idnits 2.17.1 draft-ietf-jose-json-web-key-31.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 4, 2014) is 3577 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ECMAScript' -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.X690.1994' ** Downref: Normative reference to an Historic RFC: RFC 1421 ** Obsolete normative reference: RFC 2818 (Obsoleted by RFC 9110) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 6125 (Obsoleted by RFC 9525) ** Obsolete normative reference: RFC 7159 (Obsoleted by RFC 8259) -- Possible downref: Non-RFC (?) normative reference: ref. 'USASCII' -- Obsolete informational reference (is this intentional?): RFC 3447 (Obsoleted by RFC 8017) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 5 errors (**), 0 flaws (~~), 1 warning (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 JOSE Working Group M. Jones 3 Internet-Draft Microsoft 4 Intended status: Standards Track July 4, 2014 5 Expires: January 5, 2015 7 JSON Web Key (JWK) 8 draft-ietf-jose-json-web-key-31 10 Abstract 12 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data 13 structure that represents a cryptographic key. This specification 14 also defines a JSON Web Key Set (JWK Set) JSON data structure that 15 represents a set of JWKs. Cryptographic algorithms and identifiers 16 for use with this specification are described in the separate JSON 17 Web Algorithms (JWA) specification and IANA registries defined by 18 that specification. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on January 5, 2015. 37 Copyright Notice 39 Copyright (c) 2014 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 4 56 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. Example JWK . . . . . . . . . . . . . . . . . . . . . . . . . 5 58 4. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 5 59 4.1. "kty" (Key Type) Parameter . . . . . . . . . . . . . . . . 6 60 4.2. "use" (Public Key Use) Parameter . . . . . . . . . . . . . 6 61 4.3. "key_ops" (Key Operations) Parameter . . . . . . . . . . . 7 62 4.4. "alg" (Algorithm) Parameter . . . . . . . . . . . . . . . 7 63 4.5. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 8 64 4.6. "x5u" (X.509 URL) Parameter . . . . . . . . . . . . . . . 8 65 4.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 8 66 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 9 67 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) 68 Parameter . . . . . . . . . . . . . . . . . . . . . . . . 9 69 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 9 70 5.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 10 71 6. String Comparison Rules . . . . . . . . . . . . . . . . . . . 10 72 7. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 10 73 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 74 8.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 12 75 8.1.1. Registration Template . . . . . . . . . . . . . . . . 12 76 8.1.2. Initial Registry Contents . . . . . . . . . . . . . . 13 77 8.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 14 78 8.2.1. Registration Template . . . . . . . . . . . . . . . . 15 79 8.2.2. Initial Registry Contents . . . . . . . . . . . . . . 15 80 8.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 15 81 8.3.1. Registration Template . . . . . . . . . . . . . . . . 16 82 8.3.2. Initial Registry Contents . . . . . . . . . . . . . . 16 83 8.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 17 84 8.4.1. Registration Template . . . . . . . . . . . . . . . . 17 85 8.4.2. Initial Registry Contents . . . . . . . . . . . . . . 18 86 8.5. Media Type Registration . . . . . . . . . . . . . . . . . 18 87 8.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 18 88 9. Security Considerations . . . . . . . . . . . . . . . . . . . 19 89 9.1. Key Provenance and Trust . . . . . . . . . . . . . . . . . 19 90 9.2. Preventing Disclosure of Non-Public Key Information . . . 20 91 9.3. RSA Private Key Representations and Blinding . . . . . . . 20 92 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 93 10.1. Normative References . . . . . . . . . . . . . . . . . . . 20 94 10.2. Informative References . . . . . . . . . . . . . . . . . . 22 95 Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 23 96 A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 23 97 A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 23 98 A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 25 99 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) 100 Parameter . . . . . . . . . . . . . . . . . . . . . . 25 101 Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 26 102 C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 27 103 C.2. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . 30 104 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 30 105 C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 31 106 C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 31 107 C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 31 108 C.7. Additional Authenticated Data . . . . . . . . . . . . . . 32 109 C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 32 110 C.9. Complete Representation . . . . . . . . . . . . . . . . . 35 111 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 36 112 Appendix E. Document History . . . . . . . . . . . . . . . . . . 37 113 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 43 115 1. Introduction 117 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7159] 118 data structure that represents a cryptographic key. This 119 specification also defines a JSON Web Key Set (JWK Set) JSON data 120 structure that represents a set of JWKs. Cryptographic algorithms 121 and identifiers for use with this specification are described in the 122 separate JSON Web Algorithms (JWA) [JWA] specification and IANA 123 registries defined by that specification. 125 Goals for this specification do not include representing new kinds of 126 certificate chains, representing new kinds of certified keys, or 127 replacing X.509 certificates. 129 JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and 130 JSON Web Encryption (JWE) [JWE] specifications. 132 Names defined by this specification are short because a core goal is 133 for the resulting representations to be compact. 135 1.1. Notational Conventions 137 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 138 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 139 "OPTIONAL" in this document are to be interpreted as described in Key 140 words for use in RFCs to Indicate Requirement Levels [RFC2119]. If 141 these words are used without being spelled in uppercase then they are 142 to be interpreted with their normal natural language meanings. 144 BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per 145 Section 2. 147 UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation 148 of STRING. 150 ASCII(STRING) denotes the octets of the ASCII [USASCII] 151 representation of STRING. 153 The concatenation of two values A and B is denoted as A || B. 155 2. Terminology 157 These terms defined by the JSON Web Signature (JWS) [JWS] 158 specification are incorporated into this specification: "Base64url 159 Encoding", "Collision-Resistant Name", "Header Parameter", and "JOSE 160 Header". 162 These terms are defined by this specification: 164 JSON Web Key (JWK) 165 A JSON object that represents a cryptographic key. The members of 166 the object represent properties of the key, including its value. 168 JSON Web Key Set (JWK Set) 169 A JSON object that represents a set of JWKs. The JSON object MUST 170 have a "keys" member, which is an array of JWK objects. 172 3. Example JWK 174 This section provides an example of a JWK. The following example JWK 175 declares that the key is an Elliptic Curve [DSS] key, it is used with 176 the P-256 Elliptic Curve, and its x and y coordinates are the 177 base64url encoded values shown. A key identifier is also provided 178 for the key. 180 {"kty":"EC", 181 "crv":"P-256", 182 "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", 183 "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", 184 "kid":"Public key used in JWS A.3 example" 185 } 187 Additional example JWK values can be found in Appendix A. 189 4. JSON Web Key (JWK) Format 191 A JSON Web Key (JWK) is a JSON object that represents a cryptographic 192 key. The members of the object represent properties of the key, 193 including its value. This document defines the key parameters that 194 are not algorithm specific, and thus common to many keys. 196 In addition to the common parameters, each JWK will have members that 197 are specific to the kind of key being represented. These members 198 represent the parameters of the key. Section 6 of the JSON Web 199 Algorithms (JWA) [JWA] specification defines multiple kinds of 200 cryptographic keys and their associated members. 202 The member names within a JWK MUST be unique; recipients MUST either 203 reject JWKs with duplicate member names or use a JSON parser that 204 returns only the lexically last duplicate member name, as specified 205 in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. 207 Additional members can be present in the JWK; if not understood by 208 implementations encountering them, they MUST be ignored. Member 209 names used for representing key parameters for different keys types 210 need not be distinct. Any new member name should either be 211 registered in the IANA JSON Web Key Parameters registry defined in 212 Section 8.1 or be a value that contains a Collision-Resistant Name. 214 4.1. "kty" (Key Type) Parameter 216 The "kty" (key type) member identifies the cryptographic algorithm 217 family used with the key. "kty" values should either be registered in 218 the IANA JSON Web Key Types registry defined in [JWA] or be a value 219 that contains a Collision-Resistant Name. The "kty" value is a case- 220 sensitive string. This member MUST be present in a JWK. 222 A list of defined "kty" values can be found in the IANA JSON Web Key 223 Types registry defined in [JWA]; the initial contents of this 224 registry are the values defined in Section 6.1 of the JSON Web 225 Algorithms (JWA) [JWA] specification. 227 The key type definitions include specification of the members to be 228 used for those key types. Additional members used with "kty" values 229 can also be found in the IANA JSON Web Key Parameters registry 230 defined in Section 8.1. 232 4.2. "use" (Public Key Use) Parameter 234 The "use" (public key use) member identifies the intended use of the 235 public key. The "use" parameter is intended for use cases in which 236 it is useful to distinguish between public signing keys and public 237 encryption keys. 239 Values defined by this specification are: 241 o "sig" (signature) 242 o "enc" (encryption) 244 Other values MAY be used. Public Key Use values can be registered in 245 the IANA JSON Web Key Use registry defined in Section 8.2. The "use" 246 value is a case-sensitive string. Use of the "use" member is 247 OPTIONAL, unless the application requires its presence. 249 When a key is used to wrap another key and a key use designation for 250 the first key is desired, the "enc" (encryption) key use value SHOULD 251 be used, since key wrapping is a kind of encryption. The "enc" value 252 SHOULD also be used for public keys used for key agreement 253 operations. (The "alg" member can be used to specify the particular 254 cryptographic operation to be performed, when desired.) 256 4.3. "key_ops" (Key Operations) Parameter 258 The "key_ops" (key operations) member identifies the operation(s) 259 that the key is intended to be used for. The "key_ops" parameter is 260 intended for use cases in which public, private, or symmetric keys 261 may be present. 263 Its value is an array of key operation values. Values defined by 264 this specification are: 266 o "sign" (compute signature or MAC) 267 o "verify" (verify signature or MAC) 268 o "encrypt" (encrypt content) 269 o "decrypt" (decrypt content and validate decryption, if applicable) 270 o "wrapKey" (encrypt key) 271 o "unwrapKey" (decrypt key and validate decryption, if applicable) 272 o "deriveKey" (derive key) 273 o "deriveBits" (derive bits not to be used as a key) 275 (Note that the "key_ops" values intentionally match the "KeyUsage" 276 values defined in the Web Cryptography API [WebCrypto] 277 specification.) 279 Other values MAY be used. Key operation values can be registered in 280 the IANA JSON Web Key Operations registry defined in Section 8.3. 281 The key operation values are case-sensitive strings. Duplicate key 282 operation values MUST NOT be present in the array. 284 Use of the "key_ops" member is OPTIONAL, unless the application 285 requires its presence. 287 Multiple unrelated key operations SHOULD NOT be specified for a key 288 because of the potential vulnerabilities associated with using the 289 same key with multiple algorithms. Thus, the combinations "sign" 290 with "verify", "encrypt" with "decrypt", and "wrapKey" with 291 "unwrapKey" are permitted, but other combinations SHOULD NOT be used. 293 The "use" and "key_ops" JWK members SHOULD NOT be used together. 294 Applications should specify which of these members they use, if 295 either is to be used by the application. 297 4.4. "alg" (Algorithm) Parameter 299 The "alg" (algorithm) member identifies the algorithm intended for 300 use with the key. The values used should either be registered in the 301 IANA JSON Web Signature and Encryption Algorithms registry defined in 302 [JWA] or be a value that contains a Collision-Resistant Name. Use of 303 this member is OPTIONAL. 305 4.5. "kid" (Key ID) Parameter 307 The "kid" (key ID) member can be used to match a specific key. This 308 can be used, for instance, to choose among a set of keys within a JWK 309 Set during key rollover. The structure of the "kid" value is 310 unspecified. When "kid" values are used within a JWK Set, different 311 keys within the JWK Set SHOULD use distinct "kid" values. (One 312 example in which different keys might use the same "kid" value is if 313 they have different "kty" (key type) values but are considered to be 314 equivalent alternatives by the application using them.) The "kid" 315 value is a case-sensitive string. Use of this member is OPTIONAL. 317 When used with JWS or JWE, the "kid" value is used to match a JWS or 318 JWE "kid" Header Parameter value. 320 4.6. "x5u" (X.509 URL) Parameter 322 The "x5u" (X.509 URL) member is a URI [RFC3986] that refers to a 323 resource for an X.509 public key certificate or certificate chain 324 [RFC5280]. The identified resource MUST provide a representation of 325 the certificate or certificate chain that conforms to RFC 5280 326 [RFC5280] in PEM encoded form [RFC1421]. The key in the first 327 certificate MUST match the public key represented by other members of 328 the JWK. The protocol used to acquire the resource MUST provide 329 integrity protection; an HTTP GET request to retrieve the certificate 330 MUST use TLS [RFC2818, RFC5246]; the identity of the server MUST be 331 validated, as per Section 6 of RFC 6125 [RFC6125]. Use of this 332 member is OPTIONAL. 334 While there is no requirement that members other than those 335 representing the public key be populated when an "x5u" member is 336 present, doing so may improve interoperability for applications that 337 do not handle PKIX certificates. If other members are present, the 338 contents of those members MUST be semantically consistent with the 339 related fields in the first certificate. For instance, if the "use" 340 member is present, then it needs to allow for only a subset of the 341 usages that are permitted by the certificate. Similarly, if the 342 "alg" member is present, it should represent an algorithm that the 343 certificate allows. 345 4.7. "x5c" (X.509 Certificate Chain) Parameter 347 The "x5c" (X.509 Certificate Chain) member contains a chain of one or 348 more PKIX certificates [RFC5280]. The certificate chain is 349 represented as a JSON array of certificate value strings. Each 350 string in the array is a base64 encoded ([RFC4648] Section 4 -- not 351 base64url encoded) DER [ITU.X690.1994] PKIX certificate value. The 352 PKIX certificate containing the key value MUST be the first 353 certificate. This MAY be followed by additional certificates, with 354 each subsequent certificate being the one used to certify the 355 previous one. The key in the first certificate MUST match the public 356 key represented by other members of the JWK. Use of this member is 357 OPTIONAL. 359 As with the "x5u" member, members other than those representing the 360 public key may also be populated when an "x5c" member is present. If 361 other members are present, the contents of those members MUST be 362 semantically consistent with the related fields in the first 363 certificate. See the last paragraph of Section 4.6 for additional 364 guidance on this. 366 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter 368 The "x5t" (X.509 Certificate SHA-1 Thumbprint) member is a base64url 369 encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an 370 X.509 certificate [RFC5280]. The key in the certificate MUST match 371 the public key represented by other members of the JWK. Use of this 372 member is OPTIONAL. 374 As with the "x5u" member, members other than those representing the 375 public key may also be populated when an "x5t" member is present. If 376 other members are present, the contents of those members MUST be 377 semantically consistent with the related fields in the referenced 378 certificate. See the last paragraph of Section 4.6 for additional 379 guidance on this. 381 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter 383 The "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) member is a 384 base64url encoded SHA-256 thumbprint (a.k.a. digest) of the DER 385 encoding of an X.509 certificate [RFC5280]. The key in the 386 certificate MUST match the public key represented by other members of 387 the JWK. Use of this member is OPTIONAL. 389 As with the "x5u" member, members other than those representing the 390 public key may also be populated when an "x5t#S256" member is 391 present. If other members are present, the contents of those members 392 MUST be semantically consistent with the related fields in the 393 referenced certificate. See the last paragraph of Section 4.6 for 394 additional guidance on this. 396 5. JSON Web Key Set (JWK Set) Format 398 A JSON Web Key Set (JWK Set) is a JSON object that represents a set 399 of JWKs. The JSON object MUST have a "keys" member, which is an 400 array of JWK objects. 402 The member names within a JWK Set MUST be unique; recipients MUST 403 either reject JWK Sets with duplicate member names or use a JSON 404 parser that returns only the lexically last duplicate member name, as 405 specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 406 [ECMAScript]. 408 Additional members can be present in the JWK Set; if not understood 409 by implementations encountering them, they MUST be ignored. 410 Parameters for representing additional properties of JWK Sets should 411 either be registered in the IANA JSON Web Key Set Parameters registry 412 defined in Section 8.4 or be a value that contains a Collision- 413 Resistant Name. 415 Implementations SHOULD ignore JWKs within a JWK Set that use "kty" 416 (key type) values that are not understood by them, are missing 417 required members, or for which values are out of the supported 418 ranges. 420 5.1. "keys" Parameter 422 The value of the "keys" member is an array of JWK values. By 423 default, the order of the JWK values within the array does not imply 424 an order of preference among them, although applications of JWK Sets 425 can choose to assign a meaning to the order for their purposes, if 426 desired. This member MUST be present in a JWK Set. 428 6. String Comparison Rules 430 The string comparison rules for this specification are the same as 431 those defined in Section 5.3 of [JWS]. 433 7. Encrypted JWK and Encrypted JWK Set Formats 435 Access to JWKs containing non-public key material by parties without 436 legitimate access to the non-public information MUST be prevented. 437 This can be accomplished by encrypting the JWK when potentially 438 observable by such parties to prevent the disclosure of private or 439 symmetric key values. The use of an Encrypted JWK, which is a JWE 440 with the UTF-8 encoding of a JWK as its plaintext value, is 441 recommended for this purpose. The processing of Encrypted JWKs is 442 identical to the processing of other JWEs. A "cty" (content type) 443 Header Parameter value of "jwk+json" MUST be used to indicate that 444 the content of the JWE is a JWK, unless the application knows that 445 the encrypted content is a JWK by another means or convention, in 446 which case the "cty" value would typically be omitted. 448 JWK Sets containing non-public key material will also need to be 449 encrypted under these circumstances. The use of an Encrypted JWK 450 Set, which is a JWE with the UTF-8 encoding of a JWK Set as its 451 plaintext value, is recommended for this purpose. The processing of 452 Encrypted JWK Sets is identical to the processing of other JWEs. A 453 "cty" (content type) Header Parameter value of "jwk-set+json" MUST be 454 used to indicate that the content of the JWE is a JWK Set, unless the 455 application knows that the encrypted content is a JWK Set by another 456 means or convention, in which case the "cty" value would typically be 457 omitted. 459 See Appendix C for an example encrypted JWK. 461 8. IANA Considerations 463 The following registration procedure is used for all the registries 464 established by this specification. 466 Values are registered on a Specification Required [RFC5226] basis 467 after a two-week review period on the [TBD]@ietf.org mailing list, on 468 the advice of one or more Designated Experts. However, to allow for 469 the allocation of values prior to publication, the Designated 470 Expert(s) may approve registration once they are satisfied that such 471 a specification will be published. 473 Registration requests must be sent to the [TBD]@ietf.org mailing list 474 for review and comment, with an appropriate subject (e.g., "Request 475 for access token type: example"). [[ Note to the RFC Editor: The name 476 of the mailing list should be determined in consultation with the 477 IESG and IANA. Suggested name: jose-reg-review. ]] 479 Within the review period, the Designated Expert(s) will either 480 approve or deny the registration request, communicating this decision 481 to the review list and IANA. Denials should include an explanation 482 and, if applicable, suggestions as to how to make the request 483 successful. Registration requests that are undetermined for a period 484 longer than 21 days can be brought to the IESG's attention (using the 485 iesg@iesg.org mailing list) for resolution. 487 Criteria that should be applied by the Designated Expert(s) includes 488 determining whether the proposed registration duplicates existing 489 functionality, determining whether it is likely to be of general 490 applicability or whether it is useful only for a single application, 491 and whether the registration makes sense. 493 IANA must only accept registry updates from the Designated Expert(s) 494 and should direct all requests for registration to the review mailing 495 list. 497 It is suggested that multiple Designated Experts be appointed who are 498 able to represent the perspectives of different applications using 499 this specification, in order to enable broadly-informed review of 500 registration decisions. In cases where a registration decision could 501 be perceived as creating a conflict of interest for a particular 502 Expert, that Expert should defer to the judgment of the other 503 Expert(s). 505 8.1. JSON Web Key Parameters Registry 507 This specification establishes the IANA JSON Web Key Parameters 508 registry for JWK parameter names. The registry records the parameter 509 name, the key type(s) that the parameter is used with, and a 510 reference to the specification that defines it. It also records 511 whether the parameter conveys public or private information. This 512 specification registers the parameter names defined in Section 4. 513 The same JWK parameter name may be registered multiple times, 514 provided that duplicate parameter registrations are only for key type 515 specific JWK parameters; in this case, the meaning of the duplicate 516 parameter name is disambiguated by the "kty" value of the JWK 517 containing it. 519 8.1.1. Registration Template 521 Parameter Name: 522 The name requested (e.g., "example"). Because a core goal of this 523 specification is for the resulting representations to be compact, 524 it is RECOMMENDED that the name be short -- not to exceed 8 525 characters without a compelling reason to do so. This name is 526 case-sensitive. Names may not match other registered names in a 527 case-insensitive manner unless the Designated Expert(s) state that 528 there is a compelling reason to allow an exception in this 529 particular case. However, matching names may be registered, 530 provided that the accompanying sets of "kty" values that the 531 Parameter Name is used with are disjoint; for the purposes of 532 matching "kty" values, "*" matches all values. 534 Parameter Description: 535 Brief description of the parameter (e.g., "Example description"). 537 Used with "kty" Value(s): 538 The key type parameter value(s) that the parameter name is to be 539 used with, or the value "*" if the parameter value is used with 540 all key types. Values may not match other registered "kty" values 541 in a case-insensitive manner when the registered Parameter Name is 542 the same (including when the Parameter Name matches in a case- 543 insensitive manner) unless the Designated Expert(s) state that 544 there is a compelling reason to allow an exception in this 545 particular case. 547 Parameter Information Class: 548 Registers whether the parameter conveys public or private 549 information. Its value must be one the words Public or Private. 551 Change Controller: 552 For Standards Track RFCs, state "IESG". For others, give the name 553 of the responsible party. Other details (e.g., postal address, 554 email address, home page URI) may also be included. 556 Specification Document(s): 557 Reference to the document(s) that specify the parameter, 558 preferably including URI(s) that can be used to retrieve copies of 559 the document(s). An indication of the relevant sections may also 560 be included but is not required. 562 8.1.2. Initial Registry Contents 564 o Parameter Name: "kty" 565 o Parameter Description: Key Type 566 o Used with "kty" Value(s): * 567 o Parameter Information Class: Public 568 o Change Controller: IESG 569 o Specification Document(s): Section 4.1 of [[ this document ]] 571 o Parameter Name: "use" 572 o Parameter Description: Public Key Use 573 o Used with "kty" Value(s): * 574 o Parameter Information Class: Public 575 o Change Controller: IESG 576 o Specification Document(s): Section 4.2 of [[ this document ]] 578 o Parameter Name: "key_ops" 579 o Parameter Description: Key Operations 580 o Used with "kty" Value(s): * 581 o Parameter Information Class: Public 582 o Change Controller: IESG 583 o Specification Document(s): Section 4.3 of [[ this document ]] 585 o Parameter Name: "alg" 586 o Parameter Description: Algorithm 587 o Used with "kty" Value(s): * 588 o Parameter Information Class: Public 589 o Change Controller: IESG 590 o Specification Document(s): Section 4.4 of [[ this document ]] 592 o Parameter Name: "kid" 593 o Parameter Description: Key ID 594 o Used with "kty" Value(s): * 595 o Parameter Information Class: Public 596 o Change Controller: IESG 597 o Specification Document(s): Section 4.5 of [[ this document ]] 599 o Parameter Name: "x5u" 600 o Parameter Description: X.509 URL 601 o Used with "kty" Value(s): * 602 o Parameter Information Class: Public 603 o Change Controller: IESG 604 o Specification Document(s): Section 4.6 of [[ this document ]] 606 o Parameter Name: "x5c" 607 o Parameter Description: X.509 Certificate Chain 608 o Used with "kty" Value(s): * 609 o Parameter Information Class: Public 610 o Change Controller: IESG 611 o Specification Document(s): Section 4.7 of [[ this document ]] 613 o Parameter Name: "x5t" 614 o Parameter Description: X.509 Certificate SHA-1 Thumbprint 615 o Used with "kty" Value(s): * 616 o Parameter Information Class: Public 617 o Change Controller: IESG 618 o Specification Document(s): Section 4.8 of [[ this document ]] 620 o Parameter Name: "x5t#S256" 621 o Parameter Description: X.509 Certificate SHA-256 Thumbprint 622 o Used with "kty" Value(s): * 623 o Parameter Information Class: Public 624 o Change Controller: IESG 625 o Specification Document(s): Section 4.9 of [[ this document ]] 627 8.2. JSON Web Key Use Registry 629 This specification establishes the IANA JSON Web Key Use registry for 630 JWK "use" (public key use) member values. The registry records the 631 public key use value and a reference to the specification that 632 defines it. This specification registers the parameter names defined 633 in Section 4.2. 635 8.2.1. Registration Template 637 Use Member Value: 638 The name requested (e.g., "example"). Because a core goal of this 639 specification is for the resulting representations to be compact, 640 it is RECOMMENDED that the name be short -- not to exceed 8 641 characters without a compelling reason to do so. This name is 642 case-sensitive. Names may not match other registered names in a 643 case-insensitive manner unless the Designated Expert(s) state that 644 there is a compelling reason to allow an exception in this 645 particular case. 647 Use Description: 648 Brief description of the use (e.g., "Example description"). 650 Change Controller: 651 For Standards Track RFCs, state "IESG". For others, give the name 652 of the responsible party. Other details (e.g., postal address, 653 email address, home page URI) may also be included. 655 Specification Document(s): 656 Reference to the document(s) that specify the parameter, 657 preferably including URI(s) that can be used to retrieve copies of 658 the document(s). An indication of the relevant sections may also 659 be included but is not required. 661 8.2.2. Initial Registry Contents 663 o Use Member Value: "sig" 664 o Use Description: Signature or MAC 665 o Change Controller: IESG 666 o Specification Document(s): Section 4.2 of [[ this document ]] 668 o Use Member Value: "enc" 669 o Use Description: Encryption 670 o Change Controller: IESG 671 o Specification Document(s): Section 4.2 of [[ this document ]] 673 8.3. JSON Web Key Operations Registry 675 This specification establishes the IANA JSON Web Key Operations 676 registry for values of JWK "key_ops" array elements. The registry 677 records the key operation value and a reference to the specification 678 that defines it. This specification registers the parameter names 679 defined in Section 4.3. 681 8.3.1. Registration Template 683 Key Operation Value: 684 The name requested (e.g., "example"). Because a core goal of this 685 specification is for the resulting representations to be compact, 686 it is RECOMMENDED that the name be short -- not to exceed 8 687 characters without a compelling reason to do so. This name is 688 case-sensitive. Names may not match other registered names in a 689 case-insensitive manner unless the Designated Expert(s) state that 690 there is a compelling reason to allow an exception in this 691 particular case. 693 Key Operation Description: 694 Brief description of the key operation (e.g., "Example 695 description"). 697 Change Controller: 698 For Standards Track RFCs, state "IESG". For others, give the name 699 of the responsible party. Other details (e.g., postal address, 700 email address, home page URI) may also be included. 702 Specification Document(s): 703 Reference to the document(s) that specify the parameter, 704 preferably including URI(s) that can be used to retrieve copies of 705 the document(s). An indication of the relevant sections may also 706 be included but is not required. 708 8.3.2. Initial Registry Contents 710 o Key Operation Value: "sign" 711 o Key Operation Description: Compute signature or MAC 712 o Change Controller: IESG 713 o Specification Document(s): Section 4.3 of [[ this document ]] 715 o Key Operation Value: "verify" 716 o Key Operation Description: Verify signature or MAC 717 o Change Controller: IESG 718 o Specification Document(s): Section 4.3 of [[ this document ]] 720 o Key Operation Value: "encrypt" 721 o Key Operation Description: Encrypt content 722 o Change Controller: IESG 723 o Specification Document(s): Section 4.3 of [[ this document ]] 725 o Key Operation Value: "decrypt" 726 o Key Operation Description: Decrypt content and validate 727 decryption, if applicable 729 o Change Controller: IESG 730 o Specification Document(s): Section 4.3 of [[ this document ]] 732 o Key Operation Value: "wrapKey" 733 o Key Operation Description: Encrypt key 734 o Change Controller: IESG 735 o Specification Document(s): Section 4.3 of [[ this document ]] 737 o Key Operation Value: "unwrapKey" 738 o Key Operation Description: Decrypt key and validate decryption, if 739 applicable 740 o Change Controller: IESG 741 o Specification Document(s): Section 4.3 of [[ this document ]] 743 o Key Operation Value: "deriveKey" 744 o Key Operation Description: Derive key 745 o Change Controller: IESG 746 o Specification Document(s): Section 4.3 of [[ this document ]] 748 o Key Operation Value: "deriveBits" 749 o Key Operation Description: Derive bits not to be used as a key 750 o Change Controller: IESG 751 o Specification Document(s): Section 4.3 of [[ this document ]] 753 8.4. JSON Web Key Set Parameters Registry 755 This specification establishes the IANA JSON Web Key Set Parameters 756 registry for JWK Set parameter names. The registry records the 757 parameter name and a reference to the specification that defines it. 758 This specification registers the parameter names defined in 759 Section 5. 761 8.4.1. Registration Template 763 Parameter Name: 764 The name requested (e.g., "example"). Because a core goal of this 765 specification is for the resulting representations to be compact, 766 it is RECOMMENDED that the name be short -- not to exceed 8 767 characters without a compelling reason to do so. This name is 768 case-sensitive. Names may not match other registered names in a 769 case-insensitive manner unless the Designated Expert(s) state that 770 there is a compelling reason to allow an exception in this 771 particular case. 773 Parameter Description: 774 Brief description of the parameter (e.g., "Example description"). 776 Change Controller: 777 For Standards Track RFCs, state "IESG". For others, give the name 778 of the responsible party. Other details (e.g., postal address, 779 email address, home page URI) may also be included. 781 Specification Document(s): 782 Reference to the document(s) that specify the parameter, 783 preferably including URI(s) that can be used to retrieve copies of 784 the document(s). An indication of the relevant sections may also 785 be included but is not required. 787 8.4.2. Initial Registry Contents 789 o Parameter Name: "keys" 790 o Parameter Description: Array of JWK values 791 o Change Controller: IESG 792 o Specification Document(s): Section 5.1 of [[ this document ]] 794 8.5. Media Type Registration 796 8.5.1. Registry Contents 798 This specification registers the "application/jwk+json" and 799 "application/jwk-set+json" Media Types [RFC2046] in the MIME Media 800 Types registry [IANA.MediaTypes], which can be used to indicate, 801 respectively, that the content is a JWK or a JWK Set. 803 o Type Name: application 804 o Subtype Name: jwk+json 805 o Required Parameters: n/a 806 o Optional Parameters: n/a 807 o Encoding considerations: 8bit; application/jwk+json values are 808 represented as JSON object; UTF-8 encoding SHOULD be employed for 809 the JSON object. 810 o Security Considerations: See the Security Considerations section 811 of [[ this document ]] 812 o Interoperability Considerations: n/a 813 o Published Specification: [[ this document ]] 814 o Applications that use this media type: TBD 815 o Additional Information: Magic number(s): n/a, File extension(s): 816 n/a, Macintosh file type code(s): n/a 817 o Person & email address to contact for further information: Michael 818 B. Jones, mbj@microsoft.com 819 o Intended Usage: COMMON 820 o Restrictions on Usage: none 821 o Author: Michael B. Jones, mbj@microsoft.com 822 o Change Controller: IESG 824 o Type Name: application 825 o Subtype Name: jwk-set+json 826 o Required Parameters: n/a 827 o Optional Parameters: n/a 828 o Encoding considerations: 8bit; application/jwk-set+json values are 829 represented as a JSON Object; UTF-8 encoding SHOULD be employed 830 for the JSON object. 831 o Security Considerations: See the Security Considerations section 832 of [[ this document ]] 833 o Interoperability Considerations: n/a 834 o Published Specification: [[ this document ]] 835 o Applications that use this media type: TBD 836 o Additional Information: Magic number(s): n/a, File extension(s): 837 n/a, Macintosh file type code(s): n/a 838 o Person & email address to contact for further information: Michael 839 B. Jones, mbj@microsoft.com 840 o Intended Usage: COMMON 841 o Restrictions on Usage: none 842 o Author: Michael B. Jones, mbj@microsoft.com 843 o Change Controller: IESG 845 9. Security Considerations 847 All of the security issues that are pertinent to any cryptographic 848 application must be addressed by JWS/JWE/JWK agents. Among these 849 issues are protecting the user's asymmetric private and symmetric 850 secret keys, preventing various attacks, and helping avoid mistakes 851 such as inadvertently encrypting a message to the wrong recipient. 852 The entire list of security considerations is beyond the scope of 853 this document, but some significant considerations are listed here. 855 9.1. Key Provenance and Trust 857 One should place no more trust in the data associated with a key than 858 in than the method by which it was obtained and in the 859 trustworthiness of the entity asserting an association with the key. 860 Any data associated with a key that is obtained in an untrusted 861 manner should be treated with skepticism. 863 The security considerations in Section 12.3 of XML DSIG 2.0 864 [W3C.NOTE-xmldsig-core2-20130411] about the strength of a signature 865 depending upon all the links in the security chain also apply to this 866 specification. 868 The TLS Requirements in [JWS] also apply to this specification. 870 9.2. Preventing Disclosure of Non-Public Key Information 872 Private and symmetric keys MUST be protected from disclosure to 873 unintended parties. One recommended means of doing so is to encrypt 874 JWKs or JWK Sets containing them by using the JWK or JWK Set value as 875 the plaintext of a JWE. 877 The security considerations in RFC 3447 [RFC3447] and RFC 6030 878 [RFC6030] about protecting private and symmetric keys, key usage, and 879 information leakage also apply to this specification. 881 9.3. RSA Private Key Representations and Blinding 883 The RSA Key blinding operation [Kocher], which is a defense against 884 some timing attacks, requires all of the RSA key values "n", "e", and 885 "d". However, some RSA private key representations do not include 886 the public exponent "e", but only include the modulus "n" and the 887 private exponent "d". This is true, for instance, of the Java 888 RSAPrivateKeySpec API, which does not include the public exponent "e" 889 as a parameter. So as to enable RSA key blinding, such 890 representations should be avoided. For Java, the 891 RSAPrivateCrtKeySpec API can be used instead. Section 8.2.2(i) of 892 the Handbook of Applied Cryptography [HAC] discusses how to compute 893 the remaining RSA private key parameters, if needed, using only "n", 894 "e", and "d". 896 10. References 898 10.1. Normative References 900 [ECMAScript] 901 Ecma International, "ECMAScript Language Specification, 902 5.1 Edition", ECMA 262, June 2011. 904 [IANA.MediaTypes] 905 Internet Assigned Numbers Authority (IANA), "MIME Media 906 Types", 2005. 908 [ITU.X690.1994] 909 International Telecommunications Union, "Information 910 Technology - ASN.1 encoding rules: Specification of Basic 911 Encoding Rules (BER), Canonical Encoding Rules (CER) and 912 Distinguished Encoding Rules (DER)", ITU-T Recommendation 913 X.690, 1994. 915 [JWA] Jones, M., "JSON Web Algorithms (JWA)", 916 draft-ietf-jose-json-web-algorithms (work in progress), 917 July 2014. 919 [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", 920 draft-ietf-jose-json-web-encryption (work in progress), 921 July 2014. 923 [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web 924 Signature (JWS)", draft-ietf-jose-json-web-signature (work 925 in progress), July 2014. 927 [RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic 928 Mail: Part I: Message Encryption and Authentication 929 Procedures", RFC 1421, February 1993. 931 [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 932 Extensions (MIME) Part Two: Media Types", RFC 2046, 933 November 1996. 935 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 936 Requirement Levels", BCP 14, RFC 2119, March 1997. 938 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 940 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 941 10646", STD 63, RFC 3629, November 2003. 943 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 944 Resource Identifier (URI): Generic Syntax", STD 66, 945 RFC 3986, January 2005. 947 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 948 Encodings", RFC 4648, October 2006. 950 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 951 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 953 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 954 Housley, R., and W. Polk, "Internet X.509 Public Key 955 Infrastructure Certificate and Certificate Revocation List 956 (CRL) Profile", RFC 5280, May 2008. 958 [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and 959 Verification of Domain-Based Application Service Identity 960 within Internet Public Key Infrastructure Using X.509 961 (PKIX) Certificates in the Context of Transport Layer 962 Security (TLS)", RFC 6125, March 2011. 964 [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data 965 Interchange Format", RFC 7159, March 2014. 967 [USASCII] American National Standards Institute, "Coded Character 968 Set -- 7-bit American Standard Code for Information 969 Interchange", ANSI X3.4, 1986. 971 10.2. Informative References 973 [DSS] National Institute of Standards and Technology, "Digital 974 Signature Standard (DSS)", FIPS PUB 186-4, July 2013. 976 [HAC] Menezes, A., van Oorschot, P., and S. Vanstone, "Handbook 977 of Applied Cryptography", CRC Press, 1996, 978 . 980 [Kocher] Kocher, P., "Timing Attacks on Implementations of Diffe- 981 Hellman, RSA, DSS, and Other Systems", In Proceedings of 982 the 16th Annual International Cryptology Conference 983 Advances in Cryptology, Springer-Verlag, pp. 104-113, 984 1996. 986 [MagicSignatures] 987 Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic 988 Signatures", January 2011. 990 [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography 991 Standards (PKCS) #1: RSA Cryptography Specifications 992 Version 2.1", RFC 3447, February 2003. 994 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 995 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 996 May 2008. 998 [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric 999 Key Container (PSKC)", RFC 6030, October 2010. 1001 [W3C.NOTE-xmldsig-core2-20130411] 1002 Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Roessler, 1003 T., Yiu, K., Datta, P., and S. Cantor, "XML Signature 1004 Syntax and Processing Version 2.0", World Wide Web 1005 Consortium Note NOTE-xmldsig-core2-20130411, April 2013, 1006 . 1008 [WebCrypto] 1009 Sleevi, R. and M. Watson, "Web Cryptography API", World 1010 Wide Web Consortium Draft, March 2014, 1011 . 1013 Appendix A. Example JSON Web Key Sets 1015 A.1. Example Public Keys 1017 The following example JWK Set contains two public keys represented as 1018 JWKs: one using an Elliptic Curve algorithm and a second one using an 1019 RSA algorithm. The first specifies that the key is to be used for 1020 encryption. The second specifies that the key is to be used with the 1021 "RS256" algorithm. Both provide a Key ID for key matching purposes. 1022 In both cases, integers are represented using the base64url encoding 1023 of their big endian representations. (Long lines are broken are for 1024 display purposes only.) 1026 {"keys": 1027 [ 1028 {"kty":"EC", 1029 "crv":"P-256", 1030 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1031 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1032 "use":"enc", 1033 "kid":"1"}, 1035 {"kty":"RSA", 1036 "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 1037 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs 1038 tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 1039 QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI 1040 SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb 1041 w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1042 "e":"AQAB", 1043 "alg":"RS256", 1044 "kid":"2011-04-29"} 1045 ] 1046 } 1048 A.2. Example Private Keys 1050 The following example JWK Set contains two keys represented as JWKs 1051 containing both public and private key values: one using an Elliptic 1052 Curve algorithm and a second one using an RSA algorithm. This 1053 example extends the example in the previous section, adding private 1054 key values. (Line breaks are for display purposes only.) 1055 {"keys": 1056 [ 1057 {"kty":"EC", 1058 "crv":"P-256", 1059 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1060 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1061 "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", 1062 "use":"enc", 1063 "kid":"1"}, 1065 {"kty":"RSA", 1066 "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4 1067 cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMst 1068 n64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2Q 1069 vzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbIS 1070 D08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw 1071 0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1072 "e":"AQAB", 1073 "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9 1074 M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij 1075 wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d 1076 _cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz 1077 nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz 1078 me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", 1079 "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV 1080 nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV 1081 WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", 1082 "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum 1083 qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx 1084 kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", 1085 "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim 1086 YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu 1087 YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", 1088 "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU 1089 vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9 1090 GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", 1091 "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg 1092 UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx 1093 yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", 1094 "alg":"RS256", 1095 "kid":"2011-04-29"} 1096 ] 1097 } 1099 A.3. Example Symmetric Keys 1101 The following example JWK Set contains two symmetric keys represented 1102 as JWKs: one designated as being for use with the AES Key Wrap 1103 algorithm and a second one that is an HMAC key. (Line breaks are for 1104 display purposes only.) 1106 {"keys": 1107 [ 1108 {"kty":"oct", 1109 "alg":"A128KW", 1110 "k":"GawgguFyGrWKav7AX4VKUg"}, 1112 {"kty":"oct", 1113 "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75 1114 aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", 1115 "kid":"HMAC key used in JWS A.1 example"} 1116 ] 1117 } 1119 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter 1120 The following is an example of a JWK with a RSA signing key 1121 represented both as an RSA public key and as an X.509 certificate 1122 using the "x5c" parameter: 1124 {"kty":"RSA", 1125 "use":"sig", 1126 "kid":"1b94c", 1127 "n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08 1128 PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q 1129 u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a 1130 YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH 1131 MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv 1132 VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ", 1133 "e":"AQAB", 1134 "x5c": 1135 ["MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJB 1136 gNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYD 1137 VQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1 1138 wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBg 1139 NVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDV 1140 QQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1w 1141 YmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnH 1142 YMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66 1143 s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6 1144 SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpn 1145 fajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPq 1146 PvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVk 1147 aZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BA 1148 QUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL 1149 +9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1 1150 zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL 1151 2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo 1152 4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTq 1153 gawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA=="] 1154 } 1156 Appendix C. Example Encrypted RSA Private Key 1158 This example encrypts an RSA private key to the recipient using 1159 "PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for 1160 content encryption. 1162 NOTE: Unless otherwise indicated, all line breaks are included solely 1163 for readability. 1165 C.1. Plaintext RSA Private Key 1167 The following RSA key is the plaintext for the encryption operation, 1168 formatted as a JWK object: 1170 { 1171 "kty":"RSA", 1172 "kid":"juliet@capulet.lit", 1173 "use":"enc", 1174 "n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy 1175 O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP 1176 8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0 1177 Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X 1178 OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1 1179 _I8sLGuSiVdt3C_Fn2PZ3Z8i744FPFGGcG1qs2Wz-Q", 1180 "e":"AQAB", 1181 "d":"GRtbIQmhOZtyszfgKdg4u_N-R_mZGU_9k7JQ_jn1DnfTuMdSNprTeaSTyWfS 1182 NkuaAwnOEbIQVy1IQbWVV25NY3ybc_IhUJtfri7bAXYEReWaCl3hdlPKXy9U 1183 vqPYGR0kIXTQRqns-dVJ7jahlI7LyckrpTmrM8dWBo4_PMaenNnPiQgO0xnu 1184 ToxutRZJfJvG4Ox4ka3GORQd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu 1185 rY15k9qMSpG9OX_IJAXmxzAh_tWiZOwk2K4yxH9tS3Lq1yX8C1EWmeRDkK2a 1186 hecG85-oLKQt5VEpWHKmjOi_gJSdSgqcN96X52esAQ", 1187 "p":"2rnSOV4hKSN8sS4CgcQHFbs08XboFDqKum3sc4h3GRxrTmQdl1ZK9uw-PIHf 1188 QP0FkxXVrx-WE-ZEbrqivH_2iCLUS7wAl6XvARt1KkIaUxPPSYB9yk31s0Q8 1189 UK96E3_OrADAYtAJs-M3JxCLfNgqh56HDnETTQhH3rCT5T3yJws", 1190 "q":"1u_RiFDP7LBYh3N4GXLT9OpSKYP0uQZyiaZwBtOCBNJgQxaj10RWjsZu0c6I 1191 edis4S7B_coSKB0Kj9PaPaBzg-IySRvvcQuPamQu66riMhjVtG6TlV8CLCYK 1192 rYl52ziqK0E_ym2QnkwsUX7eYTB7LbAHRK9GqocDE5B0f808I4s", 1193 "dp":"KkMTWqBUefVwZ2_Dbj1pPQqyHSHjj90L5x_MOzqYAJMcLMZtbUtwKqvVDq3 1194 tbEo3ZIcohbDtt6SbfmWzggabpQxNxuBpoOOf_a_HgMXK_lhqigI4y_kqS1w 1195 Y52IwjUn5rgRrJ-yYo1h41KR-vz2pYhEAeYrhttWtxVqLCRViD6c", 1196 "dq":"AvfS0-gRxvn0bwJoMSnFxYcK1WnuEjQFluMGfwGitQBWtfZ1Er7t1xDkbN9 1197 GQTB9yqpDoYaN06H7CFtrkxhJIBQaj6nkF5KKS3TQtQ5qCzkOkmxIe3KRbBy 1198 mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu_lRFCOJ3xDea-ots", 1199 "qi":"lSQi-w9CpyUReMErP1RsBLk7wNtOvs5EQpPqmuMvqW57NBUczScEoPwmUqq 1200 abu9V0-Py4dQ57_bapoKRu1R90bvuFnU63SHWEFglZQvJDMeAvmj4sm-Fp0o 1201 Yu_neotgQ0hzbI5gry7ajdYy9-2lNx_76aBZoOUu9HCJ-UsfSOI8" 1202 } 1204 The octets representing the Plaintext used in this example (using 1205 JSON array notation) are: 1207 [123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107, 1208 105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112, 1209 117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34, 1210 58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56, 1211 80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78, 1212 89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87, 1213 101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49, 1214 103, 80, 78, 113, 70, 77, 83, 81, 82, 121, 79, 49, 50, 53, 71, 112, 1215 45, 84, 69, 107, 111, 100, 104, 87, 114, 48, 105, 117, 106, 106, 72, 1216 86, 120, 55, 66, 99, 86, 48, 108, 108, 83, 52, 119, 53, 65, 67, 71, 1217 103, 80, 114, 99, 65, 100, 54, 90, 99, 83, 82, 48, 45, 73, 113, 111, 1218 109, 45, 81, 70, 99, 78, 80, 56, 83, 106, 103, 48, 56, 54, 77, 119, 1219 111, 113, 81, 85, 95, 76, 89, 121, 119, 108, 65, 71, 90, 50, 49, 87, 1220 83, 100, 83, 95, 80, 69, 82, 121, 71, 70, 105, 78, 110, 106, 51, 81, 1221 81, 108, 79, 56, 89, 110, 115, 53, 106, 67, 116, 76, 67, 82, 119, 76, 1222 72, 76, 48, 80, 98, 49, 102, 69, 118, 52, 53, 65, 117, 82, 73, 117, 1223 85, 102, 86, 99, 80, 121, 83, 66, 87, 89, 110, 68, 121, 71, 120, 118, 1224 106, 89, 71, 68, 83, 77, 45, 65, 113, 87, 83, 57, 122, 73, 81, 50, 1225 90, 105, 108, 103, 84, 45, 71, 113, 85, 109, 105, 112, 103, 48, 88, 1226 79, 67, 48, 67, 99, 50, 48, 114, 103, 76, 101, 50, 121, 109, 76, 72, 1227 106, 112, 72, 99, 105, 67, 75, 86, 65, 98, 89, 53, 45, 76, 51, 50, 1228 45, 108, 83, 101, 90, 79, 45, 79, 115, 54, 85, 49, 53, 95, 97, 88, 1229 114, 107, 57, 71, 119, 56, 99, 80, 85, 97, 88, 49, 95, 73, 56, 115, 1230 76, 71, 117, 83, 105, 86, 100, 116, 51, 67, 95, 70, 110, 50, 80, 90, 1231 51, 90, 56, 105, 55, 52, 52, 70, 80, 70, 71, 71, 99, 71, 49, 113, 1232 115, 50, 87, 122, 45, 81, 34, 44, 34, 101, 34, 58, 34, 65, 81, 65, 1233 66, 34, 44, 34, 100, 34, 58, 34, 71, 82, 116, 98, 73, 81, 109, 104, 1234 79, 90, 116, 121, 115, 122, 102, 103, 75, 100, 103, 52, 117, 95, 78, 1235 45, 82, 95, 109, 90, 71, 85, 95, 57, 107, 55, 74, 81, 95, 106, 110, 1236 49, 68, 110, 102, 84, 117, 77, 100, 83, 78, 112, 114, 84, 101, 97, 1237 83, 84, 121, 87, 102, 83, 78, 107, 117, 97, 65, 119, 110, 79, 69, 98, 1238 73, 81, 86, 121, 49, 73, 81, 98, 87, 86, 86, 50, 53, 78, 89, 51, 121, 1239 98, 99, 95, 73, 104, 85, 74, 116, 102, 114, 105, 55, 98, 65, 88, 89, 1240 69, 82, 101, 87, 97, 67, 108, 51, 104, 100, 108, 80, 75, 88, 121, 57, 1241 85, 118, 113, 80, 89, 71, 82, 48, 107, 73, 88, 84, 81, 82, 113, 110, 1242 115, 45, 100, 86, 74, 55, 106, 97, 104, 108, 73, 55, 76, 121, 99, 1243 107, 114, 112, 84, 109, 114, 77, 56, 100, 87, 66, 111, 52, 95, 80, 1244 77, 97, 101, 110, 78, 110, 80, 105, 81, 103, 79, 48, 120, 110, 117, 1245 84, 111, 120, 117, 116, 82, 90, 74, 102, 74, 118, 71, 52, 79, 120, 1246 52, 107, 97, 51, 71, 79, 82, 81, 100, 57, 67, 115, 67, 90, 50, 118, 1247 115, 85, 68, 109, 115, 88, 79, 102, 85, 69, 78, 79, 121, 77, 113, 65, 1248 68, 67, 54, 112, 49, 77, 51, 104, 51, 51, 116, 115, 117, 114, 89, 49, 1249 53, 107, 57, 113, 77, 83, 112, 71, 57, 79, 88, 95, 73, 74, 65, 88, 1250 109, 120, 122, 65, 104, 95, 116, 87, 105, 90, 79, 119, 107, 50, 75, 1251 52, 121, 120, 72, 57, 116, 83, 51, 76, 113, 49, 121, 88, 56, 67, 49, 1252 69, 87, 109, 101, 82, 68, 107, 75, 50, 97, 104, 101, 99, 71, 56, 53, 1253 45, 111, 76, 75, 81, 116, 53, 86, 69, 112, 87, 72, 75, 109, 106, 79, 1254 105, 95, 103, 74, 83, 100, 83, 103, 113, 99, 78, 57, 54, 88, 53, 50, 1255 101, 115, 65, 81, 34, 44, 34, 112, 34, 58, 34, 50, 114, 110, 83, 79, 1256 86, 52, 104, 75, 83, 78, 56, 115, 83, 52, 67, 103, 99, 81, 72, 70, 1257 98, 115, 48, 56, 88, 98, 111, 70, 68, 113, 75, 117, 109, 51, 115, 99, 1258 52, 104, 51, 71, 82, 120, 114, 84, 109, 81, 100, 108, 49, 90, 75, 57, 1259 117, 119, 45, 80, 73, 72, 102, 81, 80, 48, 70, 107, 120, 88, 86, 114, 1260 120, 45, 87, 69, 45, 90, 69, 98, 114, 113, 105, 118, 72, 95, 50, 105, 1261 67, 76, 85, 83, 55, 119, 65, 108, 54, 88, 118, 65, 82, 116, 49, 75, 1262 107, 73, 97, 85, 120, 80, 80, 83, 89, 66, 57, 121, 107, 51, 49, 115, 1263 48, 81, 56, 85, 75, 57, 54, 69, 51, 95, 79, 114, 65, 68, 65, 89, 116, 1264 65, 74, 115, 45, 77, 51, 74, 120, 67, 76, 102, 78, 103, 113, 104, 53, 1265 54, 72, 68, 110, 69, 84, 84, 81, 104, 72, 51, 114, 67, 84, 53, 84, 1266 51, 121, 74, 119, 115, 34, 44, 34, 113, 34, 58, 34, 49, 117, 95, 82, 1267 105, 70, 68, 80, 55, 76, 66, 89, 104, 51, 78, 52, 71, 88, 76, 84, 57, 1268 79, 112, 83, 75, 89, 80, 48, 117, 81, 90, 121, 105, 97, 90, 119, 66, 1269 116, 79, 67, 66, 78, 74, 103, 81, 120, 97, 106, 49, 48, 82, 87, 106, 1270 115, 90, 117, 48, 99, 54, 73, 101, 100, 105, 115, 52, 83, 55, 66, 95, 1271 99, 111, 83, 75, 66, 48, 75, 106, 57, 80, 97, 80, 97, 66, 122, 103, 1272 45, 73, 121, 83, 82, 118, 118, 99, 81, 117, 80, 97, 109, 81, 117, 54, 1273 54, 114, 105, 77, 104, 106, 86, 116, 71, 54, 84, 108, 86, 56, 67, 76, 1274 67, 89, 75, 114, 89, 108, 53, 50, 122, 105, 113, 75, 48, 69, 95, 121, 1275 109, 50, 81, 110, 107, 119, 115, 85, 88, 55, 101, 89, 84, 66, 55, 76, 1276 98, 65, 72, 82, 75, 57, 71, 113, 111, 99, 68, 69, 53, 66, 48, 102, 1277 56, 48, 56, 73, 52, 115, 34, 44, 34, 100, 112, 34, 58, 34, 75, 107, 1278 77, 84, 87, 113, 66, 85, 101, 102, 86, 119, 90, 50, 95, 68, 98, 106, 1279 49, 112, 80, 81, 113, 121, 72, 83, 72, 106, 106, 57, 48, 76, 53, 120, 1280 95, 77, 79, 122, 113, 89, 65, 74, 77, 99, 76, 77, 90, 116, 98, 85, 1281 116, 119, 75, 113, 118, 86, 68, 113, 51, 116, 98, 69, 111, 51, 90, 1282 73, 99, 111, 104, 98, 68, 116, 116, 54, 83, 98, 102, 109, 87, 122, 1283 103, 103, 97, 98, 112, 81, 120, 78, 120, 117, 66, 112, 111, 79, 79, 1284 102, 95, 97, 95, 72, 103, 77, 88, 75, 95, 108, 104, 113, 105, 103, 1285 73, 52, 121, 95, 107, 113, 83, 49, 119, 89, 53, 50, 73, 119, 106, 85, 1286 110, 53, 114, 103, 82, 114, 74, 45, 121, 89, 111, 49, 104, 52, 49, 1287 75, 82, 45, 118, 122, 50, 112, 89, 104, 69, 65, 101, 89, 114, 104, 1288 116, 116, 87, 116, 120, 86, 113, 76, 67, 82, 86, 105, 68, 54, 99, 34, 1289 44, 34, 100, 113, 34, 58, 34, 65, 118, 102, 83, 48, 45, 103, 82, 120, 1290 118, 110, 48, 98, 119, 74, 111, 77, 83, 110, 70, 120, 89, 99, 75, 49, 1291 87, 110, 117, 69, 106, 81, 70, 108, 117, 77, 71, 102, 119, 71, 105, 1292 116, 81, 66, 87, 116, 102, 90, 49, 69, 114, 55, 116, 49, 120, 68, 1293 107, 98, 78, 57, 71, 81, 84, 66, 57, 121, 113, 112, 68, 111, 89, 97, 1294 78, 48, 54, 72, 55, 67, 70, 116, 114, 107, 120, 104, 74, 73, 66, 81, 1295 97, 106, 54, 110, 107, 70, 53, 75, 75, 83, 51, 84, 81, 116, 81, 53, 1296 113, 67, 122, 107, 79, 107, 109, 120, 73, 101, 51, 75, 82, 98, 66, 1297 121, 109, 88, 120, 107, 98, 53, 113, 119, 85, 112, 88, 53, 69, 76, 1298 68, 53, 120, 70, 99, 54, 70, 101, 105, 97, 102, 87, 89, 89, 54, 51, 1299 84, 109, 109, 69, 65, 117, 95, 108, 82, 70, 67, 79, 74, 51, 120, 68, 1300 101, 97, 45, 111, 116, 115, 34, 44, 34, 113, 105, 34, 58, 34, 108, 1301 83, 81, 105, 45, 119, 57, 67, 112, 121, 85, 82, 101, 77, 69, 114, 80, 1302 49, 82, 115, 66, 76, 107, 55, 119, 78, 116, 79, 118, 115, 53, 69, 81, 1303 112, 80, 113, 109, 117, 77, 118, 113, 87, 53, 55, 78, 66, 85, 99, 1304 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, 1305 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, 1306 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, 1307 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, 1308 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, 1309 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, 1310 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, 1311 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, 1312 125] 1314 C.2. JOSE Header 1316 The following example JWE Protected Header declares that: 1318 o the Content Encryption Key is encrypted to the recipient using the 1319 PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, 1321 o the Salt Input ("p2s") value is [217, 96, 147, 112, 150, 117, 70, 1322 247, 127, 8, 155, 137, 174, 42, 80, 215], 1324 o the Iteration Count ("p2c") value is 4096, 1326 o the Plaintext is encrypted using the AES_128_CBC_HMAC_SHA_256 1327 algorithm to produce the Ciphertext, and 1329 o the content type is application/jwk+json. 1331 { 1332 "alg":"PBES2-HS256+A128KW", 1333 "p2s":"2WCTcJZ1Rvd_CJuJripQ1w", 1334 "p2c":4096, 1335 "enc":"A128CBC-HS256", 1336 "cty":"jwk+json" 1337 } 1339 Encoding this JWE Protected Header as BASE64URL(UTF8(JWE Protected 1340 Header)) gives this value (with line breaks for display purposes 1341 only): 1343 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1344 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1345 andrK2pzb24ifQ 1347 C.3. Content Encryption Key (CEK) 1349 Generate a 256 bit random Content Encryption Key (CEK). In this 1350 example, the value (using JSON array notation) is: 1352 [111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 112, 1353 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 48, 1354 253, 182] 1356 C.4. Key Derivation 1358 Derive a key from a shared passphrase using the PBKDF2 algorithm with 1359 HMAC SHA-256 and the specified Salt and Iteration Count values and a 1360 128 bit requested output key size to produce the PBKDF2 Derived Key. 1361 This example uses the following passphrase: 1363 Thus from my lips, by yours, my sin is purged. 1365 The octets representing the passphrase are: 1367 [84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108, 1368 105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, 1369 109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103, 1370 101, 100, 46] 1372 The Salt value (UTF8(Alg) || 0x00 || Salt Input) is: 1374 [80, 66, 69, 83, 50, 45, 72, 83, 50, 53, 54, 43, 65, 49, 50, 56, 75, 1375 87, 0, 217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 155, 137, 174, 1376 42, 80, 215]. 1378 The resulting PBKDF2 Derived Key value is: 1380 [110, 171, 169, 92, 129, 92, 109, 117, 233, 242, 116, 233, 170, 14, 1381 24, 75] 1383 C.5. Key Encryption 1385 Encrypt the CEK with the "A128KW" algorithm using the PBKDF2 Derived 1386 Key. The resulting JWE Encrypted Key value is: 1388 [78, 186, 151, 59, 11, 141, 81, 240, 213, 245, 83, 211, 53, 188, 134, 1389 188, 66, 125, 36, 200, 222, 124, 5, 103, 249, 52, 117, 184, 140, 81, 1390 246, 158, 161, 177, 20, 33, 245, 57, 59, 4] 1392 Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives 1393 this value: 1395 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA 1397 C.6. Initialization Vector 1399 Generate a random 128 bit JWE Initialization Vector. In this 1400 example, the value is: 1402 [97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149, 1403 156] 1404 Encoding this JWE Initialization Vector as BASE64URL(JWE 1405 Initialization Vector) gives this value: 1407 Ye9j1qs22DmRSAddIh-VnA 1409 C.7. Additional Authenticated Data 1411 Let the Additional Authenticated Data encryption parameter be 1412 ASCII(BASE64URL(UTF8(JWE Protected Header))). This value is: 1414 [123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, 1415 50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, 1416 58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, 1417 117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, 1418 52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, 1419 66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, 1420 106, 119, 107, 43, 106, 115, 111, 110, 34, 125] 1422 C.8. Content Encryption 1424 Encrypt the Plaintext with AES_128_CBC_HMAC_SHA_256 using the CEK as 1425 the encryption key, the JWE Initialization Vector, and the Additional 1426 Authenticated Data value above. The resulting Ciphertext is: 1428 [3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, 1429 131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, 1430 112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, 1431 157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, 1432 129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60, 1433 60, 47, 233, 132, 121, 13, 35, 188, 53, 19, 172, 77, 59, 54, 211, 1434 158, 172, 25, 60, 111, 0, 80, 201, 158, 160, 210, 68, 55, 12, 67, 1435 136, 130, 87, 216, 197, 95, 62, 20, 155, 205, 5, 140, 27, 168, 221, 1436 65, 114, 78, 157, 254, 46, 206, 182, 52, 135, 87, 239, 3, 34, 186, 1437 126, 220, 151, 17, 33, 237, 57, 96, 172, 183, 58, 45, 248, 103, 241, 1438 142, 136, 7, 53, 16, 173, 181, 7, 93, 92, 252, 1, 53, 212, 242, 8, 1439 255, 11, 239, 181, 24, 148, 136, 111, 24, 161, 244, 23, 106, 69, 157, 1440 215, 243, 189, 240, 166, 169, 249, 72, 38, 201, 99, 223, 173, 229, 9, 1441 222, 82, 79, 157, 176, 248, 85, 239, 121, 163, 1, 31, 48, 98, 206, 1442 61, 249, 104, 216, 201, 227, 105, 48, 194, 193, 10, 36, 160, 159, 1443 241, 166, 84, 54, 188, 211, 243, 242, 40, 46, 45, 193, 193, 160, 169, 1444 101, 201, 1, 73, 47, 105, 142, 88, 28, 42, 132, 26, 61, 58, 63, 142, 1445 243, 77, 26, 179, 153, 166, 46, 203, 208, 49, 55, 229, 34, 178, 4, 1446 109, 180, 204, 204, 115, 1, 103, 193, 5, 91, 215, 214, 195, 1, 110, 1447 208, 53, 144, 36, 105, 12, 54, 25, 129, 101, 15, 183, 150, 250, 147, 1448 115, 227, 58, 250, 5, 128, 232, 63, 15, 14, 19, 141, 124, 253, 142, 1449 137, 189, 135, 26, 44, 240, 27, 88, 132, 105, 127, 6, 71, 37, 41, 1450 124, 187, 165, 140, 34, 200, 123, 80, 228, 24, 231, 176, 132, 171, 1451 138, 145, 152, 116, 224, 50, 141, 51, 147, 91, 186, 7, 246, 106, 217, 1452 148, 244, 227, 244, 45, 220, 121, 165, 224, 148, 181, 17, 181, 128, 1453 197, 101, 237, 11, 169, 229, 149, 199, 78, 56, 15, 14, 190, 91, 216, 1454 222, 247, 213, 74, 40, 8, 96, 20, 168, 119, 96, 26, 24, 52, 37, 82, 1455 127, 57, 176, 147, 118, 59, 7, 224, 33, 117, 72, 155, 29, 82, 26, 1456 215, 189, 140, 119, 28, 152, 118, 93, 222, 194, 192, 148, 115, 83, 1457 253, 216, 212, 108, 88, 83, 175, 172, 220, 97, 79, 110, 42, 223, 170, 1458 161, 34, 164, 144, 193, 76, 122, 92, 160, 41, 178, 175, 6, 35, 96, 1459 113, 96, 158, 90, 129, 101, 26, 45, 70, 180, 189, 230, 15, 5, 247, 1460 150, 209, 94, 171, 26, 13, 142, 212, 129, 1, 176, 5, 0, 112, 203, 1461 174, 185, 119, 76, 233, 189, 54, 172, 189, 245, 223, 253, 205, 12, 1462 88, 9, 126, 157, 225, 90, 40, 229, 191, 63, 30, 160, 224, 69, 3, 140, 1463 109, 70, 89, 37, 213, 245, 194, 210, 180, 188, 63, 210, 139, 221, 2, 1464 144, 200, 20, 177, 216, 29, 227, 242, 106, 12, 135, 142, 139, 144, 1465 82, 225, 162, 171, 176, 108, 99, 6, 43, 193, 161, 116, 234, 216, 1, 1466 242, 21, 124, 162, 98, 205, 124, 193, 38, 12, 242, 90, 101, 76, 204, 1467 184, 124, 58, 180, 16, 240, 26, 76, 195, 250, 212, 191, 185, 191, 97, 1468 198, 186, 73, 225, 75, 14, 90, 123, 121, 172, 101, 50, 160, 221, 141, 1469 253, 205, 126, 77, 9, 87, 198, 110, 104, 182, 141, 120, 51, 25, 232, 1470 3, 32, 80, 6, 156, 8, 18, 4, 135, 221, 142, 25, 135, 2, 129, 132, 1471 115, 227, 74, 141, 28, 119, 11, 141, 117, 134, 198, 62, 150, 254, 97, 1472 75, 197, 251, 99, 89, 204, 224, 226, 67, 83, 175, 89, 0, 81, 29, 38, 1473 207, 89, 140, 255, 197, 177, 164, 128, 62, 116, 224, 180, 109, 169, 1474 28, 2, 59, 176, 130, 252, 44, 178, 81, 24, 181, 176, 75, 44, 61, 91, 1475 12, 37, 21, 255, 83, 130, 197, 16, 231, 60, 217, 56, 131, 118, 168, 1476 202, 58, 52, 84, 124, 162, 185, 174, 162, 226, 242, 112, 68, 246, 1477 202, 16, 208, 52, 154, 58, 129, 80, 102, 33, 171, 6, 186, 177, 14, 1478 195, 88, 136, 6, 0, 155, 28, 100, 162, 207, 162, 222, 117, 248, 170, 1479 208, 114, 87, 31, 57, 176, 33, 57, 83, 253, 12, 168, 110, 194, 59, 1480 22, 86, 48, 227, 196, 22, 176, 218, 122, 149, 21, 249, 195, 178, 174, 1481 250, 20, 34, 120, 60, 139, 201, 99, 40, 18, 177, 17, 54, 54, 6, 3, 1482 222, 128, 160, 88, 11, 27, 0, 81, 192, 36, 41, 169, 146, 8, 47, 64, 1483 136, 28, 64, 209, 67, 135, 202, 20, 234, 182, 91, 204, 146, 195, 187, 1484 0, 72, 77, 11, 111, 152, 204, 252, 177, 212, 89, 33, 50, 132, 184, 1485 44, 183, 186, 19, 250, 69, 176, 201, 102, 140, 14, 143, 212, 212, 1486 160, 123, 208, 185, 27, 155, 68, 77, 133, 198, 2, 126, 155, 215, 22, 1487 91, 30, 217, 176, 172, 244, 156, 174, 143, 75, 90, 21, 102, 1, 160, 1488 59, 253, 188, 88, 57, 185, 197, 83, 24, 22, 180, 174, 47, 207, 52, 1, 1489 141, 146, 119, 233, 68, 228, 224, 228, 193, 248, 155, 202, 90, 7, 1490 213, 88, 33, 108, 107, 14, 86, 8, 120, 250, 58, 142, 35, 164, 238, 1491 221, 219, 35, 123, 88, 199, 192, 143, 104, 83, 17, 166, 243, 247, 11, 1492 166, 67, 68, 204, 132, 23, 110, 103, 228, 14, 55, 122, 88, 57, 180, 1493 178, 237, 52, 130, 214, 245, 102, 123, 67, 73, 175, 1, 127, 112, 148, 1494 94, 132, 164, 197, 153, 217, 87, 25, 89, 93, 63, 22, 66, 166, 90, 1495 251, 101, 10, 145, 66, 17, 124, 36, 255, 165, 226, 97, 16, 86, 112, 1496 154, 88, 105, 253, 56, 209, 229, 122, 103, 51, 24, 228, 190, 3, 236, 1497 48, 182, 121, 176, 140, 128, 117, 87, 251, 224, 37, 23, 248, 21, 218, 1498 85, 251, 136, 84, 147, 143, 144, 46, 155, 183, 251, 89, 86, 23, 26, 1499 237, 100, 167, 32, 130, 173, 237, 89, 55, 110, 70, 142, 127, 65, 230, 1500 208, 109, 69, 19, 253, 84, 130, 130, 193, 92, 58, 108, 150, 42, 136, 1501 249, 234, 86, 241, 182, 19, 117, 246, 26, 181, 92, 101, 155, 44, 103, 1502 235, 173, 30, 140, 90, 29, 183, 190, 77, 53, 206, 127, 5, 87, 8, 187, 1503 184, 92, 4, 157, 22, 18, 105, 251, 39, 88, 182, 181, 103, 148, 233, 1504 6, 63, 70, 188, 7, 101, 216, 127, 77, 31, 12, 233, 7, 147, 106, 30, 1505 150, 77, 145, 13, 205, 48, 56, 245, 220, 89, 252, 127, 51, 180, 36, 1506 31, 55, 18, 214, 230, 254, 217, 197, 65, 247, 27, 215, 117, 247, 108, 1507 157, 121, 11, 63, 150, 195, 83, 6, 134, 242, 41, 24, 105, 204, 5, 63, 1508 192, 14, 159, 113, 72, 140, 128, 51, 215, 80, 215, 39, 149, 94, 79, 1509 128, 34, 5, 129, 82, 83, 121, 187, 37, 146, 27, 32, 177, 167, 71, 9, 1510 195, 30, 199, 196, 205, 252, 207, 69, 8, 120, 27, 190, 51, 43, 75, 1511 249, 234, 167, 116, 206, 203, 199, 43, 108, 87, 48, 155, 140, 228, 1512 210, 85, 25, 161, 96, 67, 8, 205, 64, 39, 75, 88, 44, 238, 227, 16, 1513 0, 100, 93, 129, 18, 4, 149, 50, 68, 72, 99, 35, 111, 254, 27, 102, 1514 175, 108, 233, 87, 181, 44, 169, 18, 139, 79, 208, 14, 202, 192, 5, 1515 162, 222, 231, 149, 24, 211, 49, 120, 101, 39, 206, 87, 147, 204, 1516 200, 251, 104, 115, 5, 127, 117, 195, 79, 151, 18, 224, 52, 0, 245, 1517 4, 85, 255, 103, 217, 0, 116, 198, 80, 91, 167, 192, 154, 199, 197, 1518 149, 237, 51, 2, 131, 30, 226, 95, 105, 48, 68, 135, 208, 144, 120, 1519 176, 145, 157, 8, 171, 80, 94, 61, 92, 92, 220, 157, 13, 138, 51, 23, 1520 185, 124, 31, 77, 1, 87, 241, 43, 239, 55, 122, 86, 210, 48, 208, 1521 204, 112, 144, 80, 147, 106, 219, 47, 253, 31, 134, 176, 16, 135, 1522 219, 95, 17, 129, 83, 236, 125, 136, 112, 86, 228, 252, 71, 129, 218, 1523 174, 156, 236, 12, 27, 159, 11, 138, 252, 253, 207, 31, 115, 214, 1524 118, 239, 203, 16, 211, 205, 99, 22, 51, 163, 107, 162, 246, 199, 67, 1525 127, 34, 108, 197, 53, 117, 58, 199, 3, 190, 74, 70, 190, 65, 235, 1526 175, 97, 157, 215, 252, 189, 245, 100, 229, 248, 46, 90, 126, 237, 4, 1527 159, 128, 58, 7, 156, 236, 69, 191, 85, 240, 179, 224, 249, 152, 49, 1528 195, 223, 60, 78, 186, 157, 155, 217, 58, 105, 116, 164, 217, 111, 1529 215, 150, 218, 252, 84, 86, 248, 140, 240, 226, 61, 106, 208, 95, 60, 1530 163, 6, 0, 235, 253, 162, 96, 62, 234, 251, 249, 35, 21, 7, 211, 233, 1531 86, 50, 33, 203, 67, 248, 60, 190, 123, 48, 167, 226, 90, 191, 71, 1532 56, 183, 165, 17, 85, 76, 238, 140, 211, 168, 53, 223, 194, 4, 97, 1533 149, 156, 120, 137, 76, 33, 229, 243, 194, 208, 198, 202, 139, 28, 1534 114, 46, 224, 92, 254, 83, 100, 134, 158, 92, 70, 78, 61, 62, 138, 1535 24, 173, 216, 66, 198, 70, 254, 47, 59, 193, 53, 6, 139, 19, 153, 1536 253, 28, 199, 122, 160, 27, 67, 234, 209, 227, 139, 4, 50, 7, 178, 1537 183, 89, 252, 32, 128, 137, 55, 52, 29, 89, 12, 111, 42, 181, 51, 1538 170, 132, 132, 207, 170, 228, 254, 178, 213, 0, 136, 175, 8] 1540 The resulting Authentication Tag value is: 1542 [208, 113, 102, 132, 236, 236, 67, 223, 39, 53, 98, 99, 32, 121, 17, 1543 236] 1545 Encoding this JWE Ciphertext as BASE64URL(JWE Ciphertext) gives this 1546 value (with line breaks for display purposes only): 1548 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1549 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1550 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1551 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1552 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1553 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1554 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1555 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1556 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1557 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1558 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1559 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1560 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1561 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1562 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1563 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1564 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1565 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1566 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1567 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1568 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1569 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1570 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1571 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1572 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1573 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1574 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1575 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1576 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1577 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1578 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1579 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1580 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1581 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg 1583 Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication 1584 Tag) gives this value: 1586 0HFmhOzsQ98nNWJjIHkR7A 1588 C.9. Complete Representation 1590 Assemble the final representation: The Compact Serialization of this 1591 result is the string BASE64URL(UTF8(JWE Protected Header)) || '.' || 1592 BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization 1593 Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE 1594 Authentication Tag). 1596 The final result in this example is: 1598 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1599 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1600 andrK2pzb24ifQ. 1601 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA. 1602 Ye9j1qs22DmRSAddIh-VnA. 1603 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1604 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1605 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1606 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1607 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1608 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1609 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1610 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1611 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1612 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1613 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1614 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1615 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1616 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1617 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1618 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1619 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1620 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1621 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1622 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1623 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1624 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1625 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1626 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1627 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1628 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1629 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1630 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1631 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1632 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1633 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1634 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1635 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1636 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg. 1637 0HFmhOzsQ98nNWJjIHkR7A 1639 Appendix D. Acknowledgements 1641 A JSON representation for RSA public keys was previously introduced 1642 by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures 1644 [MagicSignatures]. 1646 Thanks to Matt Miller for creating the encrypted key example and to 1647 Edmund Jay and Brian Campbell for validating the example. 1649 This specification is the work of the JOSE Working Group, which 1650 includes dozens of active and dedicated participants. In particular, 1651 the following individuals contributed ideas, feedback, and wording 1652 that influenced this specification: 1654 Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de 1655 Medeiros, Joe Hildebrand, Edmund Jay, Ben Laurie, James Manger, Matt 1656 Miller, Kathleen Moriarty, Tony Nadalin, Axel Nennker, John Panzer, 1657 Eric Rescorla, Nat Sakimura, Jim Schaad, Ryan Sleevi, Paul Tarjan, 1658 Hannes Tschofenig, and Sean Turner. 1660 Jim Schaad and Karen O'Donoghue chaired the JOSE working group and 1661 Sean Turner, Stephen Farrell, and Kathleen Moriarty served as 1662 Security area directors during the creation of this specification. 1664 Appendix E. Document History 1666 [[ to be removed by the RFC Editor before publication as an RFC ]] 1668 -31 1670 o No changes were made, other than to the version number and date. 1672 -30 1674 o Added references and cleaned up the reference syntax in a few 1675 places. 1677 o Applied minor wording changes to the Security Considerations 1678 section. 1680 -29 1682 o Replaced the terms JWS Header, JWE Header, and JWT Header with a 1683 single JOSE Header term defined in the JWS specification. This 1684 also enabled a single Header Parameter definition to be used and 1685 reduced other areas of duplication between specifications. 1687 -28 1689 o Revised the introduction to the Security Considerations section. 1691 o Refined the text about when applications using encrypted JWKs and 1692 JWK Sets would not need to use the "cty" header parameter. 1694 -27 1696 o Added an example JWK early in the draft. 1698 o Described additional security considerations. 1700 o Added the "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) JWK 1701 member. 1703 o Addressed a few editorial issues. 1705 -26 1707 o Referenced Section 6 of RFC 6125 for TLS server certificate 1708 identity validation. 1710 o Deleted misleading non-normative phrase from the "use" 1711 description. 1713 o Noted that octet sequences are depicted using JSON array notation. 1715 o Updated references, including to W3C specifications. 1717 -25 1719 o Updated WebCrypto reference to refer to W3C Last Call draft. 1721 -24 1723 o Corrected the authentication tag value in the encrypted key 1724 example. 1726 o Updated the JSON reference to RFC 7159. 1728 -23 1730 o No changes were made, other than to the version number and date. 1732 -22 1734 o Corrected RFC 2119 terminology usage. 1736 o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158. 1738 -21 1739 o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey" 1740 and "unwrapKey" to match the "KeyUsage" values defined in the 1741 current Web Cryptography API [WebCrypto] editor's draft. 1743 o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt 1744 Input), where the "p2s" Header Parameter encodes the Salt Input 1745 value and Alg is the "alg" Header Parameter value. 1747 o Changed some references from being normative to informative, 1748 addressing issue #90. 1750 -20 1752 o Renamed "use_details" to "key_ops" (key operations). 1754 o Clarified that "use" is meant for public key use cases, "key_ops" 1755 is meant for use cases in which public, private, or symmetric keys 1756 may be present, and that "use" and "key_ops" should not be used 1757 together. 1759 o Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis, 1760 addressing issue #90. 1762 -19 1764 o Added optional "use_details" (key use details) JWK member. 1766 o Reordered the key selection parameters. 1768 -18 1770 o Changes to address editorial and minor issues #68, #69, #73, #74, 1771 #76, #77, #78, #79, #82, #85, #89, and #135. 1773 o Added and used Description registry fields. 1775 -17 1777 o Refined the "typ" and "cty" definitions to always be MIME Media 1778 Types, with the omission of "application/" prefixes recommended 1779 for brevity, addressing issue #50. 1781 o Added an example encrypting an RSA private key with 1782 "PBES2-HS256+A128KW" and "A128CBC-HS256". Thanks to Matt Miller 1783 for producing this! 1785 o Processing rules occurring in both JWS and JWK are now referenced 1786 in JWS by JWK, rather than duplicated, addressing issue #57. 1788 o Terms used in multiple documents are now defined in one place and 1789 incorporated by reference. Some lightly used or obvious terms 1790 were also removed. This addresses issue #58. 1792 -16 1794 o Changes to address editorial and minor issues #41, #42, #43, #47, 1795 #51, #67, #71, #76, #80, #83, #84, #85, #86, #87, and #88. 1797 -15 1799 o Changes to address editorial issues #48, #64, #65, #66, and #91. 1801 -14 1803 o Relaxed language introducing key parameters since some parameters 1804 are applicable to multiple, but not all, key types. 1806 -13 1808 o Applied spelling and grammar corrections. 1810 -12 1812 o Stated that recipients MUST either reject JWKs and JWK Sets with 1813 duplicate member names or use a JSON parser that returns only the 1814 lexically last duplicate member name. 1816 -11 1818 o Stated that when "kid" values are used within a JWK Set, different 1819 keys within the JWK Set SHOULD use distinct "kid" values. 1821 o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate 1822 Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters. 1824 o Added section on Encrypted JWK and Encrypted JWK Set Formats. 1826 o Added a Parameter Information Class value to the JSON Web Key 1827 Parameters registry, which registers whether the parameter conveys 1828 public or private information. 1830 o Registered "application/jwk+json" and "application/jwk-set+json" 1831 MIME types and "JWK" and "JWK-SET" typ header parameter values, 1832 addressing issue #21. 1834 -10 1835 o No changes were made, other than to the version number and date. 1837 -09 1839 o Expanded the scope of the JWK specification to include private and 1840 symmetric key representations, as specified by 1841 draft-jones-jose-json-private-and-symmetric-key-00. 1843 o Defined that members that are not understood must be ignored. 1845 -08 1847 o Changed the name of the JWK key type parameter from "alg" to "kty" 1848 to enable use of "alg" to indicate the particular algorithm that 1849 the key is intended to be used with. 1851 o Clarified statements of the form "This member is OPTIONAL" to "Use 1852 of this member is OPTIONAL". 1854 o Referenced String Comparison Rules in JWS. 1856 o Added seriesInfo information to Internet Draft references. 1858 -07 1860 o Changed the name of the JWK RSA modulus parameter from "mod" to 1861 "n" and the name of the JWK RSA exponent parameter from "xpo" to 1862 "e", so that the identifiers are the same as those used in RFC 1863 3447. 1865 -06 1867 o Changed the name of the JWK RSA exponent parameter from "exp" to 1868 "xpo" so as to allow the potential use of the name "exp" for a 1869 future extension that might define an expiration parameter for 1870 keys. (The "exp" name is already used for this purpose in the JWT 1871 specification.) 1873 o Clarify that the "alg" (algorithm family) member is REQUIRED. 1875 o Correct an instance of "JWK" that should have been "JWK Set". 1877 o Applied changes made by the RFC Editor to RFC 6749's registry 1878 language to this specification. 1880 -05 1881 o Indented artwork elements to better distinguish them from the body 1882 text. 1884 -04 1886 o Refer to the registries as the primary sources of defined values 1887 and then secondarily reference the sections defining the initial 1888 contents of the registries. 1890 o Normatively reference XML DSIG 2.0 for its security 1891 considerations. 1893 o Added this language to Registration Templates: "This name is case 1894 sensitive. Names that match other registered names in a case 1895 insensitive manner SHOULD NOT be accepted." 1897 o Described additional open issues. 1899 o Applied editorial suggestions. 1901 -03 1903 o Clarified that "kid" values need not be unique within a JWK Set. 1905 o Moved JSON Web Key Parameters registry to the JWK specification. 1907 o Added "Collision Resistant Namespace" to the terminology section. 1909 o Changed registration requirements from RFC Required to 1910 Specification Required with Expert Review. 1912 o Added Registration Template sections for defined registries. 1914 o Added Registry Contents sections to populate registry values. 1916 o Numerous editorial improvements. 1918 -02 1920 o Simplified JWK terminology to get replace the "JWK Key Object" and 1921 "JWK Container Object" terms with simply "JSON Web Key (JWK)" and 1922 "JSON Web Key Set (JWK Set)" and to eliminate potential confusion 1923 between single keys and sets of keys. As part of this change, the 1924 top-level member name for a set of keys was changed from "jwk" to 1925 "keys". 1927 o Clarified that values with duplicate member names MUST be 1928 rejected. 1930 o Established JSON Web Key Set Parameters registry. 1932 o Explicitly listed non-goals in the introduction. 1934 o Moved algorithm-specific definitions from JWK to JWA. 1936 o Reformatted to give each member definition its own section 1937 heading. 1939 -01 1941 o Corrected the Magic Signatures reference. 1943 -00 1945 o Created the initial IETF draft based upon 1946 draft-jones-json-web-key-03 with no normative changes. 1948 Author's Address 1950 Michael B. Jones 1951 Microsoft 1953 Email: mbj@microsoft.com 1954 URI: http://self-issued.info/