idnits 2.17.1 draft-ietf-jose-json-web-key-26.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 30, 2014) is 3648 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ECMAScript' -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.X690.1994' ** Downref: Normative reference to an Historic RFC: RFC 1421 ** Obsolete normative reference: RFC 2818 (Obsoleted by RFC 9110) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 6125 (Obsoleted by RFC 9525) ** Obsolete normative reference: RFC 7159 (Obsoleted by RFC 8259) -- Possible downref: Non-RFC (?) normative reference: ref. 'USASCII' -- Obsolete informational reference (is this intentional?): RFC 3447 (Obsoleted by RFC 8017) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 5 errors (**), 0 flaws (~~), 1 warning (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 JOSE Working Group M. Jones 3 Internet-Draft Microsoft 4 Intended status: Standards Track April 30, 2014 5 Expires: November 1, 2014 7 JSON Web Key (JWK) 8 draft-ietf-jose-json-web-key-26 10 Abstract 12 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data 13 structure that represents a cryptographic key. This specification 14 also defines a JSON Web Key Set (JWK Set) JSON data structure for 15 representing a set of JWKs. Cryptographic algorithms and identifiers 16 for use with this specification are described in the separate JSON 17 Web Algorithms (JWA) specification and IANA registries defined by 18 that specification. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on November 1, 2014. 37 Copyright Notice 39 Copyright (c) 2014 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 4 56 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 5 58 3.1. "kty" (Key Type) Parameter . . . . . . . . . . . . . . . . 5 59 3.2. "use" (Public Key Use) Parameter . . . . . . . . . . . . . 6 60 3.3. "key_ops" (Key Operations) Parameter . . . . . . . . . . . 6 61 3.4. "alg" (Algorithm) Parameter . . . . . . . . . . . . . . . 7 62 3.5. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 7 63 3.6. "x5u" (X.509 URL) Parameter . . . . . . . . . . . . . . . 7 64 3.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 8 65 3.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 8 66 4. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 9 67 4.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 9 68 5. String Comparison Rules . . . . . . . . . . . . . . . . . . . 10 69 6. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 10 70 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 71 7.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 11 72 7.1.1. Registration Template . . . . . . . . . . . . . . . . 11 73 7.1.2. Initial Registry Contents . . . . . . . . . . . . . . 12 74 7.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 14 75 7.2.1. Registration Template . . . . . . . . . . . . . . . . 14 76 7.2.2. Initial Registry Contents . . . . . . . . . . . . . . 14 77 7.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 15 78 7.3.1. Registration Template . . . . . . . . . . . . . . . . 15 79 7.3.2. Initial Registry Contents . . . . . . . . . . . . . . 15 80 7.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 16 81 7.4.1. Registration Template . . . . . . . . . . . . . . . . 16 82 7.4.2. Initial Registry Contents . . . . . . . . . . . . . . 17 83 7.5. Media Type Registration . . . . . . . . . . . . . . . . . 17 84 7.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 17 85 8. Security Considerations . . . . . . . . . . . . . . . . . . . 18 86 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19 87 9.1. Normative References . . . . . . . . . . . . . . . . . . . 19 88 9.2. Informative References . . . . . . . . . . . . . . . . . . 20 89 Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 21 90 A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 21 91 A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 22 92 A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 24 93 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) 94 Parameter . . . . . . . . . . . . . . . . . . . . . . 24 95 Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 25 96 C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 26 97 C.2. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . 29 98 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 29 99 C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 30 100 C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 30 101 C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 30 102 C.7. Additional Authenticated Data . . . . . . . . . . . . . . 31 103 C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 31 104 C.9. Complete Representation . . . . . . . . . . . . . . . . . 34 105 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 35 106 Appendix E. Document History . . . . . . . . . . . . . . . . . . 36 107 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 41 109 1. Introduction 111 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7159] 112 data structure that represents a cryptographic key. This 113 specification also defines a JSON Web Key Set (JWK Set) JSON data 114 structure for representing a set of JWKs. Cryptographic algorithms 115 and identifiers for use with this specification are described in the 116 separate JSON Web Algorithms (JWA) [JWA] specification and IANA 117 registries defined by that specification. 119 Goals for this specification do not include representing certificate 120 chains, representing certified keys, and replacing X.509 121 certificates. 123 JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and 124 JSON Web Encryption (JWE) [JWE] specifications. 126 Names defined by this specification are short because a core goal is 127 for the resulting representations to be compact. 129 1.1. Notational Conventions 131 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 132 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 133 "OPTIONAL" in this document are to be interpreted as described in Key 134 words for use in RFCs to Indicate Requirement Levels [RFC2119]. If 135 these words are used without being spelled in uppercase then they are 136 to be interpreted with their normal natural language meanings. 138 BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per 139 Section 2. 141 UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation 142 of STRING. 144 ASCII(STRING) denotes the octets of the ASCII [USASCII] 145 representation of STRING. 147 The concatenation of two values A and B is denoted as A || B. 149 2. Terminology 151 These terms defined by the JSON Web Signature (JWS) [JWS] 152 specification are incorporated into this specification: "Base64url 153 Encoding" and "Collision-Resistant Name". 155 These terms are defined for use by this specification: 157 JSON Web Key (JWK) 158 A JSON object that represents a cryptographic key. 160 JSON Web Key Set (JWK Set) 161 A JSON object that contains an array of JWKs as the value of its 162 "keys" member. 164 3. JSON Web Key (JWK) Format 166 A JSON Web Key (JWK) is a JSON object. The members of the object 167 represent properties of the key, including its value. This document 168 defines the key parameters that are not algorithm specific, and thus 169 common to many keys. 171 In addition to the common parameters, each JWK will have members that 172 are specific to the kind of key being represented. These members 173 represent the parameters of the key. Section 6 of the JSON Web 174 Algorithms (JWA) [JWA] specification defines multiple kinds of 175 cryptographic keys and their associated members. 177 The member names within a JWK MUST be unique; recipients MUST either 178 reject JWKs with duplicate member names or use a JSON parser that 179 returns only the lexically last duplicate member name, as specified 180 in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. 182 Additional members can be present in the JWK; if not understood by 183 implementations encountering them, they MUST be ignored. Member 184 names used for representing key parameters for different keys types 185 need not be distinct. Any new member name should either be 186 registered in the IANA JSON Web Key Parameters registry defined in 187 Section 7.1 or be a value that contains a Collision-Resistant Name. 189 3.1. "kty" (Key Type) Parameter 191 The "kty" (key type) member identifies the cryptographic algorithm 192 family used with the key. "kty" values should either be registered in 193 the IANA JSON Web Key Types registry defined in [JWA] or be a value 194 that contains a Collision-Resistant Name. The "kty" value is a case- 195 sensitive string. This member MUST be present in a JWK. 197 A list of defined "kty" values can be found in the IANA JSON Web Key 198 Types registry defined in [JWA]; the initial contents of this 199 registry are the values defined in Section 6.1 of the JSON Web 200 Algorithms (JWA) [JWA] specification. 202 The key type definitions include specification of the members to be 203 used for those key types. Additional members used with "kty" values 204 can also be found in the IANA JSON Web Key Parameters registry 205 defined in Section 7.1. 207 3.2. "use" (Public Key Use) Parameter 209 The "use" (public key use) member identifies the intended use of the 210 public key. The "use" parameter is intended for use cases in which 211 it is useful to distinguish between public signing keys and public 212 encryption keys. 214 Values defined by this specification are: 216 o "sig" (signature) 217 o "enc" (encryption) 219 Other values MAY be used. Public Key Use values can be registered in 220 the IANA JSON Web Key Use registry defined in Section 7.2. The "use" 221 value is a case-sensitive string. Use of the "use" member is 222 OPTIONAL, unless the application requires its presence. 224 When a key is used to wrap another key and a key use designation for 225 the first key is desired, the "enc" (encryption) key use value SHOULD 226 be used, since key wrapping is a kind of encryption. The "enc" value 227 SHOULD also be used for public keys used for key agreement 228 operations. (The "alg" member can be used to specify the particular 229 cryptographic operation to be performed, when desired.) 231 3.3. "key_ops" (Key Operations) Parameter 233 The "key_ops" (key operations) member identifies the operation(s) 234 that the key is intended to be used for. The "key_ops" parameter is 235 intended for use cases in which public, private, or symmetric keys 236 may be present. 238 Its value is an array of key operation values. Values defined by 239 this specification are: 241 o "sign" (compute signature or MAC) 242 o "verify" (verify signature or MAC) 243 o "encrypt" (encrypt content) 244 o "decrypt" (decrypt content and validate decryption, if applicable) 245 o "wrapKey" (encrypt key) 246 o "unwrapKey" (decrypt key and validate decryption, if applicable) 247 o "deriveKey" (derive key) 248 o "deriveBits" (derive bits not to be used as a key) 250 (Note that the "key_ops" values intentionally match the "KeyUsage" 251 values defined in the Web Cryptography API [WebCrypto] 252 specification.) 254 Other values MAY be used. Key operation values can be registered in 255 the IANA JSON Web Key Operations registry defined in Section 7.3. 256 The key operation values are case-sensitive strings. Duplicate key 257 operation values MUST NOT be present in the array. 259 Use of the "key_ops" member is OPTIONAL, unless the application 260 requires its presence. 262 Multiple unrelated key operations SHOULD NOT be specified for a key 263 because of the potential vulnerabilities associated with using the 264 same key with multiple algorithms. Thus, the combinations "sign" 265 with "verify", "encrypt" with "decrypt", and "wrapKey" with 266 "unwrapKey" are permitted, but other combinations SHOULD NOT be used. 268 The "use" and "key_ops" JWK members SHOULD NOT be used together. 269 Applications should specify which of these members they use, if 270 either is to be used by the application. 272 3.4. "alg" (Algorithm) Parameter 274 The "alg" (algorithm) member identifies the algorithm intended for 275 use with the key. The values used should either be registered in the 276 IANA JSON Web Signature and Encryption Algorithms registry defined in 277 [JWA] or be a value that contains a Collision-Resistant Name. Use of 278 this member is OPTIONAL. 280 3.5. "kid" (Key ID) Parameter 282 The "kid" (key ID) member can be used to match a specific key. This 283 can be used, for instance, to choose among a set of keys within a JWK 284 Set during key rollover. The structure of the "kid" value is 285 unspecified. When "kid" values are used within a JWK Set, different 286 keys within the JWK Set SHOULD use distinct "kid" values. (One 287 example in which different keys might use the same "kid" value is if 288 they have different "kty" (key type) values but are considered to be 289 equivalent alternatives by the application using them.) The "kid" 290 value is a case-sensitive string. Use of this member is OPTIONAL. 292 When used with JWS or JWE, the "kid" value is used to match a JWS or 293 JWE "kid" Header Parameter value. 295 3.6. "x5u" (X.509 URL) Parameter 297 The "x5u" (X.509 URL) member is a URI [RFC3986] that refers to a 298 resource for an X.509 public key certificate or certificate chain 299 [RFC5280]. The identified resource MUST provide a representation of 300 the certificate or certificate chain that conforms to RFC 5280 301 [RFC5280] in PEM encoded form [RFC1421]. The key in the first 302 certificate MUST match the public key represented by other members of 303 the JWK. The protocol used to acquire the resource MUST provide 304 integrity protection; an HTTP GET request to retrieve the certificate 305 MUST use TLS [RFC2818] [RFC5246]; the identity of the server MUST be 306 validated, as per Section 6 of RFC 6125 [RFC6125]. Use of this 307 member is OPTIONAL. 309 While there is no requirement that members other than those 310 representing the public key be populated when an "x5u" member is 311 present, doing so may improve interoperability for applications that 312 do not handle PKIX certificates. If other members are present, the 313 contents of those members MUST be semantically consistent with the 314 related fields in the first certificate. For instance, if the "use" 315 member is present, then it needs to allow for only a subset of the 316 usages that are permitted by the certificate. Similarly, if the 317 "alg" member is present, it should represent an algorithm that the 318 certificate allows. 320 3.7. "x5c" (X.509 Certificate Chain) Parameter 322 The "x5c" (X.509 Certificate Chain) member contains a chain of one or 323 more PKIX certificates [RFC5280]. The certificate chain is 324 represented as a JSON array of certificate value strings. Each 325 string in the array is a base64 encoded ([RFC4648] Section 4 -- not 326 base64url encoded) DER [ITU.X690.1994] PKIX certificate value. The 327 PKIX certificate containing the key value MUST be the first 328 certificate. This MAY be followed by additional certificates, with 329 each subsequent certificate being the one used to certify the 330 previous one. The key in the first certificate MUST match the public 331 key represented by other members of the JWK. Use of this member is 332 OPTIONAL. 334 As with the "x5u" member, members other than those representing the 335 public key may also be populated when an "x5c" member is present. If 336 other members are present, the contents of those members MUST be 337 semantically consistent with the related fields in the first 338 certificate. See the last paragraph of Section 3.6 for additional 339 guidance on this. 341 3.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter 343 The "x5t" (X.509 Certificate SHA-1 Thumbprint) member is a base64url 344 encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an 345 X.509 certificate [RFC5280]. The key in the certificate MUST match 346 the public key represented by other members of the JWK. Use of this 347 member is OPTIONAL. 349 If, in the future, certificate thumbprints need to be computed using 350 hash functions other than SHA-1, it is suggested that additional 351 related JWK parameters be defined for that purpose. For example, it 352 is suggested that a new "x5t#S256" (X.509 Certificate Thumbprint 353 using SHA-256) JWK parameter could be defined by registering it in 354 the IANA JSON Web Key Parameters registry defined in Section 7.1. 356 As with the "x5u" member, members other than those representing the 357 public key may also be populated when an "x5t" member is present. If 358 other members are present, the contents of those members MUST be 359 semantically consistent with the related fields in the referenced 360 certificate. See the last paragraph of Section 3.6 for additional 361 guidance on this. 363 4. JSON Web Key Set (JWK Set) Format 365 A JSON Web Key Set (JWK Set) is a JSON object representing a set of 366 JWKs. The JSON object MUST have a "keys" member, which is an array 367 of JWK objects. 369 The member names within a JWK Set MUST be unique; recipients MUST 370 either reject JWK Sets with duplicate member names or use a JSON 371 parser that returns only the lexically last duplicate member name, as 372 specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 373 [ECMAScript]. 375 Additional members can be present in the JWK Set; if not understood 376 by implementations encountering them, they MUST be ignored. 377 Parameters for representing additional properties of JWK Sets should 378 either be registered in the IANA JSON Web Key Set Parameters registry 379 defined in Section 7.4 or be a value that contains a Collision- 380 Resistant Name. 382 Implementations SHOULD ignore JWKs within a JWK Set that use "kty" 383 (key type) values that are not understood by them, are missing 384 required members, or for which values are out of the supported 385 ranges. 387 4.1. "keys" Parameter 389 The value of the "keys" member is an array of JWK values. By 390 default, the order of the JWK values within the array does not imply 391 an order of preference among them, although applications of JWK Sets 392 can choose to assign a meaning to the order for their purposes, if 393 desired. This member MUST be present in a JWK Set. 395 5. String Comparison Rules 397 The string comparison rules for this specification are the same as 398 those defined in Section 5.3 of [JWS]. 400 6. Encrypted JWK and Encrypted JWK Set Formats 402 JWKs containing non-public key material will need to be encrypted in 403 some contexts to prevent the disclosure of private or symmetric key 404 values to unintended parties. The use of an Encrypted JWK, which is 405 a JWE with the UTF-8 encoding of a JWK as its plaintext value, is 406 recommended for this purpose. The processing of Encrypted JWKs is 407 identical to the processing of other JWEs. A "cty" (content type) 408 Header Parameter value of "jwk+json" MUST be used to indicate that 409 the content of the JWE is a JWK, unless the application knows that 410 the encrypted content is a JWK by another means or convention. 412 JWK Sets containing non-public key material will similarly need to be 413 encrypted. The use of an Encrypted JWK Set, which is a JWE with the 414 UTF-8 encoding of a JWK Set as its plaintext value, is recommended 415 for this purpose. The processing of Encrypted JWK Sets is identical 416 to the processing of other JWEs. A "cty" (content type) Header 417 Parameter value of "jwk-set+json" MUST be used to indicate that the 418 content of the JWE is a JWK Set, unless the application knows that 419 the encrypted content is a JWK Set by another means or convention. 421 See Appendix C for an example encrypted JWK. 423 7. IANA Considerations 425 The following registration procedure is used for all the registries 426 established by this specification. 428 Values are registered with a Specification Required [RFC5226] after a 429 two-week review period on the [TBD]@ietf.org mailing list, on the 430 advice of one or more Designated Experts. However, to allow for the 431 allocation of values prior to publication, the Designated Expert(s) 432 may approve registration once they are satisfied that such a 433 specification will be published. 435 Registration requests must be sent to the [TBD]@ietf.org mailing list 436 for review and comment, with an appropriate subject (e.g., "Request 437 for access token type: example"). [[ Note to the RFC Editor: The name 438 of the mailing list should be determined in consultation with the 439 IESG and IANA. Suggested name: jose-reg-review. ]] 440 Within the review period, the Designated Expert(s) will either 441 approve or deny the registration request, communicating this decision 442 to the review list and IANA. Denials should include an explanation 443 and, if applicable, suggestions as to how to make the request 444 successful. Registration requests that are undetermined for a period 445 longer than 21 days can be brought to the IESG's attention (using the 446 iesg@iesg.org mailing list) for resolution. 448 Criteria that should be applied by the Designated Expert(s) includes 449 determining whether the proposed registration duplicates existing 450 functionality, determining whether it is likely to be of general 451 applicability or whether it is useful only for a single application, 452 and whether the registration makes sense. 454 IANA must only accept registry updates from the Designated Expert(s) 455 and should direct all requests for registration to the review mailing 456 list. 458 It is suggested that multiple Designated Experts be appointed who are 459 able to represent the perspectives of different applications using 460 this specification, in order to enable broadly-informed review of 461 registration decisions. In cases where a registration decision could 462 be perceived as creating a conflict of interest for a particular 463 Expert, that Expert should defer to the judgment of the other 464 Expert(s). 466 7.1. JSON Web Key Parameters Registry 468 This specification establishes the IANA JSON Web Key Parameters 469 registry for JWK parameter names. The registry records the parameter 470 name, the key type(s) that the parameter is used with, and a 471 reference to the specification that defines it. It also records 472 whether the parameter conveys public or private information. This 473 specification registers the parameter names defined in Section 3. 474 The same JWK parameter name may be registered multiple times, 475 provided that duplicate parameter registrations are only for key type 476 specific JWK parameters; in this case, the meaning of the duplicate 477 parameter name is disambiguated by the "kty" value of the JWK 478 containing it. 480 7.1.1. Registration Template 482 Parameter Name: 483 The name requested (e.g., "example"). Because a core goal of this 484 specification is for the resulting representations to be compact, 485 it is RECOMMENDED that the name be short -- not to exceed 8 486 characters without a compelling reason to do so. This name is 487 case-sensitive. Names may not match other registered names in a 488 case-insensitive manner unless the Designated Expert(s) state that 489 there is a compelling reason to allow an exception in this 490 particular case. However, matching names may be registered, 491 provided that the accompanying sets of "kty" values that the 492 Parameter Name is used with are disjoint; for the purposes of 493 matching "kty" values, "*" matches all values. 495 Parameter Description: 496 Brief description of the parameter (e.g., "Example description"). 498 Used with "kty" Value(s): 499 The key type parameter value(s) that the parameter name is to be 500 used with, or the value "*" if the parameter value is used with 501 all key types. Values may not match other registered "kty" values 502 in a case-insensitive manner when the registered Parameter Name is 503 the same (including when the Parameter Name matches in a case- 504 insensitive manner) unless the Designated Expert(s) state that 505 there is a compelling reason to allow an exception in this 506 particular case. 508 Parameter Information Class: 509 Registers whether the parameter conveys public or private 510 information. Its value must be one the words Public or Private. 512 Change Controller: 513 For Standards Track RFCs, state "IESG". For others, give the name 514 of the responsible party. Other details (e.g., postal address, 515 email address, home page URI) may also be included. 517 Specification Document(s): 518 Reference to the document(s) that specify the parameter, 519 preferably including URI(s) that can be used to retrieve copies of 520 the document(s). An indication of the relevant sections may also 521 be included but is not required. 523 7.1.2. Initial Registry Contents 525 o Parameter Name: "kty" 526 o Parameter Description: Key Type 527 o Used with "kty" Value(s): * 528 o Parameter Information Class: Public 529 o Change Controller: IESG 530 o Specification Document(s): Section 3.1 of [[ this document ]] 532 o Parameter Name: "use" 533 o Parameter Description: Public Key Use 534 o Used with "kty" Value(s): * 535 o Parameter Information Class: Public 536 o Change Controller: IESG 537 o Specification Document(s): Section 3.2 of [[ this document ]] 539 o Parameter Name: "key_ops" 540 o Parameter Description: Key Operations 541 o Used with "kty" Value(s): * 542 o Parameter Information Class: Public 543 o Change Controller: IESG 544 o Specification Document(s): Section 3.3 of [[ this document ]] 546 o Parameter Name: "alg" 547 o Parameter Description: Algorithm 548 o Used with "kty" Value(s): * 549 o Parameter Information Class: Public 550 o Change Controller: IESG 551 o Specification Document(s): Section 3.4 of [[ this document ]] 553 o Parameter Name: "kid" 554 o Parameter Description: Key ID 555 o Used with "kty" Value(s): * 556 o Parameter Information Class: Public 557 o Change Controller: IESG 558 o Specification Document(s): Section 3.5 of [[ this document ]] 560 o Parameter Name: "x5u" 561 o Parameter Description: X.509 URL 562 o Used with "kty" Value(s): * 563 o Parameter Information Class: Public 564 o Change Controller: IESG 565 o Specification Document(s): Section 3.6 of [[ this document ]] 567 o Parameter Name: "x5c" 568 o Parameter Description: X.509 Certificate Chain 569 o Used with "kty" Value(s): * 570 o Parameter Information Class: Public 571 o Change Controller: IESG 572 o Specification Document(s): Section 3.7 of [[ this document ]] 574 o Parameter Name: "x5t" 575 o Parameter Description: X.509 Certificate SHA-1 Thumbprint 576 o Used with "kty" Value(s): * 577 o Parameter Information Class: Public 578 o Change Controller: IESG 579 o Specification Document(s): Section 3.8 of [[ this document ]] 581 7.2. JSON Web Key Use Registry 583 This specification establishes the IANA JSON Web Key Use registry for 584 JWK "use" (public key use) member values. The registry records the 585 public key use value and a reference to the specification that 586 defines it. This specification registers the parameter names defined 587 in Section 3.2. 589 7.2.1. Registration Template 591 Use Member Value: 592 The name requested (e.g., "example"). Because a core goal of this 593 specification is for the resulting representations to be compact, 594 it is RECOMMENDED that the name be short -- not to exceed 8 595 characters without a compelling reason to do so. This name is 596 case-sensitive. Names may not match other registered names in a 597 case-insensitive manner unless the Designated Expert(s) state that 598 there is a compelling reason to allow an exception in this 599 particular case. 601 Use Description: 602 Brief description of the use (e.g., "Example description"). 604 Change Controller: 605 For Standards Track RFCs, state "IESG". For others, give the name 606 of the responsible party. Other details (e.g., postal address, 607 email address, home page URI) may also be included. 609 Specification Document(s): 610 Reference to the document(s) that specify the parameter, 611 preferably including URI(s) that can be used to retrieve copies of 612 the document(s). An indication of the relevant sections may also 613 be included but is not required. 615 7.2.2. Initial Registry Contents 617 o Use Member Value: "sig" 618 o Use Description: Signature or MAC 619 o Change Controller: IESG 620 o Specification Document(s): Section 3.2 of [[ this document ]] 622 o Use Member Value: "enc" 623 o Use Description: Encryption 624 o Change Controller: IESG 625 o Specification Document(s): Section 3.2 of [[ this document ]] 627 7.3. JSON Web Key Operations Registry 629 This specification establishes the IANA JSON Web Key Operations 630 registry for values of JWK "key_ops" array elements. The registry 631 records the key operation value and a reference to the specification 632 that defines it. This specification registers the parameter names 633 defined in Section 3.3. 635 7.3.1. Registration Template 637 Key Operation Value: 638 The name requested (e.g., "example"). Because a core goal of this 639 specification is for the resulting representations to be compact, 640 it is RECOMMENDED that the name be short -- not to exceed 8 641 characters without a compelling reason to do so. This name is 642 case-sensitive. Names may not match other registered names in a 643 case-insensitive manner unless the Designated Expert(s) state that 644 there is a compelling reason to allow an exception in this 645 particular case. 647 Key Operation Description: 648 Brief description of the key operation (e.g., "Example 649 description"). 651 Change Controller: 652 For Standards Track RFCs, state "IESG". For others, give the name 653 of the responsible party. Other details (e.g., postal address, 654 email address, home page URI) may also be included. 656 Specification Document(s): 657 Reference to the document(s) that specify the parameter, 658 preferably including URI(s) that can be used to retrieve copies of 659 the document(s). An indication of the relevant sections may also 660 be included but is not required. 662 7.3.2. Initial Registry Contents 664 o Key Operation Value: "sign" 665 o Key Operation Description: Compute signature or MAC 666 o Change Controller: IESG 667 o Specification Document(s): Section 3.3 of [[ this document ]] 669 o Key Operation Value: "verify" 670 o Key Operation Description: Verify signature or MAC 671 o Change Controller: IESG 672 o Specification Document(s): Section 3.3 of [[ this document ]] 673 o Key Operation Value: "encrypt" 674 o Key Operation Description: Encrypt content 675 o Change Controller: IESG 676 o Specification Document(s): Section 3.3 of [[ this document ]] 678 o Key Operation Value: "decrypt" 679 o Key Operation Description: Decrypt content and validate 680 decryption, if applicable 681 o Change Controller: IESG 682 o Specification Document(s): Section 3.3 of [[ this document ]] 684 o Key Operation Value: "wrapKey" 685 o Key Operation Description: Encrypt key 686 o Change Controller: IESG 687 o Specification Document(s): Section 3.3 of [[ this document ]] 689 o Key Operation Value: "unwrapKey" 690 o Key Operation Description: Decrypt key and validate decryption, if 691 applicable 692 o Change Controller: IESG 693 o Specification Document(s): Section 3.3 of [[ this document ]] 695 o Key Operation Value: "deriveKey" 696 o Key Operation Description: Derive key 697 o Change Controller: IESG 698 o Specification Document(s): Section 3.3 of [[ this document ]] 700 o Key Operation Value: "deriveBits" 701 o Key Operation Description: Derive bits not to be used as a key 702 o Change Controller: IESG 703 o Specification Document(s): Section 3.3 of [[ this document ]] 705 7.4. JSON Web Key Set Parameters Registry 707 This specification establishes the IANA JSON Web Key Set Parameters 708 registry for JWK Set parameter names. The registry records the 709 parameter name and a reference to the specification that defines it. 710 This specification registers the parameter names defined in 711 Section 4. 713 7.4.1. Registration Template 715 Parameter Name: 716 The name requested (e.g., "example"). Because a core goal of this 717 specification is for the resulting representations to be compact, 718 it is RECOMMENDED that the name be short -- not to exceed 8 719 characters without a compelling reason to do so. This name is 720 case-sensitive. Names may not match other registered names in a 721 case-insensitive manner unless the Designated Expert(s) state that 722 there is a compelling reason to allow an exception in this 723 particular case. 725 Parameter Description: 726 Brief description of the parameter (e.g., "Example description"). 728 Change Controller: 729 For Standards Track RFCs, state "IESG". For others, give the name 730 of the responsible party. Other details (e.g., postal address, 731 email address, home page URI) may also be included. 733 Specification Document(s): 734 Reference to the document(s) that specify the parameter, 735 preferably including URI(s) that can be used to retrieve copies of 736 the document(s). An indication of the relevant sections may also 737 be included but is not required. 739 7.4.2. Initial Registry Contents 741 o Parameter Name: "keys" 742 o Parameter Description: Array of JWK values 743 o Change Controller: IESG 744 o Specification Document(s): Section 4.1 of [[ this document ]] 746 7.5. Media Type Registration 748 7.5.1. Registry Contents 750 This specification registers the "application/jwk+json" and 751 "application/jwk-set+json" Media Types [RFC2046] in the MIME Media 752 Types registry [IANA.MediaTypes], which can be used to indicate, 753 respectively, that the content is a JWK or a JWK Set. 755 o Type Name: application 756 o Subtype Name: jwk+json 757 o Required Parameters: n/a 758 o Optional Parameters: n/a 759 o Encoding considerations: 8bit; application/jwk+json values are 760 represented as JSON object; UTF-8 encoding SHOULD be employed for 761 the JSON object. 762 o Security Considerations: See the Security Considerations section 763 of [[ this document ]] 764 o Interoperability Considerations: n/a 765 o Published Specification: [[ this document ]] 766 o Applications that use this media type: TBD 767 o Additional Information: Magic number(s): n/a, File extension(s): 768 n/a, Macintosh file type code(s): n/a 769 o Person & email address to contact for further information: Michael 770 B. Jones, mbj@microsoft.com 771 o Intended Usage: COMMON 772 o Restrictions on Usage: none 773 o Author: Michael B. Jones, mbj@microsoft.com 774 o Change Controller: IESG 776 o Type Name: application 777 o Subtype Name: jwk-set+json 778 o Required Parameters: n/a 779 o Optional Parameters: n/a 780 o Encoding considerations: 8bit; application/jwk-set+json values are 781 represented as a JSON Object; UTF-8 encoding SHOULD be employed 782 for the JSON object. 783 o Security Considerations: See the Security Considerations section 784 of [[ this document ]] 785 o Interoperability Considerations: n/a 786 o Published Specification: [[ this document ]] 787 o Applications that use this media type: TBD 788 o Additional Information: Magic number(s): n/a, File extension(s): 789 n/a, Macintosh file type code(s): n/a 790 o Person & email address to contact for further information: Michael 791 B. Jones, mbj@microsoft.com 792 o Intended Usage: COMMON 793 o Restrictions on Usage: none 794 o Author: Michael B. Jones, mbj@microsoft.com 795 o Change Controller: IESG 797 8. Security Considerations 799 All of the security issues faced by any cryptographic application 800 must be faced by a JWS/JWE/JWK agent. Among these issues are 801 protecting the user's private and symmetric keys, preventing various 802 attacks, and helping the user avoid mistakes such as inadvertently 803 encrypting a message for the wrong recipient. The entire list of 804 security considerations is beyond the scope of this document, but 805 some significant considerations are listed here. 807 One should place no more trust in the data associated with a key than 808 in than the method by which it was obtained and in the 809 trustworthiness of the entity asserting an association with the key. 810 Any data associated with a key that is obtained in an untrusted 811 manner should be treated with skepticism. 813 Private and symmetric keys MUST be protected from disclosure to 814 unintended parties. One recommended means of doing so is to encrypt 815 JWKs or JWK Sets containing them by using the JWK or JWK Set value as 816 the plaintext of a JWE. 818 The security considerations in RFC 3447 [RFC3447] and RFC 6030 819 [RFC6030] about protecting private and symmetric keys, key usage, and 820 information leakage also apply to this specification. 822 The security considerations in XML DSIG 2.0 823 [W3C.NOTE-xmldsig-core2-20130411], about key representations also 824 apply to this specification, other than those that are XML specific. 826 The TLS Requirements in [JWS] also apply to this specification. 828 9. References 830 9.1. Normative References 832 [ECMAScript] 833 Ecma International, "ECMAScript Language Specification, 834 5.1 Edition", ECMA 262, June 2011. 836 [IANA.MediaTypes] 837 Internet Assigned Numbers Authority (IANA), "MIME Media 838 Types", 2005. 840 [ITU.X690.1994] 841 International Telecommunications Union, "Information 842 Technology - ASN.1 encoding rules: Specification of Basic 843 Encoding Rules (BER), Canonical Encoding Rules (CER) and 844 Distinguished Encoding Rules (DER)", ITU-T Recommendation 845 X.690, 1994. 847 [JWA] Jones, M., "JSON Web Algorithms (JWA)", 848 draft-ietf-jose-json-web-algorithms (work in progress), 849 April 2014. 851 [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", 852 draft-ietf-jose-json-web-encryption (work in progress), 853 April 2014. 855 [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web 856 Signature (JWS)", draft-ietf-jose-json-web-signature (work 857 in progress), April 2014. 859 [RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic 860 Mail: Part I: Message Encryption and Authentication 861 Procedures", RFC 1421, February 1993. 863 [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 864 Extensions (MIME) Part Two: Media Types", RFC 2046, 865 November 1996. 867 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 868 Requirement Levels", BCP 14, RFC 2119, March 1997. 870 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 872 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 873 10646", STD 63, RFC 3629, November 2003. 875 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 876 Resource Identifier (URI): Generic Syntax", STD 66, 877 RFC 3986, January 2005. 879 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 880 Encodings", RFC 4648, October 2006. 882 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 883 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 885 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 886 Housley, R., and W. Polk, "Internet X.509 Public Key 887 Infrastructure Certificate and Certificate Revocation List 888 (CRL) Profile", RFC 5280, May 2008. 890 [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and 891 Verification of Domain-Based Application Service Identity 892 within Internet Public Key Infrastructure Using X.509 893 (PKIX) Certificates in the Context of Transport Layer 894 Security (TLS)", RFC 6125, March 2011. 896 [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data 897 Interchange Format", RFC 7159, March 2014. 899 [USASCII] American National Standards Institute, "Coded Character 900 Set -- 7-bit American Standard Code for Information 901 Interchange", ANSI X3.4, 1986. 903 9.2. Informative References 905 [MagicSignatures] 906 Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic 907 Signatures", January 2011. 909 [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography 910 Standards (PKCS) #1: RSA Cryptography Specifications 911 Version 2.1", RFC 3447, February 2003. 913 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 914 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 915 May 2008. 917 [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric 918 Key Container (PSKC)", RFC 6030, October 2010. 920 [W3C.NOTE-xmldsig-core2-20130411] 921 Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Roessler, 922 T., Yiu, K., Datta, P., and S. Cantor, "XML Signature 923 Syntax and Processing Version 2.0", World Wide Web 924 Consortium Note NOTE-xmldsig-core2-20130411, April 2013, 925 . 927 [WebCrypto] 928 Sleevi, R. and M. Watson, "Web Cryptography API", World 929 Wide Web Consortium Draft, March 2014, 930 . 932 Appendix A. Example JSON Web Key Sets 934 A.1. Example Public Keys 936 The following example JWK Set contains two public keys represented as 937 JWKs: one using an Elliptic Curve algorithm and a second one using an 938 RSA algorithm. The first specifies that the key is to be used for 939 encryption. The second specifies that the key is to be used with the 940 "RS256" algorithm. Both provide a Key ID for key matching purposes. 941 In both cases, integers are represented using the base64url encoding 942 of their big endian representations. (Long lines are broken are for 943 display purposes only.) 944 {"keys": 945 [ 946 {"kty":"EC", 947 "crv":"P-256", 948 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 949 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 950 "use":"enc", 951 "kid":"1"}, 953 {"kty":"RSA", 954 "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 955 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs 956 tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 957 QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI 958 SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb 959 w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 960 "e":"AQAB", 961 "alg":"RS256", 962 "kid":"2011-04-29"} 963 ] 964 } 966 A.2. Example Private Keys 968 The following example JWK Set contains two keys represented as JWKs 969 containing both public and private key values: one using an Elliptic 970 Curve algorithm and a second one using an RSA algorithm. This 971 example extends the example in the previous section, adding private 972 key values. (Line breaks are for display purposes only.) 973 {"keys": 974 [ 975 {"kty":"EC", 976 "crv":"P-256", 977 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 978 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 979 "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", 980 "use":"enc", 981 "kid":"1"}, 983 {"kty":"RSA", 984 "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4 985 cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMst 986 n64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2Q 987 vzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbIS 988 D08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw 989 0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 990 "e":"AQAB", 991 "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9 992 M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij 993 wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d 994 _cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz 995 nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz 996 me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", 997 "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV 998 nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV 999 WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", 1000 "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum 1001 qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx 1002 kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", 1003 "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim 1004 YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu 1005 YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", 1006 "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU 1007 vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9 1008 GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", 1009 "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg 1010 UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx 1011 yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", 1012 "alg":"RS256", 1013 "kid":"2011-04-29"} 1014 ] 1015 } 1017 A.3. Example Symmetric Keys 1019 The following example JWK Set contains two symmetric keys represented 1020 as JWKs: one designated as being for use with the AES Key Wrap 1021 algorithm and a second one that is an HMAC key. (Line breaks are for 1022 display purposes only.) 1024 {"keys": 1025 [ 1026 {"kty":"oct", 1027 "alg":"A128KW", 1028 "k":"GawgguFyGrWKav7AX4VKUg"}, 1030 {"kty":"oct", 1031 "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75 1032 aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", 1033 "kid":"HMAC key used in JWS A.1 example"} 1034 ] 1035 } 1037 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter 1038 The following is an example of a JWK with a RSA signing key 1039 represented both as an RSA public key and as an X.509 certificate 1040 using the "x5c" parameter: 1042 {"kty":"RSA", 1043 "use":"sig", 1044 "kid":"1b94c", 1045 "n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08 1046 PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q 1047 u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a 1048 YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH 1049 MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv 1050 VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ", 1051 "e":"AQAB", 1052 "x5c": 1053 ["MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJB 1054 gNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYD 1055 VQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1 1056 wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBg 1057 NVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDV 1058 QQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1w 1059 YmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnH 1060 YMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66 1061 s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6 1062 SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpn 1063 fajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPq 1064 PvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVk 1065 aZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BA 1066 QUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL 1067 +9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1 1068 zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL 1069 2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo 1070 4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTq 1071 gawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA=="] 1072 } 1074 Appendix C. Example Encrypted RSA Private Key 1076 This example encrypts an RSA private key to the recipient using 1077 "PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for 1078 content encryption. 1080 NOTE: Unless otherwise indicated, all line breaks are included solely 1081 for readability. 1083 C.1. Plaintext RSA Private Key 1085 The following RSA key is the plaintext for the encryption operation, 1086 formatted as a JWK object: 1088 { 1089 "kty":"RSA", 1090 "kid":"juliet@capulet.lit", 1091 "use":"enc", 1092 "n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy 1093 O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP 1094 8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0 1095 Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X 1096 OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1 1097 _I8sLGuSiVdt3C_Fn2PZ3Z8i744FPFGGcG1qs2Wz-Q", 1098 "e":"AQAB", 1099 "d":"GRtbIQmhOZtyszfgKdg4u_N-R_mZGU_9k7JQ_jn1DnfTuMdSNprTeaSTyWfS 1100 NkuaAwnOEbIQVy1IQbWVV25NY3ybc_IhUJtfri7bAXYEReWaCl3hdlPKXy9U 1101 vqPYGR0kIXTQRqns-dVJ7jahlI7LyckrpTmrM8dWBo4_PMaenNnPiQgO0xnu 1102 ToxutRZJfJvG4Ox4ka3GORQd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu 1103 rY15k9qMSpG9OX_IJAXmxzAh_tWiZOwk2K4yxH9tS3Lq1yX8C1EWmeRDkK2a 1104 hecG85-oLKQt5VEpWHKmjOi_gJSdSgqcN96X52esAQ", 1105 "p":"2rnSOV4hKSN8sS4CgcQHFbs08XboFDqKum3sc4h3GRxrTmQdl1ZK9uw-PIHf 1106 QP0FkxXVrx-WE-ZEbrqivH_2iCLUS7wAl6XvARt1KkIaUxPPSYB9yk31s0Q8 1107 UK96E3_OrADAYtAJs-M3JxCLfNgqh56HDnETTQhH3rCT5T3yJws", 1108 "q":"1u_RiFDP7LBYh3N4GXLT9OpSKYP0uQZyiaZwBtOCBNJgQxaj10RWjsZu0c6I 1109 edis4S7B_coSKB0Kj9PaPaBzg-IySRvvcQuPamQu66riMhjVtG6TlV8CLCYK 1110 rYl52ziqK0E_ym2QnkwsUX7eYTB7LbAHRK9GqocDE5B0f808I4s", 1111 "dp":"KkMTWqBUefVwZ2_Dbj1pPQqyHSHjj90L5x_MOzqYAJMcLMZtbUtwKqvVDq3 1112 tbEo3ZIcohbDtt6SbfmWzggabpQxNxuBpoOOf_a_HgMXK_lhqigI4y_kqS1w 1113 Y52IwjUn5rgRrJ-yYo1h41KR-vz2pYhEAeYrhttWtxVqLCRViD6c", 1114 "dq":"AvfS0-gRxvn0bwJoMSnFxYcK1WnuEjQFluMGfwGitQBWtfZ1Er7t1xDkbN9 1115 GQTB9yqpDoYaN06H7CFtrkxhJIBQaj6nkF5KKS3TQtQ5qCzkOkmxIe3KRbBy 1116 mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu_lRFCOJ3xDea-ots", 1117 "qi":"lSQi-w9CpyUReMErP1RsBLk7wNtOvs5EQpPqmuMvqW57NBUczScEoPwmUqq 1118 abu9V0-Py4dQ57_bapoKRu1R90bvuFnU63SHWEFglZQvJDMeAvmj4sm-Fp0o 1119 Yu_neotgQ0hzbI5gry7ajdYy9-2lNx_76aBZoOUu9HCJ-UsfSOI8" 1120 } 1122 The octets representing the Plaintext used in this example (using 1123 JSON array notation) are: 1125 [123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107, 1126 105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112, 1127 117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34, 1128 58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56, 1129 80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78, 1130 89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87, 1131 101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49, 1132 103, 80, 78, 113, 70, 77, 83, 81, 82, 121, 79, 49, 50, 53, 71, 112, 1133 45, 84, 69, 107, 111, 100, 104, 87, 114, 48, 105, 117, 106, 106, 72, 1134 86, 120, 55, 66, 99, 86, 48, 108, 108, 83, 52, 119, 53, 65, 67, 71, 1135 103, 80, 114, 99, 65, 100, 54, 90, 99, 83, 82, 48, 45, 73, 113, 111, 1136 109, 45, 81, 70, 99, 78, 80, 56, 83, 106, 103, 48, 56, 54, 77, 119, 1137 111, 113, 81, 85, 95, 76, 89, 121, 119, 108, 65, 71, 90, 50, 49, 87, 1138 83, 100, 83, 95, 80, 69, 82, 121, 71, 70, 105, 78, 110, 106, 51, 81, 1139 81, 108, 79, 56, 89, 110, 115, 53, 106, 67, 116, 76, 67, 82, 119, 76, 1140 72, 76, 48, 80, 98, 49, 102, 69, 118, 52, 53, 65, 117, 82, 73, 117, 1141 85, 102, 86, 99, 80, 121, 83, 66, 87, 89, 110, 68, 121, 71, 120, 118, 1142 106, 89, 71, 68, 83, 77, 45, 65, 113, 87, 83, 57, 122, 73, 81, 50, 1143 90, 105, 108, 103, 84, 45, 71, 113, 85, 109, 105, 112, 103, 48, 88, 1144 79, 67, 48, 67, 99, 50, 48, 114, 103, 76, 101, 50, 121, 109, 76, 72, 1145 106, 112, 72, 99, 105, 67, 75, 86, 65, 98, 89, 53, 45, 76, 51, 50, 1146 45, 108, 83, 101, 90, 79, 45, 79, 115, 54, 85, 49, 53, 95, 97, 88, 1147 114, 107, 57, 71, 119, 56, 99, 80, 85, 97, 88, 49, 95, 73, 56, 115, 1148 76, 71, 117, 83, 105, 86, 100, 116, 51, 67, 95, 70, 110, 50, 80, 90, 1149 51, 90, 56, 105, 55, 52, 52, 70, 80, 70, 71, 71, 99, 71, 49, 113, 1150 115, 50, 87, 122, 45, 81, 34, 44, 34, 101, 34, 58, 34, 65, 81, 65, 1151 66, 34, 44, 34, 100, 34, 58, 34, 71, 82, 116, 98, 73, 81, 109, 104, 1152 79, 90, 116, 121, 115, 122, 102, 103, 75, 100, 103, 52, 117, 95, 78, 1153 45, 82, 95, 109, 90, 71, 85, 95, 57, 107, 55, 74, 81, 95, 106, 110, 1154 49, 68, 110, 102, 84, 117, 77, 100, 83, 78, 112, 114, 84, 101, 97, 1155 83, 84, 121, 87, 102, 83, 78, 107, 117, 97, 65, 119, 110, 79, 69, 98, 1156 73, 81, 86, 121, 49, 73, 81, 98, 87, 86, 86, 50, 53, 78, 89, 51, 121, 1157 98, 99, 95, 73, 104, 85, 74, 116, 102, 114, 105, 55, 98, 65, 88, 89, 1158 69, 82, 101, 87, 97, 67, 108, 51, 104, 100, 108, 80, 75, 88, 121, 57, 1159 85, 118, 113, 80, 89, 71, 82, 48, 107, 73, 88, 84, 81, 82, 113, 110, 1160 115, 45, 100, 86, 74, 55, 106, 97, 104, 108, 73, 55, 76, 121, 99, 1161 107, 114, 112, 84, 109, 114, 77, 56, 100, 87, 66, 111, 52, 95, 80, 1162 77, 97, 101, 110, 78, 110, 80, 105, 81, 103, 79, 48, 120, 110, 117, 1163 84, 111, 120, 117, 116, 82, 90, 74, 102, 74, 118, 71, 52, 79, 120, 1164 52, 107, 97, 51, 71, 79, 82, 81, 100, 57, 67, 115, 67, 90, 50, 118, 1165 115, 85, 68, 109, 115, 88, 79, 102, 85, 69, 78, 79, 121, 77, 113, 65, 1166 68, 67, 54, 112, 49, 77, 51, 104, 51, 51, 116, 115, 117, 114, 89, 49, 1167 53, 107, 57, 113, 77, 83, 112, 71, 57, 79, 88, 95, 73, 74, 65, 88, 1168 109, 120, 122, 65, 104, 95, 116, 87, 105, 90, 79, 119, 107, 50, 75, 1169 52, 121, 120, 72, 57, 116, 83, 51, 76, 113, 49, 121, 88, 56, 67, 49, 1170 69, 87, 109, 101, 82, 68, 107, 75, 50, 97, 104, 101, 99, 71, 56, 53, 1171 45, 111, 76, 75, 81, 116, 53, 86, 69, 112, 87, 72, 75, 109, 106, 79, 1172 105, 95, 103, 74, 83, 100, 83, 103, 113, 99, 78, 57, 54, 88, 53, 50, 1173 101, 115, 65, 81, 34, 44, 34, 112, 34, 58, 34, 50, 114, 110, 83, 79, 1174 86, 52, 104, 75, 83, 78, 56, 115, 83, 52, 67, 103, 99, 81, 72, 70, 1175 98, 115, 48, 56, 88, 98, 111, 70, 68, 113, 75, 117, 109, 51, 115, 99, 1176 52, 104, 51, 71, 82, 120, 114, 84, 109, 81, 100, 108, 49, 90, 75, 57, 1177 117, 119, 45, 80, 73, 72, 102, 81, 80, 48, 70, 107, 120, 88, 86, 114, 1178 120, 45, 87, 69, 45, 90, 69, 98, 114, 113, 105, 118, 72, 95, 50, 105, 1179 67, 76, 85, 83, 55, 119, 65, 108, 54, 88, 118, 65, 82, 116, 49, 75, 1180 107, 73, 97, 85, 120, 80, 80, 83, 89, 66, 57, 121, 107, 51, 49, 115, 1181 48, 81, 56, 85, 75, 57, 54, 69, 51, 95, 79, 114, 65, 68, 65, 89, 116, 1182 65, 74, 115, 45, 77, 51, 74, 120, 67, 76, 102, 78, 103, 113, 104, 53, 1183 54, 72, 68, 110, 69, 84, 84, 81, 104, 72, 51, 114, 67, 84, 53, 84, 1184 51, 121, 74, 119, 115, 34, 44, 34, 113, 34, 58, 34, 49, 117, 95, 82, 1185 105, 70, 68, 80, 55, 76, 66, 89, 104, 51, 78, 52, 71, 88, 76, 84, 57, 1186 79, 112, 83, 75, 89, 80, 48, 117, 81, 90, 121, 105, 97, 90, 119, 66, 1187 116, 79, 67, 66, 78, 74, 103, 81, 120, 97, 106, 49, 48, 82, 87, 106, 1188 115, 90, 117, 48, 99, 54, 73, 101, 100, 105, 115, 52, 83, 55, 66, 95, 1189 99, 111, 83, 75, 66, 48, 75, 106, 57, 80, 97, 80, 97, 66, 122, 103, 1190 45, 73, 121, 83, 82, 118, 118, 99, 81, 117, 80, 97, 109, 81, 117, 54, 1191 54, 114, 105, 77, 104, 106, 86, 116, 71, 54, 84, 108, 86, 56, 67, 76, 1192 67, 89, 75, 114, 89, 108, 53, 50, 122, 105, 113, 75, 48, 69, 95, 121, 1193 109, 50, 81, 110, 107, 119, 115, 85, 88, 55, 101, 89, 84, 66, 55, 76, 1194 98, 65, 72, 82, 75, 57, 71, 113, 111, 99, 68, 69, 53, 66, 48, 102, 1195 56, 48, 56, 73, 52, 115, 34, 44, 34, 100, 112, 34, 58, 34, 75, 107, 1196 77, 84, 87, 113, 66, 85, 101, 102, 86, 119, 90, 50, 95, 68, 98, 106, 1197 49, 112, 80, 81, 113, 121, 72, 83, 72, 106, 106, 57, 48, 76, 53, 120, 1198 95, 77, 79, 122, 113, 89, 65, 74, 77, 99, 76, 77, 90, 116, 98, 85, 1199 116, 119, 75, 113, 118, 86, 68, 113, 51, 116, 98, 69, 111, 51, 90, 1200 73, 99, 111, 104, 98, 68, 116, 116, 54, 83, 98, 102, 109, 87, 122, 1201 103, 103, 97, 98, 112, 81, 120, 78, 120, 117, 66, 112, 111, 79, 79, 1202 102, 95, 97, 95, 72, 103, 77, 88, 75, 95, 108, 104, 113, 105, 103, 1203 73, 52, 121, 95, 107, 113, 83, 49, 119, 89, 53, 50, 73, 119, 106, 85, 1204 110, 53, 114, 103, 82, 114, 74, 45, 121, 89, 111, 49, 104, 52, 49, 1205 75, 82, 45, 118, 122, 50, 112, 89, 104, 69, 65, 101, 89, 114, 104, 1206 116, 116, 87, 116, 120, 86, 113, 76, 67, 82, 86, 105, 68, 54, 99, 34, 1207 44, 34, 100, 113, 34, 58, 34, 65, 118, 102, 83, 48, 45, 103, 82, 120, 1208 118, 110, 48, 98, 119, 74, 111, 77, 83, 110, 70, 120, 89, 99, 75, 49, 1209 87, 110, 117, 69, 106, 81, 70, 108, 117, 77, 71, 102, 119, 71, 105, 1210 116, 81, 66, 87, 116, 102, 90, 49, 69, 114, 55, 116, 49, 120, 68, 1211 107, 98, 78, 57, 71, 81, 84, 66, 57, 121, 113, 112, 68, 111, 89, 97, 1212 78, 48, 54, 72, 55, 67, 70, 116, 114, 107, 120, 104, 74, 73, 66, 81, 1213 97, 106, 54, 110, 107, 70, 53, 75, 75, 83, 51, 84, 81, 116, 81, 53, 1214 113, 67, 122, 107, 79, 107, 109, 120, 73, 101, 51, 75, 82, 98, 66, 1215 121, 109, 88, 120, 107, 98, 53, 113, 119, 85, 112, 88, 53, 69, 76, 1216 68, 53, 120, 70, 99, 54, 70, 101, 105, 97, 102, 87, 89, 89, 54, 51, 1217 84, 109, 109, 69, 65, 117, 95, 108, 82, 70, 67, 79, 74, 51, 120, 68, 1218 101, 97, 45, 111, 116, 115, 34, 44, 34, 113, 105, 34, 58, 34, 108, 1219 83, 81, 105, 45, 119, 57, 67, 112, 121, 85, 82, 101, 77, 69, 114, 80, 1220 49, 82, 115, 66, 76, 107, 55, 119, 78, 116, 79, 118, 115, 53, 69, 81, 1221 112, 80, 113, 109, 117, 77, 118, 113, 87, 53, 55, 78, 66, 85, 99, 1222 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, 1223 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, 1224 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, 1225 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, 1226 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, 1227 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, 1228 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, 1229 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, 1230 125] 1232 C.2. JWE Header 1234 The following example JWE Protected Header declares that: 1236 o the Content Encryption Key is encrypted to the recipient using the 1237 PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, 1239 o the Salt Input ("p2s") value is [217, 96, 147, 112, 150, 117, 70, 1240 247, 127, 8, 155, 137, 174, 42, 80, 215], 1242 o the Iteration Count ("p2c") value is 4096, 1244 o the Plaintext is encrypted using the AES_128_CBC_HMAC_SHA_256 1245 algorithm to produce the Ciphertext, and 1247 o the content type is application/jwk+json. 1249 { 1250 "alg":"PBES2-HS256+A128KW", 1251 "p2s":"2WCTcJZ1Rvd_CJuJripQ1w", 1252 "p2c":4096, 1253 "enc":"A128CBC-HS256", 1254 "cty":"jwk+json" 1255 } 1257 Encoding this JWE Protected Header as BASE64URL(UTF8(JWE Protected 1258 Header)) gives this value (with line breaks for display purposes 1259 only): 1261 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1262 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1263 andrK2pzb24ifQ 1265 C.3. Content Encryption Key (CEK) 1267 Generate a 256 bit random Content Encryption Key (CEK). In this 1268 example, the value (using JSON array notation) is: 1270 [111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 112, 1271 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 48, 1272 253, 182] 1274 C.4. Key Derivation 1276 Derive a key from a shared passphrase using the PBKDF2 algorithm with 1277 HMAC SHA-256 and the specified Salt and Iteration Count values and a 1278 128 bit requested output key size to produce the PBKDF2 Derived Key. 1279 This example uses the following passphrase: 1281 Thus from my lips, by yours, my sin is purged. 1283 The octets representing the passphrase are: 1285 [84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108, 1286 105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, 1287 109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103, 1288 101, 100, 46] 1290 The Salt value (UTF8(Alg) || 0x00 || Salt Input) is: 1292 [80, 66, 69, 83, 50, 45, 72, 83, 50, 53, 54, 43, 65, 49, 50, 56, 75, 1293 87, 0, 217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 155, 137, 174, 1294 42, 80, 215]. 1296 The resulting PBKDF2 Derived Key value is: 1298 [110, 171, 169, 92, 129, 92, 109, 117, 233, 242, 116, 233, 170, 14, 1299 24, 75] 1301 C.5. Key Encryption 1303 Encrypt the CEK with the "A128KW" algorithm using the PBKDF2 Derived 1304 Key. The resulting JWE Encrypted Key value is: 1306 [78, 186, 151, 59, 11, 141, 81, 240, 213, 245, 83, 211, 53, 188, 134, 1307 188, 66, 125, 36, 200, 222, 124, 5, 103, 249, 52, 117, 184, 140, 81, 1308 246, 158, 161, 177, 20, 33, 245, 57, 59, 4] 1310 Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives 1311 this value: 1313 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA 1315 C.6. Initialization Vector 1317 Generate a random 128 bit JWE Initialization Vector. In this 1318 example, the value is: 1320 [97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149, 1321 156] 1322 Encoding this JWE Initialization Vector as BASE64URL(JWE 1323 Initialization Vector) gives this value: 1325 Ye9j1qs22DmRSAddIh-VnA 1327 C.7. Additional Authenticated Data 1329 Let the Additional Authenticated Data encryption parameter be 1330 ASCII(BASE64URL(UTF8(JWE Protected Header))). This value is: 1332 [123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, 1333 50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, 1334 58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, 1335 117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, 1336 52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, 1337 66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, 1338 106, 119, 107, 43, 106, 115, 111, 110, 34, 125] 1340 C.8. Content Encryption 1342 Encrypt the Plaintext with AES_128_CBC_HMAC_SHA_256 using the CEK as 1343 the encryption key, the JWE Initialization Vector, and the Additional 1344 Authenticated Data value above. The resulting Ciphertext is: 1346 [3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, 1347 131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, 1348 112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, 1349 157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, 1350 129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60, 1351 60, 47, 233, 132, 121, 13, 35, 188, 53, 19, 172, 77, 59, 54, 211, 1352 158, 172, 25, 60, 111, 0, 80, 201, 158, 160, 210, 68, 55, 12, 67, 1353 136, 130, 87, 216, 197, 95, 62, 20, 155, 205, 5, 140, 27, 168, 221, 1354 65, 114, 78, 157, 254, 46, 206, 182, 52, 135, 87, 239, 3, 34, 186, 1355 126, 220, 151, 17, 33, 237, 57, 96, 172, 183, 58, 45, 248, 103, 241, 1356 142, 136, 7, 53, 16, 173, 181, 7, 93, 92, 252, 1, 53, 212, 242, 8, 1357 255, 11, 239, 181, 24, 148, 136, 111, 24, 161, 244, 23, 106, 69, 157, 1358 215, 243, 189, 240, 166, 169, 249, 72, 38, 201, 99, 223, 173, 229, 9, 1359 222, 82, 79, 157, 176, 248, 85, 239, 121, 163, 1, 31, 48, 98, 206, 1360 61, 249, 104, 216, 201, 227, 105, 48, 194, 193, 10, 36, 160, 159, 1361 241, 166, 84, 54, 188, 211, 243, 242, 40, 46, 45, 193, 193, 160, 169, 1362 101, 201, 1, 73, 47, 105, 142, 88, 28, 42, 132, 26, 61, 58, 63, 142, 1363 243, 77, 26, 179, 153, 166, 46, 203, 208, 49, 55, 229, 34, 178, 4, 1364 109, 180, 204, 204, 115, 1, 103, 193, 5, 91, 215, 214, 195, 1, 110, 1365 208, 53, 144, 36, 105, 12, 54, 25, 129, 101, 15, 183, 150, 250, 147, 1366 115, 227, 58, 250, 5, 128, 232, 63, 15, 14, 19, 141, 124, 253, 142, 1367 137, 189, 135, 26, 44, 240, 27, 88, 132, 105, 127, 6, 71, 37, 41, 1368 124, 187, 165, 140, 34, 200, 123, 80, 228, 24, 231, 176, 132, 171, 1369 138, 145, 152, 116, 224, 50, 141, 51, 147, 91, 186, 7, 246, 106, 217, 1370 148, 244, 227, 244, 45, 220, 121, 165, 224, 148, 181, 17, 181, 128, 1371 197, 101, 237, 11, 169, 229, 149, 199, 78, 56, 15, 14, 190, 91, 216, 1372 222, 247, 213, 74, 40, 8, 96, 20, 168, 119, 96, 26, 24, 52, 37, 82, 1373 127, 57, 176, 147, 118, 59, 7, 224, 33, 117, 72, 155, 29, 82, 26, 1374 215, 189, 140, 119, 28, 152, 118, 93, 222, 194, 192, 148, 115, 83, 1375 253, 216, 212, 108, 88, 83, 175, 172, 220, 97, 79, 110, 42, 223, 170, 1376 161, 34, 164, 144, 193, 76, 122, 92, 160, 41, 178, 175, 6, 35, 96, 1377 113, 96, 158, 90, 129, 101, 26, 45, 70, 180, 189, 230, 15, 5, 247, 1378 150, 209, 94, 171, 26, 13, 142, 212, 129, 1, 176, 5, 0, 112, 203, 1379 174, 185, 119, 76, 233, 189, 54, 172, 189, 245, 223, 253, 205, 12, 1380 88, 9, 126, 157, 225, 90, 40, 229, 191, 63, 30, 160, 224, 69, 3, 140, 1381 109, 70, 89, 37, 213, 245, 194, 210, 180, 188, 63, 210, 139, 221, 2, 1382 144, 200, 20, 177, 216, 29, 227, 242, 106, 12, 135, 142, 139, 144, 1383 82, 225, 162, 171, 176, 108, 99, 6, 43, 193, 161, 116, 234, 216, 1, 1384 242, 21, 124, 162, 98, 205, 124, 193, 38, 12, 242, 90, 101, 76, 204, 1385 184, 124, 58, 180, 16, 240, 26, 76, 195, 250, 212, 191, 185, 191, 97, 1386 198, 186, 73, 225, 75, 14, 90, 123, 121, 172, 101, 50, 160, 221, 141, 1387 253, 205, 126, 77, 9, 87, 198, 110, 104, 182, 141, 120, 51, 25, 232, 1388 3, 32, 80, 6, 156, 8, 18, 4, 135, 221, 142, 25, 135, 2, 129, 132, 1389 115, 227, 74, 141, 28, 119, 11, 141, 117, 134, 198, 62, 150, 254, 97, 1390 75, 197, 251, 99, 89, 204, 224, 226, 67, 83, 175, 89, 0, 81, 29, 38, 1391 207, 89, 140, 255, 197, 177, 164, 128, 62, 116, 224, 180, 109, 169, 1392 28, 2, 59, 176, 130, 252, 44, 178, 81, 24, 181, 176, 75, 44, 61, 91, 1393 12, 37, 21, 255, 83, 130, 197, 16, 231, 60, 217, 56, 131, 118, 168, 1394 202, 58, 52, 84, 124, 162, 185, 174, 162, 226, 242, 112, 68, 246, 1395 202, 16, 208, 52, 154, 58, 129, 80, 102, 33, 171, 6, 186, 177, 14, 1396 195, 88, 136, 6, 0, 155, 28, 100, 162, 207, 162, 222, 117, 248, 170, 1397 208, 114, 87, 31, 57, 176, 33, 57, 83, 253, 12, 168, 110, 194, 59, 1398 22, 86, 48, 227, 196, 22, 176, 218, 122, 149, 21, 249, 195, 178, 174, 1399 250, 20, 34, 120, 60, 139, 201, 99, 40, 18, 177, 17, 54, 54, 6, 3, 1400 222, 128, 160, 88, 11, 27, 0, 81, 192, 36, 41, 169, 146, 8, 47, 64, 1401 136, 28, 64, 209, 67, 135, 202, 20, 234, 182, 91, 204, 146, 195, 187, 1402 0, 72, 77, 11, 111, 152, 204, 252, 177, 212, 89, 33, 50, 132, 184, 1403 44, 183, 186, 19, 250, 69, 176, 201, 102, 140, 14, 143, 212, 212, 1404 160, 123, 208, 185, 27, 155, 68, 77, 133, 198, 2, 126, 155, 215, 22, 1405 91, 30, 217, 176, 172, 244, 156, 174, 143, 75, 90, 21, 102, 1, 160, 1406 59, 253, 188, 88, 57, 185, 197, 83, 24, 22, 180, 174, 47, 207, 52, 1, 1407 141, 146, 119, 233, 68, 228, 224, 228, 193, 248, 155, 202, 90, 7, 1408 213, 88, 33, 108, 107, 14, 86, 8, 120, 250, 58, 142, 35, 164, 238, 1409 221, 219, 35, 123, 88, 199, 192, 143, 104, 83, 17, 166, 243, 247, 11, 1410 166, 67, 68, 204, 132, 23, 110, 103, 228, 14, 55, 122, 88, 57, 180, 1411 178, 237, 52, 130, 214, 245, 102, 123, 67, 73, 175, 1, 127, 112, 148, 1412 94, 132, 164, 197, 153, 217, 87, 25, 89, 93, 63, 22, 66, 166, 90, 1413 251, 101, 10, 145, 66, 17, 124, 36, 255, 165, 226, 97, 16, 86, 112, 1414 154, 88, 105, 253, 56, 209, 229, 122, 103, 51, 24, 228, 190, 3, 236, 1415 48, 182, 121, 176, 140, 128, 117, 87, 251, 224, 37, 23, 248, 21, 218, 1416 85, 251, 136, 84, 147, 143, 144, 46, 155, 183, 251, 89, 86, 23, 26, 1417 237, 100, 167, 32, 130, 173, 237, 89, 55, 110, 70, 142, 127, 65, 230, 1418 208, 109, 69, 19, 253, 84, 130, 130, 193, 92, 58, 108, 150, 42, 136, 1419 249, 234, 86, 241, 182, 19, 117, 246, 26, 181, 92, 101, 155, 44, 103, 1420 235, 173, 30, 140, 90, 29, 183, 190, 77, 53, 206, 127, 5, 87, 8, 187, 1421 184, 92, 4, 157, 22, 18, 105, 251, 39, 88, 182, 181, 103, 148, 233, 1422 6, 63, 70, 188, 7, 101, 216, 127, 77, 31, 12, 233, 7, 147, 106, 30, 1423 150, 77, 145, 13, 205, 48, 56, 245, 220, 89, 252, 127, 51, 180, 36, 1424 31, 55, 18, 214, 230, 254, 217, 197, 65, 247, 27, 215, 117, 247, 108, 1425 157, 121, 11, 63, 150, 195, 83, 6, 134, 242, 41, 24, 105, 204, 5, 63, 1426 192, 14, 159, 113, 72, 140, 128, 51, 215, 80, 215, 39, 149, 94, 79, 1427 128, 34, 5, 129, 82, 83, 121, 187, 37, 146, 27, 32, 177, 167, 71, 9, 1428 195, 30, 199, 196, 205, 252, 207, 69, 8, 120, 27, 190, 51, 43, 75, 1429 249, 234, 167, 116, 206, 203, 199, 43, 108, 87, 48, 155, 140, 228, 1430 210, 85, 25, 161, 96, 67, 8, 205, 64, 39, 75, 88, 44, 238, 227, 16, 1431 0, 100, 93, 129, 18, 4, 149, 50, 68, 72, 99, 35, 111, 254, 27, 102, 1432 175, 108, 233, 87, 181, 44, 169, 18, 139, 79, 208, 14, 202, 192, 5, 1433 162, 222, 231, 149, 24, 211, 49, 120, 101, 39, 206, 87, 147, 204, 1434 200, 251, 104, 115, 5, 127, 117, 195, 79, 151, 18, 224, 52, 0, 245, 1435 4, 85, 255, 103, 217, 0, 116, 198, 80, 91, 167, 192, 154, 199, 197, 1436 149, 237, 51, 2, 131, 30, 226, 95, 105, 48, 68, 135, 208, 144, 120, 1437 176, 145, 157, 8, 171, 80, 94, 61, 92, 92, 220, 157, 13, 138, 51, 23, 1438 185, 124, 31, 77, 1, 87, 241, 43, 239, 55, 122, 86, 210, 48, 208, 1439 204, 112, 144, 80, 147, 106, 219, 47, 253, 31, 134, 176, 16, 135, 1440 219, 95, 17, 129, 83, 236, 125, 136, 112, 86, 228, 252, 71, 129, 218, 1441 174, 156, 236, 12, 27, 159, 11, 138, 252, 253, 207, 31, 115, 214, 1442 118, 239, 203, 16, 211, 205, 99, 22, 51, 163, 107, 162, 246, 199, 67, 1443 127, 34, 108, 197, 53, 117, 58, 199, 3, 190, 74, 70, 190, 65, 235, 1444 175, 97, 157, 215, 252, 189, 245, 100, 229, 248, 46, 90, 126, 237, 4, 1445 159, 128, 58, 7, 156, 236, 69, 191, 85, 240, 179, 224, 249, 152, 49, 1446 195, 223, 60, 78, 186, 157, 155, 217, 58, 105, 116, 164, 217, 111, 1447 215, 150, 218, 252, 84, 86, 248, 140, 240, 226, 61, 106, 208, 95, 60, 1448 163, 6, 0, 235, 253, 162, 96, 62, 234, 251, 249, 35, 21, 7, 211, 233, 1449 86, 50, 33, 203, 67, 248, 60, 190, 123, 48, 167, 226, 90, 191, 71, 1450 56, 183, 165, 17, 85, 76, 238, 140, 211, 168, 53, 223, 194, 4, 97, 1451 149, 156, 120, 137, 76, 33, 229, 243, 194, 208, 198, 202, 139, 28, 1452 114, 46, 224, 92, 254, 83, 100, 134, 158, 92, 70, 78, 61, 62, 138, 1453 24, 173, 216, 66, 198, 70, 254, 47, 59, 193, 53, 6, 139, 19, 153, 1454 253, 28, 199, 122, 160, 27, 67, 234, 209, 227, 139, 4, 50, 7, 178, 1455 183, 89, 252, 32, 128, 137, 55, 52, 29, 89, 12, 111, 42, 181, 51, 1456 170, 132, 132, 207, 170, 228, 254, 178, 213, 0, 136, 175, 8] 1458 The resulting Authentication Tag value is: 1460 [208, 113, 102, 132, 236, 236, 67, 223, 39, 53, 98, 99, 32, 121, 17, 1461 236] 1463 Encoding this JWE Ciphertext as BASE64URL(JWE Ciphertext) gives this 1464 value (with line breaks for display purposes only): 1466 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1467 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1468 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1469 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1470 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1471 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1472 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1473 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1474 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1475 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1476 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1477 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1478 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1479 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1480 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1481 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1482 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1483 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1484 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1485 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1486 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1487 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1488 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1489 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1490 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1491 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1492 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1493 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1494 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1495 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1496 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1497 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1498 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1499 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg 1501 Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication 1502 Tag) gives this value: 1504 0HFmhOzsQ98nNWJjIHkR7A 1506 C.9. Complete Representation 1508 Assemble the final representation: The Compact Serialization of this 1509 result is the string BASE64URL(UTF8(JWE Protected Header)) || '.' || 1510 BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization 1511 Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE 1512 Authentication Tag). 1514 The final result in this example is: 1516 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1517 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1518 andrK2pzb24ifQ. 1519 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA. 1520 Ye9j1qs22DmRSAddIh-VnA. 1521 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1522 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1523 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1524 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1525 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1526 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1527 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1528 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1529 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1530 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1531 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1532 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1533 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1534 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1535 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1536 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1537 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1538 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1539 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1540 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1541 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1542 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1543 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1544 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1545 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1546 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1547 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1548 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1549 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1550 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1551 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1552 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1553 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1554 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg. 1555 0HFmhOzsQ98nNWJjIHkR7A 1557 Appendix D. Acknowledgements 1559 A JSON representation for RSA public keys was previously introduced 1560 by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures 1562 [MagicSignatures]. 1564 Thanks to Matt Miller for creating the encrypted key example and to 1565 Edmund Jay and Brian Campbell for validating the example. 1567 This specification is the work of the JOSE Working Group, which 1568 includes dozens of active and dedicated participants. In particular, 1569 the following individuals contributed ideas, feedback, and wording 1570 that influenced this specification: 1572 Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de 1573 Medeiros, Joe Hildebrand, Edmund Jay, Ben Laurie, James Manger, Matt 1574 Miller, Tony Nadalin, Axel Nennker, John Panzer, Eric Rescorla, Nat 1575 Sakimura, Jim Schaad, Paul Tarjan, Hannes Tschofenig, and Sean 1576 Turner. 1578 Jim Schaad and Karen O'Donoghue chaired the JOSE working group and 1579 Sean Turner, Stephen Farrell, and Kathleen Moriarty served as 1580 Security area directors during the creation of this specification. 1582 Appendix E. Document History 1584 [[ to be removed by the RFC Editor before publication as an RFC ]] 1586 -26 1588 o Referenced Section 6 of RFC 6125 for TLS server certificate 1589 identity validation. 1591 o Deleted misleading non-normative phrase from the "use" 1592 description. 1594 o Noted that octet sequences are depicted using JSON array notation. 1596 o Updated references, including to W3C specifications. 1598 -25 1600 o Updated WebCrypto reference to refer to W3C Last Call draft. 1602 -24 1604 o Corrected the authentication tag value in the encrypted key 1605 example. 1607 o Updated the JSON reference to RFC 7159. 1609 -23 1611 o No changes were made, other than to the version number and date. 1613 -22 1615 o Corrected RFC 2119 terminology usage. 1617 o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158. 1619 -21 1621 o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey" 1622 and "unwrapKey" to match the "KeyUsage" values defined in the 1623 current Web Cryptography API [WebCrypto] editor's draft. 1625 o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt 1626 Input), where the "p2s" Header Parameter encodes the Salt Input 1627 value and Alg is the "alg" Header Parameter value. 1629 o Changed some references from being normative to informative, 1630 addressing issue #90. 1632 -20 1634 o Renamed "use_details" to "key_ops" (key operations). 1636 o Clarified that "use" is meant for public key use cases, "key_ops" 1637 is meant for use cases in which public, private, or symmetric keys 1638 may be present, and that "use" and "key_ops" should not be used 1639 together. 1641 o Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis, 1642 addressing issue #90. 1644 -19 1646 o Added optional "use_details" (key use details) JWK member. 1648 o Reordered the key selection parameters. 1650 -18 1652 o Changes to address editorial and minor issues #68, #69, #73, #74, 1653 #76, #77, #78, #79, #82, #85, #89, and #135. 1655 o Added and used Description registry fields. 1657 -17 1659 o Refined the "typ" and "cty" definitions to always be MIME Media 1660 Types, with the omission of "application/" prefixes recommended 1661 for brevity, addressing issue #50. 1663 o Added an example encrypting an RSA private key with 1664 "PBES2-HS256+A128KW" and "A128CBC-HS256". Thanks to Matt Miller 1665 for producing this! 1667 o Processing rules occurring in both JWS and JWK are now referenced 1668 in JWS by JWK, rather than duplicated, addressing issue #57. 1670 o Terms used in multiple documents are now defined in one place and 1671 incorporated by reference. Some lightly used or obvious terms 1672 were also removed. This addresses issue #58. 1674 -16 1676 o Changes to address editorial and minor issues #41, #42, #43, #47, 1677 #51, #67, #71, #76, #80, #83, #84, #85, #86, #87, and #88. 1679 -15 1681 o Changes to address editorial issues #48, #64, #65, #66, and #91. 1683 -14 1685 o Relaxed language introducing key parameters since some parameters 1686 are applicable to multiple, but not all, key types. 1688 -13 1690 o Applied spelling and grammar corrections. 1692 -12 1694 o Stated that recipients MUST either reject JWKs and JWK Sets with 1695 duplicate member names or use a JSON parser that returns only the 1696 lexically last duplicate member name. 1698 -11 1700 o Stated that when "kid" values are used within a JWK Set, different 1701 keys within the JWK Set SHOULD use distinct "kid" values. 1703 o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate 1704 Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters. 1706 o Added section on Encrypted JWK and Encrypted JWK Set Formats. 1708 o Added a Parameter Information Class value to the JSON Web Key 1709 Parameters registry, which registers whether the parameter conveys 1710 public or private information. 1712 o Registered "application/jwk+json" and "application/jwk-set+json" 1713 MIME types and "JWK" and "JWK-SET" typ header parameter values, 1714 addressing issue #21. 1716 -10 1718 o No changes were made, other than to the version number and date. 1720 -09 1722 o Expanded the scope of the JWK specification to include private and 1723 symmetric key representations, as specified by 1724 draft-jones-jose-json-private-and-symmetric-key-00. 1726 o Defined that members that are not understood must be ignored. 1728 -08 1730 o Changed the name of the JWK key type parameter from "alg" to "kty" 1731 to enable use of "alg" to indicate the particular algorithm that 1732 the key is intended to be used with. 1734 o Clarified statements of the form "This member is OPTIONAL" to "Use 1735 of this member is OPTIONAL". 1737 o Referenced String Comparison Rules in JWS. 1739 o Added seriesInfo information to Internet Draft references. 1741 -07 1743 o Changed the name of the JWK RSA modulus parameter from "mod" to 1744 "n" and the name of the JWK RSA exponent parameter from "xpo" to 1745 "e", so that the identifiers are the same as those used in RFC 1746 3447. 1748 -06 1750 o Changed the name of the JWK RSA exponent parameter from "exp" to 1751 "xpo" so as to allow the potential use of the name "exp" for a 1752 future extension that might define an expiration parameter for 1753 keys. (The "exp" name is already used for this purpose in the JWT 1754 specification.) 1756 o Clarify that the "alg" (algorithm family) member is REQUIRED. 1758 o Correct an instance of "JWK" that should have been "JWK Set". 1760 o Applied changes made by the RFC Editor to RFC 6749's registry 1761 language to this specification. 1763 -05 1765 o Indented artwork elements to better distinguish them from the body 1766 text. 1768 -04 1770 o Refer to the registries as the primary sources of defined values 1771 and then secondarily reference the sections defining the initial 1772 contents of the registries. 1774 o Normatively reference XML DSIG 2.0 for its security 1775 considerations. 1777 o Added this language to Registration Templates: "This name is case 1778 sensitive. Names that match other registered names in a case 1779 insensitive manner SHOULD NOT be accepted." 1781 o Described additional open issues. 1783 o Applied editorial suggestions. 1785 -03 1787 o Clarified that "kid" values need not be unique within a JWK Set. 1789 o Moved JSON Web Key Parameters registry to the JWK specification. 1791 o Added "Collision Resistant Namespace" to the terminology section. 1793 o Changed registration requirements from RFC Required to 1794 Specification Required with Expert Review. 1796 o Added Registration Template sections for defined registries. 1798 o Added Registry Contents sections to populate registry values. 1800 o Numerous editorial improvements. 1802 -02 1804 o Simplified JWK terminology to get replace the "JWK Key Object" and 1805 "JWK Container Object" terms with simply "JSON Web Key (JWK)" and 1806 "JSON Web Key Set (JWK Set)" and to eliminate potential confusion 1807 between single keys and sets of keys. As part of this change, the 1808 top-level member name for a set of keys was changed from "jwk" to 1809 "keys". 1811 o Clarified that values with duplicate member names MUST be 1812 rejected. 1814 o Established JSON Web Key Set Parameters registry. 1816 o Explicitly listed non-goals in the introduction. 1818 o Moved algorithm-specific definitions from JWK to JWA. 1820 o Reformatted to give each member definition its own section 1821 heading. 1823 -01 1825 o Corrected the Magic Signatures reference. 1827 -00 1829 o Created the initial IETF draft based upon 1830 draft-jones-json-web-key-03 with no normative changes. 1832 Author's Address 1834 Michael B. Jones 1835 Microsoft 1837 Email: mbj@microsoft.com 1838 URI: http://self-issued.info/