idnits 2.17.1 draft-ietf-jose-json-web-key-27.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 10, 2014) is 3600 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ECMAScript' -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.X690.1994' ** Downref: Normative reference to an Historic RFC: RFC 1421 ** Obsolete normative reference: RFC 2818 (Obsoleted by RFC 9110) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 6125 (Obsoleted by RFC 9525) ** Obsolete normative reference: RFC 7159 (Obsoleted by RFC 8259) -- Possible downref: Non-RFC (?) normative reference: ref. 'USASCII' -- Obsolete informational reference (is this intentional?): RFC 3447 (Obsoleted by RFC 8017) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 5 errors (**), 0 flaws (~~), 1 warning (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 JOSE Working Group M. Jones 3 Internet-Draft Microsoft 4 Intended status: Standards Track June 10, 2014 5 Expires: December 12, 2014 7 JSON Web Key (JWK) 8 draft-ietf-jose-json-web-key-27 10 Abstract 12 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data 13 structure that represents a cryptographic key. This specification 14 also defines a JSON Web Key Set (JWK Set) JSON data structure that 15 represents a set of JWKs. Cryptographic algorithms and identifiers 16 for use with this specification are described in the separate JSON 17 Web Algorithms (JWA) specification and IANA registries defined by 18 that specification. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on December 12, 2014. 37 Copyright Notice 39 Copyright (c) 2014 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 4 56 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. Example JWK . . . . . . . . . . . . . . . . . . . . . . . . . 5 58 4. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 5 59 4.1. "kty" (Key Type) Parameter . . . . . . . . . . . . . . . . 6 60 4.2. "use" (Public Key Use) Parameter . . . . . . . . . . . . . 6 61 4.3. "key_ops" (Key Operations) Parameter . . . . . . . . . . . 7 62 4.4. "alg" (Algorithm) Parameter . . . . . . . . . . . . . . . 7 63 4.5. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 8 64 4.6. "x5u" (X.509 URL) Parameter . . . . . . . . . . . . . . . 8 65 4.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 8 66 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 9 67 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) 68 Parameter . . . . . . . . . . . . . . . . . . . . . . . . 9 69 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 9 70 5.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 10 71 6. String Comparison Rules . . . . . . . . . . . . . . . . . . . 10 72 7. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 10 73 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 74 8.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 12 75 8.1.1. Registration Template . . . . . . . . . . . . . . . . 12 76 8.1.2. Initial Registry Contents . . . . . . . . . . . . . . 13 77 8.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 14 78 8.2.1. Registration Template . . . . . . . . . . . . . . . . 14 79 8.2.2. Initial Registry Contents . . . . . . . . . . . . . . 15 80 8.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 15 81 8.3.1. Registration Template . . . . . . . . . . . . . . . . 15 82 8.3.2. Initial Registry Contents . . . . . . . . . . . . . . 16 83 8.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 17 84 8.4.1. Registration Template . . . . . . . . . . . . . . . . 17 85 8.4.2. Initial Registry Contents . . . . . . . . . . . . . . 18 86 8.5. Media Type Registration . . . . . . . . . . . . . . . . . 18 87 8.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 18 88 9. Security Considerations . . . . . . . . . . . . . . . . . . . 19 89 9.1. Key Provenance and Trust . . . . . . . . . . . . . . . . . 19 90 9.2. Preventing Disclosure of Non-Public Key Information . . . 20 91 9.3. RSA Private Key Representations and Blinding . . . . . . . 20 92 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 93 10.1. Normative References . . . . . . . . . . . . . . . . . . . 20 94 10.2. Informative References . . . . . . . . . . . . . . . . . . 22 95 Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 23 96 A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 23 97 A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 23 98 A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 25 99 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) 100 Parameter . . . . . . . . . . . . . . . . . . . . . . 25 101 Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 26 102 C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 27 103 C.2. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . 30 104 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 30 105 C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 31 106 C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 31 107 C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 31 108 C.7. Additional Authenticated Data . . . . . . . . . . . . . . 32 109 C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 32 110 C.9. Complete Representation . . . . . . . . . . . . . . . . . 35 111 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 36 112 Appendix E. Document History . . . . . . . . . . . . . . . . . . 37 113 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 42 115 1. Introduction 117 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7159] 118 data structure that represents a cryptographic key. This 119 specification also defines a JSON Web Key Set (JWK Set) JSON data 120 structure that represents a set of JWKs. Cryptographic algorithms 121 and identifiers for use with this specification are described in the 122 separate JSON Web Algorithms (JWA) [JWA] specification and IANA 123 registries defined by that specification. 125 JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and 126 JSON Web Encryption (JWE) [JWE] specifications. 128 Names defined by this specification are short because a core goal is 129 for the resulting representations to be compact. 131 1.1. Notational Conventions 133 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 134 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 135 "OPTIONAL" in this document are to be interpreted as described in Key 136 words for use in RFCs to Indicate Requirement Levels [RFC2119]. If 137 these words are used without being spelled in uppercase then they are 138 to be interpreted with their normal natural language meanings. 140 BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per 141 Section 2. 143 UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation 144 of STRING. 146 ASCII(STRING) denotes the octets of the ASCII [USASCII] 147 representation of STRING. 149 The concatenation of two values A and B is denoted as A || B. 151 2. Terminology 153 These terms defined by the JSON Web Signature (JWS) [JWS] 154 specification are incorporated into this specification: "Base64url 155 Encoding" and "Collision-Resistant Name". 157 These terms are defined for use by this specification: 159 JSON Web Key (JWK) 160 A JSON object that represents a cryptographic key. The members of 161 the object represent properties of the key, including its value. 163 JSON Web Key Set (JWK Set) 164 A JSON object that represents a set of JWKs. The JSON object MUST 165 have a "keys" member, which is an array of JWK objects. 167 3. Example JWK 169 This section provides an example of a JWK. The following example JWK 170 declares that the key is an an elliptic curve key, it is used with 171 the P-256 elliptic curve, and its x and y coordinates are the 172 base64url encoded values shown. A key identifier is also provided 173 for the key. 175 {"kty":"EC", 176 "crv":"P-256", 177 "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", 178 "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", 179 "kid":"Public key used in JWS A.3 example" 180 } 182 Additional example JWK values can be found in Appendix A. 184 4. JSON Web Key (JWK) Format 186 A JSON Web Key (JWK) is a JSON object that represents a cryptographic 187 key. The members of the object represent properties of the key, 188 including its value. This document defines the key parameters that 189 are not algorithm specific, and thus common to many keys. 191 In addition to the common parameters, each JWK will have members that 192 are specific to the kind of key being represented. These members 193 represent the parameters of the key. Section 6 of the JSON Web 194 Algorithms (JWA) [JWA] specification defines multiple kinds of 195 cryptographic keys and their associated members. 197 The member names within a JWK MUST be unique; recipients MUST either 198 reject JWKs with duplicate member names or use a JSON parser that 199 returns only the lexically last duplicate member name, as specified 200 in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. 202 Additional members can be present in the JWK; if not understood by 203 implementations encountering them, they MUST be ignored. Member 204 names used for representing key parameters for different keys types 205 need not be distinct. Any new member name should either be 206 registered in the IANA JSON Web Key Parameters registry defined in 207 Section 8.1 or be a value that contains a Collision-Resistant Name. 209 4.1. "kty" (Key Type) Parameter 211 The "kty" (key type) member identifies the cryptographic algorithm 212 family used with the key. "kty" values should either be registered in 213 the IANA JSON Web Key Types registry defined in [JWA] or be a value 214 that contains a Collision-Resistant Name. The "kty" value is a case- 215 sensitive string. This member MUST be present in a JWK. 217 A list of defined "kty" values can be found in the IANA JSON Web Key 218 Types registry defined in [JWA]; the initial contents of this 219 registry are the values defined in Section 6.1 of the JSON Web 220 Algorithms (JWA) [JWA] specification. 222 The key type definitions include specification of the members to be 223 used for those key types. Additional members used with "kty" values 224 can also be found in the IANA JSON Web Key Parameters registry 225 defined in Section 8.1. 227 4.2. "use" (Public Key Use) Parameter 229 The "use" (public key use) member identifies the intended use of the 230 public key. The "use" parameter is intended for use cases in which 231 it is useful to distinguish between public signing keys and public 232 encryption keys. 234 Values defined by this specification are: 236 o "sig" (signature) 237 o "enc" (encryption) 239 Other values MAY be used. Public Key Use values can be registered in 240 the IANA JSON Web Key Use registry defined in Section 8.2. The "use" 241 value is a case-sensitive string. Use of the "use" member is 242 OPTIONAL, unless the application requires its presence. 244 When a key is used to wrap another key and a key use designation for 245 the first key is desired, the "enc" (encryption) key use value SHOULD 246 be used, since key wrapping is a kind of encryption. The "enc" value 247 SHOULD also be used for public keys used for key agreement 248 operations. (The "alg" member can be used to specify the particular 249 cryptographic operation to be performed, when desired.) 251 4.3. "key_ops" (Key Operations) Parameter 253 The "key_ops" (key operations) member identifies the operation(s) 254 that the key is intended to be used for. The "key_ops" parameter is 255 intended for use cases in which public, private, or symmetric keys 256 may be present. 258 Its value is an array of key operation values. Values defined by 259 this specification are: 261 o "sign" (compute signature or MAC) 262 o "verify" (verify signature or MAC) 263 o "encrypt" (encrypt content) 264 o "decrypt" (decrypt content and validate decryption, if applicable) 265 o "wrapKey" (encrypt key) 266 o "unwrapKey" (decrypt key and validate decryption, if applicable) 267 o "deriveKey" (derive key) 268 o "deriveBits" (derive bits not to be used as a key) 270 (Note that the "key_ops" values intentionally match the "KeyUsage" 271 values defined in the Web Cryptography API [WebCrypto] 272 specification.) 274 Other values MAY be used. Key operation values can be registered in 275 the IANA JSON Web Key Operations registry defined in Section 8.3. 276 The key operation values are case-sensitive strings. Duplicate key 277 operation values MUST NOT be present in the array. 279 Use of the "key_ops" member is OPTIONAL, unless the application 280 requires its presence. 282 Multiple unrelated key operations SHOULD NOT be specified for a key 283 because of the potential vulnerabilities associated with using the 284 same key with multiple algorithms. Thus, the combinations "sign" 285 with "verify", "encrypt" with "decrypt", and "wrapKey" with 286 "unwrapKey" are permitted, but other combinations SHOULD NOT be used. 288 The "use" and "key_ops" JWK members SHOULD NOT be used together. 289 Applications should specify which of these members they use, if 290 either is to be used by the application. 292 4.4. "alg" (Algorithm) Parameter 294 The "alg" (algorithm) member identifies the algorithm intended for 295 use with the key. The values used should either be registered in the 296 IANA JSON Web Signature and Encryption Algorithms registry defined in 297 [JWA] or be a value that contains a Collision-Resistant Name. Use of 298 this member is OPTIONAL. 300 4.5. "kid" (Key ID) Parameter 302 The "kid" (key ID) member can be used to match a specific key. This 303 can be used, for instance, to choose among a set of keys within a JWK 304 Set during key rollover. The structure of the "kid" value is 305 unspecified. When "kid" values are used within a JWK Set, different 306 keys within the JWK Set SHOULD use distinct "kid" values. (One 307 example in which different keys might use the same "kid" value is if 308 they have different "kty" (key type) values but are considered to be 309 equivalent alternatives by the application using them.) The "kid" 310 value is a case-sensitive string. Use of this member is OPTIONAL. 312 When used with JWS or JWE, the "kid" value is used to match a JWS or 313 JWE "kid" Header Parameter value. 315 4.6. "x5u" (X.509 URL) Parameter 317 The "x5u" (X.509 URL) member is a URI [RFC3986] that refers to a 318 resource for an X.509 public key certificate or certificate chain 319 [RFC5280]. The identified resource MUST provide a representation of 320 the certificate or certificate chain that conforms to RFC 5280 321 [RFC5280] in PEM encoded form [RFC1421]. The key in the first 322 certificate MUST match the public key represented by other members of 323 the JWK. The protocol used to acquire the resource MUST provide 324 integrity protection; an HTTP GET request to retrieve the certificate 325 MUST use TLS [RFC2818] [RFC5246]; the identity of the server MUST be 326 validated, as per Section 6 of RFC 6125 [RFC6125]. Use of this 327 member is OPTIONAL. 329 While there is no requirement that members other than those 330 representing the public key be populated when an "x5u" member is 331 present, doing so may improve interoperability for applications that 332 do not handle PKIX certificates. If other members are present, the 333 contents of those members MUST be semantically consistent with the 334 related fields in the first certificate. For instance, if the "use" 335 member is present, then it needs to allow for only a subset of the 336 usages that are permitted by the certificate. Similarly, if the 337 "alg" member is present, it should represent an algorithm that the 338 certificate allows. 340 4.7. "x5c" (X.509 Certificate Chain) Parameter 342 The "x5c" (X.509 Certificate Chain) member contains a chain of one or 343 more PKIX certificates [RFC5280]. The certificate chain is 344 represented as a JSON array of certificate value strings. Each 345 string in the array is a base64 encoded ([RFC4648] Section 4 -- not 346 base64url encoded) DER [ITU.X690.1994] PKIX certificate value. The 347 PKIX certificate containing the key value MUST be the first 348 certificate. This MAY be followed by additional certificates, with 349 each subsequent certificate being the one used to certify the 350 previous one. The key in the first certificate MUST match the public 351 key represented by other members of the JWK. Use of this member is 352 OPTIONAL. 354 As with the "x5u" member, members other than those representing the 355 public key may also be populated when an "x5c" member is present. If 356 other members are present, the contents of those members MUST be 357 semantically consistent with the related fields in the first 358 certificate. See the last paragraph of Section 4.6 for additional 359 guidance on this. 361 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter 363 The "x5t" (X.509 Certificate SHA-1 Thumbprint) member is a base64url 364 encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an 365 X.509 certificate [RFC5280]. The key in the certificate MUST match 366 the public key represented by other members of the JWK. Use of this 367 member is OPTIONAL. 369 As with the "x5u" member, members other than those representing the 370 public key may also be populated when an "x5t" member is present. If 371 other members are present, the contents of those members MUST be 372 semantically consistent with the related fields in the referenced 373 certificate. See the last paragraph of Section 4.6 for additional 374 guidance on this. 376 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter 378 The "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) member is a 379 base64url encoded SHA-256 thumbprint (a.k.a. digest) of the DER 380 encoding of an X.509 certificate [RFC5280]. The key in the 381 certificate MUST match the public key represented by other members of 382 the JWK. Use of this member is OPTIONAL. 384 As with the "x5u" member, members other than those representing the 385 public key may also be populated when an "x5t#S256" member is 386 present. If other members are present, the contents of those members 387 MUST be semantically consistent with the related fields in the 388 referenced certificate. See the last paragraph of Section 4.6 for 389 additional guidance on this. 391 5. JSON Web Key Set (JWK Set) Format 393 A JSON Web Key Set (JWK Set) is a JSON object that represents a set 394 of JWKs. The JSON object MUST have a "keys" member, which is an 395 array of JWK objects. 397 The member names within a JWK Set MUST be unique; recipients MUST 398 either reject JWK Sets with duplicate member names or use a JSON 399 parser that returns only the lexically last duplicate member name, as 400 specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 401 [ECMAScript]. 403 Additional members can be present in the JWK Set; if not understood 404 by implementations encountering them, they MUST be ignored. 405 Parameters for representing additional properties of JWK Sets should 406 either be registered in the IANA JSON Web Key Set Parameters registry 407 defined in Section 8.4 or be a value that contains a Collision- 408 Resistant Name. 410 Implementations SHOULD ignore JWKs within a JWK Set that use "kty" 411 (key type) values that are not understood by them, are missing 412 required members, or for which values are out of the supported 413 ranges. 415 5.1. "keys" Parameter 417 The value of the "keys" member is an array of JWK values. By 418 default, the order of the JWK values within the array does not imply 419 an order of preference among them, although applications of JWK Sets 420 can choose to assign a meaning to the order for their purposes, if 421 desired. This member MUST be present in a JWK Set. 423 6. String Comparison Rules 425 The string comparison rules for this specification are the same as 426 those defined in Section 5.3 of [JWS]. 428 7. Encrypted JWK and Encrypted JWK Set Formats 430 JWKs containing non-public key material will need to be encrypted 431 when potentially observable by parties without legitimate access to 432 the non-public information to prevent the disclosure of private or 433 symmetric key values to unintended parties. The use of an Encrypted 434 JWK, which is a JWE with the UTF-8 encoding of a JWK as its plaintext 435 value, is recommended for this purpose. The processing of Encrypted 436 JWKs is identical to the processing of other JWEs. A "cty" (content 437 type) Header Parameter value of "jwk+json" MUST be used to indicate 438 that the content of the JWE is a JWK, unless the application knows 439 that the encrypted content is a JWK by another means or convention. 441 JWK Sets containing non-public key material will also need to be 442 encrypted under these circumstances. The use of an Encrypted JWK 443 Set, which is a JWE with the UTF-8 encoding of a JWK Set as its 444 plaintext value, is recommended for this purpose. The processing of 445 Encrypted JWK Sets is identical to the processing of other JWEs. A 446 "cty" (content type) Header Parameter value of "jwk-set+json" MUST be 447 used to indicate that the content of the JWE is a JWK Set, unless the 448 application knows that the encrypted content is a JWK Set by another 449 means or convention. 451 See Appendix C for an example encrypted JWK. 453 8. IANA Considerations 455 The following registration procedure is used for all the registries 456 established by this specification. 458 Values are registered with a Specification Required [RFC5226] after a 459 two-week review period on the [TBD]@ietf.org mailing list, on the 460 advice of one or more Designated Experts. However, to allow for the 461 allocation of values prior to publication, the Designated Expert(s) 462 may approve registration once they are satisfied that such a 463 specification will be published. 465 Registration requests must be sent to the [TBD]@ietf.org mailing list 466 for review and comment, with an appropriate subject (e.g., "Request 467 for access token type: example"). [[ Note to the RFC Editor: The name 468 of the mailing list should be determined in consultation with the 469 IESG and IANA. Suggested name: jose-reg-review. ]] 471 Within the review period, the Designated Expert(s) will either 472 approve or deny the registration request, communicating this decision 473 to the review list and IANA. Denials should include an explanation 474 and, if applicable, suggestions as to how to make the request 475 successful. Registration requests that are undetermined for a period 476 longer than 21 days can be brought to the IESG's attention (using the 477 iesg@iesg.org mailing list) for resolution. 479 Criteria that should be applied by the Designated Expert(s) includes 480 determining whether the proposed registration duplicates existing 481 functionality, determining whether it is likely to be of general 482 applicability or whether it is useful only for a single application, 483 and whether the registration makes sense. 485 IANA must only accept registry updates from the Designated Expert(s) 486 and should direct all requests for registration to the review mailing 487 list. 489 It is suggested that multiple Designated Experts be appointed who are 490 able to represent the perspectives of different applications using 491 this specification, in order to enable broadly-informed review of 492 registration decisions. In cases where a registration decision could 493 be perceived as creating a conflict of interest for a particular 494 Expert, that Expert should defer to the judgment of the other 495 Expert(s). 497 8.1. JSON Web Key Parameters Registry 499 This specification establishes the IANA JSON Web Key Parameters 500 registry for JWK parameter names. The registry records the parameter 501 name, the key type(s) that the parameter is used with, and a 502 reference to the specification that defines it. It also records 503 whether the parameter conveys public or private information. This 504 specification registers the parameter names defined in Section 4. 505 The same JWK parameter name may be registered multiple times, 506 provided that duplicate parameter registrations are only for key type 507 specific JWK parameters; in this case, the meaning of the duplicate 508 parameter name is disambiguated by the "kty" value of the JWK 509 containing it. 511 8.1.1. Registration Template 513 Parameter Name: 514 The name requested (e.g., "example"). Because a core goal of this 515 specification is for the resulting representations to be compact, 516 it is RECOMMENDED that the name be short -- not to exceed 8 517 characters without a compelling reason to do so. This name is 518 case-sensitive. Names may not match other registered names in a 519 case-insensitive manner unless the Designated Expert(s) state that 520 there is a compelling reason to allow an exception in this 521 particular case. However, matching names may be registered, 522 provided that the accompanying sets of "kty" values that the 523 Parameter Name is used with are disjoint; for the purposes of 524 matching "kty" values, "*" matches all values. 526 Parameter Description: 527 Brief description of the parameter (e.g., "Example description"). 529 Used with "kty" Value(s): 530 The key type parameter value(s) that the parameter name is to be 531 used with, or the value "*" if the parameter value is used with 532 all key types. Values may not match other registered "kty" values 533 in a case-insensitive manner when the registered Parameter Name is 534 the same (including when the Parameter Name matches in a case- 535 insensitive manner) unless the Designated Expert(s) state that 536 there is a compelling reason to allow an exception in this 537 particular case. 539 Parameter Information Class: 540 Registers whether the parameter conveys public or private 541 information. Its value must be one the words Public or Private. 543 Change Controller: 544 For Standards Track RFCs, state "IESG". For others, give the name 545 of the responsible party. Other details (e.g., postal address, 546 email address, home page URI) may also be included. 548 Specification Document(s): 549 Reference to the document(s) that specify the parameter, 550 preferably including URI(s) that can be used to retrieve copies of 551 the document(s). An indication of the relevant sections may also 552 be included but is not required. 554 8.1.2. Initial Registry Contents 556 o Parameter Name: "kty" 557 o Parameter Description: Key Type 558 o Used with "kty" Value(s): * 559 o Parameter Information Class: Public 560 o Change Controller: IESG 561 o Specification Document(s): Section 4.1 of [[ this document ]] 563 o Parameter Name: "use" 564 o Parameter Description: Public Key Use 565 o Used with "kty" Value(s): * 566 o Parameter Information Class: Public 567 o Change Controller: IESG 568 o Specification Document(s): Section 4.2 of [[ this document ]] 570 o Parameter Name: "key_ops" 571 o Parameter Description: Key Operations 572 o Used with "kty" Value(s): * 573 o Parameter Information Class: Public 574 o Change Controller: IESG 575 o Specification Document(s): Section 4.3 of [[ this document ]] 577 o Parameter Name: "alg" 578 o Parameter Description: Algorithm 579 o Used with "kty" Value(s): * 580 o Parameter Information Class: Public 581 o Change Controller: IESG 582 o Specification Document(s): Section 4.4 of [[ this document ]] 583 o Parameter Name: "kid" 584 o Parameter Description: Key ID 585 o Used with "kty" Value(s): * 586 o Parameter Information Class: Public 587 o Change Controller: IESG 588 o Specification Document(s): Section 4.5 of [[ this document ]] 590 o Parameter Name: "x5u" 591 o Parameter Description: X.509 URL 592 o Used with "kty" Value(s): * 593 o Parameter Information Class: Public 594 o Change Controller: IESG 595 o Specification Document(s): Section 4.6 of [[ this document ]] 597 o Parameter Name: "x5c" 598 o Parameter Description: X.509 Certificate Chain 599 o Used with "kty" Value(s): * 600 o Parameter Information Class: Public 601 o Change Controller: IESG 602 o Specification Document(s): Section 4.7 of [[ this document ]] 604 o Parameter Name: "x5t" 605 o Parameter Description: X.509 Certificate SHA-1 Thumbprint 606 o Used with "kty" Value(s): * 607 o Parameter Information Class: Public 608 o Change Controller: IESG 609 o Specification Document(s): Section 4.8 of [[ this document ]] 611 o Parameter Name: "x5t#S256" 612 o Parameter Description: X.509 Certificate SHA-256 Thumbprint 613 o Used with "kty" Value(s): * 614 o Parameter Information Class: Public 615 o Change Controller: IESG 616 o Specification Document(s): Section 4.9 of [[ this document ]] 618 8.2. JSON Web Key Use Registry 620 This specification establishes the IANA JSON Web Key Use registry for 621 JWK "use" (public key use) member values. The registry records the 622 public key use value and a reference to the specification that 623 defines it. This specification registers the parameter names defined 624 in Section 4.2. 626 8.2.1. Registration Template 627 Use Member Value: 628 The name requested (e.g., "example"). Because a core goal of this 629 specification is for the resulting representations to be compact, 630 it is RECOMMENDED that the name be short -- not to exceed 8 631 characters without a compelling reason to do so. This name is 632 case-sensitive. Names may not match other registered names in a 633 case-insensitive manner unless the Designated Expert(s) state that 634 there is a compelling reason to allow an exception in this 635 particular case. 637 Use Description: 638 Brief description of the use (e.g., "Example description"). 640 Change Controller: 641 For Standards Track RFCs, state "IESG". For others, give the name 642 of the responsible party. Other details (e.g., postal address, 643 email address, home page URI) may also be included. 645 Specification Document(s): 646 Reference to the document(s) that specify the parameter, 647 preferably including URI(s) that can be used to retrieve copies of 648 the document(s). An indication of the relevant sections may also 649 be included but is not required. 651 8.2.2. Initial Registry Contents 653 o Use Member Value: "sig" 654 o Use Description: Signature or MAC 655 o Change Controller: IESG 656 o Specification Document(s): Section 4.2 of [[ this document ]] 658 o Use Member Value: "enc" 659 o Use Description: Encryption 660 o Change Controller: IESG 661 o Specification Document(s): Section 4.2 of [[ this document ]] 663 8.3. JSON Web Key Operations Registry 665 This specification establishes the IANA JSON Web Key Operations 666 registry for values of JWK "key_ops" array elements. The registry 667 records the key operation value and a reference to the specification 668 that defines it. This specification registers the parameter names 669 defined in Section 4.3. 671 8.3.1. Registration Template 672 Key Operation Value: 673 The name requested (e.g., "example"). Because a core goal of this 674 specification is for the resulting representations to be compact, 675 it is RECOMMENDED that the name be short -- not to exceed 8 676 characters without a compelling reason to do so. This name is 677 case-sensitive. Names may not match other registered names in a 678 case-insensitive manner unless the Designated Expert(s) state that 679 there is a compelling reason to allow an exception in this 680 particular case. 682 Key Operation Description: 683 Brief description of the key operation (e.g., "Example 684 description"). 686 Change Controller: 687 For Standards Track RFCs, state "IESG". For others, give the name 688 of the responsible party. Other details (e.g., postal address, 689 email address, home page URI) may also be included. 691 Specification Document(s): 692 Reference to the document(s) that specify the parameter, 693 preferably including URI(s) that can be used to retrieve copies of 694 the document(s). An indication of the relevant sections may also 695 be included but is not required. 697 8.3.2. Initial Registry Contents 699 o Key Operation Value: "sign" 700 o Key Operation Description: Compute signature or MAC 701 o Change Controller: IESG 702 o Specification Document(s): Section 4.3 of [[ this document ]] 704 o Key Operation Value: "verify" 705 o Key Operation Description: Verify signature or MAC 706 o Change Controller: IESG 707 o Specification Document(s): Section 4.3 of [[ this document ]] 709 o Key Operation Value: "encrypt" 710 o Key Operation Description: Encrypt content 711 o Change Controller: IESG 712 o Specification Document(s): Section 4.3 of [[ this document ]] 714 o Key Operation Value: "decrypt" 715 o Key Operation Description: Decrypt content and validate 716 decryption, if applicable 717 o Change Controller: IESG 718 o Specification Document(s): Section 4.3 of [[ this document ]] 720 o Key Operation Value: "wrapKey" 721 o Key Operation Description: Encrypt key 722 o Change Controller: IESG 723 o Specification Document(s): Section 4.3 of [[ this document ]] 725 o Key Operation Value: "unwrapKey" 726 o Key Operation Description: Decrypt key and validate decryption, if 727 applicable 728 o Change Controller: IESG 729 o Specification Document(s): Section 4.3 of [[ this document ]] 731 o Key Operation Value: "deriveKey" 732 o Key Operation Description: Derive key 733 o Change Controller: IESG 734 o Specification Document(s): Section 4.3 of [[ this document ]] 736 o Key Operation Value: "deriveBits" 737 o Key Operation Description: Derive bits not to be used as a key 738 o Change Controller: IESG 739 o Specification Document(s): Section 4.3 of [[ this document ]] 741 8.4. JSON Web Key Set Parameters Registry 743 This specification establishes the IANA JSON Web Key Set Parameters 744 registry for JWK Set parameter names. The registry records the 745 parameter name and a reference to the specification that defines it. 746 This specification registers the parameter names defined in 747 Section 5. 749 8.4.1. Registration Template 751 Parameter Name: 752 The name requested (e.g., "example"). Because a core goal of this 753 specification is for the resulting representations to be compact, 754 it is RECOMMENDED that the name be short -- not to exceed 8 755 characters without a compelling reason to do so. This name is 756 case-sensitive. Names may not match other registered names in a 757 case-insensitive manner unless the Designated Expert(s) state that 758 there is a compelling reason to allow an exception in this 759 particular case. 761 Parameter Description: 762 Brief description of the parameter (e.g., "Example description"). 764 Change Controller: 765 For Standards Track RFCs, state "IESG". For others, give the name 766 of the responsible party. Other details (e.g., postal address, 767 email address, home page URI) may also be included. 769 Specification Document(s): 770 Reference to the document(s) that specify the parameter, 771 preferably including URI(s) that can be used to retrieve copies of 772 the document(s). An indication of the relevant sections may also 773 be included but is not required. 775 8.4.2. Initial Registry Contents 777 o Parameter Name: "keys" 778 o Parameter Description: Array of JWK values 779 o Change Controller: IESG 780 o Specification Document(s): Section 5.1 of [[ this document ]] 782 8.5. Media Type Registration 784 8.5.1. Registry Contents 786 This specification registers the "application/jwk+json" and 787 "application/jwk-set+json" Media Types [RFC2046] in the MIME Media 788 Types registry [IANA.MediaTypes], which can be used to indicate, 789 respectively, that the content is a JWK or a JWK Set. 791 o Type Name: application 792 o Subtype Name: jwk+json 793 o Required Parameters: n/a 794 o Optional Parameters: n/a 795 o Encoding considerations: 8bit; application/jwk+json values are 796 represented as JSON object; UTF-8 encoding SHOULD be employed for 797 the JSON object. 798 o Security Considerations: See the Security Considerations section 799 of [[ this document ]] 800 o Interoperability Considerations: n/a 801 o Published Specification: [[ this document ]] 802 o Applications that use this media type: TBD 803 o Additional Information: Magic number(s): n/a, File extension(s): 804 n/a, Macintosh file type code(s): n/a 805 o Person & email address to contact for further information: Michael 806 B. Jones, mbj@microsoft.com 807 o Intended Usage: COMMON 808 o Restrictions on Usage: none 809 o Author: Michael B. Jones, mbj@microsoft.com 810 o Change Controller: IESG 812 o Type Name: application 813 o Subtype Name: jwk-set+json 814 o Required Parameters: n/a 815 o Optional Parameters: n/a 816 o Encoding considerations: 8bit; application/jwk-set+json values are 817 represented as a JSON Object; UTF-8 encoding SHOULD be employed 818 for the JSON object. 819 o Security Considerations: See the Security Considerations section 820 of [[ this document ]] 821 o Interoperability Considerations: n/a 822 o Published Specification: [[ this document ]] 823 o Applications that use this media type: TBD 824 o Additional Information: Magic number(s): n/a, File extension(s): 825 n/a, Macintosh file type code(s): n/a 826 o Person & email address to contact for further information: Michael 827 B. Jones, mbj@microsoft.com 828 o Intended Usage: COMMON 829 o Restrictions on Usage: none 830 o Author: Michael B. Jones, mbj@microsoft.com 831 o Change Controller: IESG 833 9. Security Considerations 835 All of the security issues faced by any cryptographic application 836 must be faced by a JWS/JWE/JWK agent. Among these issues are 837 protecting the user's private and symmetric keys, preventing various 838 attacks, and helping the user avoid mistakes such as inadvertently 839 encrypting a message for the wrong recipient. The entire list of 840 security considerations is beyond the scope of this document, but 841 some significant considerations are listed here. 843 9.1. Key Provenance and Trust 845 One should place no more trust in the data associated with a key than 846 in than the method by which it was obtained and in the 847 trustworthiness of the entity asserting an association with the key. 848 Any data associated with a key that is obtained in an untrusted 849 manner should be treated with skepticism. 851 The security considerations in Section 12.3 of XML DSIG 2.0 852 [W3C.NOTE-xmldsig-core2-20130411] about the strength of a signature 853 depending upon all the links in the security chain also apply to this 854 specification. 856 The TLS Requirements in [JWS] also apply to this specification. 858 9.2. Preventing Disclosure of Non-Public Key Information 860 Private and symmetric keys MUST be protected from disclosure to 861 unintended parties. One recommended means of doing so is to encrypt 862 JWKs or JWK Sets containing them by using the JWK or JWK Set value as 863 the plaintext of a JWE. 865 The security considerations in RFC 3447 [RFC3447] and RFC 6030 866 [RFC6030] about protecting private and symmetric keys, key usage, and 867 information leakage also apply to this specification. 869 9.3. RSA Private Key Representations and Blinding 871 The RSA Key blinding operation [Kocher], which is a defense against 872 some timing attacks, requires all of the RSA key values "n", "e", and 873 "d". However, some RSA private key representations do not include 874 the public exponent "e", but only include the modulus "n" and the 875 private exponent "d". This is true, for instance, of the Java 876 RSAPrivateKeySpec API, which does not include the public exponent "e" 877 as a parameter. So as to enable RSA key blinding, such 878 representations should be avoided. For Java, the 879 RSAPrivateCrtKeySpec API can be used instead. Section 8.2.2(i) of 880 the Handbook of Applied Cryptography [HAC] discusses how to compute 881 the remaining RSA private key parameters, if needed, using only "n", 882 "e", and "d". 884 10. References 886 10.1. Normative References 888 [ECMAScript] 889 Ecma International, "ECMAScript Language Specification, 890 5.1 Edition", ECMA 262, June 2011. 892 [IANA.MediaTypes] 893 Internet Assigned Numbers Authority (IANA), "MIME Media 894 Types", 2005. 896 [ITU.X690.1994] 897 International Telecommunications Union, "Information 898 Technology - ASN.1 encoding rules: Specification of Basic 899 Encoding Rules (BER), Canonical Encoding Rules (CER) and 900 Distinguished Encoding Rules (DER)", ITU-T Recommendation 901 X.690, 1994. 903 [JWA] Jones, M., "JSON Web Algorithms (JWA)", 904 draft-ietf-jose-json-web-algorithms (work in progress), 905 June 2014. 907 [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", 908 draft-ietf-jose-json-web-encryption (work in progress), 909 June 2014. 911 [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web 912 Signature (JWS)", draft-ietf-jose-json-web-signature (work 913 in progress), June 2014. 915 [RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic 916 Mail: Part I: Message Encryption and Authentication 917 Procedures", RFC 1421, February 1993. 919 [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 920 Extensions (MIME) Part Two: Media Types", RFC 2046, 921 November 1996. 923 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 924 Requirement Levels", BCP 14, RFC 2119, March 1997. 926 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 928 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 929 10646", STD 63, RFC 3629, November 2003. 931 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 932 Resource Identifier (URI): Generic Syntax", STD 66, 933 RFC 3986, January 2005. 935 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 936 Encodings", RFC 4648, October 2006. 938 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 939 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 941 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 942 Housley, R., and W. Polk, "Internet X.509 Public Key 943 Infrastructure Certificate and Certificate Revocation List 944 (CRL) Profile", RFC 5280, May 2008. 946 [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and 947 Verification of Domain-Based Application Service Identity 948 within Internet Public Key Infrastructure Using X.509 949 (PKIX) Certificates in the Context of Transport Layer 950 Security (TLS)", RFC 6125, March 2011. 952 [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data 953 Interchange Format", RFC 7159, March 2014. 955 [USASCII] American National Standards Institute, "Coded Character 956 Set -- 7-bit American Standard Code for Information 957 Interchange", ANSI X3.4, 1986. 959 10.2. Informative References 961 [HAC] Menezes, A., van Oorschot, P., and S. Vanstone, "Handbook 962 of Applied Cryptography", CRC Press, 1996, 963 . 965 [Kocher] Kocher, P., "Timing Attacks on Implementations of Diffe- 966 Hellman, RSA, DSS, and Other Systems", In Proceedings of 967 the 16th Annual International Cryptology Conference 968 Advances in Cryptology, Springer-Verlag, pp. 104-113, 969 1996. 971 [MagicSignatures] 972 Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic 973 Signatures", January 2011. 975 [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography 976 Standards (PKCS) #1: RSA Cryptography Specifications 977 Version 2.1", RFC 3447, February 2003. 979 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 980 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 981 May 2008. 983 [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric 984 Key Container (PSKC)", RFC 6030, October 2010. 986 [W3C.NOTE-xmldsig-core2-20130411] 987 Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Roessler, 988 T., Yiu, K., Datta, P., and S. Cantor, "XML Signature 989 Syntax and Processing Version 2.0", World Wide Web 990 Consortium Note NOTE-xmldsig-core2-20130411, April 2013, 991 . 993 [WebCrypto] 994 Sleevi, R. and M. Watson, "Web Cryptography API", World 995 Wide Web Consortium Draft, March 2014, 996 . 998 Appendix A. Example JSON Web Key Sets 1000 A.1. Example Public Keys 1002 The following example JWK Set contains two public keys represented as 1003 JWKs: one using an Elliptic Curve algorithm and a second one using an 1004 RSA algorithm. The first specifies that the key is to be used for 1005 encryption. The second specifies that the key is to be used with the 1006 "RS256" algorithm. Both provide a Key ID for key matching purposes. 1007 In both cases, integers are represented using the base64url encoding 1008 of their big endian representations. (Long lines are broken are for 1009 display purposes only.) 1011 {"keys": 1012 [ 1013 {"kty":"EC", 1014 "crv":"P-256", 1015 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1016 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1017 "use":"enc", 1018 "kid":"1"}, 1020 {"kty":"RSA", 1021 "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 1022 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs 1023 tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 1024 QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI 1025 SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb 1026 w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1027 "e":"AQAB", 1028 "alg":"RS256", 1029 "kid":"2011-04-29"} 1030 ] 1031 } 1033 A.2. Example Private Keys 1035 The following example JWK Set contains two keys represented as JWKs 1036 containing both public and private key values: one using an Elliptic 1037 Curve algorithm and a second one using an RSA algorithm. This 1038 example extends the example in the previous section, adding private 1039 key values. (Line breaks are for display purposes only.) 1040 {"keys": 1041 [ 1042 {"kty":"EC", 1043 "crv":"P-256", 1044 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1045 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1046 "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", 1047 "use":"enc", 1048 "kid":"1"}, 1050 {"kty":"RSA", 1051 "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4 1052 cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMst 1053 n64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2Q 1054 vzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbIS 1055 D08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw 1056 0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1057 "e":"AQAB", 1058 "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9 1059 M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij 1060 wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d 1061 _cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz 1062 nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz 1063 me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", 1064 "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV 1065 nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV 1066 WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", 1067 "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum 1068 qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx 1069 kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", 1070 "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim 1071 YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu 1072 YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", 1073 "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU 1074 vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9 1075 GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", 1076 "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg 1077 UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx 1078 yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", 1079 "alg":"RS256", 1080 "kid":"2011-04-29"} 1081 ] 1082 } 1084 A.3. Example Symmetric Keys 1086 The following example JWK Set contains two symmetric keys represented 1087 as JWKs: one designated as being for use with the AES Key Wrap 1088 algorithm and a second one that is an HMAC key. (Line breaks are for 1089 display purposes only.) 1091 {"keys": 1092 [ 1093 {"kty":"oct", 1094 "alg":"A128KW", 1095 "k":"GawgguFyGrWKav7AX4VKUg"}, 1097 {"kty":"oct", 1098 "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75 1099 aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", 1100 "kid":"HMAC key used in JWS A.1 example"} 1101 ] 1102 } 1104 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter 1105 The following is an example of a JWK with a RSA signing key 1106 represented both as an RSA public key and as an X.509 certificate 1107 using the "x5c" parameter: 1109 {"kty":"RSA", 1110 "use":"sig", 1111 "kid":"1b94c", 1112 "n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08 1113 PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q 1114 u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a 1115 YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH 1116 MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv 1117 VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ", 1118 "e":"AQAB", 1119 "x5c": 1120 ["MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJB 1121 gNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYD 1122 VQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1 1123 wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBg 1124 NVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDV 1125 QQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1w 1126 YmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnH 1127 YMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66 1128 s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6 1129 SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpn 1130 fajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPq 1131 PvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVk 1132 aZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BA 1133 QUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL 1134 +9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1 1135 zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL 1136 2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo 1137 4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTq 1138 gawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA=="] 1139 } 1141 Appendix C. Example Encrypted RSA Private Key 1143 This example encrypts an RSA private key to the recipient using 1144 "PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for 1145 content encryption. 1147 NOTE: Unless otherwise indicated, all line breaks are included solely 1148 for readability. 1150 C.1. Plaintext RSA Private Key 1152 The following RSA key is the plaintext for the encryption operation, 1153 formatted as a JWK object: 1155 { 1156 "kty":"RSA", 1157 "kid":"juliet@capulet.lit", 1158 "use":"enc", 1159 "n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy 1160 O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP 1161 8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0 1162 Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X 1163 OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1 1164 _I8sLGuSiVdt3C_Fn2PZ3Z8i744FPFGGcG1qs2Wz-Q", 1165 "e":"AQAB", 1166 "d":"GRtbIQmhOZtyszfgKdg4u_N-R_mZGU_9k7JQ_jn1DnfTuMdSNprTeaSTyWfS 1167 NkuaAwnOEbIQVy1IQbWVV25NY3ybc_IhUJtfri7bAXYEReWaCl3hdlPKXy9U 1168 vqPYGR0kIXTQRqns-dVJ7jahlI7LyckrpTmrM8dWBo4_PMaenNnPiQgO0xnu 1169 ToxutRZJfJvG4Ox4ka3GORQd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu 1170 rY15k9qMSpG9OX_IJAXmxzAh_tWiZOwk2K4yxH9tS3Lq1yX8C1EWmeRDkK2a 1171 hecG85-oLKQt5VEpWHKmjOi_gJSdSgqcN96X52esAQ", 1172 "p":"2rnSOV4hKSN8sS4CgcQHFbs08XboFDqKum3sc4h3GRxrTmQdl1ZK9uw-PIHf 1173 QP0FkxXVrx-WE-ZEbrqivH_2iCLUS7wAl6XvARt1KkIaUxPPSYB9yk31s0Q8 1174 UK96E3_OrADAYtAJs-M3JxCLfNgqh56HDnETTQhH3rCT5T3yJws", 1175 "q":"1u_RiFDP7LBYh3N4GXLT9OpSKYP0uQZyiaZwBtOCBNJgQxaj10RWjsZu0c6I 1176 edis4S7B_coSKB0Kj9PaPaBzg-IySRvvcQuPamQu66riMhjVtG6TlV8CLCYK 1177 rYl52ziqK0E_ym2QnkwsUX7eYTB7LbAHRK9GqocDE5B0f808I4s", 1178 "dp":"KkMTWqBUefVwZ2_Dbj1pPQqyHSHjj90L5x_MOzqYAJMcLMZtbUtwKqvVDq3 1179 tbEo3ZIcohbDtt6SbfmWzggabpQxNxuBpoOOf_a_HgMXK_lhqigI4y_kqS1w 1180 Y52IwjUn5rgRrJ-yYo1h41KR-vz2pYhEAeYrhttWtxVqLCRViD6c", 1181 "dq":"AvfS0-gRxvn0bwJoMSnFxYcK1WnuEjQFluMGfwGitQBWtfZ1Er7t1xDkbN9 1182 GQTB9yqpDoYaN06H7CFtrkxhJIBQaj6nkF5KKS3TQtQ5qCzkOkmxIe3KRbBy 1183 mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu_lRFCOJ3xDea-ots", 1184 "qi":"lSQi-w9CpyUReMErP1RsBLk7wNtOvs5EQpPqmuMvqW57NBUczScEoPwmUqq 1185 abu9V0-Py4dQ57_bapoKRu1R90bvuFnU63SHWEFglZQvJDMeAvmj4sm-Fp0o 1186 Yu_neotgQ0hzbI5gry7ajdYy9-2lNx_76aBZoOUu9HCJ-UsfSOI8" 1187 } 1189 The octets representing the Plaintext used in this example (using 1190 JSON array notation) are: 1192 [123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107, 1193 105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112, 1194 117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34, 1195 58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56, 1196 80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78, 1197 89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87, 1198 101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49, 1199 103, 80, 78, 113, 70, 77, 83, 81, 82, 121, 79, 49, 50, 53, 71, 112, 1200 45, 84, 69, 107, 111, 100, 104, 87, 114, 48, 105, 117, 106, 106, 72, 1201 86, 120, 55, 66, 99, 86, 48, 108, 108, 83, 52, 119, 53, 65, 67, 71, 1202 103, 80, 114, 99, 65, 100, 54, 90, 99, 83, 82, 48, 45, 73, 113, 111, 1203 109, 45, 81, 70, 99, 78, 80, 56, 83, 106, 103, 48, 56, 54, 77, 119, 1204 111, 113, 81, 85, 95, 76, 89, 121, 119, 108, 65, 71, 90, 50, 49, 87, 1205 83, 100, 83, 95, 80, 69, 82, 121, 71, 70, 105, 78, 110, 106, 51, 81, 1206 81, 108, 79, 56, 89, 110, 115, 53, 106, 67, 116, 76, 67, 82, 119, 76, 1207 72, 76, 48, 80, 98, 49, 102, 69, 118, 52, 53, 65, 117, 82, 73, 117, 1208 85, 102, 86, 99, 80, 121, 83, 66, 87, 89, 110, 68, 121, 71, 120, 118, 1209 106, 89, 71, 68, 83, 77, 45, 65, 113, 87, 83, 57, 122, 73, 81, 50, 1210 90, 105, 108, 103, 84, 45, 71, 113, 85, 109, 105, 112, 103, 48, 88, 1211 79, 67, 48, 67, 99, 50, 48, 114, 103, 76, 101, 50, 121, 109, 76, 72, 1212 106, 112, 72, 99, 105, 67, 75, 86, 65, 98, 89, 53, 45, 76, 51, 50, 1213 45, 108, 83, 101, 90, 79, 45, 79, 115, 54, 85, 49, 53, 95, 97, 88, 1214 114, 107, 57, 71, 119, 56, 99, 80, 85, 97, 88, 49, 95, 73, 56, 115, 1215 76, 71, 117, 83, 105, 86, 100, 116, 51, 67, 95, 70, 110, 50, 80, 90, 1216 51, 90, 56, 105, 55, 52, 52, 70, 80, 70, 71, 71, 99, 71, 49, 113, 1217 115, 50, 87, 122, 45, 81, 34, 44, 34, 101, 34, 58, 34, 65, 81, 65, 1218 66, 34, 44, 34, 100, 34, 58, 34, 71, 82, 116, 98, 73, 81, 109, 104, 1219 79, 90, 116, 121, 115, 122, 102, 103, 75, 100, 103, 52, 117, 95, 78, 1220 45, 82, 95, 109, 90, 71, 85, 95, 57, 107, 55, 74, 81, 95, 106, 110, 1221 49, 68, 110, 102, 84, 117, 77, 100, 83, 78, 112, 114, 84, 101, 97, 1222 83, 84, 121, 87, 102, 83, 78, 107, 117, 97, 65, 119, 110, 79, 69, 98, 1223 73, 81, 86, 121, 49, 73, 81, 98, 87, 86, 86, 50, 53, 78, 89, 51, 121, 1224 98, 99, 95, 73, 104, 85, 74, 116, 102, 114, 105, 55, 98, 65, 88, 89, 1225 69, 82, 101, 87, 97, 67, 108, 51, 104, 100, 108, 80, 75, 88, 121, 57, 1226 85, 118, 113, 80, 89, 71, 82, 48, 107, 73, 88, 84, 81, 82, 113, 110, 1227 115, 45, 100, 86, 74, 55, 106, 97, 104, 108, 73, 55, 76, 121, 99, 1228 107, 114, 112, 84, 109, 114, 77, 56, 100, 87, 66, 111, 52, 95, 80, 1229 77, 97, 101, 110, 78, 110, 80, 105, 81, 103, 79, 48, 120, 110, 117, 1230 84, 111, 120, 117, 116, 82, 90, 74, 102, 74, 118, 71, 52, 79, 120, 1231 52, 107, 97, 51, 71, 79, 82, 81, 100, 57, 67, 115, 67, 90, 50, 118, 1232 115, 85, 68, 109, 115, 88, 79, 102, 85, 69, 78, 79, 121, 77, 113, 65, 1233 68, 67, 54, 112, 49, 77, 51, 104, 51, 51, 116, 115, 117, 114, 89, 49, 1234 53, 107, 57, 113, 77, 83, 112, 71, 57, 79, 88, 95, 73, 74, 65, 88, 1235 109, 120, 122, 65, 104, 95, 116, 87, 105, 90, 79, 119, 107, 50, 75, 1236 52, 121, 120, 72, 57, 116, 83, 51, 76, 113, 49, 121, 88, 56, 67, 49, 1237 69, 87, 109, 101, 82, 68, 107, 75, 50, 97, 104, 101, 99, 71, 56, 53, 1238 45, 111, 76, 75, 81, 116, 53, 86, 69, 112, 87, 72, 75, 109, 106, 79, 1239 105, 95, 103, 74, 83, 100, 83, 103, 113, 99, 78, 57, 54, 88, 53, 50, 1240 101, 115, 65, 81, 34, 44, 34, 112, 34, 58, 34, 50, 114, 110, 83, 79, 1241 86, 52, 104, 75, 83, 78, 56, 115, 83, 52, 67, 103, 99, 81, 72, 70, 1242 98, 115, 48, 56, 88, 98, 111, 70, 68, 113, 75, 117, 109, 51, 115, 99, 1243 52, 104, 51, 71, 82, 120, 114, 84, 109, 81, 100, 108, 49, 90, 75, 57, 1244 117, 119, 45, 80, 73, 72, 102, 81, 80, 48, 70, 107, 120, 88, 86, 114, 1245 120, 45, 87, 69, 45, 90, 69, 98, 114, 113, 105, 118, 72, 95, 50, 105, 1246 67, 76, 85, 83, 55, 119, 65, 108, 54, 88, 118, 65, 82, 116, 49, 75, 1247 107, 73, 97, 85, 120, 80, 80, 83, 89, 66, 57, 121, 107, 51, 49, 115, 1248 48, 81, 56, 85, 75, 57, 54, 69, 51, 95, 79, 114, 65, 68, 65, 89, 116, 1249 65, 74, 115, 45, 77, 51, 74, 120, 67, 76, 102, 78, 103, 113, 104, 53, 1250 54, 72, 68, 110, 69, 84, 84, 81, 104, 72, 51, 114, 67, 84, 53, 84, 1251 51, 121, 74, 119, 115, 34, 44, 34, 113, 34, 58, 34, 49, 117, 95, 82, 1252 105, 70, 68, 80, 55, 76, 66, 89, 104, 51, 78, 52, 71, 88, 76, 84, 57, 1253 79, 112, 83, 75, 89, 80, 48, 117, 81, 90, 121, 105, 97, 90, 119, 66, 1254 116, 79, 67, 66, 78, 74, 103, 81, 120, 97, 106, 49, 48, 82, 87, 106, 1255 115, 90, 117, 48, 99, 54, 73, 101, 100, 105, 115, 52, 83, 55, 66, 95, 1256 99, 111, 83, 75, 66, 48, 75, 106, 57, 80, 97, 80, 97, 66, 122, 103, 1257 45, 73, 121, 83, 82, 118, 118, 99, 81, 117, 80, 97, 109, 81, 117, 54, 1258 54, 114, 105, 77, 104, 106, 86, 116, 71, 54, 84, 108, 86, 56, 67, 76, 1259 67, 89, 75, 114, 89, 108, 53, 50, 122, 105, 113, 75, 48, 69, 95, 121, 1260 109, 50, 81, 110, 107, 119, 115, 85, 88, 55, 101, 89, 84, 66, 55, 76, 1261 98, 65, 72, 82, 75, 57, 71, 113, 111, 99, 68, 69, 53, 66, 48, 102, 1262 56, 48, 56, 73, 52, 115, 34, 44, 34, 100, 112, 34, 58, 34, 75, 107, 1263 77, 84, 87, 113, 66, 85, 101, 102, 86, 119, 90, 50, 95, 68, 98, 106, 1264 49, 112, 80, 81, 113, 121, 72, 83, 72, 106, 106, 57, 48, 76, 53, 120, 1265 95, 77, 79, 122, 113, 89, 65, 74, 77, 99, 76, 77, 90, 116, 98, 85, 1266 116, 119, 75, 113, 118, 86, 68, 113, 51, 116, 98, 69, 111, 51, 90, 1267 73, 99, 111, 104, 98, 68, 116, 116, 54, 83, 98, 102, 109, 87, 122, 1268 103, 103, 97, 98, 112, 81, 120, 78, 120, 117, 66, 112, 111, 79, 79, 1269 102, 95, 97, 95, 72, 103, 77, 88, 75, 95, 108, 104, 113, 105, 103, 1270 73, 52, 121, 95, 107, 113, 83, 49, 119, 89, 53, 50, 73, 119, 106, 85, 1271 110, 53, 114, 103, 82, 114, 74, 45, 121, 89, 111, 49, 104, 52, 49, 1272 75, 82, 45, 118, 122, 50, 112, 89, 104, 69, 65, 101, 89, 114, 104, 1273 116, 116, 87, 116, 120, 86, 113, 76, 67, 82, 86, 105, 68, 54, 99, 34, 1274 44, 34, 100, 113, 34, 58, 34, 65, 118, 102, 83, 48, 45, 103, 82, 120, 1275 118, 110, 48, 98, 119, 74, 111, 77, 83, 110, 70, 120, 89, 99, 75, 49, 1276 87, 110, 117, 69, 106, 81, 70, 108, 117, 77, 71, 102, 119, 71, 105, 1277 116, 81, 66, 87, 116, 102, 90, 49, 69, 114, 55, 116, 49, 120, 68, 1278 107, 98, 78, 57, 71, 81, 84, 66, 57, 121, 113, 112, 68, 111, 89, 97, 1279 78, 48, 54, 72, 55, 67, 70, 116, 114, 107, 120, 104, 74, 73, 66, 81, 1280 97, 106, 54, 110, 107, 70, 53, 75, 75, 83, 51, 84, 81, 116, 81, 53, 1281 113, 67, 122, 107, 79, 107, 109, 120, 73, 101, 51, 75, 82, 98, 66, 1282 121, 109, 88, 120, 107, 98, 53, 113, 119, 85, 112, 88, 53, 69, 76, 1283 68, 53, 120, 70, 99, 54, 70, 101, 105, 97, 102, 87, 89, 89, 54, 51, 1284 84, 109, 109, 69, 65, 117, 95, 108, 82, 70, 67, 79, 74, 51, 120, 68, 1285 101, 97, 45, 111, 116, 115, 34, 44, 34, 113, 105, 34, 58, 34, 108, 1286 83, 81, 105, 45, 119, 57, 67, 112, 121, 85, 82, 101, 77, 69, 114, 80, 1287 49, 82, 115, 66, 76, 107, 55, 119, 78, 116, 79, 118, 115, 53, 69, 81, 1288 112, 80, 113, 109, 117, 77, 118, 113, 87, 53, 55, 78, 66, 85, 99, 1289 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, 1290 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, 1291 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, 1292 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, 1293 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, 1294 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, 1295 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, 1296 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, 1297 125] 1299 C.2. JWE Header 1301 The following example JWE Protected Header declares that: 1303 o the Content Encryption Key is encrypted to the recipient using the 1304 PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, 1306 o the Salt Input ("p2s") value is [217, 96, 147, 112, 150, 117, 70, 1307 247, 127, 8, 155, 137, 174, 42, 80, 215], 1309 o the Iteration Count ("p2c") value is 4096, 1311 o the Plaintext is encrypted using the AES_128_CBC_HMAC_SHA_256 1312 algorithm to produce the Ciphertext, and 1314 o the content type is application/jwk+json. 1316 { 1317 "alg":"PBES2-HS256+A128KW", 1318 "p2s":"2WCTcJZ1Rvd_CJuJripQ1w", 1319 "p2c":4096, 1320 "enc":"A128CBC-HS256", 1321 "cty":"jwk+json" 1322 } 1324 Encoding this JWE Protected Header as BASE64URL(UTF8(JWE Protected 1325 Header)) gives this value (with line breaks for display purposes 1326 only): 1328 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1329 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1330 andrK2pzb24ifQ 1332 C.3. Content Encryption Key (CEK) 1334 Generate a 256 bit random Content Encryption Key (CEK). In this 1335 example, the value (using JSON array notation) is: 1337 [111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 112, 1338 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 48, 1339 253, 182] 1341 C.4. Key Derivation 1343 Derive a key from a shared passphrase using the PBKDF2 algorithm with 1344 HMAC SHA-256 and the specified Salt and Iteration Count values and a 1345 128 bit requested output key size to produce the PBKDF2 Derived Key. 1346 This example uses the following passphrase: 1348 Thus from my lips, by yours, my sin is purged. 1350 The octets representing the passphrase are: 1352 [84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108, 1353 105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, 1354 109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103, 1355 101, 100, 46] 1357 The Salt value (UTF8(Alg) || 0x00 || Salt Input) is: 1359 [80, 66, 69, 83, 50, 45, 72, 83, 50, 53, 54, 43, 65, 49, 50, 56, 75, 1360 87, 0, 217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 155, 137, 174, 1361 42, 80, 215]. 1363 The resulting PBKDF2 Derived Key value is: 1365 [110, 171, 169, 92, 129, 92, 109, 117, 233, 242, 116, 233, 170, 14, 1366 24, 75] 1368 C.5. Key Encryption 1370 Encrypt the CEK with the "A128KW" algorithm using the PBKDF2 Derived 1371 Key. The resulting JWE Encrypted Key value is: 1373 [78, 186, 151, 59, 11, 141, 81, 240, 213, 245, 83, 211, 53, 188, 134, 1374 188, 66, 125, 36, 200, 222, 124, 5, 103, 249, 52, 117, 184, 140, 81, 1375 246, 158, 161, 177, 20, 33, 245, 57, 59, 4] 1377 Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives 1378 this value: 1380 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA 1382 C.6. Initialization Vector 1384 Generate a random 128 bit JWE Initialization Vector. In this 1385 example, the value is: 1387 [97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149, 1388 156] 1389 Encoding this JWE Initialization Vector as BASE64URL(JWE 1390 Initialization Vector) gives this value: 1392 Ye9j1qs22DmRSAddIh-VnA 1394 C.7. Additional Authenticated Data 1396 Let the Additional Authenticated Data encryption parameter be 1397 ASCII(BASE64URL(UTF8(JWE Protected Header))). This value is: 1399 [123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, 1400 50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, 1401 58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, 1402 117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, 1403 52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, 1404 66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, 1405 106, 119, 107, 43, 106, 115, 111, 110, 34, 125] 1407 C.8. Content Encryption 1409 Encrypt the Plaintext with AES_128_CBC_HMAC_SHA_256 using the CEK as 1410 the encryption key, the JWE Initialization Vector, and the Additional 1411 Authenticated Data value above. The resulting Ciphertext is: 1413 [3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, 1414 131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, 1415 112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, 1416 157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, 1417 129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60, 1418 60, 47, 233, 132, 121, 13, 35, 188, 53, 19, 172, 77, 59, 54, 211, 1419 158, 172, 25, 60, 111, 0, 80, 201, 158, 160, 210, 68, 55, 12, 67, 1420 136, 130, 87, 216, 197, 95, 62, 20, 155, 205, 5, 140, 27, 168, 221, 1421 65, 114, 78, 157, 254, 46, 206, 182, 52, 135, 87, 239, 3, 34, 186, 1422 126, 220, 151, 17, 33, 237, 57, 96, 172, 183, 58, 45, 248, 103, 241, 1423 142, 136, 7, 53, 16, 173, 181, 7, 93, 92, 252, 1, 53, 212, 242, 8, 1424 255, 11, 239, 181, 24, 148, 136, 111, 24, 161, 244, 23, 106, 69, 157, 1425 215, 243, 189, 240, 166, 169, 249, 72, 38, 201, 99, 223, 173, 229, 9, 1426 222, 82, 79, 157, 176, 248, 85, 239, 121, 163, 1, 31, 48, 98, 206, 1427 61, 249, 104, 216, 201, 227, 105, 48, 194, 193, 10, 36, 160, 159, 1428 241, 166, 84, 54, 188, 211, 243, 242, 40, 46, 45, 193, 193, 160, 169, 1429 101, 201, 1, 73, 47, 105, 142, 88, 28, 42, 132, 26, 61, 58, 63, 142, 1430 243, 77, 26, 179, 153, 166, 46, 203, 208, 49, 55, 229, 34, 178, 4, 1431 109, 180, 204, 204, 115, 1, 103, 193, 5, 91, 215, 214, 195, 1, 110, 1432 208, 53, 144, 36, 105, 12, 54, 25, 129, 101, 15, 183, 150, 250, 147, 1433 115, 227, 58, 250, 5, 128, 232, 63, 15, 14, 19, 141, 124, 253, 142, 1434 137, 189, 135, 26, 44, 240, 27, 88, 132, 105, 127, 6, 71, 37, 41, 1435 124, 187, 165, 140, 34, 200, 123, 80, 228, 24, 231, 176, 132, 171, 1436 138, 145, 152, 116, 224, 50, 141, 51, 147, 91, 186, 7, 246, 106, 217, 1437 148, 244, 227, 244, 45, 220, 121, 165, 224, 148, 181, 17, 181, 128, 1438 197, 101, 237, 11, 169, 229, 149, 199, 78, 56, 15, 14, 190, 91, 216, 1439 222, 247, 213, 74, 40, 8, 96, 20, 168, 119, 96, 26, 24, 52, 37, 82, 1440 127, 57, 176, 147, 118, 59, 7, 224, 33, 117, 72, 155, 29, 82, 26, 1441 215, 189, 140, 119, 28, 152, 118, 93, 222, 194, 192, 148, 115, 83, 1442 253, 216, 212, 108, 88, 83, 175, 172, 220, 97, 79, 110, 42, 223, 170, 1443 161, 34, 164, 144, 193, 76, 122, 92, 160, 41, 178, 175, 6, 35, 96, 1444 113, 96, 158, 90, 129, 101, 26, 45, 70, 180, 189, 230, 15, 5, 247, 1445 150, 209, 94, 171, 26, 13, 142, 212, 129, 1, 176, 5, 0, 112, 203, 1446 174, 185, 119, 76, 233, 189, 54, 172, 189, 245, 223, 253, 205, 12, 1447 88, 9, 126, 157, 225, 90, 40, 229, 191, 63, 30, 160, 224, 69, 3, 140, 1448 109, 70, 89, 37, 213, 245, 194, 210, 180, 188, 63, 210, 139, 221, 2, 1449 144, 200, 20, 177, 216, 29, 227, 242, 106, 12, 135, 142, 139, 144, 1450 82, 225, 162, 171, 176, 108, 99, 6, 43, 193, 161, 116, 234, 216, 1, 1451 242, 21, 124, 162, 98, 205, 124, 193, 38, 12, 242, 90, 101, 76, 204, 1452 184, 124, 58, 180, 16, 240, 26, 76, 195, 250, 212, 191, 185, 191, 97, 1453 198, 186, 73, 225, 75, 14, 90, 123, 121, 172, 101, 50, 160, 221, 141, 1454 253, 205, 126, 77, 9, 87, 198, 110, 104, 182, 141, 120, 51, 25, 232, 1455 3, 32, 80, 6, 156, 8, 18, 4, 135, 221, 142, 25, 135, 2, 129, 132, 1456 115, 227, 74, 141, 28, 119, 11, 141, 117, 134, 198, 62, 150, 254, 97, 1457 75, 197, 251, 99, 89, 204, 224, 226, 67, 83, 175, 89, 0, 81, 29, 38, 1458 207, 89, 140, 255, 197, 177, 164, 128, 62, 116, 224, 180, 109, 169, 1459 28, 2, 59, 176, 130, 252, 44, 178, 81, 24, 181, 176, 75, 44, 61, 91, 1460 12, 37, 21, 255, 83, 130, 197, 16, 231, 60, 217, 56, 131, 118, 168, 1461 202, 58, 52, 84, 124, 162, 185, 174, 162, 226, 242, 112, 68, 246, 1462 202, 16, 208, 52, 154, 58, 129, 80, 102, 33, 171, 6, 186, 177, 14, 1463 195, 88, 136, 6, 0, 155, 28, 100, 162, 207, 162, 222, 117, 248, 170, 1464 208, 114, 87, 31, 57, 176, 33, 57, 83, 253, 12, 168, 110, 194, 59, 1465 22, 86, 48, 227, 196, 22, 176, 218, 122, 149, 21, 249, 195, 178, 174, 1466 250, 20, 34, 120, 60, 139, 201, 99, 40, 18, 177, 17, 54, 54, 6, 3, 1467 222, 128, 160, 88, 11, 27, 0, 81, 192, 36, 41, 169, 146, 8, 47, 64, 1468 136, 28, 64, 209, 67, 135, 202, 20, 234, 182, 91, 204, 146, 195, 187, 1469 0, 72, 77, 11, 111, 152, 204, 252, 177, 212, 89, 33, 50, 132, 184, 1470 44, 183, 186, 19, 250, 69, 176, 201, 102, 140, 14, 143, 212, 212, 1471 160, 123, 208, 185, 27, 155, 68, 77, 133, 198, 2, 126, 155, 215, 22, 1472 91, 30, 217, 176, 172, 244, 156, 174, 143, 75, 90, 21, 102, 1, 160, 1473 59, 253, 188, 88, 57, 185, 197, 83, 24, 22, 180, 174, 47, 207, 52, 1, 1474 141, 146, 119, 233, 68, 228, 224, 228, 193, 248, 155, 202, 90, 7, 1475 213, 88, 33, 108, 107, 14, 86, 8, 120, 250, 58, 142, 35, 164, 238, 1476 221, 219, 35, 123, 88, 199, 192, 143, 104, 83, 17, 166, 243, 247, 11, 1477 166, 67, 68, 204, 132, 23, 110, 103, 228, 14, 55, 122, 88, 57, 180, 1478 178, 237, 52, 130, 214, 245, 102, 123, 67, 73, 175, 1, 127, 112, 148, 1479 94, 132, 164, 197, 153, 217, 87, 25, 89, 93, 63, 22, 66, 166, 90, 1480 251, 101, 10, 145, 66, 17, 124, 36, 255, 165, 226, 97, 16, 86, 112, 1481 154, 88, 105, 253, 56, 209, 229, 122, 103, 51, 24, 228, 190, 3, 236, 1482 48, 182, 121, 176, 140, 128, 117, 87, 251, 224, 37, 23, 248, 21, 218, 1483 85, 251, 136, 84, 147, 143, 144, 46, 155, 183, 251, 89, 86, 23, 26, 1484 237, 100, 167, 32, 130, 173, 237, 89, 55, 110, 70, 142, 127, 65, 230, 1485 208, 109, 69, 19, 253, 84, 130, 130, 193, 92, 58, 108, 150, 42, 136, 1486 249, 234, 86, 241, 182, 19, 117, 246, 26, 181, 92, 101, 155, 44, 103, 1487 235, 173, 30, 140, 90, 29, 183, 190, 77, 53, 206, 127, 5, 87, 8, 187, 1488 184, 92, 4, 157, 22, 18, 105, 251, 39, 88, 182, 181, 103, 148, 233, 1489 6, 63, 70, 188, 7, 101, 216, 127, 77, 31, 12, 233, 7, 147, 106, 30, 1490 150, 77, 145, 13, 205, 48, 56, 245, 220, 89, 252, 127, 51, 180, 36, 1491 31, 55, 18, 214, 230, 254, 217, 197, 65, 247, 27, 215, 117, 247, 108, 1492 157, 121, 11, 63, 150, 195, 83, 6, 134, 242, 41, 24, 105, 204, 5, 63, 1493 192, 14, 159, 113, 72, 140, 128, 51, 215, 80, 215, 39, 149, 94, 79, 1494 128, 34, 5, 129, 82, 83, 121, 187, 37, 146, 27, 32, 177, 167, 71, 9, 1495 195, 30, 199, 196, 205, 252, 207, 69, 8, 120, 27, 190, 51, 43, 75, 1496 249, 234, 167, 116, 206, 203, 199, 43, 108, 87, 48, 155, 140, 228, 1497 210, 85, 25, 161, 96, 67, 8, 205, 64, 39, 75, 88, 44, 238, 227, 16, 1498 0, 100, 93, 129, 18, 4, 149, 50, 68, 72, 99, 35, 111, 254, 27, 102, 1499 175, 108, 233, 87, 181, 44, 169, 18, 139, 79, 208, 14, 202, 192, 5, 1500 162, 222, 231, 149, 24, 211, 49, 120, 101, 39, 206, 87, 147, 204, 1501 200, 251, 104, 115, 5, 127, 117, 195, 79, 151, 18, 224, 52, 0, 245, 1502 4, 85, 255, 103, 217, 0, 116, 198, 80, 91, 167, 192, 154, 199, 197, 1503 149, 237, 51, 2, 131, 30, 226, 95, 105, 48, 68, 135, 208, 144, 120, 1504 176, 145, 157, 8, 171, 80, 94, 61, 92, 92, 220, 157, 13, 138, 51, 23, 1505 185, 124, 31, 77, 1, 87, 241, 43, 239, 55, 122, 86, 210, 48, 208, 1506 204, 112, 144, 80, 147, 106, 219, 47, 253, 31, 134, 176, 16, 135, 1507 219, 95, 17, 129, 83, 236, 125, 136, 112, 86, 228, 252, 71, 129, 218, 1508 174, 156, 236, 12, 27, 159, 11, 138, 252, 253, 207, 31, 115, 214, 1509 118, 239, 203, 16, 211, 205, 99, 22, 51, 163, 107, 162, 246, 199, 67, 1510 127, 34, 108, 197, 53, 117, 58, 199, 3, 190, 74, 70, 190, 65, 235, 1511 175, 97, 157, 215, 252, 189, 245, 100, 229, 248, 46, 90, 126, 237, 4, 1512 159, 128, 58, 7, 156, 236, 69, 191, 85, 240, 179, 224, 249, 152, 49, 1513 195, 223, 60, 78, 186, 157, 155, 217, 58, 105, 116, 164, 217, 111, 1514 215, 150, 218, 252, 84, 86, 248, 140, 240, 226, 61, 106, 208, 95, 60, 1515 163, 6, 0, 235, 253, 162, 96, 62, 234, 251, 249, 35, 21, 7, 211, 233, 1516 86, 50, 33, 203, 67, 248, 60, 190, 123, 48, 167, 226, 90, 191, 71, 1517 56, 183, 165, 17, 85, 76, 238, 140, 211, 168, 53, 223, 194, 4, 97, 1518 149, 156, 120, 137, 76, 33, 229, 243, 194, 208, 198, 202, 139, 28, 1519 114, 46, 224, 92, 254, 83, 100, 134, 158, 92, 70, 78, 61, 62, 138, 1520 24, 173, 216, 66, 198, 70, 254, 47, 59, 193, 53, 6, 139, 19, 153, 1521 253, 28, 199, 122, 160, 27, 67, 234, 209, 227, 139, 4, 50, 7, 178, 1522 183, 89, 252, 32, 128, 137, 55, 52, 29, 89, 12, 111, 42, 181, 51, 1523 170, 132, 132, 207, 170, 228, 254, 178, 213, 0, 136, 175, 8] 1525 The resulting Authentication Tag value is: 1527 [208, 113, 102, 132, 236, 236, 67, 223, 39, 53, 98, 99, 32, 121, 17, 1528 236] 1530 Encoding this JWE Ciphertext as BASE64URL(JWE Ciphertext) gives this 1531 value (with line breaks for display purposes only): 1533 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1534 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1535 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1536 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1537 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1538 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1539 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1540 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1541 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1542 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1543 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1544 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1545 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1546 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1547 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1548 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1549 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1550 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1551 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1552 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1553 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1554 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1555 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1556 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1557 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1558 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1559 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1560 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1561 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1562 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1563 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1564 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1565 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1566 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg 1568 Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication 1569 Tag) gives this value: 1571 0HFmhOzsQ98nNWJjIHkR7A 1573 C.9. Complete Representation 1575 Assemble the final representation: The Compact Serialization of this 1576 result is the string BASE64URL(UTF8(JWE Protected Header)) || '.' || 1577 BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization 1578 Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE 1579 Authentication Tag). 1581 The final result in this example is: 1583 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1584 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1585 andrK2pzb24ifQ. 1586 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA. 1587 Ye9j1qs22DmRSAddIh-VnA. 1588 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1589 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1590 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1591 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1592 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1593 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1594 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1595 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1596 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1597 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1598 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1599 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1600 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1601 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1602 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1603 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1604 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1605 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1606 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1607 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1608 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1609 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1610 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1611 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1612 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1613 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1614 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1615 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1616 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1617 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1618 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1619 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1620 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1621 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg. 1622 0HFmhOzsQ98nNWJjIHkR7A 1624 Appendix D. Acknowledgements 1626 A JSON representation for RSA public keys was previously introduced 1627 by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures 1629 [MagicSignatures]. 1631 Thanks to Matt Miller for creating the encrypted key example and to 1632 Edmund Jay and Brian Campbell for validating the example. 1634 This specification is the work of the JOSE Working Group, which 1635 includes dozens of active and dedicated participants. In particular, 1636 the following individuals contributed ideas, feedback, and wording 1637 that influenced this specification: 1639 Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de 1640 Medeiros, Joe Hildebrand, Edmund Jay, Ben Laurie, James Manger, Matt 1641 Miller, Tony Nadalin, Axel Nennker, John Panzer, Eric Rescorla, Nat 1642 Sakimura, Jim Schaad, Ryan Sleevi, Paul Tarjan, Hannes Tschofenig, 1643 and Sean Turner. 1645 Jim Schaad and Karen O'Donoghue chaired the JOSE working group and 1646 Sean Turner, Stephen Farrell, and Kathleen Moriarty served as 1647 Security area directors during the creation of this specification. 1649 Appendix E. Document History 1651 [[ to be removed by the RFC Editor before publication as an RFC ]] 1653 -27 1655 o Added an example JWK early in the draft. 1657 o Described additional security considerations. 1659 o Added the "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) JWK 1660 member. 1662 o Addressed a few editorial issues. 1664 -26 1666 o Referenced Section 6 of RFC 6125 for TLS server certificate 1667 identity validation. 1669 o Deleted misleading non-normative phrase from the "use" 1670 description. 1672 o Noted that octet sequences are depicted using JSON array notation. 1674 o Updated references, including to W3C specifications. 1676 -25 1678 o Updated WebCrypto reference to refer to W3C Last Call draft. 1680 -24 1682 o Corrected the authentication tag value in the encrypted key 1683 example. 1685 o Updated the JSON reference to RFC 7159. 1687 -23 1689 o No changes were made, other than to the version number and date. 1691 -22 1693 o Corrected RFC 2119 terminology usage. 1695 o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158. 1697 -21 1699 o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey" 1700 and "unwrapKey" to match the "KeyUsage" values defined in the 1701 current Web Cryptography API [WebCrypto] editor's draft. 1703 o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt 1704 Input), where the "p2s" Header Parameter encodes the Salt Input 1705 value and Alg is the "alg" Header Parameter value. 1707 o Changed some references from being normative to informative, 1708 addressing issue #90. 1710 -20 1712 o Renamed "use_details" to "key_ops" (key operations). 1714 o Clarified that "use" is meant for public key use cases, "key_ops" 1715 is meant for use cases in which public, private, or symmetric keys 1716 may be present, and that "use" and "key_ops" should not be used 1717 together. 1719 o Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis, 1720 addressing issue #90. 1722 -19 1723 o Added optional "use_details" (key use details) JWK member. 1725 o Reordered the key selection parameters. 1727 -18 1729 o Changes to address editorial and minor issues #68, #69, #73, #74, 1730 #76, #77, #78, #79, #82, #85, #89, and #135. 1732 o Added and used Description registry fields. 1734 -17 1736 o Refined the "typ" and "cty" definitions to always be MIME Media 1737 Types, with the omission of "application/" prefixes recommended 1738 for brevity, addressing issue #50. 1740 o Added an example encrypting an RSA private key with 1741 "PBES2-HS256+A128KW" and "A128CBC-HS256". Thanks to Matt Miller 1742 for producing this! 1744 o Processing rules occurring in both JWS and JWK are now referenced 1745 in JWS by JWK, rather than duplicated, addressing issue #57. 1747 o Terms used in multiple documents are now defined in one place and 1748 incorporated by reference. Some lightly used or obvious terms 1749 were also removed. This addresses issue #58. 1751 -16 1753 o Changes to address editorial and minor issues #41, #42, #43, #47, 1754 #51, #67, #71, #76, #80, #83, #84, #85, #86, #87, and #88. 1756 -15 1758 o Changes to address editorial issues #48, #64, #65, #66, and #91. 1760 -14 1762 o Relaxed language introducing key parameters since some parameters 1763 are applicable to multiple, but not all, key types. 1765 -13 1767 o Applied spelling and grammar corrections. 1769 -12 1770 o Stated that recipients MUST either reject JWKs and JWK Sets with 1771 duplicate member names or use a JSON parser that returns only the 1772 lexically last duplicate member name. 1774 -11 1776 o Stated that when "kid" values are used within a JWK Set, different 1777 keys within the JWK Set SHOULD use distinct "kid" values. 1779 o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate 1780 Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters. 1782 o Added section on Encrypted JWK and Encrypted JWK Set Formats. 1784 o Added a Parameter Information Class value to the JSON Web Key 1785 Parameters registry, which registers whether the parameter conveys 1786 public or private information. 1788 o Registered "application/jwk+json" and "application/jwk-set+json" 1789 MIME types and "JWK" and "JWK-SET" typ header parameter values, 1790 addressing issue #21. 1792 -10 1794 o No changes were made, other than to the version number and date. 1796 -09 1798 o Expanded the scope of the JWK specification to include private and 1799 symmetric key representations, as specified by 1800 draft-jones-jose-json-private-and-symmetric-key-00. 1802 o Defined that members that are not understood must be ignored. 1804 -08 1806 o Changed the name of the JWK key type parameter from "alg" to "kty" 1807 to enable use of "alg" to indicate the particular algorithm that 1808 the key is intended to be used with. 1810 o Clarified statements of the form "This member is OPTIONAL" to "Use 1811 of this member is OPTIONAL". 1813 o Referenced String Comparison Rules in JWS. 1815 o Added seriesInfo information to Internet Draft references. 1817 -07 1818 o Changed the name of the JWK RSA modulus parameter from "mod" to 1819 "n" and the name of the JWK RSA exponent parameter from "xpo" to 1820 "e", so that the identifiers are the same as those used in RFC 1821 3447. 1823 -06 1825 o Changed the name of the JWK RSA exponent parameter from "exp" to 1826 "xpo" so as to allow the potential use of the name "exp" for a 1827 future extension that might define an expiration parameter for 1828 keys. (The "exp" name is already used for this purpose in the JWT 1829 specification.) 1831 o Clarify that the "alg" (algorithm family) member is REQUIRED. 1833 o Correct an instance of "JWK" that should have been "JWK Set". 1835 o Applied changes made by the RFC Editor to RFC 6749's registry 1836 language to this specification. 1838 -05 1840 o Indented artwork elements to better distinguish them from the body 1841 text. 1843 -04 1845 o Refer to the registries as the primary sources of defined values 1846 and then secondarily reference the sections defining the initial 1847 contents of the registries. 1849 o Normatively reference XML DSIG 2.0 for its security 1850 considerations. 1852 o Added this language to Registration Templates: "This name is case 1853 sensitive. Names that match other registered names in a case 1854 insensitive manner SHOULD NOT be accepted." 1856 o Described additional open issues. 1858 o Applied editorial suggestions. 1860 -03 1862 o Clarified that "kid" values need not be unique within a JWK Set. 1864 o Moved JSON Web Key Parameters registry to the JWK specification. 1866 o Added "Collision Resistant Namespace" to the terminology section. 1868 o Changed registration requirements from RFC Required to 1869 Specification Required with Expert Review. 1871 o Added Registration Template sections for defined registries. 1873 o Added Registry Contents sections to populate registry values. 1875 o Numerous editorial improvements. 1877 -02 1879 o Simplified JWK terminology to get replace the "JWK Key Object" and 1880 "JWK Container Object" terms with simply "JSON Web Key (JWK)" and 1881 "JSON Web Key Set (JWK Set)" and to eliminate potential confusion 1882 between single keys and sets of keys. As part of this change, the 1883 top-level member name for a set of keys was changed from "jwk" to 1884 "keys". 1886 o Clarified that values with duplicate member names MUST be 1887 rejected. 1889 o Established JSON Web Key Set Parameters registry. 1891 o Explicitly listed non-goals in the introduction. 1893 o Moved algorithm-specific definitions from JWK to JWA. 1895 o Reformatted to give each member definition its own section 1896 heading. 1898 -01 1900 o Corrected the Magic Signatures reference. 1902 -00 1904 o Created the initial IETF draft based upon 1905 draft-jones-json-web-key-03 with no normative changes. 1907 Author's Address 1909 Michael B. Jones 1910 Microsoft 1912 Email: mbj@microsoft.com 1913 URI: http://self-issued.info/