be included but is not required. 624 7.2.2. Initial Registry Contents 626 o Use Member Value: "sig" 627 o Use Description: Signature or MAC 628 o Change Controller: IESG 629 o Specification Document(s): Section 3.2 of [[ this document ]] 631 o Use Member Value: "enc" 632 o Use Description: Encryption 633 o Change Controller: IESG 634 o Specification Document(s): Section 3.2 of [[ this document ]] 636 7.3. JSON Web Key Operations Registry 638 This specification establishes the IANA JSON Web Key Operations 639 registry for values of JWK "key_ops" array elements. The registry 640 records the key operation value and a reference to the specification 641 that defines it. This specification registers the parameter names 642 defined in Section 3.3. 644 7.3.1. Registration Template 646 Key Operation Value: 647 The name requested (e.g., "example"). Because a core goal of this 648 specification is for the resulting representations to be compact, 649 it is RECOMMENDED that the name be short -- not to exceed 8 650 characters without a compelling reason to do so. This name is 651 case-sensitive. Names may not match other registered names in a 652 case-insensitive manner unless the Designated Expert(s) state that 653 there is a compelling reason to allow an exception in this 654 particular case. 656 Key Operation Description: 657 Brief description of the key operation (e.g., "Example 658 description"). 660 Change Controller: 661 For Standards Track RFCs, state "IESG". For others, give the name 662 of the responsible party. Other details (e.g., postal address, 663 email address, home page URI) may also be included. 665 Specification Document(s): 666 Reference to the document(s) that specify the parameter, 667 preferably including URI(s) that can be used to retrieve copies of 668 the document(s). An indication of the relevant sections may also 669 be included but is not required. 671 7.3.2. Initial Registry Contents 673 o Key Operation Value: "sign" 674 o Key Operation Description: Compute signature or MAC 675 o Change Controller: IESG 676 o Specification Document(s): Section 3.3 of [[ this document ]] 678 o Key Operation Value: "verify" 679 o Key Operation Description: Verify signature or MAC 680 o Change Controller: IESG 681 o Specification Document(s): Section 3.3 of [[ this document ]] 683 o Key Operation Value: "encrypt" 684 o Key Operation Description: Encrypt content 685 o Change Controller: IESG 686 o Specification Document(s): Section 3.3 of [[ this document ]] 688 o Key Operation Value: "decrypt" 689 o Key Operation Description: Decrypt content and validate 690 decryption, if applicable 691 o Change Controller: IESG 692 o Specification Document(s): Section 3.3 of [[ this document ]] 694 o Key Operation Value: "wrapKey" 695 o Key Operation Description: Encrypt key 696 o Change Controller: IESG 697 o Specification Document(s): Section 3.3 of [[ this document ]] 699 o Key Operation Value: "unwrapKey" 700 o Key Operation Description: Decrypt key and validate decryption, if 701 applicable 702 o Change Controller: IESG 703 o Specification Document(s): Section 3.3 of [[ this document ]] 705 o Key Operation Value: "deriveKey" 706 o Key Operation Description: Derive key 707 o Change Controller: IESG 708 o Specification Document(s): Section 3.3 of [[ this document ]] 710 o Key Operation Value: "deriveBits" 711 o Key Operation Description: Derive bits not to be used as a key 712 o Change Controller: IESG 713 o Specification Document(s): Section 3.3 of [[ this document ]] 715 7.4. JSON Web Key Set Parameters Registry 717 This specification establishes the IANA JSON Web Key Set Parameters 718 registry for JWK Set parameter names. The registry records the 719 parameter name and a reference to the specification that defines it. 720 This specification registers the parameter names defined in 721 Section 4. 723 7.4.1. Registration Template 725 Parameter Name: 726 The name requested (e.g., "example"). Because a core goal of this 727 specification is for the resulting representations to be compact, 728 it is RECOMMENDED that the name be short -- not to exceed 8 729 characters without a compelling reason to do so. This name is 730 case-sensitive. Names may not match other registered names in a 731 case-insensitive manner unless the Designated Expert(s) state that 732 there is a compelling reason to allow an exception in this 733 particular case. 735 Parameter Description: 736 Brief description of the parameter (e.g., "Example description"). 738 Change Controller: 739 For Standards Track RFCs, state "IESG". For others, give the name 740 of the responsible party. Other details (e.g., postal address, 741 email address, home page URI) may also be included. 743 Specification Document(s): 744 Reference to the document(s) that specify the parameter, 745 preferably including URI(s) that can be used to retrieve copies of 746 the document(s). An indication of the relevant sections may also 747 be included but is not required. 749 7.4.2. Initial Registry Contents 751 o Parameter Name: "keys" 752 o Parameter Description: Array of JWK values 753 o Change Controller: IESG 754 o Specification Document(s): Section 4.1 of [[ this document ]] 756 7.5. Media Type Registration 758 7.5.1. Registry Contents 760 This specification registers the "application/jwk+json" and 761 "application/jwk-set+json" Media Types [RFC2046] in the MIME Media 762 Types registry [IANA.MediaTypes], which can be used to indicate, 763 respectively, that the content is a JWK or a JWK Set. 765 o Type Name: application 766 o Subtype Name: jwk+json 767 o Required Parameters: n/a 768 o Optional Parameters: n/a 769 o Encoding considerations: 8bit; application/jwk+json values are 770 represented as JSON object; UTF-8 encoding SHOULD be employed for 771 the JSON object. 772 o Security Considerations: See the Security Considerations section 773 of [[ this document ]] 774 o Interoperability Considerations: n/a 775 o Published Specification: [[ this document ]] 776 o Applications that use this media type: TBD 777 o Additional Information: Magic number(s): n/a, File extension(s): 778 n/a, Macintosh file type code(s): n/a 779 o Person & email address to contact for further information: Michael 780 B. Jones, mbj@microsoft.com 781 o Intended Usage: COMMON 782 o Restrictions on Usage: none 783 o Author: Michael B. Jones, mbj@microsoft.com 784 o Change Controller: IESG 786 o Type Name: application 787 o Subtype Name: jwk-set+json 788 o Required Parameters: n/a 789 o Optional Parameters: n/a 790 o Encoding considerations: 8bit; application/jwk-set+json values are 791 represented as a JSON Object; UTF-8 encoding SHOULD be employed 792 for the JSON object. 793 o Security Considerations: See the Security Considerations section 794 of [[ this document ]] 795 o Interoperability Considerations: n/a 796 o Published Specification: [[ this document ]] 797 o Applications that use this media type: TBD 798 o Additional Information: Magic number(s): n/a, File extension(s): 799 n/a, Macintosh file type code(s): n/a 800 o Person & email address to contact for further information: Michael 801 B. Jones, mbj@microsoft.com 802 o Intended Usage: COMMON 803 o Restrictions on Usage: none 804 o Author: Michael B. Jones, mbj@microsoft.com 805 o Change Controller: IESG 807 8. Security Considerations 809 All of the security issues faced by any cryptographic application 810 must be faced by a JWS/JWE/JWK agent. Among these issues are 811 protecting the user's private and symmetric keys, preventing various 812 attacks, and helping the user avoid mistakes such as inadvertently 813 encrypting a message for the wrong recipient. The entire list of 814 security considerations is beyond the scope of this document, but 815 some significant considerations are listed here. 817 One should place no more trust in the data associated with a key than 818 in than the method by which it was obtained and in the 819 trustworthiness of the entity asserting an association with the key. 820 Any data associated with a key that is obtained in an untrusted 821 manner should be treated with skepticism. 823 Private and symmetric keys MUST be protected from disclosure to 824 unintended parties. One recommended means of doing so is to encrypt 825 JWKs or JWK Sets containing them by using the JWK or JWK Set value as 826 the plaintext of a JWE. 828 The security considerations in RFC 3447 [RFC3447] and RFC 6030 829 [RFC6030] about protecting private and symmetric keys, key usage, and 830 information leakage also apply to this specification. 832 The security considerations in XML DSIG 2.0 833 [W3C.CR-xmldsig-core2-20120124], about key representations also apply 834 to this specification, other than those that are XML specific. 836 The TLS Requirements in [JWS] also apply to this specification. 838 9. References 840 9.1. Normative References 842 [ECMAScript] 843 Ecma International, "ECMAScript Language Specification, 844 5.1 Edition", ECMA 262, June 2011. 846 [IANA.MediaTypes] 847 Internet Assigned Numbers Authority (IANA), "MIME Media 848 Types", 2005. 850 [ITU.X690.1994] 851 International Telecommunications Union, "Information 852 Technology - ASN.1 encoding rules: Specification of Basic 853 Encoding Rules (BER), Canonical Encoding Rules (CER) and 854 Distinguished Encoding Rules (DER)", ITU-T Recommendation 855 X.690, 1994. 857 [JWA] Jones, M., "JSON Web Algorithms (JWA)", 858 draft-ietf-jose-json-web-algorithms (work in progress), 859 March 2014. 861 [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web 862 Encryption (JWE)", draft-ietf-jose-json-web-encryption 863 (work in progress), March 2014. 865 [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web 866 Signature (JWS)", draft-ietf-jose-json-web-signature (work 867 in progress), March 2014. 869 [RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic 870 Mail: Part I: Message Encryption and Authentication 871 Procedures", RFC 1421, February 1993. 873 [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 874 Extensions (MIME) Part Two: Media Types", RFC 2046, 875 November 1996. 877 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 878 Requirement Levels", BCP 14, RFC 2119, March 1997. 880 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 882 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 883 10646", STD 63, RFC 3629, November 2003. 885 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 886 Resource Identifier (URI): Generic Syntax", STD 66, 887 RFC 3986, January 2005. 889 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 890 Encodings", RFC 4648, October 2006. 892 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 893 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 895 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 896 Housley, R., and W. Polk, "Internet X.509 Public Key 897 Infrastructure Certificate and Certificate Revocation List 898 (CRL) Profile", RFC 5280, May 2008. 900 [RFC7158] Bray, T., "The JavaScript Object Notation (JSON) Data 901 Interchange Format", RFC 7158, March 2014. 903 [USASCII] American National Standards Institute, "Coded Character 904 Set -- 7-bit American Standard Code for Information 905 Interchange", ANSI X3.4, 1986. 907 9.2. Informative References 909 [MagicSignatures] 910 Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic 911 Signatures", January 2011. 913 [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography 914 Standards (PKCS) #1: RSA Cryptography Specifications 915 Version 2.1", RFC 3447, February 2003. 917 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 918 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 919 May 2008. 921 [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric 922 Key Container (PSKC)", RFC 6030, October 2010. 924 [W3C.CR-xmldsig-core2-20120124] 925 Cantor, S., Roessler, T., Eastlake, D., Yiu, K., Reagle, 926 J., Solo, D., Datta, P., and F. Hirsch, "XML Signature 927 Syntax and Processing Version 2.0", World Wide Web 928 Consortium CR CR-xmldsig-core2-20120124, January 2012, 929 . 931 [WebCrypto] 932 Sleevi, R., "Web Cryptography API", World Wide Web 933 Consortium Draft, December 2013, . 936 Appendix A. Example JSON Web Key Sets 938 A.1. Example Public Keys 940 The following example JWK Set contains two public keys represented as 941 JWKs: one using an Elliptic Curve algorithm and a second one using an 942 RSA algorithm. The first specifies that the key is to be used for 943 encryption. The second specifies that the key is to be used with the 944 "RS256" algorithm. Both provide a Key ID for key matching purposes. 945 In both cases, integers are represented using the base64url encoding 946 of their big endian representations. (Long lines are broken are for 947 display purposes only.) 948 {"keys": 949 [ 950 {"kty":"EC", 951 "crv":"P-256", 952 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 953 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 954 "use":"enc", 955 "kid":"1"}, 957 {"kty":"RSA", 958 "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 959 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs 960 tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 961 QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI 962 SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb 963 w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 964 "e":"AQAB", 965 "alg":"RS256", 966 "kid":"2011-04-29"} 967 ] 968 } 970 A.2. Example Private Keys 972 The following example JWK Set contains two keys represented as JWKs 973 containing both public and private key values: one using an Elliptic 974 Curve algorithm and a second one using an RSA algorithm. This 975 example extends the example in the previous section, adding private 976 key values. (Line breaks are for display purposes only.) 977 {"keys": 978 [ 979 {"kty":"EC", 980 "crv":"P-256", 981 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 982 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 983 "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", 984 "use":"enc", 985 "kid":"1"}, 987 {"kty":"RSA", 988 "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4 989 cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMst 990 n64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2Q 991 vzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbIS 992 D08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw 993 0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 994 "e":"AQAB", 995 "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9 996 M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij 997 wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d 998 _cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz 999 nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz 1000 me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", 1001 "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV 1002 nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV 1003 WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", 1004 "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum 1005 qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx 1006 kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", 1007 "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim 1008 YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu 1009 YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", 1010 "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU 1011 vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9 1012 GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", 1013 "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg 1014 UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx 1015 yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", 1016 "alg":"RS256", 1017 "kid":"2011-04-29"} 1018 ] 1019 } 1021 A.3. Example Symmetric Keys 1023 The following example JWK Set contains two symmetric keys represented 1024 as JWKs: one designated as being for use with the AES Key Wrap 1025 algorithm and a second one that is an HMAC key. (Line breaks are for 1026 display purposes only.) 1028 {"keys": 1029 [ 1030 {"kty":"oct", 1031 "alg":"A128KW", 1032 "k":"GawgguFyGrWKav7AX4VKUg"}, 1034 {"kty":"oct", 1035 "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75 1036 aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", 1037 "kid":"HMAC key used in JWS A.1 example"} 1038 ] 1039 } 1041 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter 1042 The following is an example of a JWK with a RSA signing key 1043 represented both as an RSA public key and as an X.509 certificate 1044 using the "x5c" parameter: 1046 {"kty":"RSA", 1047 "use":"sig", 1048 "kid":"1b94c", 1049 "n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08 1050 PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q 1051 u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a 1052 YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH 1053 MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv 1054 VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ", 1055 "e":"AQAB", 1056 "x5c": 1057 ["MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJB 1058 gNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYD 1059 VQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1 1060 wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBg 1061 NVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDV 1062 QQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1w 1063 YmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnH 1064 YMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66 1065 s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6 1066 SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpn 1067 fajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPq 1068 PvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVk 1069 aZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BA 1070 QUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL 1071 +9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1 1072 zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL 1073 2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo 1074 4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTq 1075 gawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA=="] 1076 } 1078 Appendix C. Example Encrypted RSA Private Key 1080 This example encrypts an RSA private key to the recipient using 1081 "PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for 1082 content encryption. 1084 NOTE: Unless otherwise indicated, all line breaks are included solely 1085 for readability. 1087 C.1. Plaintext RSA Private Key 1089 The following RSA key is the plaintext for the encryption operation, 1090 formatted as a JWK object: 1092 { 1093 "kty":"RSA", 1094 "kid":"juliet@capulet.lit", 1095 "use":"enc", 1096 "n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy 1097 O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP 1098 8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0 1099 Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X 1100 OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1 1101 _I8sLGuSiVdt3C_Fn2PZ3Z8i744FPFGGcG1qs2Wz-Q", 1102 "e":"AQAB", 1103 "d":"GRtbIQmhOZtyszfgKdg4u_N-R_mZGU_9k7JQ_jn1DnfTuMdSNprTeaSTyWfS 1104 NkuaAwnOEbIQVy1IQbWVV25NY3ybc_IhUJtfri7bAXYEReWaCl3hdlPKXy9U 1105 vqPYGR0kIXTQRqns-dVJ7jahlI7LyckrpTmrM8dWBo4_PMaenNnPiQgO0xnu 1106 ToxutRZJfJvG4Ox4ka3GORQd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu 1107 rY15k9qMSpG9OX_IJAXmxzAh_tWiZOwk2K4yxH9tS3Lq1yX8C1EWmeRDkK2a 1108 hecG85-oLKQt5VEpWHKmjOi_gJSdSgqcN96X52esAQ", 1109 "p":"2rnSOV4hKSN8sS4CgcQHFbs08XboFDqKum3sc4h3GRxrTmQdl1ZK9uw-PIHf 1110 QP0FkxXVrx-WE-ZEbrqivH_2iCLUS7wAl6XvARt1KkIaUxPPSYB9yk31s0Q8 1111 UK96E3_OrADAYtAJs-M3JxCLfNgqh56HDnETTQhH3rCT5T3yJws", 1112 "q":"1u_RiFDP7LBYh3N4GXLT9OpSKYP0uQZyiaZwBtOCBNJgQxaj10RWjsZu0c6I 1113 edis4S7B_coSKB0Kj9PaPaBzg-IySRvvcQuPamQu66riMhjVtG6TlV8CLCYK 1114 rYl52ziqK0E_ym2QnkwsUX7eYTB7LbAHRK9GqocDE5B0f808I4s", 1115 "dp":"KkMTWqBUefVwZ2_Dbj1pPQqyHSHjj90L5x_MOzqYAJMcLMZtbUtwKqvVDq3 1116 tbEo3ZIcohbDtt6SbfmWzggabpQxNxuBpoOOf_a_HgMXK_lhqigI4y_kqS1w 1117 Y52IwjUn5rgRrJ-yYo1h41KR-vz2pYhEAeYrhttWtxVqLCRViD6c", 1118 "dq":"AvfS0-gRxvn0bwJoMSnFxYcK1WnuEjQFluMGfwGitQBWtfZ1Er7t1xDkbN9 1119 GQTB9yqpDoYaN06H7CFtrkxhJIBQaj6nkF5KKS3TQtQ5qCzkOkmxIe3KRbBy 1120 mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu_lRFCOJ3xDea-ots", 1121 "qi":"lSQi-w9CpyUReMErP1RsBLk7wNtOvs5EQpPqmuMvqW57NBUczScEoPwmUqq 1122 abu9V0-Py4dQ57_bapoKRu1R90bvuFnU63SHWEFglZQvJDMeAvmj4sm-Fp0o 1123 Yu_neotgQ0hzbI5gry7ajdYy9-2lNx_76aBZoOUu9HCJ-UsfSOI8" 1124 } 1126 The octets representing the Plaintext are: 1128 [ 123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107, 1129 105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112, 1130 117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34, 1131 58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56, 1132 80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78, 1133 89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87, 1134 101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49, 1135 103, 80, 78, 113, 70, 77, 83, 81, 82, 121, 79, 49, 50, 53, 71, 112, 1136 45, 84, 69, 107, 111, 100, 104, 87, 114, 48, 105, 117, 106, 106, 72, 1137 86, 120, 55, 66, 99, 86, 48, 108, 108, 83, 52, 119, 53, 65, 67, 71, 1138 103, 80, 114, 99, 65, 100, 54, 90, 99, 83, 82, 48, 45, 73, 113, 111, 1139 109, 45, 81, 70, 99, 78, 80, 56, 83, 106, 103, 48, 56, 54, 77, 119, 1140 111, 113, 81, 85, 95, 76, 89, 121, 119, 108, 65, 71, 90, 50, 49, 87, 1141 83, 100, 83, 95, 80, 69, 82, 121, 71, 70, 105, 78, 110, 106, 51, 81, 1142 81, 108, 79, 56, 89, 110, 115, 53, 106, 67, 116, 76, 67, 82, 119, 76, 1143 72, 76, 48, 80, 98, 49, 102, 69, 118, 52, 53, 65, 117, 82, 73, 117, 1144 85, 102, 86, 99, 80, 121, 83, 66, 87, 89, 110, 68, 121, 71, 120, 118, 1145 106, 89, 71, 68, 83, 77, 45, 65, 113, 87, 83, 57, 122, 73, 81, 50, 1146 90, 105, 108, 103, 84, 45, 71, 113, 85, 109, 105, 112, 103, 48, 88, 1147 79, 67, 48, 67, 99, 50, 48, 114, 103, 76, 101, 50, 121, 109, 76, 72, 1148 106, 112, 72, 99, 105, 67, 75, 86, 65, 98, 89, 53, 45, 76, 51, 50, 1149 45, 108, 83, 101, 90, 79, 45, 79, 115, 54, 85, 49, 53, 95, 97, 88, 1150 114, 107, 57, 71, 119, 56, 99, 80, 85, 97, 88, 49, 95, 73, 56, 115, 1151 76, 71, 117, 83, 105, 86, 100, 116, 51, 67, 95, 70, 110, 50, 80, 90, 1152 51, 90, 56, 105, 55, 52, 52, 70, 80, 70, 71, 71, 99, 71, 49, 113, 1153 115, 50, 87, 122, 45, 81, 34, 44, 34, 101, 34, 58, 34, 65, 81, 65, 1154 66, 34, 44, 34, 100, 34, 58, 34, 71, 82, 116, 98, 73, 81, 109, 104, 1155 79, 90, 116, 121, 115, 122, 102, 103, 75, 100, 103, 52, 117, 95, 78, 1156 45, 82, 95, 109, 90, 71, 85, 95, 57, 107, 55, 74, 81, 95, 106, 110, 1157 49, 68, 110, 102, 84, 117, 77, 100, 83, 78, 112, 114, 84, 101, 97, 1158 83, 84, 121, 87, 102, 83, 78, 107, 117, 97, 65, 119, 110, 79, 69, 98, 1159 73, 81, 86, 121, 49, 73, 81, 98, 87, 86, 86, 50, 53, 78, 89, 51, 121, 1160 98, 99, 95, 73, 104, 85, 74, 116, 102, 114, 105, 55, 98, 65, 88, 89, 1161 69, 82, 101, 87, 97, 67, 108, 51, 104, 100, 108, 80, 75, 88, 121, 57, 1162 85, 118, 113, 80, 89, 71, 82, 48, 107, 73, 88, 84, 81, 82, 113, 110, 1163 115, 45, 100, 86, 74, 55, 106, 97, 104, 108, 73, 55, 76, 121, 99, 1164 107, 114, 112, 84, 109, 114, 77, 56, 100, 87, 66, 111, 52, 95, 80, 1165 77, 97, 101, 110, 78, 110, 80, 105, 81, 103, 79, 48, 120, 110, 117, 1166 84, 111, 120, 117, 116, 82, 90, 74, 102, 74, 118, 71, 52, 79, 120, 1167 52, 107, 97, 51, 71, 79, 82, 81, 100, 57, 67, 115, 67, 90, 50, 118, 1168 115, 85, 68, 109, 115, 88, 79, 102, 85, 69, 78, 79, 121, 77, 113, 65, 1169 68, 67, 54, 112, 49, 77, 51, 104, 51, 51, 116, 115, 117, 114, 89, 49, 1170 53, 107, 57, 113, 77, 83, 112, 71, 57, 79, 88, 95, 73, 74, 65, 88, 1171 109, 120, 122, 65, 104, 95, 116, 87, 105, 90, 79, 119, 107, 50, 75, 1172 52, 121, 120, 72, 57, 116, 83, 51, 76, 113, 49, 121, 88, 56, 67, 49, 1173 69, 87, 109, 101, 82, 68, 107, 75, 50, 97, 104, 101, 99, 71, 56, 53, 1174 45, 111, 76, 75, 81, 116, 53, 86, 69, 112, 87, 72, 75, 109, 106, 79, 1175 105, 95, 103, 74, 83, 100, 83, 103, 113, 99, 78, 57, 54, 88, 53, 50, 1176 101, 115, 65, 81, 34, 44, 34, 112, 34, 58, 34, 50, 114, 110, 83, 79, 1177 86, 52, 104, 75, 83, 78, 56, 115, 83, 52, 67, 103, 99, 81, 72, 70, 1178 98, 115, 48, 56, 88, 98, 111, 70, 68, 113, 75, 117, 109, 51, 115, 99, 1179 52, 104, 51, 71, 82, 120, 114, 84, 109, 81, 100, 108, 49, 90, 75, 57, 1180 117, 119, 45, 80, 73, 72, 102, 81, 80, 48, 70, 107, 120, 88, 86, 114, 1181 120, 45, 87, 69, 45, 90, 69, 98, 114, 113, 105, 118, 72, 95, 50, 105, 1182 67, 76, 85, 83, 55, 119, 65, 108, 54, 88, 118, 65, 82, 116, 49, 75, 1183 107, 73, 97, 85, 120, 80, 80, 83, 89, 66, 57, 121, 107, 51, 49, 115, 1184 48, 81, 56, 85, 75, 57, 54, 69, 51, 95, 79, 114, 65, 68, 65, 89, 116, 1185 65, 74, 115, 45, 77, 51, 74, 120, 67, 76, 102, 78, 103, 113, 104, 53, 1186 54, 72, 68, 110, 69, 84, 84, 81, 104, 72, 51, 114, 67, 84, 53, 84, 1187 51, 121, 74, 119, 115, 34, 44, 34, 113, 34, 58, 34, 49, 117, 95, 82, 1188 105, 70, 68, 80, 55, 76, 66, 89, 104, 51, 78, 52, 71, 88, 76, 84, 57, 1189 79, 112, 83, 75, 89, 80, 48, 117, 81, 90, 121, 105, 97, 90, 119, 66, 1190 116, 79, 67, 66, 78, 74, 103, 81, 120, 97, 106, 49, 48, 82, 87, 106, 1191 115, 90, 117, 48, 99, 54, 73, 101, 100, 105, 115, 52, 83, 55, 66, 95, 1192 99, 111, 83, 75, 66, 48, 75, 106, 57, 80, 97, 80, 97, 66, 122, 103, 1193 45, 73, 121, 83, 82, 118, 118, 99, 81, 117, 80, 97, 109, 81, 117, 54, 1194 54, 114, 105, 77, 104, 106, 86, 116, 71, 54, 84, 108, 86, 56, 67, 76, 1195 67, 89, 75, 114, 89, 108, 53, 50, 122, 105, 113, 75, 48, 69, 95, 121, 1196 109, 50, 81, 110, 107, 119, 115, 85, 88, 55, 101, 89, 84, 66, 55, 76, 1197 98, 65, 72, 82, 75, 57, 71, 113, 111, 99, 68, 69, 53, 66, 48, 102, 1198 56, 48, 56, 73, 52, 115, 34, 44, 34, 100, 112, 34, 58, 34, 75, 107, 1199 77, 84, 87, 113, 66, 85, 101, 102, 86, 119, 90, 50, 95, 68, 98, 106, 1200 49, 112, 80, 81, 113, 121, 72, 83, 72, 106, 106, 57, 48, 76, 53, 120, 1201 95, 77, 79, 122, 113, 89, 65, 74, 77, 99, 76, 77, 90, 116, 98, 85, 1202 116, 119, 75, 113, 118, 86, 68, 113, 51, 116, 98, 69, 111, 51, 90, 1203 73, 99, 111, 104, 98, 68, 116, 116, 54, 83, 98, 102, 109, 87, 122, 1204 103, 103, 97, 98, 112, 81, 120, 78, 120, 117, 66, 112, 111, 79, 79, 1205 102, 95, 97, 95, 72, 103, 77, 88, 75, 95, 108, 104, 113, 105, 103, 1206 73, 52, 121, 95, 107, 113, 83, 49, 119, 89, 53, 50, 73, 119, 106, 85, 1207 110, 53, 114, 103, 82, 114, 74, 45, 121, 89, 111, 49, 104, 52, 49, 1208 75, 82, 45, 118, 122, 50, 112, 89, 104, 69, 65, 101, 89, 114, 104, 1209 116, 116, 87, 116, 120, 86, 113, 76, 67, 82, 86, 105, 68, 54, 99, 34, 1210 44, 34, 100, 113, 34, 58, 34, 65, 118, 102, 83, 48, 45, 103, 82, 120, 1211 118, 110, 48, 98, 119, 74, 111, 77, 83, 110, 70, 120, 89, 99, 75, 49, 1212 87, 110, 117, 69, 106, 81, 70, 108, 117, 77, 71, 102, 119, 71, 105, 1213 116, 81, 66, 87, 116, 102, 90, 49, 69, 114, 55, 116, 49, 120, 68, 1214 107, 98, 78, 57, 71, 81, 84, 66, 57, 121, 113, 112, 68, 111, 89, 97, 1215 78, 48, 54, 72, 55, 67, 70, 116, 114, 107, 120, 104, 74, 73, 66, 81, 1216 97, 106, 54, 110, 107, 70, 53, 75, 75, 83, 51, 84, 81, 116, 81, 53, 1217 113, 67, 122, 107, 79, 107, 109, 120, 73, 101, 51, 75, 82, 98, 66, 1218 121, 109, 88, 120, 107, 98, 53, 113, 119, 85, 112, 88, 53, 69, 76, 1219 68, 53, 120, 70, 99, 54, 70, 101, 105, 97, 102, 87, 89, 89, 54, 51, 1220 84, 109, 109, 69, 65, 117, 95, 108, 82, 70, 67, 79, 74, 51, 120, 68, 1221 101, 97, 45, 111, 116, 115, 34, 44, 34, 113, 105, 34, 58, 34, 108, 1222 83, 81, 105, 45, 119, 57, 67, 112, 121, 85, 82, 101, 77, 69, 114, 80, 1223 49, 82, 115, 66, 76, 107, 55, 119, 78, 116, 79, 118, 115, 53, 69, 81, 1224 112, 80, 113, 109, 117, 77, 118, 113, 87, 53, 55, 78, 66, 85, 99, 1225 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, 1226 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, 1227 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, 1228 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, 1229 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, 1230 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, 1231 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, 1232 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, 1233 125 ] 1235 C.2. JWE Header 1237 The following example JWE Protected Header declares that: 1239 o the Content Encryption Key is encrypted to the recipient using the 1240 PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, 1242 o the Salt Input ("p2s") value is [ 217, 96, 147, 112, 150, 117, 70, 1243 247, 127, 8, 155, 137, 174, 42, 80, 215 ], 1245 o the Iteration Count ("p2c") value is 4096, 1247 o the Plaintext is encrypted using the AES_128_CBC_HMAC_SHA_256 1248 algorithm to produce the Ciphertext, and 1250 o the content type is application/jwk+json. 1252 { 1253 "alg":"PBES2-HS256+A128KW", 1254 "p2s":"2WCTcJZ1Rvd_CJuJripQ1w", 1255 "p2c":4096, 1256 "enc":"A128CBC-HS256", 1257 "cty":"jwk+json" 1258 } 1260 Encoding this JWE Protected Header as BASE64URL(UTF8(JWE Protected 1261 Header)) gives this value: 1263 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1264 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1265 andrK2pzb24ifQ 1267 C.3. Content Encryption Key (CEK) 1269 Generate a 256 bit random Content Encryption Key (CEK). In this 1270 example, the value is: 1272 [ 111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 1273 112, 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 1274 48, 253, 182 ] 1276 C.4. Key Derivation 1278 Derive a key from a shared passphrase using the PBKDF2 algorithm with 1279 HMAC SHA-256 and the specified Salt and Iteration Count values and a 1280 128 bit requested output key size to produce the PBKDF2 Derived Key. 1281 This example uses the following passphrase: 1283 Thus from my lips, by yours, my sin is purged. 1285 The octets representing the passphrase are: 1287 [ 84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108, 1288 105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, 1289 109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103, 1290 101, 100, 46 ] 1292 The Salt value (UTF8(Alg) || 0x00 || Salt Input) is: 1294 [ 80, 66, 69, 83, 50, 45, 72, 83, 50, 53, 54, 43, 65, 49, 50, 56, 75, 1295 87, 0, 217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 155, 137, 174, 1296 42, 80, 215 ]. 1298 The resulting PBKDF2 Derived Key value is: 1300 [ 110, 171, 169, 92, 129, 92, 109, 117, 233, 242, 116, 233, 170, 14, 1301 24, 75 ] 1303 C.5. Key Encryption 1305 Encrypt the CEK with the "A128KW" algorithm using the PBKDF2 Derived 1306 Key. The resulting JWE Encrypted Key value is: 1308 [ 78, 186, 151, 59, 11, 141, 81, 240, 213, 245, 83, 211, 53, 188, 1309 134, 188, 66, 125, 36, 200, 222, 124, 5, 103, 249, 52, 117, 184, 140, 1310 81, 246, 158, 161, 177, 20, 33, 245, 57, 59, 4 ] 1312 Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives 1313 this value: 1315 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA 1317 C.6. Initialization Vector 1319 Generate a random 128 bit JWE Initialization Vector. In this 1320 example, the value is: 1322 [ 97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149, 1323 156 ] 1324 Encoding this JWE Initialization Vector as BASE64URL(JWE 1325 Initialization Vector) gives this value: 1327 Ye9j1qs22DmRSAddIh-VnA 1329 C.7. Additional Authenticated Data 1331 Let the Additional Authenticated Data encryption parameter be 1332 ASCII(BASE64URL(UTF8(JWE Protected Header))). This value is: 1334 [ 123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, 1335 50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, 1336 58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, 1337 117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, 1338 52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, 1339 66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, 1340 106, 119, 107, 43, 106, 115, 111, 110, 34, 125 ] 1342 C.8. Content Encryption 1344 Encrypt the Plaintext with AES_128_CBC_HMAC_SHA_256 using the CEK as 1345 the encryption key, the JWE Initialization Vector, and the Additional 1346 Authenticated Data value above. The resulting Ciphertext is: 1348 [ 3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, 1349 131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, 1350 112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, 1351 157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, 1352 129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60, 1353 60, 47, 233, 132, 121, 13, 35, 188, 53, 19, 172, 77, 59, 54, 211, 1354 158, 172, 25, 60, 111, 0, 80, 201, 158, 160, 210, 68, 55, 12, 67, 1355 136, 130, 87, 216, 197, 95, 62, 20, 155, 205, 5, 140, 27, 168, 221, 1356 65, 114, 78, 157, 254, 46, 206, 182, 52, 135, 87, 239, 3, 34, 186, 1357 126, 220, 151, 17, 33, 237, 57, 96, 172, 183, 58, 45, 248, 103, 241, 1358 142, 136, 7, 53, 16, 173, 181, 7, 93, 92, 252, 1, 53, 212, 242, 8, 1359 255, 11, 239, 181, 24, 148, 136, 111, 24, 161, 244, 23, 106, 69, 157, 1360 215, 243, 189, 240, 166, 169, 249, 72, 38, 201, 99, 223, 173, 229, 9, 1361 222, 82, 79, 157, 176, 248, 85, 239, 121, 163, 1, 31, 48, 98, 206, 1362 61, 249, 104, 216, 201, 227, 105, 48, 194, 193, 10, 36, 160, 159, 1363 241, 166, 84, 54, 188, 211, 243, 242, 40, 46, 45, 193, 193, 160, 169, 1364 101, 201, 1, 73, 47, 105, 142, 88, 28, 42, 132, 26, 61, 58, 63, 142, 1365 243, 77, 26, 179, 153, 166, 46, 203, 208, 49, 55, 229, 34, 178, 4, 1366 109, 180, 204, 204, 115, 1, 103, 193, 5, 91, 215, 214, 195, 1, 110, 1367 208, 53, 144, 36, 105, 12, 54, 25, 129, 101, 15, 183, 150, 250, 147, 1368 115, 227, 58, 250, 5, 128, 232, 63, 15, 14, 19, 141, 124, 253, 142, 1369 137, 189, 135, 26, 44, 240, 27, 88, 132, 105, 127, 6, 71, 37, 41, 1370 124, 187, 165, 140, 34, 200, 123, 80, 228, 24, 231, 176, 132, 171, 1371 138, 145, 152, 116, 224, 50, 141, 51, 147, 91, 186, 7, 246, 106, 217, 1372 148, 244, 227, 244, 45, 220, 121, 165, 224, 148, 181, 17, 181, 128, 1373 197, 101, 237, 11, 169, 229, 149, 199, 78, 56, 15, 14, 190, 91, 216, 1374 222, 247, 213, 74, 40, 8, 96, 20, 168, 119, 96, 26, 24, 52, 37, 82, 1375 127, 57, 176, 147, 118, 59, 7, 224, 33, 117, 72, 155, 29, 82, 26, 1376 215, 189, 140, 119, 28, 152, 118, 93, 222, 194, 192, 148, 115, 83, 1377 253, 216, 212, 108, 88, 83, 175, 172, 220, 97, 79, 110, 42, 223, 170, 1378 161, 34, 164, 144, 193, 76, 122, 92, 160, 41, 178, 175, 6, 35, 96, 1379 113, 96, 158, 90, 129, 101, 26, 45, 70, 180, 189, 230, 15, 5, 247, 1380 150, 209, 94, 171, 26, 13, 142, 212, 129, 1, 176, 5, 0, 112, 203, 1381 174, 185, 119, 76, 233, 189, 54, 172, 189, 245, 223, 253, 205, 12, 1382 88, 9, 126, 157, 225, 90, 40, 229, 191, 63, 30, 160, 224, 69, 3, 140, 1383 109, 70, 89, 37, 213, 245, 194, 210, 180, 188, 63, 210, 139, 221, 2, 1384 144, 200, 20, 177, 216, 29, 227, 242, 106, 12, 135, 142, 139, 144, 1385 82, 225, 162, 171, 176, 108, 99, 6, 43, 193, 161, 116, 234, 216, 1, 1386 242, 21, 124, 162, 98, 205, 124, 193, 38, 12, 242, 90, 101, 76, 204, 1387 184, 124, 58, 180, 16, 240, 26, 76, 195, 250, 212, 191, 185, 191, 97, 1388 198, 186, 73, 225, 75, 14, 90, 123, 121, 172, 101, 50, 160, 221, 141, 1389 253, 205, 126, 77, 9, 87, 198, 110, 104, 182, 141, 120, 51, 25, 232, 1390 3, 32, 80, 6, 156, 8, 18, 4, 135, 221, 142, 25, 135, 2, 129, 132, 1391 115, 227, 74, 141, 28, 119, 11, 141, 117, 134, 198, 62, 150, 254, 97, 1392 75, 197, 251, 99, 89, 204, 224, 226, 67, 83, 175, 89, 0, 81, 29, 38, 1393 207, 89, 140, 255, 197, 177, 164, 128, 62, 116, 224, 180, 109, 169, 1394 28, 2, 59, 176, 130, 252, 44, 178, 81, 24, 181, 176, 75, 44, 61, 91, 1395 12, 37, 21, 255, 83, 130, 197, 16, 231, 60, 217, 56, 131, 118, 168, 1396 202, 58, 52, 84, 124, 162, 185, 174, 162, 226, 242, 112, 68, 246, 1397 202, 16, 208, 52, 154, 58, 129, 80, 102, 33, 171, 6, 186, 177, 14, 1398 195, 88, 136, 6, 0, 155, 28, 100, 162, 207, 162, 222, 117, 248, 170, 1399 208, 114, 87, 31, 57, 176, 33, 57, 83, 253, 12, 168, 110, 194, 59, 1400 22, 86, 48, 227, 196, 22, 176, 218, 122, 149, 21, 249, 195, 178, 174, 1401 250, 20, 34, 120, 60, 139, 201, 99, 40, 18, 177, 17, 54, 54, 6, 3, 1402 222, 128, 160, 88, 11, 27, 0, 81, 192, 36, 41, 169, 146, 8, 47, 64, 1403 136, 28, 64, 209, 67, 135, 202, 20, 234, 182, 91, 204, 146, 195, 187, 1404 0, 72, 77, 11, 111, 152, 204, 252, 177, 212, 89, 33, 50, 132, 184, 1405 44, 183, 186, 19, 250, 69, 176, 201, 102, 140, 14, 143, 212, 212, 1406 160, 123, 208, 185, 27, 155, 68, 77, 133, 198, 2, 126, 155, 215, 22, 1407 91, 30, 217, 176, 172, 244, 156, 174, 143, 75, 90, 21, 102, 1, 160, 1408 59, 253, 188, 88, 57, 185, 197, 83, 24, 22, 180, 174, 47, 207, 52, 1, 1409 141, 146, 119, 233, 68, 228, 224, 228, 193, 248, 155, 202, 90, 7, 1410 213, 88, 33, 108, 107, 14, 86, 8, 120, 250, 58, 142, 35, 164, 238, 1411 221, 219, 35, 123, 88, 199, 192, 143, 104, 83, 17, 166, 243, 247, 11, 1412 166, 67, 68, 204, 132, 23, 110, 103, 228, 14, 55, 122, 88, 57, 180, 1413 178, 237, 52, 130, 214, 245, 102, 123, 67, 73, 175, 1, 127, 112, 148, 1414 94, 132, 164, 197, 153, 217, 87, 25, 89, 93, 63, 22, 66, 166, 90, 1415 251, 101, 10, 145, 66, 17, 124, 36, 255, 165, 226, 97, 16, 86, 112, 1416 154, 88, 105, 253, 56, 209, 229, 122, 103, 51, 24, 228, 190, 3, 236, 1417 48, 182, 121, 176, 140, 128, 117, 87, 251, 224, 37, 23, 248, 21, 218, 1418 85, 251, 136, 84, 147, 143, 144, 46, 155, 183, 251, 89, 86, 23, 26, 1419 237, 100, 167, 32, 130, 173, 237, 89, 55, 110, 70, 142, 127, 65, 230, 1420 208, 109, 69, 19, 253, 84, 130, 130, 193, 92, 58, 108, 150, 42, 136, 1421 249, 234, 86, 241, 182, 19, 117, 246, 26, 181, 92, 101, 155, 44, 103, 1422 235, 173, 30, 140, 90, 29, 183, 190, 77, 53, 206, 127, 5, 87, 8, 187, 1423 184, 92, 4, 157, 22, 18, 105, 251, 39, 88, 182, 181, 103, 148, 233, 1424 6, 63, 70, 188, 7, 101, 216, 127, 77, 31, 12, 233, 7, 147, 106, 30, 1425 150, 77, 145, 13, 205, 48, 56, 245, 220, 89, 252, 127, 51, 180, 36, 1426 31, 55, 18, 214, 230, 254, 217, 197, 65, 247, 27, 215, 117, 247, 108, 1427 157, 121, 11, 63, 150, 195, 83, 6, 134, 242, 41, 24, 105, 204, 5, 63, 1428 192, 14, 159, 113, 72, 140, 128, 51, 215, 80, 215, 39, 149, 94, 79, 1429 128, 34, 5, 129, 82, 83, 121, 187, 37, 146, 27, 32, 177, 167, 71, 9, 1430 195, 30, 199, 196, 205, 252, 207, 69, 8, 120, 27, 190, 51, 43, 75, 1431 249, 234, 167, 116, 206, 203, 199, 43, 108, 87, 48, 155, 140, 228, 1432 210, 85, 25, 161, 96, 67, 8, 205, 64, 39, 75, 88, 44, 238, 227, 16, 1433 0, 100, 93, 129, 18, 4, 149, 50, 68, 72, 99, 35, 111, 254, 27, 102, 1434 175, 108, 233, 87, 181, 44, 169, 18, 139, 79, 208, 14, 202, 192, 5, 1435 162, 222, 231, 149, 24, 211, 49, 120, 101, 39, 206, 87, 147, 204, 1436 200, 251, 104, 115, 5, 127, 117, 195, 79, 151, 18, 224, 52, 0, 245, 1437 4, 85, 255, 103, 217, 0, 116, 198, 80, 91, 167, 192, 154, 199, 197, 1438 149, 237, 51, 2, 131, 30, 226, 95, 105, 48, 68, 135, 208, 144, 120, 1439 176, 145, 157, 8, 171, 80, 94, 61, 92, 92, 220, 157, 13, 138, 51, 23, 1440 185, 124, 31, 77, 1, 87, 241, 43, 239, 55, 122, 86, 210, 48, 208, 1441 204, 112, 144, 80, 147, 106, 219, 47, 253, 31, 134, 176, 16, 135, 1442 219, 95, 17, 129, 83, 236, 125, 136, 112, 86, 228, 252, 71, 129, 218, 1443 174, 156, 236, 12, 27, 159, 11, 138, 252, 253, 207, 31, 115, 214, 1444 118, 239, 203, 16, 211, 205, 99, 22, 51, 163, 107, 162, 246, 199, 67, 1445 127, 34, 108, 197, 53, 117, 58, 199, 3, 190, 74, 70, 190, 65, 235, 1446 175, 97, 157, 215, 252, 189, 245, 100, 229, 248, 46, 90, 126, 237, 4, 1447 159, 128, 58, 7, 156, 236, 69, 191, 85, 240, 179, 224, 249, 152, 49, 1448 195, 223, 60, 78, 186, 157, 155, 217, 58, 105, 116, 164, 217, 111, 1449 215, 150, 218, 252, 84, 86, 248, 140, 240, 226, 61, 106, 208, 95, 60, 1450 163, 6, 0, 235, 253, 162, 96, 62, 234, 251, 249, 35, 21, 7, 211, 233, 1451 86, 50, 33, 203, 67, 248, 60, 190, 123, 48, 167, 226, 90, 191, 71, 1452 56, 183, 165, 17, 85, 76, 238, 140, 211, 168, 53, 223, 194, 4, 97, 1453 149, 156, 120, 137, 76, 33, 229, 243, 194, 208, 198, 202, 139, 28, 1454 114, 46, 224, 92, 254, 83, 100, 134, 158, 92, 70, 78, 61, 62, 138, 1455 24, 173, 216, 66, 198, 70, 254, 47, 59, 193, 53, 6, 139, 19, 153, 1456 253, 28, 199, 122, 160, 27, 67, 234, 209, 227, 139, 4, 50, 7, 178, 1457 183, 89, 252, 32, 128, 137, 55, 52, 29, 89, 12, 111, 42, 181, 51, 1458 170, 132, 132, 207, 170, 228, 254, 178, 213, 0, 136, 175, 8 ] 1460 The resulting Authentication Tag value is: 1462 [ 125, 249, 143, 191, 240, 4, 204, 132, 62, 241, 113, 178, 91, 88, 1463 254, 19 ] 1465 Encoding this JWE Ciphertext as BASE64URL(JWE Ciphertext) gives this 1466 value: 1468 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1469 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1470 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1471 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1472 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1473 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1474 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1475 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1476 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1477 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1478 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1479 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1480 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1481 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1482 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1483 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1484 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1485 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1486 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1487 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1488 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1489 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1490 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1491 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1492 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1493 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1494 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1495 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1496 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1497 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1498 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1499 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1500 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1501 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg 1503 Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication 1504 Tag) gives this value: 1506 ffmPv_AEzIQ-8XGyW1j-Ew 1508 C.9. Complete Representation 1510 Assemble the final representation: The Compact Serialization of this 1511 result is the string BASE64URL(UTF8(JWE Protected Header)) || '.' || 1512 BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization 1513 Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE 1514 Authentication Tag). 1516 The final result in this example is: 1518 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1519 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1520 andrK2pzb24ifQ. 1521 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA. 1522 Ye9j1qs22DmRSAddIh-VnA. 1523 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1524 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1525 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1526 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1527 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1528 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1529 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1530 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1531 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1532 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1533 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1534 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1535 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1536 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1537 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1538 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1539 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1540 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1541 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1542 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1543 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1544 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1545 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1546 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1547 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1548 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1549 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1550 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1551 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1552 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1553 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1554 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1555 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1556 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg. 1557 ffmPv_AEzIQ-8XGyW1j-Ew 1559 Appendix D. Acknowledgements 1561 A JSON representation for RSA public keys was previously introduced 1562 by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures 1564 [MagicSignatures]. 1566 This specification is the work of the JOSE Working Group, which 1567 includes dozens of active and dedicated participants. In particular, 1568 the following individuals contributed ideas, feedback, and wording 1569 that influenced this specification: 1571 Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de 1572 Medeiros, Joe Hildebrand, Edmund Jay, Ben Laurie, James Manger, Matt 1573 Miller, Tony Nadalin, Axel Nennker, John Panzer, Eric Rescorla, Nat 1574 Sakimura, Jim Schaad, Paul Tarjan, Hannes Tschofenig, and Sean 1575 Turner. 1577 Jim Schaad and Karen O'Donoghue chaired the JOSE working group and 1578 Sean Turner and Stephen Farrell served as Security area directors 1579 during the creation of this specification. 1581 Appendix E. Document History 1583 [[ to be removed by the RFC Editor before publication as an RFC ]] 1585 -23 1587 o No changes were made, other than to the version number and date. 1589 -22 1591 o Corrected RFC 2119 terminology usage. 1593 o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158. 1595 -21 1597 o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey" 1598 and "unwrapKey" to match the "KeyUsage" values defined in the 1599 current Web Cryptography API [WebCrypto] editor's draft. 1601 o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt 1602 Input), where the "p2s" Header Parameter encodes the Salt Input 1603 value and Alg is the "alg" Header Parameter value. 1605 o Changed some references from being normative to informative, 1606 addressing issue #90. 1608 -20 1609 o Renamed "use_details" to "key_ops" (key operations). 1611 o Clarified that "use" is meant for public key use cases, "key_ops" 1612 is meant for use cases in which public, private, or symmetric keys 1613 may be present, and that "use" and "key_ops" should not be used 1614 together. 1616 o Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis, 1617 addressing issue #90. 1619 -19 1621 o Added optional "use_details" (key use details) JWK member. 1623 o Reordered the key selection parameters. 1625 -18 1627 o Changes to address editorial and minor issues #68, #69, #73, #74, 1628 #76, #77, #78, #79, #82, #85, #89, and #135. 1630 o Added and used Description registry fields. 1632 -17 1634 o Refined the "typ" and "cty" definitions to always be MIME Media 1635 Types, with the omission of "application/" prefixes recommended 1636 for brevity, addressing issue #50. 1638 o Added an example encrypting an RSA private key with 1639 "PBES2-HS256+A128KW" and "A128CBC-HS256". Thanks to Matt Miller 1640 for producing this! 1642 o Processing rules occurring in both JWS and JWK are now referenced 1643 in JWS by JWK, rather than duplicated, addressing issue #57. 1645 o Terms used in multiple documents are now defined in one place and 1646 incorporated by reference. Some lightly used or obvious terms 1647 were also removed. This addresses issue #58. 1649 -16 1651 o Changes to address editorial and minor issues #41, #42, #43, #47, 1652 #51, #67, #71, #76, #80, #83, #84, #85, #86, #87, and #88. 1654 -15 1655 o Changes to address editorial issues #48, #64, #65, #66, and #91. 1657 -14 1659 o Relaxed language introducing key parameters since some parameters 1660 are applicable to multiple, but not all, key types. 1662 -13 1664 o Applied spelling and grammar corrections. 1666 -12 1668 o Stated that recipients MUST either reject JWKs and JWK Sets with 1669 duplicate member names or use a JSON parser that returns only the 1670 lexically last duplicate member name. 1672 -11 1674 o Stated that when "kid" values are used within a JWK Set, different 1675 keys within the JWK Set SHOULD use distinct "kid" values. 1677 o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate 1678 Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters. 1680 o Added section on Encrypted JWK and Encrypted JWK Set Formats. 1682 o Added a Parameter Information Class value to the JSON Web Key 1683 Parameters registry, which registers whether the parameter conveys 1684 public or private information. 1686 o Registered "application/jwk+json" and "application/jwk-set+json" 1687 MIME types and "JWK" and "JWK-SET" typ header parameter values, 1688 addressing issue #21. 1690 -10 1692 o No changes were made, other than to the version number and date. 1694 -09 1696 o Expanded the scope of the JWK specification to include private and 1697 symmetric key representations, as specified by 1698 draft-jones-jose-json-private-and-symmetric-key-00. 1700 o Defined that members that are not understood must be ignored. 1702 -08 1703 o Changed the name of the JWK key type parameter from "alg" to "kty" 1704 to enable use of "alg" to indicate the particular algorithm that 1705 the key is intended to be used with. 1707 o Clarified statements of the form "This member is OPTIONAL" to "Use 1708 of this member is OPTIONAL". 1710 o Referenced String Comparison Rules in JWS. 1712 o Added seriesInfo information to Internet Draft references. 1714 -07 1716 o Changed the name of the JWK RSA modulus parameter from "mod" to 1717 "n" and the name of the JWK RSA exponent parameter from "xpo" to 1718 "e", so that the identifiers are the same as those used in RFC 1719 3447. 1721 -06 1723 o Changed the name of the JWK RSA exponent parameter from "exp" to 1724 "xpo" so as to allow the potential use of the name "exp" for a 1725 future extension that might define an expiration parameter for 1726 keys. (The "exp" name is already used for this purpose in the JWT 1727 specification.) 1729 o Clarify that the "alg" (algorithm family) member is REQUIRED. 1731 o Correct an instance of "JWK" that should have been "JWK Set". 1733 o Applied changes made by the RFC Editor to RFC 6749's registry 1734 language to this specification. 1736 -05 1738 o Indented artwork elements to better distinguish them from the body 1739 text. 1741 -04 1743 o Refer to the registries as the primary sources of defined values 1744 and then secondarily reference the sections defining the initial 1745 contents of the registries. 1747 o Normatively reference XML DSIG 2.0 [W3C.CR-xmldsig-core2-20120124] 1748 for its security considerations. 1750 o Added this language to Registration Templates: "This name is case 1751 sensitive. Names that match other registered names in a case 1752 insensitive manner SHOULD NOT be accepted." 1754 o Described additional open issues. 1756 o Applied editorial suggestions. 1758 -03 1760 o Clarified that "kid" values need not be unique within a JWK Set. 1762 o Moved JSON Web Key Parameters registry to the JWK specification. 1764 o Added "Collision Resistant Namespace" to the terminology section. 1766 o Changed registration requirements from RFC Required to 1767 Specification Required with Expert Review. 1769 o Added Registration Template sections for defined registries. 1771 o Added Registry Contents sections to populate registry values. 1773 o Numerous editorial improvements. 1775 -02 1777 o Simplified JWK terminology to get replace the "JWK Key Object" and 1778 "JWK Container Object" terms with simply "JSON Web Key (JWK)" and 1779 "JSON Web Key Set (JWK Set)" and to eliminate potential confusion 1780 between single keys and sets of keys. As part of this change, the 1781 top-level member name for a set of keys was changed from "jwk" to 1782 "keys". 1784 o Clarified that values with duplicate member names MUST be 1785 rejected. 1787 o Established JSON Web Key Set Parameters registry. 1789 o Explicitly listed non-goals in the introduction. 1791 o Moved algorithm-specific definitions from JWK to JWA. 1793 o Reformatted to give each member definition its own section 1794 heading. 1796 -01 1797 o Corrected the Magic Signatures reference. 1799 -00 1801 o Created the initial IETF draft based upon 1802 draft-jones-json-web-key-03 with no normative changes. 1804 Author's Address 1806 Michael B. Jones 1807 Microsoft 1809 Email: mbj@microsoft.com 1810 URI: http://self-issued.info/