idnits 2.17.1 draft-ietf-jose-json-web-key-29.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 20, 2014) is 3595 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ECMAScript' -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.X690.1994' ** Downref: Normative reference to an Historic RFC: RFC 1421 ** Obsolete normative reference: RFC 2818 (Obsoleted by RFC 9110) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 6125 (Obsoleted by RFC 9525) ** Obsolete normative reference: RFC 7159 (Obsoleted by RFC 8259) -- Possible downref: Non-RFC (?) normative reference: ref. 'USASCII' -- Obsolete informational reference (is this intentional?): RFC 3447 (Obsoleted by RFC 8017) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 5 errors (**), 0 flaws (~~), 1 warning (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 JOSE Working Group M. Jones 3 Internet-Draft Microsoft 4 Intended status: Standards Track June 20, 2014 5 Expires: December 22, 2014 7 JSON Web Key (JWK) 8 draft-ietf-jose-json-web-key-29 10 Abstract 12 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data 13 structure that represents a cryptographic key. This specification 14 also defines a JSON Web Key Set (JWK Set) JSON data structure that 15 represents a set of JWKs. Cryptographic algorithms and identifiers 16 for use with this specification are described in the separate JSON 17 Web Algorithms (JWA) specification and IANA registries defined by 18 that specification. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on December 22, 2014. 37 Copyright Notice 39 Copyright (c) 2014 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 4 56 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. Example JWK . . . . . . . . . . . . . . . . . . . . . . . . . 5 58 4. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 5 59 4.1. "kty" (Key Type) Parameter . . . . . . . . . . . . . . . . 6 60 4.2. "use" (Public Key Use) Parameter . . . . . . . . . . . . . 6 61 4.3. "key_ops" (Key Operations) Parameter . . . . . . . . . . . 7 62 4.4. "alg" (Algorithm) Parameter . . . . . . . . . . . . . . . 7 63 4.5. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 8 64 4.6. "x5u" (X.509 URL) Parameter . . . . . . . . . . . . . . . 8 65 4.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 8 66 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 9 67 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) 68 Parameter . . . . . . . . . . . . . . . . . . . . . . . . 9 69 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 9 70 5.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 10 71 6. String Comparison Rules . . . . . . . . . . . . . . . . . . . 10 72 7. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 10 73 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 74 8.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 12 75 8.1.1. Registration Template . . . . . . . . . . . . . . . . 12 76 8.1.2. Initial Registry Contents . . . . . . . . . . . . . . 13 77 8.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 14 78 8.2.1. Registration Template . . . . . . . . . . . . . . . . 15 79 8.2.2. Initial Registry Contents . . . . . . . . . . . . . . 15 80 8.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 15 81 8.3.1. Registration Template . . . . . . . . . . . . . . . . 16 82 8.3.2. Initial Registry Contents . . . . . . . . . . . . . . 16 83 8.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 17 84 8.4.1. Registration Template . . . . . . . . . . . . . . . . 17 85 8.4.2. Initial Registry Contents . . . . . . . . . . . . . . 18 86 8.5. Media Type Registration . . . . . . . . . . . . . . . . . 18 87 8.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 18 88 9. Security Considerations . . . . . . . . . . . . . . . . . . . 19 89 9.1. Key Provenance and Trust . . . . . . . . . . . . . . . . . 19 90 9.2. Preventing Disclosure of Non-Public Key Information . . . 20 91 9.3. RSA Private Key Representations and Blinding . . . . . . . 20 92 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 93 10.1. Normative References . . . . . . . . . . . . . . . . . . . 20 94 10.2. Informative References . . . . . . . . . . . . . . . . . . 22 95 Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 23 96 A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 23 97 A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 23 98 A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 25 99 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) 100 Parameter . . . . . . . . . . . . . . . . . . . . . . 25 101 Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 26 102 C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 27 103 C.2. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . 30 104 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 30 105 C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 31 106 C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 31 107 C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 31 108 C.7. Additional Authenticated Data . . . . . . . . . . . . . . 32 109 C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 32 110 C.9. Complete Representation . . . . . . . . . . . . . . . . . 35 111 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 36 112 Appendix E. Document History . . . . . . . . . . . . . . . . . . 37 113 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 43 115 1. Introduction 117 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7159] 118 data structure that represents a cryptographic key. This 119 specification also defines a JSON Web Key Set (JWK Set) JSON data 120 structure that represents a set of JWKs. Cryptographic algorithms 121 and identifiers for use with this specification are described in the 122 separate JSON Web Algorithms (JWA) [JWA] specification and IANA 123 registries defined by that specification. 125 Goals for this specification do not include representing new kinds of 126 certificate chains, representing new kinds of certified keys, or 127 replacing X.509 certificates. 129 JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and 130 JSON Web Encryption (JWE) [JWE] specifications. 132 Names defined by this specification are short because a core goal is 133 for the resulting representations to be compact. 135 1.1. Notational Conventions 137 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 138 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 139 "OPTIONAL" in this document are to be interpreted as described in Key 140 words for use in RFCs to Indicate Requirement Levels [RFC2119]. If 141 these words are used without being spelled in uppercase then they are 142 to be interpreted with their normal natural language meanings. 144 BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per 145 Section 2. 147 UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation 148 of STRING. 150 ASCII(STRING) denotes the octets of the ASCII [USASCII] 151 representation of STRING. 153 The concatenation of two values A and B is denoted as A || B. 155 2. Terminology 157 These terms defined by the JSON Web Signature (JWS) [JWS] 158 specification are incorporated into this specification: "Base64url 159 Encoding", "Collision-Resistant Name", "Header Parameter", and "JOSE 160 Header". 162 These terms are defined by this specification: 164 JSON Web Key (JWK) 165 A JSON object that represents a cryptographic key. The members of 166 the object represent properties of the key, including its value. 168 JSON Web Key Set (JWK Set) 169 A JSON object that represents a set of JWKs. The JSON object MUST 170 have a "keys" member, which is an array of JWK objects. 172 3. Example JWK 174 This section provides an example of a JWK. The following example JWK 175 declares that the key is an elliptic curve key, it is used with the 176 P-256 elliptic curve, and its x and y coordinates are the base64url 177 encoded values shown. A key identifier is also provided for the key. 179 {"kty":"EC", 180 "crv":"P-256", 181 "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", 182 "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", 183 "kid":"Public key used in JWS A.3 example" 184 } 186 Additional example JWK values can be found in Appendix A. 188 4. JSON Web Key (JWK) Format 190 A JSON Web Key (JWK) is a JSON object that represents a cryptographic 191 key. The members of the object represent properties of the key, 192 including its value. This document defines the key parameters that 193 are not algorithm specific, and thus common to many keys. 195 In addition to the common parameters, each JWK will have members that 196 are specific to the kind of key being represented. These members 197 represent the parameters of the key. Section 6 of the JSON Web 198 Algorithms (JWA) [JWA] specification defines multiple kinds of 199 cryptographic keys and their associated members. 201 The member names within a JWK MUST be unique; recipients MUST either 202 reject JWKs with duplicate member names or use a JSON parser that 203 returns only the lexically last duplicate member name, as specified 204 in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. 206 Additional members can be present in the JWK; if not understood by 207 implementations encountering them, they MUST be ignored. Member 208 names used for representing key parameters for different keys types 209 need not be distinct. Any new member name should either be 210 registered in the IANA JSON Web Key Parameters registry defined in 211 Section 8.1 or be a value that contains a Collision-Resistant Name. 213 4.1. "kty" (Key Type) Parameter 215 The "kty" (key type) member identifies the cryptographic algorithm 216 family used with the key. "kty" values should either be registered in 217 the IANA JSON Web Key Types registry defined in [JWA] or be a value 218 that contains a Collision-Resistant Name. The "kty" value is a case- 219 sensitive string. This member MUST be present in a JWK. 221 A list of defined "kty" values can be found in the IANA JSON Web Key 222 Types registry defined in [JWA]; the initial contents of this 223 registry are the values defined in Section 6.1 of the JSON Web 224 Algorithms (JWA) [JWA] specification. 226 The key type definitions include specification of the members to be 227 used for those key types. Additional members used with "kty" values 228 can also be found in the IANA JSON Web Key Parameters registry 229 defined in Section 8.1. 231 4.2. "use" (Public Key Use) Parameter 233 The "use" (public key use) member identifies the intended use of the 234 public key. The "use" parameter is intended for use cases in which 235 it is useful to distinguish between public signing keys and public 236 encryption keys. 238 Values defined by this specification are: 240 o "sig" (signature) 241 o "enc" (encryption) 243 Other values MAY be used. Public Key Use values can be registered in 244 the IANA JSON Web Key Use registry defined in Section 8.2. The "use" 245 value is a case-sensitive string. Use of the "use" member is 246 OPTIONAL, unless the application requires its presence. 248 When a key is used to wrap another key and a key use designation for 249 the first key is desired, the "enc" (encryption) key use value SHOULD 250 be used, since key wrapping is a kind of encryption. The "enc" value 251 SHOULD also be used for public keys used for key agreement 252 operations. (The "alg" member can be used to specify the particular 253 cryptographic operation to be performed, when desired.) 255 4.3. "key_ops" (Key Operations) Parameter 257 The "key_ops" (key operations) member identifies the operation(s) 258 that the key is intended to be used for. The "key_ops" parameter is 259 intended for use cases in which public, private, or symmetric keys 260 may be present. 262 Its value is an array of key operation values. Values defined by 263 this specification are: 265 o "sign" (compute signature or MAC) 266 o "verify" (verify signature or MAC) 267 o "encrypt" (encrypt content) 268 o "decrypt" (decrypt content and validate decryption, if applicable) 269 o "wrapKey" (encrypt key) 270 o "unwrapKey" (decrypt key and validate decryption, if applicable) 271 o "deriveKey" (derive key) 272 o "deriveBits" (derive bits not to be used as a key) 274 (Note that the "key_ops" values intentionally match the "KeyUsage" 275 values defined in the Web Cryptography API [WebCrypto] 276 specification.) 278 Other values MAY be used. Key operation values can be registered in 279 the IANA JSON Web Key Operations registry defined in Section 8.3. 280 The key operation values are case-sensitive strings. Duplicate key 281 operation values MUST NOT be present in the array. 283 Use of the "key_ops" member is OPTIONAL, unless the application 284 requires its presence. 286 Multiple unrelated key operations SHOULD NOT be specified for a key 287 because of the potential vulnerabilities associated with using the 288 same key with multiple algorithms. Thus, the combinations "sign" 289 with "verify", "encrypt" with "decrypt", and "wrapKey" with 290 "unwrapKey" are permitted, but other combinations SHOULD NOT be used. 292 The "use" and "key_ops" JWK members SHOULD NOT be used together. 293 Applications should specify which of these members they use, if 294 either is to be used by the application. 296 4.4. "alg" (Algorithm) Parameter 298 The "alg" (algorithm) member identifies the algorithm intended for 299 use with the key. The values used should either be registered in the 300 IANA JSON Web Signature and Encryption Algorithms registry defined in 301 [JWA] or be a value that contains a Collision-Resistant Name. Use of 302 this member is OPTIONAL. 304 4.5. "kid" (Key ID) Parameter 306 The "kid" (key ID) member can be used to match a specific key. This 307 can be used, for instance, to choose among a set of keys within a JWK 308 Set during key rollover. The structure of the "kid" value is 309 unspecified. When "kid" values are used within a JWK Set, different 310 keys within the JWK Set SHOULD use distinct "kid" values. (One 311 example in which different keys might use the same "kid" value is if 312 they have different "kty" (key type) values but are considered to be 313 equivalent alternatives by the application using them.) The "kid" 314 value is a case-sensitive string. Use of this member is OPTIONAL. 316 When used with JWS or JWE, the "kid" value is used to match a JWS or 317 JWE "kid" Header Parameter value. 319 4.6. "x5u" (X.509 URL) Parameter 321 The "x5u" (X.509 URL) member is a URI [RFC3986] that refers to a 322 resource for an X.509 public key certificate or certificate chain 323 [RFC5280]. The identified resource MUST provide a representation of 324 the certificate or certificate chain that conforms to RFC 5280 325 [RFC5280] in PEM encoded form [RFC1421]. The key in the first 326 certificate MUST match the public key represented by other members of 327 the JWK. The protocol used to acquire the resource MUST provide 328 integrity protection; an HTTP GET request to retrieve the certificate 329 MUST use TLS [RFC2818] [RFC5246]; the identity of the server MUST be 330 validated, as per Section 6 of RFC 6125 [RFC6125]. Use of this 331 member is OPTIONAL. 333 While there is no requirement that members other than those 334 representing the public key be populated when an "x5u" member is 335 present, doing so may improve interoperability for applications that 336 do not handle PKIX certificates. If other members are present, the 337 contents of those members MUST be semantically consistent with the 338 related fields in the first certificate. For instance, if the "use" 339 member is present, then it needs to allow for only a subset of the 340 usages that are permitted by the certificate. Similarly, if the 341 "alg" member is present, it should represent an algorithm that the 342 certificate allows. 344 4.7. "x5c" (X.509 Certificate Chain) Parameter 346 The "x5c" (X.509 Certificate Chain) member contains a chain of one or 347 more PKIX certificates [RFC5280]. The certificate chain is 348 represented as a JSON array of certificate value strings. Each 349 string in the array is a base64 encoded ([RFC4648] Section 4 -- not 350 base64url encoded) DER [ITU.X690.1994] PKIX certificate value. The 351 PKIX certificate containing the key value MUST be the first 352 certificate. This MAY be followed by additional certificates, with 353 each subsequent certificate being the one used to certify the 354 previous one. The key in the first certificate MUST match the public 355 key represented by other members of the JWK. Use of this member is 356 OPTIONAL. 358 As with the "x5u" member, members other than those representing the 359 public key may also be populated when an "x5c" member is present. If 360 other members are present, the contents of those members MUST be 361 semantically consistent with the related fields in the first 362 certificate. See the last paragraph of Section 4.6 for additional 363 guidance on this. 365 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter 367 The "x5t" (X.509 Certificate SHA-1 Thumbprint) member is a base64url 368 encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an 369 X.509 certificate [RFC5280]. The key in the certificate MUST match 370 the public key represented by other members of the JWK. Use of this 371 member is OPTIONAL. 373 As with the "x5u" member, members other than those representing the 374 public key may also be populated when an "x5t" member is present. If 375 other members are present, the contents of those members MUST be 376 semantically consistent with the related fields in the referenced 377 certificate. See the last paragraph of Section 4.6 for additional 378 guidance on this. 380 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter 382 The "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) member is a 383 base64url encoded SHA-256 thumbprint (a.k.a. digest) of the DER 384 encoding of an X.509 certificate [RFC5280]. The key in the 385 certificate MUST match the public key represented by other members of 386 the JWK. Use of this member is OPTIONAL. 388 As with the "x5u" member, members other than those representing the 389 public key may also be populated when an "x5t#S256" member is 390 present. If other members are present, the contents of those members 391 MUST be semantically consistent with the related fields in the 392 referenced certificate. See the last paragraph of Section 4.6 for 393 additional guidance on this. 395 5. JSON Web Key Set (JWK Set) Format 397 A JSON Web Key Set (JWK Set) is a JSON object that represents a set 398 of JWKs. The JSON object MUST have a "keys" member, which is an 399 array of JWK objects. 401 The member names within a JWK Set MUST be unique; recipients MUST 402 either reject JWK Sets with duplicate member names or use a JSON 403 parser that returns only the lexically last duplicate member name, as 404 specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 405 [ECMAScript]. 407 Additional members can be present in the JWK Set; if not understood 408 by implementations encountering them, they MUST be ignored. 409 Parameters for representing additional properties of JWK Sets should 410 either be registered in the IANA JSON Web Key Set Parameters registry 411 defined in Section 8.4 or be a value that contains a Collision- 412 Resistant Name. 414 Implementations SHOULD ignore JWKs within a JWK Set that use "kty" 415 (key type) values that are not understood by them, are missing 416 required members, or for which values are out of the supported 417 ranges. 419 5.1. "keys" Parameter 421 The value of the "keys" member is an array of JWK values. By 422 default, the order of the JWK values within the array does not imply 423 an order of preference among them, although applications of JWK Sets 424 can choose to assign a meaning to the order for their purposes, if 425 desired. This member MUST be present in a JWK Set. 427 6. String Comparison Rules 429 The string comparison rules for this specification are the same as 430 those defined in Section 5.3 of [JWS]. 432 7. Encrypted JWK and Encrypted JWK Set Formats 434 Access to JWKs containing non-public key material by parties without 435 legitimate access to the non-public information MUST be prevented. 436 This can be accomplished by encrypting the JWK when potentially 437 observable by such parties to prevent the disclosure of private or 438 symmetric key values. The use of an Encrypted JWK, which is a JWE 439 with the UTF-8 encoding of a JWK as its plaintext value, is 440 recommended for this purpose. The processing of Encrypted JWKs is 441 identical to the processing of other JWEs. A "cty" (content type) 442 Header Parameter value of "jwk+json" MUST be used to indicate that 443 the content of the JWE is a JWK, unless the application knows that 444 the encrypted content is a JWK by another means or convention, in 445 which case the "cty" value would typically be omitted. 447 JWK Sets containing non-public key material will also need to be 448 encrypted under these circumstances. The use of an Encrypted JWK 449 Set, which is a JWE with the UTF-8 encoding of a JWK Set as its 450 plaintext value, is recommended for this purpose. The processing of 451 Encrypted JWK Sets is identical to the processing of other JWEs. A 452 "cty" (content type) Header Parameter value of "jwk-set+json" MUST be 453 used to indicate that the content of the JWE is a JWK Set, unless the 454 application knows that the encrypted content is a JWK Set by another 455 means or convention, in which case the "cty" value would typically be 456 omitted. 458 See Appendix C for an example encrypted JWK. 460 8. IANA Considerations 462 The following registration procedure is used for all the registries 463 established by this specification. 465 Values are registered with a Specification Required [RFC5226] after a 466 two-week review period on the [TBD]@ietf.org mailing list, on the 467 advice of one or more Designated Experts. However, to allow for the 468 allocation of values prior to publication, the Designated Expert(s) 469 may approve registration once they are satisfied that such a 470 specification will be published. 472 Registration requests must be sent to the [TBD]@ietf.org mailing list 473 for review and comment, with an appropriate subject (e.g., "Request 474 for access token type: example"). [[ Note to the RFC Editor: The name 475 of the mailing list should be determined in consultation with the 476 IESG and IANA. Suggested name: jose-reg-review. ]] 478 Within the review period, the Designated Expert(s) will either 479 approve or deny the registration request, communicating this decision 480 to the review list and IANA. Denials should include an explanation 481 and, if applicable, suggestions as to how to make the request 482 successful. Registration requests that are undetermined for a period 483 longer than 21 days can be brought to the IESG's attention (using the 484 iesg@iesg.org mailing list) for resolution. 486 Criteria that should be applied by the Designated Expert(s) includes 487 determining whether the proposed registration duplicates existing 488 functionality, determining whether it is likely to be of general 489 applicability or whether it is useful only for a single application, 490 and whether the registration makes sense. 492 IANA must only accept registry updates from the Designated Expert(s) 493 and should direct all requests for registration to the review mailing 494 list. 496 It is suggested that multiple Designated Experts be appointed who are 497 able to represent the perspectives of different applications using 498 this specification, in order to enable broadly-informed review of 499 registration decisions. In cases where a registration decision could 500 be perceived as creating a conflict of interest for a particular 501 Expert, that Expert should defer to the judgment of the other 502 Expert(s). 504 8.1. JSON Web Key Parameters Registry 506 This specification establishes the IANA JSON Web Key Parameters 507 registry for JWK parameter names. The registry records the parameter 508 name, the key type(s) that the parameter is used with, and a 509 reference to the specification that defines it. It also records 510 whether the parameter conveys public or private information. This 511 specification registers the parameter names defined in Section 4. 512 The same JWK parameter name may be registered multiple times, 513 provided that duplicate parameter registrations are only for key type 514 specific JWK parameters; in this case, the meaning of the duplicate 515 parameter name is disambiguated by the "kty" value of the JWK 516 containing it. 518 8.1.1. Registration Template 520 Parameter Name: 521 The name requested (e.g., "example"). Because a core goal of this 522 specification is for the resulting representations to be compact, 523 it is RECOMMENDED that the name be short -- not to exceed 8 524 characters without a compelling reason to do so. This name is 525 case-sensitive. Names may not match other registered names in a 526 case-insensitive manner unless the Designated Expert(s) state that 527 there is a compelling reason to allow an exception in this 528 particular case. However, matching names may be registered, 529 provided that the accompanying sets of "kty" values that the 530 Parameter Name is used with are disjoint; for the purposes of 531 matching "kty" values, "*" matches all values. 533 Parameter Description: 534 Brief description of the parameter (e.g., "Example description"). 536 Used with "kty" Value(s): 537 The key type parameter value(s) that the parameter name is to be 538 used with, or the value "*" if the parameter value is used with 539 all key types. Values may not match other registered "kty" values 540 in a case-insensitive manner when the registered Parameter Name is 541 the same (including when the Parameter Name matches in a case- 542 insensitive manner) unless the Designated Expert(s) state that 543 there is a compelling reason to allow an exception in this 544 particular case. 546 Parameter Information Class: 547 Registers whether the parameter conveys public or private 548 information. Its value must be one the words Public or Private. 550 Change Controller: 551 For Standards Track RFCs, state "IESG". For others, give the name 552 of the responsible party. Other details (e.g., postal address, 553 email address, home page URI) may also be included. 555 Specification Document(s): 556 Reference to the document(s) that specify the parameter, 557 preferably including URI(s) that can be used to retrieve copies of 558 the document(s). An indication of the relevant sections may also 559 be included but is not required. 561 8.1.2. Initial Registry Contents 563 o Parameter Name: "kty" 564 o Parameter Description: Key Type 565 o Used with "kty" Value(s): * 566 o Parameter Information Class: Public 567 o Change Controller: IESG 568 o Specification Document(s): Section 4.1 of [[ this document ]] 570 o Parameter Name: "use" 571 o Parameter Description: Public Key Use 572 o Used with "kty" Value(s): * 573 o Parameter Information Class: Public 574 o Change Controller: IESG 575 o Specification Document(s): Section 4.2 of [[ this document ]] 577 o Parameter Name: "key_ops" 578 o Parameter Description: Key Operations 579 o Used with "kty" Value(s): * 580 o Parameter Information Class: Public 581 o Change Controller: IESG 582 o Specification Document(s): Section 4.3 of [[ this document ]] 584 o Parameter Name: "alg" 585 o Parameter Description: Algorithm 586 o Used with "kty" Value(s): * 587 o Parameter Information Class: Public 588 o Change Controller: IESG 589 o Specification Document(s): Section 4.4 of [[ this document ]] 591 o Parameter Name: "kid" 592 o Parameter Description: Key ID 593 o Used with "kty" Value(s): * 594 o Parameter Information Class: Public 595 o Change Controller: IESG 596 o Specification Document(s): Section 4.5 of [[ this document ]] 598 o Parameter Name: "x5u" 599 o Parameter Description: X.509 URL 600 o Used with "kty" Value(s): * 601 o Parameter Information Class: Public 602 o Change Controller: IESG 603 o Specification Document(s): Section 4.6 of [[ this document ]] 605 o Parameter Name: "x5c" 606 o Parameter Description: X.509 Certificate Chain 607 o Used with "kty" Value(s): * 608 o Parameter Information Class: Public 609 o Change Controller: IESG 610 o Specification Document(s): Section 4.7 of [[ this document ]] 612 o Parameter Name: "x5t" 613 o Parameter Description: X.509 Certificate SHA-1 Thumbprint 614 o Used with "kty" Value(s): * 615 o Parameter Information Class: Public 616 o Change Controller: IESG 617 o Specification Document(s): Section 4.8 of [[ this document ]] 619 o Parameter Name: "x5t#S256" 620 o Parameter Description: X.509 Certificate SHA-256 Thumbprint 621 o Used with "kty" Value(s): * 622 o Parameter Information Class: Public 623 o Change Controller: IESG 624 o Specification Document(s): Section 4.9 of [[ this document ]] 626 8.2. JSON Web Key Use Registry 628 This specification establishes the IANA JSON Web Key Use registry for 629 JWK "use" (public key use) member values. The registry records the 630 public key use value and a reference to the specification that 631 defines it. This specification registers the parameter names defined 632 in Section 4.2. 634 8.2.1. Registration Template 636 Use Member Value: 637 The name requested (e.g., "example"). Because a core goal of this 638 specification is for the resulting representations to be compact, 639 it is RECOMMENDED that the name be short -- not to exceed 8 640 characters without a compelling reason to do so. This name is 641 case-sensitive. Names may not match other registered names in a 642 case-insensitive manner unless the Designated Expert(s) state that 643 there is a compelling reason to allow an exception in this 644 particular case. 646 Use Description: 647 Brief description of the use (e.g., "Example description"). 649 Change Controller: 650 For Standards Track RFCs, state "IESG". For others, give the name 651 of the responsible party. Other details (e.g., postal address, 652 email address, home page URI) may also be included. 654 Specification Document(s): 655 Reference to the document(s) that specify the parameter, 656 preferably including URI(s) that can be used to retrieve copies of 657 the document(s). An indication of the relevant sections may also 658 be included but is not required. 660 8.2.2. Initial Registry Contents 662 o Use Member Value: "sig" 663 o Use Description: Signature or MAC 664 o Change Controller: IESG 665 o Specification Document(s): Section 4.2 of [[ this document ]] 667 o Use Member Value: "enc" 668 o Use Description: Encryption 669 o Change Controller: IESG 670 o Specification Document(s): Section 4.2 of [[ this document ]] 672 8.3. JSON Web Key Operations Registry 674 This specification establishes the IANA JSON Web Key Operations 675 registry for values of JWK "key_ops" array elements. The registry 676 records the key operation value and a reference to the specification 677 that defines it. This specification registers the parameter names 678 defined in Section 4.3. 680 8.3.1. Registration Template 682 Key Operation Value: 683 The name requested (e.g., "example"). Because a core goal of this 684 specification is for the resulting representations to be compact, 685 it is RECOMMENDED that the name be short -- not to exceed 8 686 characters without a compelling reason to do so. This name is 687 case-sensitive. Names may not match other registered names in a 688 case-insensitive manner unless the Designated Expert(s) state that 689 there is a compelling reason to allow an exception in this 690 particular case. 692 Key Operation Description: 693 Brief description of the key operation (e.g., "Example 694 description"). 696 Change Controller: 697 For Standards Track RFCs, state "IESG". For others, give the name 698 of the responsible party. Other details (e.g., postal address, 699 email address, home page URI) may also be included. 701 Specification Document(s): 702 Reference to the document(s) that specify the parameter, 703 preferably including URI(s) that can be used to retrieve copies of 704 the document(s). An indication of the relevant sections may also 705 be included but is not required. 707 8.3.2. Initial Registry Contents 709 o Key Operation Value: "sign" 710 o Key Operation Description: Compute signature or MAC 711 o Change Controller: IESG 712 o Specification Document(s): Section 4.3 of [[ this document ]] 714 o Key Operation Value: "verify" 715 o Key Operation Description: Verify signature or MAC 716 o Change Controller: IESG 717 o Specification Document(s): Section 4.3 of [[ this document ]] 719 o Key Operation Value: "encrypt" 720 o Key Operation Description: Encrypt content 721 o Change Controller: IESG 722 o Specification Document(s): Section 4.3 of [[ this document ]] 724 o Key Operation Value: "decrypt" 725 o Key Operation Description: Decrypt content and validate 726 decryption, if applicable 728 o Change Controller: IESG 729 o Specification Document(s): Section 4.3 of [[ this document ]] 731 o Key Operation Value: "wrapKey" 732 o Key Operation Description: Encrypt key 733 o Change Controller: IESG 734 o Specification Document(s): Section 4.3 of [[ this document ]] 736 o Key Operation Value: "unwrapKey" 737 o Key Operation Description: Decrypt key and validate decryption, if 738 applicable 739 o Change Controller: IESG 740 o Specification Document(s): Section 4.3 of [[ this document ]] 742 o Key Operation Value: "deriveKey" 743 o Key Operation Description: Derive key 744 o Change Controller: IESG 745 o Specification Document(s): Section 4.3 of [[ this document ]] 747 o Key Operation Value: "deriveBits" 748 o Key Operation Description: Derive bits not to be used as a key 749 o Change Controller: IESG 750 o Specification Document(s): Section 4.3 of [[ this document ]] 752 8.4. JSON Web Key Set Parameters Registry 754 This specification establishes the IANA JSON Web Key Set Parameters 755 registry for JWK Set parameter names. The registry records the 756 parameter name and a reference to the specification that defines it. 757 This specification registers the parameter names defined in 758 Section 5. 760 8.4.1. Registration Template 762 Parameter Name: 763 The name requested (e.g., "example"). Because a core goal of this 764 specification is for the resulting representations to be compact, 765 it is RECOMMENDED that the name be short -- not to exceed 8 766 characters without a compelling reason to do so. This name is 767 case-sensitive. Names may not match other registered names in a 768 case-insensitive manner unless the Designated Expert(s) state that 769 there is a compelling reason to allow an exception in this 770 particular case. 772 Parameter Description: 773 Brief description of the parameter (e.g., "Example description"). 775 Change Controller: 776 For Standards Track RFCs, state "IESG". For others, give the name 777 of the responsible party. Other details (e.g., postal address, 778 email address, home page URI) may also be included. 780 Specification Document(s): 781 Reference to the document(s) that specify the parameter, 782 preferably including URI(s) that can be used to retrieve copies of 783 the document(s). An indication of the relevant sections may also 784 be included but is not required. 786 8.4.2. Initial Registry Contents 788 o Parameter Name: "keys" 789 o Parameter Description: Array of JWK values 790 o Change Controller: IESG 791 o Specification Document(s): Section 5.1 of [[ this document ]] 793 8.5. Media Type Registration 795 8.5.1. Registry Contents 797 This specification registers the "application/jwk+json" and 798 "application/jwk-set+json" Media Types [RFC2046] in the MIME Media 799 Types registry [IANA.MediaTypes], which can be used to indicate, 800 respectively, that the content is a JWK or a JWK Set. 802 o Type Name: application 803 o Subtype Name: jwk+json 804 o Required Parameters: n/a 805 o Optional Parameters: n/a 806 o Encoding considerations: 8bit; application/jwk+json values are 807 represented as JSON object; UTF-8 encoding SHOULD be employed for 808 the JSON object. 809 o Security Considerations: See the Security Considerations section 810 of [[ this document ]] 811 o Interoperability Considerations: n/a 812 o Published Specification: [[ this document ]] 813 o Applications that use this media type: TBD 814 o Additional Information: Magic number(s): n/a, File extension(s): 815 n/a, Macintosh file type code(s): n/a 816 o Person & email address to contact for further information: Michael 817 B. Jones, mbj@microsoft.com 818 o Intended Usage: COMMON 819 o Restrictions on Usage: none 820 o Author: Michael B. Jones, mbj@microsoft.com 821 o Change Controller: IESG 823 o Type Name: application 824 o Subtype Name: jwk-set+json 825 o Required Parameters: n/a 826 o Optional Parameters: n/a 827 o Encoding considerations: 8bit; application/jwk-set+json values are 828 represented as a JSON Object; UTF-8 encoding SHOULD be employed 829 for the JSON object. 830 o Security Considerations: See the Security Considerations section 831 of [[ this document ]] 832 o Interoperability Considerations: n/a 833 o Published Specification: [[ this document ]] 834 o Applications that use this media type: TBD 835 o Additional Information: Magic number(s): n/a, File extension(s): 836 n/a, Macintosh file type code(s): n/a 837 o Person & email address to contact for further information: Michael 838 B. Jones, mbj@microsoft.com 839 o Intended Usage: COMMON 840 o Restrictions on Usage: none 841 o Author: Michael B. Jones, mbj@microsoft.com 842 o Change Controller: IESG 844 9. Security Considerations 846 All of the security issues faced by any cryptographic application 847 must be faced by a JWS/JWE/JWK agent. Among these issues are 848 protecting the user's asymmetric private and symmetric secret keys, 849 preventing various attacks, and helping avoid mistakes such as 850 inadvertently encrypting a message to the wrong recipient. The 851 entire list of security considerations is beyond the scope of this 852 document, but some significant considerations are listed here. 854 9.1. Key Provenance and Trust 856 One should place no more trust in the data associated with a key than 857 in than the method by which it was obtained and in the 858 trustworthiness of the entity asserting an association with the key. 859 Any data associated with a key that is obtained in an untrusted 860 manner should be treated with skepticism. 862 The security considerations in Section 12.3 of XML DSIG 2.0 863 [W3C.NOTE-xmldsig-core2-20130411] about the strength of a signature 864 depending upon all the links in the security chain also apply to this 865 specification. 867 The TLS Requirements in [JWS] also apply to this specification. 869 9.2. Preventing Disclosure of Non-Public Key Information 871 Private and symmetric keys MUST be protected from disclosure to 872 unintended parties. One recommended means of doing so is to encrypt 873 JWKs or JWK Sets containing them by using the JWK or JWK Set value as 874 the plaintext of a JWE. 876 The security considerations in RFC 3447 [RFC3447] and RFC 6030 877 [RFC6030] about protecting private and symmetric keys, key usage, and 878 information leakage also apply to this specification. 880 9.3. RSA Private Key Representations and Blinding 882 The RSA Key blinding operation [Kocher], which is a defense against 883 some timing attacks, requires all of the RSA key values "n", "e", and 884 "d". However, some RSA private key representations do not include 885 the public exponent "e", but only include the modulus "n" and the 886 private exponent "d". This is true, for instance, of the Java 887 RSAPrivateKeySpec API, which does not include the public exponent "e" 888 as a parameter. So as to enable RSA key blinding, such 889 representations should be avoided. For Java, the 890 RSAPrivateCrtKeySpec API can be used instead. Section 8.2.2(i) of 891 the Handbook of Applied Cryptography [HAC] discusses how to compute 892 the remaining RSA private key parameters, if needed, using only "n", 893 "e", and "d". 895 10. References 897 10.1. Normative References 899 [ECMAScript] 900 Ecma International, "ECMAScript Language Specification, 901 5.1 Edition", ECMA 262, June 2011. 903 [IANA.MediaTypes] 904 Internet Assigned Numbers Authority (IANA), "MIME Media 905 Types", 2005. 907 [ITU.X690.1994] 908 International Telecommunications Union, "Information 909 Technology - ASN.1 encoding rules: Specification of Basic 910 Encoding Rules (BER), Canonical Encoding Rules (CER) and 911 Distinguished Encoding Rules (DER)", ITU-T Recommendation 912 X.690, 1994. 914 [JWA] Jones, M., "JSON Web Algorithms (JWA)", 915 draft-ietf-jose-json-web-algorithms (work in progress), 916 June 2014. 918 [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", 919 draft-ietf-jose-json-web-encryption (work in progress), 920 June 2014. 922 [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web 923 Signature (JWS)", draft-ietf-jose-json-web-signature (work 924 in progress), June 2014. 926 [RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic 927 Mail: Part I: Message Encryption and Authentication 928 Procedures", RFC 1421, February 1993. 930 [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 931 Extensions (MIME) Part Two: Media Types", RFC 2046, 932 November 1996. 934 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 935 Requirement Levels", BCP 14, RFC 2119, March 1997. 937 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 939 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 940 10646", STD 63, RFC 3629, November 2003. 942 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 943 Resource Identifier (URI): Generic Syntax", STD 66, 944 RFC 3986, January 2005. 946 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 947 Encodings", RFC 4648, October 2006. 949 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 950 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 952 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 953 Housley, R., and W. Polk, "Internet X.509 Public Key 954 Infrastructure Certificate and Certificate Revocation List 955 (CRL) Profile", RFC 5280, May 2008. 957 [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and 958 Verification of Domain-Based Application Service Identity 959 within Internet Public Key Infrastructure Using X.509 960 (PKIX) Certificates in the Context of Transport Layer 961 Security (TLS)", RFC 6125, March 2011. 963 [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data 964 Interchange Format", RFC 7159, March 2014. 966 [USASCII] American National Standards Institute, "Coded Character 967 Set -- 7-bit American Standard Code for Information 968 Interchange", ANSI X3.4, 1986. 970 10.2. Informative References 972 [HAC] Menezes, A., van Oorschot, P., and S. Vanstone, "Handbook 973 of Applied Cryptography", CRC Press, 1996, 974 . 976 [Kocher] Kocher, P., "Timing Attacks on Implementations of Diffe- 977 Hellman, RSA, DSS, and Other Systems", In Proceedings of 978 the 16th Annual International Cryptology Conference 979 Advances in Cryptology, Springer-Verlag, pp. 104-113, 980 1996. 982 [MagicSignatures] 983 Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic 984 Signatures", January 2011. 986 [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography 987 Standards (PKCS) #1: RSA Cryptography Specifications 988 Version 2.1", RFC 3447, February 2003. 990 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 991 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 992 May 2008. 994 [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric 995 Key Container (PSKC)", RFC 6030, October 2010. 997 [W3C.NOTE-xmldsig-core2-20130411] 998 Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Roessler, 999 T., Yiu, K., Datta, P., and S. Cantor, "XML Signature 1000 Syntax and Processing Version 2.0", World Wide Web 1001 Consortium Note NOTE-xmldsig-core2-20130411, April 2013, 1002 . 1004 [WebCrypto] 1005 Sleevi, R. and M. Watson, "Web Cryptography API", World 1006 Wide Web Consortium Draft, March 2014, 1007 . 1009 Appendix A. Example JSON Web Key Sets 1011 A.1. Example Public Keys 1013 The following example JWK Set contains two public keys represented as 1014 JWKs: one using an Elliptic Curve algorithm and a second one using an 1015 RSA algorithm. The first specifies that the key is to be used for 1016 encryption. The second specifies that the key is to be used with the 1017 "RS256" algorithm. Both provide a Key ID for key matching purposes. 1018 In both cases, integers are represented using the base64url encoding 1019 of their big endian representations. (Long lines are broken are for 1020 display purposes only.) 1022 {"keys": 1023 [ 1024 {"kty":"EC", 1025 "crv":"P-256", 1026 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1027 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1028 "use":"enc", 1029 "kid":"1"}, 1031 {"kty":"RSA", 1032 "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 1033 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs 1034 tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 1035 QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI 1036 SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb 1037 w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1038 "e":"AQAB", 1039 "alg":"RS256", 1040 "kid":"2011-04-29"} 1041 ] 1042 } 1044 A.2. Example Private Keys 1046 The following example JWK Set contains two keys represented as JWKs 1047 containing both public and private key values: one using an Elliptic 1048 Curve algorithm and a second one using an RSA algorithm. This 1049 example extends the example in the previous section, adding private 1050 key values. (Line breaks are for display purposes only.) 1051 {"keys": 1052 [ 1053 {"kty":"EC", 1054 "crv":"P-256", 1055 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1056 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1057 "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", 1058 "use":"enc", 1059 "kid":"1"}, 1061 {"kty":"RSA", 1062 "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4 1063 cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMst 1064 n64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2Q 1065 vzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbIS 1066 D08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw 1067 0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1068 "e":"AQAB", 1069 "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9 1070 M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij 1071 wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d 1072 _cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz 1073 nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz 1074 me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", 1075 "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV 1076 nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV 1077 WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", 1078 "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum 1079 qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx 1080 kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", 1081 "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim 1082 YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu 1083 YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", 1084 "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU 1085 vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9 1086 GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", 1087 "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg 1088 UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx 1089 yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", 1090 "alg":"RS256", 1091 "kid":"2011-04-29"} 1092 ] 1093 } 1095 A.3. Example Symmetric Keys 1097 The following example JWK Set contains two symmetric keys represented 1098 as JWKs: one designated as being for use with the AES Key Wrap 1099 algorithm and a second one that is an HMAC key. (Line breaks are for 1100 display purposes only.) 1102 {"keys": 1103 [ 1104 {"kty":"oct", 1105 "alg":"A128KW", 1106 "k":"GawgguFyGrWKav7AX4VKUg"}, 1108 {"kty":"oct", 1109 "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75 1110 aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", 1111 "kid":"HMAC key used in JWS A.1 example"} 1112 ] 1113 } 1115 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter 1116 The following is an example of a JWK with a RSA signing key 1117 represented both as an RSA public key and as an X.509 certificate 1118 using the "x5c" parameter: 1120 {"kty":"RSA", 1121 "use":"sig", 1122 "kid":"1b94c", 1123 "n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08 1124 PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q 1125 u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a 1126 YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH 1127 MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv 1128 VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ", 1129 "e":"AQAB", 1130 "x5c": 1131 ["MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJB 1132 gNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYD 1133 VQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1 1134 wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBg 1135 NVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDV 1136 QQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1w 1137 YmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnH 1138 YMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66 1139 s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6 1140 SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpn 1141 fajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPq 1142 PvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVk 1143 aZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BA 1144 QUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL 1145 +9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1 1146 zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL 1147 2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo 1148 4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTq 1149 gawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA=="] 1150 } 1152 Appendix C. Example Encrypted RSA Private Key 1154 This example encrypts an RSA private key to the recipient using 1155 "PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for 1156 content encryption. 1158 NOTE: Unless otherwise indicated, all line breaks are included solely 1159 for readability. 1161 C.1. Plaintext RSA Private Key 1163 The following RSA key is the plaintext for the encryption operation, 1164 formatted as a JWK object: 1166 { 1167 "kty":"RSA", 1168 "kid":"juliet@capulet.lit", 1169 "use":"enc", 1170 "n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy 1171 O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP 1172 8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0 1173 Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X 1174 OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1 1175 _I8sLGuSiVdt3C_Fn2PZ3Z8i744FPFGGcG1qs2Wz-Q", 1176 "e":"AQAB", 1177 "d":"GRtbIQmhOZtyszfgKdg4u_N-R_mZGU_9k7JQ_jn1DnfTuMdSNprTeaSTyWfS 1178 NkuaAwnOEbIQVy1IQbWVV25NY3ybc_IhUJtfri7bAXYEReWaCl3hdlPKXy9U 1179 vqPYGR0kIXTQRqns-dVJ7jahlI7LyckrpTmrM8dWBo4_PMaenNnPiQgO0xnu 1180 ToxutRZJfJvG4Ox4ka3GORQd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu 1181 rY15k9qMSpG9OX_IJAXmxzAh_tWiZOwk2K4yxH9tS3Lq1yX8C1EWmeRDkK2a 1182 hecG85-oLKQt5VEpWHKmjOi_gJSdSgqcN96X52esAQ", 1183 "p":"2rnSOV4hKSN8sS4CgcQHFbs08XboFDqKum3sc4h3GRxrTmQdl1ZK9uw-PIHf 1184 QP0FkxXVrx-WE-ZEbrqivH_2iCLUS7wAl6XvARt1KkIaUxPPSYB9yk31s0Q8 1185 UK96E3_OrADAYtAJs-M3JxCLfNgqh56HDnETTQhH3rCT5T3yJws", 1186 "q":"1u_RiFDP7LBYh3N4GXLT9OpSKYP0uQZyiaZwBtOCBNJgQxaj10RWjsZu0c6I 1187 edis4S7B_coSKB0Kj9PaPaBzg-IySRvvcQuPamQu66riMhjVtG6TlV8CLCYK 1188 rYl52ziqK0E_ym2QnkwsUX7eYTB7LbAHRK9GqocDE5B0f808I4s", 1189 "dp":"KkMTWqBUefVwZ2_Dbj1pPQqyHSHjj90L5x_MOzqYAJMcLMZtbUtwKqvVDq3 1190 tbEo3ZIcohbDtt6SbfmWzggabpQxNxuBpoOOf_a_HgMXK_lhqigI4y_kqS1w 1191 Y52IwjUn5rgRrJ-yYo1h41KR-vz2pYhEAeYrhttWtxVqLCRViD6c", 1192 "dq":"AvfS0-gRxvn0bwJoMSnFxYcK1WnuEjQFluMGfwGitQBWtfZ1Er7t1xDkbN9 1193 GQTB9yqpDoYaN06H7CFtrkxhJIBQaj6nkF5KKS3TQtQ5qCzkOkmxIe3KRbBy 1194 mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu_lRFCOJ3xDea-ots", 1195 "qi":"lSQi-w9CpyUReMErP1RsBLk7wNtOvs5EQpPqmuMvqW57NBUczScEoPwmUqq 1196 abu9V0-Py4dQ57_bapoKRu1R90bvuFnU63SHWEFglZQvJDMeAvmj4sm-Fp0o 1197 Yu_neotgQ0hzbI5gry7ajdYy9-2lNx_76aBZoOUu9HCJ-UsfSOI8" 1198 } 1200 The octets representing the Plaintext used in this example (using 1201 JSON array notation) are: 1203 [123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107, 1204 105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112, 1205 117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34, 1206 58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56, 1207 80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78, 1208 89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87, 1209 101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49, 1210 103, 80, 78, 113, 70, 77, 83, 81, 82, 121, 79, 49, 50, 53, 71, 112, 1211 45, 84, 69, 107, 111, 100, 104, 87, 114, 48, 105, 117, 106, 106, 72, 1212 86, 120, 55, 66, 99, 86, 48, 108, 108, 83, 52, 119, 53, 65, 67, 71, 1213 103, 80, 114, 99, 65, 100, 54, 90, 99, 83, 82, 48, 45, 73, 113, 111, 1214 109, 45, 81, 70, 99, 78, 80, 56, 83, 106, 103, 48, 56, 54, 77, 119, 1215 111, 113, 81, 85, 95, 76, 89, 121, 119, 108, 65, 71, 90, 50, 49, 87, 1216 83, 100, 83, 95, 80, 69, 82, 121, 71, 70, 105, 78, 110, 106, 51, 81, 1217 81, 108, 79, 56, 89, 110, 115, 53, 106, 67, 116, 76, 67, 82, 119, 76, 1218 72, 76, 48, 80, 98, 49, 102, 69, 118, 52, 53, 65, 117, 82, 73, 117, 1219 85, 102, 86, 99, 80, 121, 83, 66, 87, 89, 110, 68, 121, 71, 120, 118, 1220 106, 89, 71, 68, 83, 77, 45, 65, 113, 87, 83, 57, 122, 73, 81, 50, 1221 90, 105, 108, 103, 84, 45, 71, 113, 85, 109, 105, 112, 103, 48, 88, 1222 79, 67, 48, 67, 99, 50, 48, 114, 103, 76, 101, 50, 121, 109, 76, 72, 1223 106, 112, 72, 99, 105, 67, 75, 86, 65, 98, 89, 53, 45, 76, 51, 50, 1224 45, 108, 83, 101, 90, 79, 45, 79, 115, 54, 85, 49, 53, 95, 97, 88, 1225 114, 107, 57, 71, 119, 56, 99, 80, 85, 97, 88, 49, 95, 73, 56, 115, 1226 76, 71, 117, 83, 105, 86, 100, 116, 51, 67, 95, 70, 110, 50, 80, 90, 1227 51, 90, 56, 105, 55, 52, 52, 70, 80, 70, 71, 71, 99, 71, 49, 113, 1228 115, 50, 87, 122, 45, 81, 34, 44, 34, 101, 34, 58, 34, 65, 81, 65, 1229 66, 34, 44, 34, 100, 34, 58, 34, 71, 82, 116, 98, 73, 81, 109, 104, 1230 79, 90, 116, 121, 115, 122, 102, 103, 75, 100, 103, 52, 117, 95, 78, 1231 45, 82, 95, 109, 90, 71, 85, 95, 57, 107, 55, 74, 81, 95, 106, 110, 1232 49, 68, 110, 102, 84, 117, 77, 100, 83, 78, 112, 114, 84, 101, 97, 1233 83, 84, 121, 87, 102, 83, 78, 107, 117, 97, 65, 119, 110, 79, 69, 98, 1234 73, 81, 86, 121, 49, 73, 81, 98, 87, 86, 86, 50, 53, 78, 89, 51, 121, 1235 98, 99, 95, 73, 104, 85, 74, 116, 102, 114, 105, 55, 98, 65, 88, 89, 1236 69, 82, 101, 87, 97, 67, 108, 51, 104, 100, 108, 80, 75, 88, 121, 57, 1237 85, 118, 113, 80, 89, 71, 82, 48, 107, 73, 88, 84, 81, 82, 113, 110, 1238 115, 45, 100, 86, 74, 55, 106, 97, 104, 108, 73, 55, 76, 121, 99, 1239 107, 114, 112, 84, 109, 114, 77, 56, 100, 87, 66, 111, 52, 95, 80, 1240 77, 97, 101, 110, 78, 110, 80, 105, 81, 103, 79, 48, 120, 110, 117, 1241 84, 111, 120, 117, 116, 82, 90, 74, 102, 74, 118, 71, 52, 79, 120, 1242 52, 107, 97, 51, 71, 79, 82, 81, 100, 57, 67, 115, 67, 90, 50, 118, 1243 115, 85, 68, 109, 115, 88, 79, 102, 85, 69, 78, 79, 121, 77, 113, 65, 1244 68, 67, 54, 112, 49, 77, 51, 104, 51, 51, 116, 115, 117, 114, 89, 49, 1245 53, 107, 57, 113, 77, 83, 112, 71, 57, 79, 88, 95, 73, 74, 65, 88, 1246 109, 120, 122, 65, 104, 95, 116, 87, 105, 90, 79, 119, 107, 50, 75, 1247 52, 121, 120, 72, 57, 116, 83, 51, 76, 113, 49, 121, 88, 56, 67, 49, 1248 69, 87, 109, 101, 82, 68, 107, 75, 50, 97, 104, 101, 99, 71, 56, 53, 1249 45, 111, 76, 75, 81, 116, 53, 86, 69, 112, 87, 72, 75, 109, 106, 79, 1250 105, 95, 103, 74, 83, 100, 83, 103, 113, 99, 78, 57, 54, 88, 53, 50, 1251 101, 115, 65, 81, 34, 44, 34, 112, 34, 58, 34, 50, 114, 110, 83, 79, 1252 86, 52, 104, 75, 83, 78, 56, 115, 83, 52, 67, 103, 99, 81, 72, 70, 1253 98, 115, 48, 56, 88, 98, 111, 70, 68, 113, 75, 117, 109, 51, 115, 99, 1254 52, 104, 51, 71, 82, 120, 114, 84, 109, 81, 100, 108, 49, 90, 75, 57, 1255 117, 119, 45, 80, 73, 72, 102, 81, 80, 48, 70, 107, 120, 88, 86, 114, 1256 120, 45, 87, 69, 45, 90, 69, 98, 114, 113, 105, 118, 72, 95, 50, 105, 1257 67, 76, 85, 83, 55, 119, 65, 108, 54, 88, 118, 65, 82, 116, 49, 75, 1258 107, 73, 97, 85, 120, 80, 80, 83, 89, 66, 57, 121, 107, 51, 49, 115, 1259 48, 81, 56, 85, 75, 57, 54, 69, 51, 95, 79, 114, 65, 68, 65, 89, 116, 1260 65, 74, 115, 45, 77, 51, 74, 120, 67, 76, 102, 78, 103, 113, 104, 53, 1261 54, 72, 68, 110, 69, 84, 84, 81, 104, 72, 51, 114, 67, 84, 53, 84, 1262 51, 121, 74, 119, 115, 34, 44, 34, 113, 34, 58, 34, 49, 117, 95, 82, 1263 105, 70, 68, 80, 55, 76, 66, 89, 104, 51, 78, 52, 71, 88, 76, 84, 57, 1264 79, 112, 83, 75, 89, 80, 48, 117, 81, 90, 121, 105, 97, 90, 119, 66, 1265 116, 79, 67, 66, 78, 74, 103, 81, 120, 97, 106, 49, 48, 82, 87, 106, 1266 115, 90, 117, 48, 99, 54, 73, 101, 100, 105, 115, 52, 83, 55, 66, 95, 1267 99, 111, 83, 75, 66, 48, 75, 106, 57, 80, 97, 80, 97, 66, 122, 103, 1268 45, 73, 121, 83, 82, 118, 118, 99, 81, 117, 80, 97, 109, 81, 117, 54, 1269 54, 114, 105, 77, 104, 106, 86, 116, 71, 54, 84, 108, 86, 56, 67, 76, 1270 67, 89, 75, 114, 89, 108, 53, 50, 122, 105, 113, 75, 48, 69, 95, 121, 1271 109, 50, 81, 110, 107, 119, 115, 85, 88, 55, 101, 89, 84, 66, 55, 76, 1272 98, 65, 72, 82, 75, 57, 71, 113, 111, 99, 68, 69, 53, 66, 48, 102, 1273 56, 48, 56, 73, 52, 115, 34, 44, 34, 100, 112, 34, 58, 34, 75, 107, 1274 77, 84, 87, 113, 66, 85, 101, 102, 86, 119, 90, 50, 95, 68, 98, 106, 1275 49, 112, 80, 81, 113, 121, 72, 83, 72, 106, 106, 57, 48, 76, 53, 120, 1276 95, 77, 79, 122, 113, 89, 65, 74, 77, 99, 76, 77, 90, 116, 98, 85, 1277 116, 119, 75, 113, 118, 86, 68, 113, 51, 116, 98, 69, 111, 51, 90, 1278 73, 99, 111, 104, 98, 68, 116, 116, 54, 83, 98, 102, 109, 87, 122, 1279 103, 103, 97, 98, 112, 81, 120, 78, 120, 117, 66, 112, 111, 79, 79, 1280 102, 95, 97, 95, 72, 103, 77, 88, 75, 95, 108, 104, 113, 105, 103, 1281 73, 52, 121, 95, 107, 113, 83, 49, 119, 89, 53, 50, 73, 119, 106, 85, 1282 110, 53, 114, 103, 82, 114, 74, 45, 121, 89, 111, 49, 104, 52, 49, 1283 75, 82, 45, 118, 122, 50, 112, 89, 104, 69, 65, 101, 89, 114, 104, 1284 116, 116, 87, 116, 120, 86, 113, 76, 67, 82, 86, 105, 68, 54, 99, 34, 1285 44, 34, 100, 113, 34, 58, 34, 65, 118, 102, 83, 48, 45, 103, 82, 120, 1286 118, 110, 48, 98, 119, 74, 111, 77, 83, 110, 70, 120, 89, 99, 75, 49, 1287 87, 110, 117, 69, 106, 81, 70, 108, 117, 77, 71, 102, 119, 71, 105, 1288 116, 81, 66, 87, 116, 102, 90, 49, 69, 114, 55, 116, 49, 120, 68, 1289 107, 98, 78, 57, 71, 81, 84, 66, 57, 121, 113, 112, 68, 111, 89, 97, 1290 78, 48, 54, 72, 55, 67, 70, 116, 114, 107, 120, 104, 74, 73, 66, 81, 1291 97, 106, 54, 110, 107, 70, 53, 75, 75, 83, 51, 84, 81, 116, 81, 53, 1292 113, 67, 122, 107, 79, 107, 109, 120, 73, 101, 51, 75, 82, 98, 66, 1293 121, 109, 88, 120, 107, 98, 53, 113, 119, 85, 112, 88, 53, 69, 76, 1294 68, 53, 120, 70, 99, 54, 70, 101, 105, 97, 102, 87, 89, 89, 54, 51, 1295 84, 109, 109, 69, 65, 117, 95, 108, 82, 70, 67, 79, 74, 51, 120, 68, 1296 101, 97, 45, 111, 116, 115, 34, 44, 34, 113, 105, 34, 58, 34, 108, 1297 83, 81, 105, 45, 119, 57, 67, 112, 121, 85, 82, 101, 77, 69, 114, 80, 1298 49, 82, 115, 66, 76, 107, 55, 119, 78, 116, 79, 118, 115, 53, 69, 81, 1299 112, 80, 113, 109, 117, 77, 118, 113, 87, 53, 55, 78, 66, 85, 99, 1300 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, 1301 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, 1302 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, 1303 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, 1304 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, 1305 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, 1306 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, 1307 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, 1308 125] 1310 C.2. JOSE Header 1312 The following example JWE Protected Header declares that: 1314 o the Content Encryption Key is encrypted to the recipient using the 1315 PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, 1317 o the Salt Input ("p2s") value is [217, 96, 147, 112, 150, 117, 70, 1318 247, 127, 8, 155, 137, 174, 42, 80, 215], 1320 o the Iteration Count ("p2c") value is 4096, 1322 o the Plaintext is encrypted using the AES_128_CBC_HMAC_SHA_256 1323 algorithm to produce the Ciphertext, and 1325 o the content type is application/jwk+json. 1327 { 1328 "alg":"PBES2-HS256+A128KW", 1329 "p2s":"2WCTcJZ1Rvd_CJuJripQ1w", 1330 "p2c":4096, 1331 "enc":"A128CBC-HS256", 1332 "cty":"jwk+json" 1333 } 1335 Encoding this JWE Protected Header as BASE64URL(UTF8(JWE Protected 1336 Header)) gives this value (with line breaks for display purposes 1337 only): 1339 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1340 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1341 andrK2pzb24ifQ 1343 C.3. Content Encryption Key (CEK) 1345 Generate a 256 bit random Content Encryption Key (CEK). In this 1346 example, the value (using JSON array notation) is: 1348 [111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 112, 1349 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 48, 1350 253, 182] 1352 C.4. Key Derivation 1354 Derive a key from a shared passphrase using the PBKDF2 algorithm with 1355 HMAC SHA-256 and the specified Salt and Iteration Count values and a 1356 128 bit requested output key size to produce the PBKDF2 Derived Key. 1357 This example uses the following passphrase: 1359 Thus from my lips, by yours, my sin is purged. 1361 The octets representing the passphrase are: 1363 [84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108, 1364 105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, 1365 109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103, 1366 101, 100, 46] 1368 The Salt value (UTF8(Alg) || 0x00 || Salt Input) is: 1370 [80, 66, 69, 83, 50, 45, 72, 83, 50, 53, 54, 43, 65, 49, 50, 56, 75, 1371 87, 0, 217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 155, 137, 174, 1372 42, 80, 215]. 1374 The resulting PBKDF2 Derived Key value is: 1376 [110, 171, 169, 92, 129, 92, 109, 117, 233, 242, 116, 233, 170, 14, 1377 24, 75] 1379 C.5. Key Encryption 1381 Encrypt the CEK with the "A128KW" algorithm using the PBKDF2 Derived 1382 Key. The resulting JWE Encrypted Key value is: 1384 [78, 186, 151, 59, 11, 141, 81, 240, 213, 245, 83, 211, 53, 188, 134, 1385 188, 66, 125, 36, 200, 222, 124, 5, 103, 249, 52, 117, 184, 140, 81, 1386 246, 158, 161, 177, 20, 33, 245, 57, 59, 4] 1388 Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives 1389 this value: 1391 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA 1393 C.6. Initialization Vector 1395 Generate a random 128 bit JWE Initialization Vector. In this 1396 example, the value is: 1398 [97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149, 1399 156] 1400 Encoding this JWE Initialization Vector as BASE64URL(JWE 1401 Initialization Vector) gives this value: 1403 Ye9j1qs22DmRSAddIh-VnA 1405 C.7. Additional Authenticated Data 1407 Let the Additional Authenticated Data encryption parameter be 1408 ASCII(BASE64URL(UTF8(JWE Protected Header))). This value is: 1410 [123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, 1411 50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, 1412 58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, 1413 117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, 1414 52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, 1415 66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, 1416 106, 119, 107, 43, 106, 115, 111, 110, 34, 125] 1418 C.8. Content Encryption 1420 Encrypt the Plaintext with AES_128_CBC_HMAC_SHA_256 using the CEK as 1421 the encryption key, the JWE Initialization Vector, and the Additional 1422 Authenticated Data value above. The resulting Ciphertext is: 1424 [3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, 1425 131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, 1426 112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, 1427 157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, 1428 129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60, 1429 60, 47, 233, 132, 121, 13, 35, 188, 53, 19, 172, 77, 59, 54, 211, 1430 158, 172, 25, 60, 111, 0, 80, 201, 158, 160, 210, 68, 55, 12, 67, 1431 136, 130, 87, 216, 197, 95, 62, 20, 155, 205, 5, 140, 27, 168, 221, 1432 65, 114, 78, 157, 254, 46, 206, 182, 52, 135, 87, 239, 3, 34, 186, 1433 126, 220, 151, 17, 33, 237, 57, 96, 172, 183, 58, 45, 248, 103, 241, 1434 142, 136, 7, 53, 16, 173, 181, 7, 93, 92, 252, 1, 53, 212, 242, 8, 1435 255, 11, 239, 181, 24, 148, 136, 111, 24, 161, 244, 23, 106, 69, 157, 1436 215, 243, 189, 240, 166, 169, 249, 72, 38, 201, 99, 223, 173, 229, 9, 1437 222, 82, 79, 157, 176, 248, 85, 239, 121, 163, 1, 31, 48, 98, 206, 1438 61, 249, 104, 216, 201, 227, 105, 48, 194, 193, 10, 36, 160, 159, 1439 241, 166, 84, 54, 188, 211, 243, 242, 40, 46, 45, 193, 193, 160, 169, 1440 101, 201, 1, 73, 47, 105, 142, 88, 28, 42, 132, 26, 61, 58, 63, 142, 1441 243, 77, 26, 179, 153, 166, 46, 203, 208, 49, 55, 229, 34, 178, 4, 1442 109, 180, 204, 204, 115, 1, 103, 193, 5, 91, 215, 214, 195, 1, 110, 1443 208, 53, 144, 36, 105, 12, 54, 25, 129, 101, 15, 183, 150, 250, 147, 1444 115, 227, 58, 250, 5, 128, 232, 63, 15, 14, 19, 141, 124, 253, 142, 1445 137, 189, 135, 26, 44, 240, 27, 88, 132, 105, 127, 6, 71, 37, 41, 1446 124, 187, 165, 140, 34, 200, 123, 80, 228, 24, 231, 176, 132, 171, 1447 138, 145, 152, 116, 224, 50, 141, 51, 147, 91, 186, 7, 246, 106, 217, 1448 148, 244, 227, 244, 45, 220, 121, 165, 224, 148, 181, 17, 181, 128, 1449 197, 101, 237, 11, 169, 229, 149, 199, 78, 56, 15, 14, 190, 91, 216, 1450 222, 247, 213, 74, 40, 8, 96, 20, 168, 119, 96, 26, 24, 52, 37, 82, 1451 127, 57, 176, 147, 118, 59, 7, 224, 33, 117, 72, 155, 29, 82, 26, 1452 215, 189, 140, 119, 28, 152, 118, 93, 222, 194, 192, 148, 115, 83, 1453 253, 216, 212, 108, 88, 83, 175, 172, 220, 97, 79, 110, 42, 223, 170, 1454 161, 34, 164, 144, 193, 76, 122, 92, 160, 41, 178, 175, 6, 35, 96, 1455 113, 96, 158, 90, 129, 101, 26, 45, 70, 180, 189, 230, 15, 5, 247, 1456 150, 209, 94, 171, 26, 13, 142, 212, 129, 1, 176, 5, 0, 112, 203, 1457 174, 185, 119, 76, 233, 189, 54, 172, 189, 245, 223, 253, 205, 12, 1458 88, 9, 126, 157, 225, 90, 40, 229, 191, 63, 30, 160, 224, 69, 3, 140, 1459 109, 70, 89, 37, 213, 245, 194, 210, 180, 188, 63, 210, 139, 221, 2, 1460 144, 200, 20, 177, 216, 29, 227, 242, 106, 12, 135, 142, 139, 144, 1461 82, 225, 162, 171, 176, 108, 99, 6, 43, 193, 161, 116, 234, 216, 1, 1462 242, 21, 124, 162, 98, 205, 124, 193, 38, 12, 242, 90, 101, 76, 204, 1463 184, 124, 58, 180, 16, 240, 26, 76, 195, 250, 212, 191, 185, 191, 97, 1464 198, 186, 73, 225, 75, 14, 90, 123, 121, 172, 101, 50, 160, 221, 141, 1465 253, 205, 126, 77, 9, 87, 198, 110, 104, 182, 141, 120, 51, 25, 232, 1466 3, 32, 80, 6, 156, 8, 18, 4, 135, 221, 142, 25, 135, 2, 129, 132, 1467 115, 227, 74, 141, 28, 119, 11, 141, 117, 134, 198, 62, 150, 254, 97, 1468 75, 197, 251, 99, 89, 204, 224, 226, 67, 83, 175, 89, 0, 81, 29, 38, 1469 207, 89, 140, 255, 197, 177, 164, 128, 62, 116, 224, 180, 109, 169, 1470 28, 2, 59, 176, 130, 252, 44, 178, 81, 24, 181, 176, 75, 44, 61, 91, 1471 12, 37, 21, 255, 83, 130, 197, 16, 231, 60, 217, 56, 131, 118, 168, 1472 202, 58, 52, 84, 124, 162, 185, 174, 162, 226, 242, 112, 68, 246, 1473 202, 16, 208, 52, 154, 58, 129, 80, 102, 33, 171, 6, 186, 177, 14, 1474 195, 88, 136, 6, 0, 155, 28, 100, 162, 207, 162, 222, 117, 248, 170, 1475 208, 114, 87, 31, 57, 176, 33, 57, 83, 253, 12, 168, 110, 194, 59, 1476 22, 86, 48, 227, 196, 22, 176, 218, 122, 149, 21, 249, 195, 178, 174, 1477 250, 20, 34, 120, 60, 139, 201, 99, 40, 18, 177, 17, 54, 54, 6, 3, 1478 222, 128, 160, 88, 11, 27, 0, 81, 192, 36, 41, 169, 146, 8, 47, 64, 1479 136, 28, 64, 209, 67, 135, 202, 20, 234, 182, 91, 204, 146, 195, 187, 1480 0, 72, 77, 11, 111, 152, 204, 252, 177, 212, 89, 33, 50, 132, 184, 1481 44, 183, 186, 19, 250, 69, 176, 201, 102, 140, 14, 143, 212, 212, 1482 160, 123, 208, 185, 27, 155, 68, 77, 133, 198, 2, 126, 155, 215, 22, 1483 91, 30, 217, 176, 172, 244, 156, 174, 143, 75, 90, 21, 102, 1, 160, 1484 59, 253, 188, 88, 57, 185, 197, 83, 24, 22, 180, 174, 47, 207, 52, 1, 1485 141, 146, 119, 233, 68, 228, 224, 228, 193, 248, 155, 202, 90, 7, 1486 213, 88, 33, 108, 107, 14, 86, 8, 120, 250, 58, 142, 35, 164, 238, 1487 221, 219, 35, 123, 88, 199, 192, 143, 104, 83, 17, 166, 243, 247, 11, 1488 166, 67, 68, 204, 132, 23, 110, 103, 228, 14, 55, 122, 88, 57, 180, 1489 178, 237, 52, 130, 214, 245, 102, 123, 67, 73, 175, 1, 127, 112, 148, 1490 94, 132, 164, 197, 153, 217, 87, 25, 89, 93, 63, 22, 66, 166, 90, 1491 251, 101, 10, 145, 66, 17, 124, 36, 255, 165, 226, 97, 16, 86, 112, 1492 154, 88, 105, 253, 56, 209, 229, 122, 103, 51, 24, 228, 190, 3, 236, 1493 48, 182, 121, 176, 140, 128, 117, 87, 251, 224, 37, 23, 248, 21, 218, 1494 85, 251, 136, 84, 147, 143, 144, 46, 155, 183, 251, 89, 86, 23, 26, 1495 237, 100, 167, 32, 130, 173, 237, 89, 55, 110, 70, 142, 127, 65, 230, 1496 208, 109, 69, 19, 253, 84, 130, 130, 193, 92, 58, 108, 150, 42, 136, 1497 249, 234, 86, 241, 182, 19, 117, 246, 26, 181, 92, 101, 155, 44, 103, 1498 235, 173, 30, 140, 90, 29, 183, 190, 77, 53, 206, 127, 5, 87, 8, 187, 1499 184, 92, 4, 157, 22, 18, 105, 251, 39, 88, 182, 181, 103, 148, 233, 1500 6, 63, 70, 188, 7, 101, 216, 127, 77, 31, 12, 233, 7, 147, 106, 30, 1501 150, 77, 145, 13, 205, 48, 56, 245, 220, 89, 252, 127, 51, 180, 36, 1502 31, 55, 18, 214, 230, 254, 217, 197, 65, 247, 27, 215, 117, 247, 108, 1503 157, 121, 11, 63, 150, 195, 83, 6, 134, 242, 41, 24, 105, 204, 5, 63, 1504 192, 14, 159, 113, 72, 140, 128, 51, 215, 80, 215, 39, 149, 94, 79, 1505 128, 34, 5, 129, 82, 83, 121, 187, 37, 146, 27, 32, 177, 167, 71, 9, 1506 195, 30, 199, 196, 205, 252, 207, 69, 8, 120, 27, 190, 51, 43, 75, 1507 249, 234, 167, 116, 206, 203, 199, 43, 108, 87, 48, 155, 140, 228, 1508 210, 85, 25, 161, 96, 67, 8, 205, 64, 39, 75, 88, 44, 238, 227, 16, 1509 0, 100, 93, 129, 18, 4, 149, 50, 68, 72, 99, 35, 111, 254, 27, 102, 1510 175, 108, 233, 87, 181, 44, 169, 18, 139, 79, 208, 14, 202, 192, 5, 1511 162, 222, 231, 149, 24, 211, 49, 120, 101, 39, 206, 87, 147, 204, 1512 200, 251, 104, 115, 5, 127, 117, 195, 79, 151, 18, 224, 52, 0, 245, 1513 4, 85, 255, 103, 217, 0, 116, 198, 80, 91, 167, 192, 154, 199, 197, 1514 149, 237, 51, 2, 131, 30, 226, 95, 105, 48, 68, 135, 208, 144, 120, 1515 176, 145, 157, 8, 171, 80, 94, 61, 92, 92, 220, 157, 13, 138, 51, 23, 1516 185, 124, 31, 77, 1, 87, 241, 43, 239, 55, 122, 86, 210, 48, 208, 1517 204, 112, 144, 80, 147, 106, 219, 47, 253, 31, 134, 176, 16, 135, 1518 219, 95, 17, 129, 83, 236, 125, 136, 112, 86, 228, 252, 71, 129, 218, 1519 174, 156, 236, 12, 27, 159, 11, 138, 252, 253, 207, 31, 115, 214, 1520 118, 239, 203, 16, 211, 205, 99, 22, 51, 163, 107, 162, 246, 199, 67, 1521 127, 34, 108, 197, 53, 117, 58, 199, 3, 190, 74, 70, 190, 65, 235, 1522 175, 97, 157, 215, 252, 189, 245, 100, 229, 248, 46, 90, 126, 237, 4, 1523 159, 128, 58, 7, 156, 236, 69, 191, 85, 240, 179, 224, 249, 152, 49, 1524 195, 223, 60, 78, 186, 157, 155, 217, 58, 105, 116, 164, 217, 111, 1525 215, 150, 218, 252, 84, 86, 248, 140, 240, 226, 61, 106, 208, 95, 60, 1526 163, 6, 0, 235, 253, 162, 96, 62, 234, 251, 249, 35, 21, 7, 211, 233, 1527 86, 50, 33, 203, 67, 248, 60, 190, 123, 48, 167, 226, 90, 191, 71, 1528 56, 183, 165, 17, 85, 76, 238, 140, 211, 168, 53, 223, 194, 4, 97, 1529 149, 156, 120, 137, 76, 33, 229, 243, 194, 208, 198, 202, 139, 28, 1530 114, 46, 224, 92, 254, 83, 100, 134, 158, 92, 70, 78, 61, 62, 138, 1531 24, 173, 216, 66, 198, 70, 254, 47, 59, 193, 53, 6, 139, 19, 153, 1532 253, 28, 199, 122, 160, 27, 67, 234, 209, 227, 139, 4, 50, 7, 178, 1533 183, 89, 252, 32, 128, 137, 55, 52, 29, 89, 12, 111, 42, 181, 51, 1534 170, 132, 132, 207, 170, 228, 254, 178, 213, 0, 136, 175, 8] 1536 The resulting Authentication Tag value is: 1538 [208, 113, 102, 132, 236, 236, 67, 223, 39, 53, 98, 99, 32, 121, 17, 1539 236] 1541 Encoding this JWE Ciphertext as BASE64URL(JWE Ciphertext) gives this 1542 value (with line breaks for display purposes only): 1544 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1545 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1546 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1547 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1548 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1549 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1550 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1551 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1552 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1553 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1554 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1555 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1556 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1557 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1558 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1559 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1560 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1561 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1562 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1563 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1564 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1565 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1566 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1567 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1568 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1569 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1570 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1571 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1572 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1573 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1574 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1575 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1576 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1577 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg 1579 Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication 1580 Tag) gives this value: 1582 0HFmhOzsQ98nNWJjIHkR7A 1584 C.9. Complete Representation 1586 Assemble the final representation: The Compact Serialization of this 1587 result is the string BASE64URL(UTF8(JWE Protected Header)) || '.' || 1588 BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization 1589 Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE 1590 Authentication Tag). 1592 The final result in this example is: 1594 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1595 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1596 andrK2pzb24ifQ. 1597 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA. 1598 Ye9j1qs22DmRSAddIh-VnA. 1599 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1600 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1601 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1602 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1603 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1604 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1605 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1606 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1607 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1608 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1609 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1610 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1611 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1612 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1613 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1614 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1615 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1616 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1617 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1618 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1619 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1620 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1621 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1622 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1623 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1624 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1625 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1626 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1627 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1628 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1629 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1630 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1631 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1632 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg. 1633 0HFmhOzsQ98nNWJjIHkR7A 1635 Appendix D. Acknowledgements 1637 A JSON representation for RSA public keys was previously introduced 1638 by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures 1640 [MagicSignatures]. 1642 Thanks to Matt Miller for creating the encrypted key example and to 1643 Edmund Jay and Brian Campbell for validating the example. 1645 This specification is the work of the JOSE Working Group, which 1646 includes dozens of active and dedicated participants. In particular, 1647 the following individuals contributed ideas, feedback, and wording 1648 that influenced this specification: 1650 Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de 1651 Medeiros, Joe Hildebrand, Edmund Jay, Ben Laurie, James Manger, Matt 1652 Miller, Tony Nadalin, Axel Nennker, John Panzer, Eric Rescorla, Nat 1653 Sakimura, Jim Schaad, Ryan Sleevi, Paul Tarjan, Hannes Tschofenig, 1654 and Sean Turner. 1656 Jim Schaad and Karen O'Donoghue chaired the JOSE working group and 1657 Sean Turner, Stephen Farrell, and Kathleen Moriarty served as 1658 Security area directors during the creation of this specification. 1660 Appendix E. Document History 1662 [[ to be removed by the RFC Editor before publication as an RFC ]] 1664 -29 1666 o Replaced the terms JWS Header, JWE Header, and JWT Header with a 1667 single JOSE Header term defined in the JWS specification. This 1668 also enabled a single Header Parameter definition to be used and 1669 reduced other areas of duplication between specifications. 1671 -28 1673 o Revised the introduction to the Security Considerations section. 1675 o Refined the text about when applications using encrypted JWKs and 1676 JWK Sets would not need to use the "cty" header parameter. 1678 -27 1680 o Added an example JWK early in the draft. 1682 o Described additional security considerations. 1684 o Added the "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) JWK 1685 member. 1687 o Addressed a few editorial issues. 1689 -26 1691 o Referenced Section 6 of RFC 6125 for TLS server certificate 1692 identity validation. 1694 o Deleted misleading non-normative phrase from the "use" 1695 description. 1697 o Noted that octet sequences are depicted using JSON array notation. 1699 o Updated references, including to W3C specifications. 1701 -25 1703 o Updated WebCrypto reference to refer to W3C Last Call draft. 1705 -24 1707 o Corrected the authentication tag value in the encrypted key 1708 example. 1710 o Updated the JSON reference to RFC 7159. 1712 -23 1714 o No changes were made, other than to the version number and date. 1716 -22 1718 o Corrected RFC 2119 terminology usage. 1720 o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158. 1722 -21 1724 o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey" 1725 and "unwrapKey" to match the "KeyUsage" values defined in the 1726 current Web Cryptography API [WebCrypto] editor's draft. 1728 o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt 1729 Input), where the "p2s" Header Parameter encodes the Salt Input 1730 value and Alg is the "alg" Header Parameter value. 1732 o Changed some references from being normative to informative, 1733 addressing issue #90. 1735 -20 1737 o Renamed "use_details" to "key_ops" (key operations). 1739 o Clarified that "use" is meant for public key use cases, "key_ops" 1740 is meant for use cases in which public, private, or symmetric keys 1741 may be present, and that "use" and "key_ops" should not be used 1742 together. 1744 o Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis, 1745 addressing issue #90. 1747 -19 1749 o Added optional "use_details" (key use details) JWK member. 1751 o Reordered the key selection parameters. 1753 -18 1755 o Changes to address editorial and minor issues #68, #69, #73, #74, 1756 #76, #77, #78, #79, #82, #85, #89, and #135. 1758 o Added and used Description registry fields. 1760 -17 1762 o Refined the "typ" and "cty" definitions to always be MIME Media 1763 Types, with the omission of "application/" prefixes recommended 1764 for brevity, addressing issue #50. 1766 o Added an example encrypting an RSA private key with 1767 "PBES2-HS256+A128KW" and "A128CBC-HS256". Thanks to Matt Miller 1768 for producing this! 1770 o Processing rules occurring in both JWS and JWK are now referenced 1771 in JWS by JWK, rather than duplicated, addressing issue #57. 1773 o Terms used in multiple documents are now defined in one place and 1774 incorporated by reference. Some lightly used or obvious terms 1775 were also removed. This addresses issue #58. 1777 -16 1779 o Changes to address editorial and minor issues #41, #42, #43, #47, 1780 #51, #67, #71, #76, #80, #83, #84, #85, #86, #87, and #88. 1782 -15 1783 o Changes to address editorial issues #48, #64, #65, #66, and #91. 1785 -14 1787 o Relaxed language introducing key parameters since some parameters 1788 are applicable to multiple, but not all, key types. 1790 -13 1792 o Applied spelling and grammar corrections. 1794 -12 1796 o Stated that recipients MUST either reject JWKs and JWK Sets with 1797 duplicate member names or use a JSON parser that returns only the 1798 lexically last duplicate member name. 1800 -11 1802 o Stated that when "kid" values are used within a JWK Set, different 1803 keys within the JWK Set SHOULD use distinct "kid" values. 1805 o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate 1806 Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters. 1808 o Added section on Encrypted JWK and Encrypted JWK Set Formats. 1810 o Added a Parameter Information Class value to the JSON Web Key 1811 Parameters registry, which registers whether the parameter conveys 1812 public or private information. 1814 o Registered "application/jwk+json" and "application/jwk-set+json" 1815 MIME types and "JWK" and "JWK-SET" typ header parameter values, 1816 addressing issue #21. 1818 -10 1820 o No changes were made, other than to the version number and date. 1822 -09 1824 o Expanded the scope of the JWK specification to include private and 1825 symmetric key representations, as specified by 1826 draft-jones-jose-json-private-and-symmetric-key-00. 1828 o Defined that members that are not understood must be ignored. 1830 -08 1831 o Changed the name of the JWK key type parameter from "alg" to "kty" 1832 to enable use of "alg" to indicate the particular algorithm that 1833 the key is intended to be used with. 1835 o Clarified statements of the form "This member is OPTIONAL" to "Use 1836 of this member is OPTIONAL". 1838 o Referenced String Comparison Rules in JWS. 1840 o Added seriesInfo information to Internet Draft references. 1842 -07 1844 o Changed the name of the JWK RSA modulus parameter from "mod" to 1845 "n" and the name of the JWK RSA exponent parameter from "xpo" to 1846 "e", so that the identifiers are the same as those used in RFC 1847 3447. 1849 -06 1851 o Changed the name of the JWK RSA exponent parameter from "exp" to 1852 "xpo" so as to allow the potential use of the name "exp" for a 1853 future extension that might define an expiration parameter for 1854 keys. (The "exp" name is already used for this purpose in the JWT 1855 specification.) 1857 o Clarify that the "alg" (algorithm family) member is REQUIRED. 1859 o Correct an instance of "JWK" that should have been "JWK Set". 1861 o Applied changes made by the RFC Editor to RFC 6749's registry 1862 language to this specification. 1864 -05 1866 o Indented artwork elements to better distinguish them from the body 1867 text. 1869 -04 1871 o Refer to the registries as the primary sources of defined values 1872 and then secondarily reference the sections defining the initial 1873 contents of the registries. 1875 o Normatively reference XML DSIG 2.0 for its security 1876 considerations. 1878 o Added this language to Registration Templates: "This name is case 1879 sensitive. Names that match other registered names in a case 1880 insensitive manner SHOULD NOT be accepted." 1882 o Described additional open issues. 1884 o Applied editorial suggestions. 1886 -03 1888 o Clarified that "kid" values need not be unique within a JWK Set. 1890 o Moved JSON Web Key Parameters registry to the JWK specification. 1892 o Added "Collision Resistant Namespace" to the terminology section. 1894 o Changed registration requirements from RFC Required to 1895 Specification Required with Expert Review. 1897 o Added Registration Template sections for defined registries. 1899 o Added Registry Contents sections to populate registry values. 1901 o Numerous editorial improvements. 1903 -02 1905 o Simplified JWK terminology to get replace the "JWK Key Object" and 1906 "JWK Container Object" terms with simply "JSON Web Key (JWK)" and 1907 "JSON Web Key Set (JWK Set)" and to eliminate potential confusion 1908 between single keys and sets of keys. As part of this change, the 1909 top-level member name for a set of keys was changed from "jwk" to 1910 "keys". 1912 o Clarified that values with duplicate member names MUST be 1913 rejected. 1915 o Established JSON Web Key Set Parameters registry. 1917 o Explicitly listed non-goals in the introduction. 1919 o Moved algorithm-specific definitions from JWK to JWA. 1921 o Reformatted to give each member definition its own section 1922 heading. 1924 -01 1925 o Corrected the Magic Signatures reference. 1927 -00 1929 o Created the initial IETF draft based upon 1930 draft-jones-json-web-key-03 with no normative changes. 1932 Author's Address 1934 Michael B. Jones 1935 Microsoft 1937 Email: mbj@microsoft.com 1938 URI: http://self-issued.info/