idnits 2.17.1 draft-ietf-jose-json-web-key-33.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 25, 2014) is 3501 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ECMAScript' -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.X690.1994' ** Downref: Normative reference to an Historic RFC: RFC 1421 ** Obsolete normative reference: RFC 2818 (Obsoleted by RFC 9110) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 6125 (Obsoleted by RFC 9525) ** Obsolete normative reference: RFC 7159 (Obsoleted by RFC 8259) -- Possible downref: Non-RFC (?) normative reference: ref. 'USASCII' -- Obsolete informational reference (is this intentional?): RFC 3447 (Obsoleted by RFC 8017) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 5 errors (**), 0 flaws (~~), 1 warning (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 JOSE Working Group M. Jones 3 Internet-Draft Microsoft 4 Intended status: Standards Track September 25, 2014 5 Expires: March 29, 2015 7 JSON Web Key (JWK) 8 draft-ietf-jose-json-web-key-33 10 Abstract 12 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data 13 structure that represents a cryptographic key. This specification 14 also defines a JSON Web Key Set (JWK Set) JSON data structure that 15 represents a set of JWKs. Cryptographic algorithms and identifiers 16 for use with this specification are described in the separate JSON 17 Web Algorithms (JWA) specification and IANA registries defined by 18 that specification. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on March 29, 2015. 37 Copyright Notice 39 Copyright (c) 2014 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 4 56 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. Example JWK . . . . . . . . . . . . . . . . . . . . . . . . . 5 58 4. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 5 59 4.1. "kty" (Key Type) Parameter . . . . . . . . . . . . . . . . 6 60 4.2. "use" (Public Key Use) Parameter . . . . . . . . . . . . . 6 61 4.3. "key_ops" (Key Operations) Parameter . . . . . . . . . . . 7 62 4.4. "alg" (Algorithm) Parameter . . . . . . . . . . . . . . . 8 63 4.5. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 8 64 4.6. "x5u" (X.509 URL) Parameter . . . . . . . . . . . . . . . 8 65 4.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 9 66 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 9 67 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) 68 Parameter . . . . . . . . . . . . . . . . . . . . . . . . 9 69 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 10 70 5.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 10 71 6. String Comparison Rules . . . . . . . . . . . . . . . . . . . 10 72 7. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 11 73 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 74 8.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 12 75 8.1.1. Registration Template . . . . . . . . . . . . . . . . 12 76 8.1.2. Initial Registry Contents . . . . . . . . . . . . . . 13 77 8.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 15 78 8.2.1. Registration Template . . . . . . . . . . . . . . . . 15 79 8.2.2. Initial Registry Contents . . . . . . . . . . . . . . 15 80 8.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 16 81 8.3.1. Registration Template . . . . . . . . . . . . . . . . 16 82 8.3.2. Initial Registry Contents . . . . . . . . . . . . . . 16 83 8.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 17 84 8.4.1. Registration Template . . . . . . . . . . . . . . . . 18 85 8.4.2. Initial Registry Contents . . . . . . . . . . . . . . 18 86 8.5. Media Type Registration . . . . . . . . . . . . . . . . . 18 87 8.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 18 88 9. Security Considerations . . . . . . . . . . . . . . . . . . . 19 89 9.1. Key Provenance and Trust . . . . . . . . . . . . . . . . . 20 90 9.2. Preventing Disclosure of Non-Public Key Information . . . 20 91 9.3. RSA Private Key Representations and Blinding . . . . . . . 20 92 9.4. Key Entropy and Random Values . . . . . . . . . . . . . . 21 93 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21 94 10.1. Normative References . . . . . . . . . . . . . . . . . . . 21 95 10.2. Informative References . . . . . . . . . . . . . . . . . . 22 97 Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 23 98 A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 23 99 A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 24 100 A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 26 101 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) 102 Parameter . . . . . . . . . . . . . . . . . . . . . . 26 103 Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 27 104 C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 28 105 C.2. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . 31 106 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 31 107 C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 32 108 C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 32 109 C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 32 110 C.7. Additional Authenticated Data . . . . . . . . . . . . . . 33 111 C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 33 112 C.9. Complete Representation . . . . . . . . . . . . . . . . . 36 113 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 37 114 Appendix E. Document History . . . . . . . . . . . . . . . . . . 38 115 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 44 117 1. Introduction 119 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7159] 120 data structure that represents a cryptographic key. This 121 specification also defines a JSON Web Key Set (JWK Set) JSON data 122 structure that represents a set of JWKs. Cryptographic algorithms 123 and identifiers for use with this specification are described in the 124 separate JSON Web Algorithms (JWA) [JWA] specification and IANA 125 registries defined by that specification. 127 Goals for this specification do not include representing new kinds of 128 certificate chains, representing new kinds of certified keys, or 129 replacing X.509 certificates. 131 JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and 132 JSON Web Encryption (JWE) [JWE] specifications. 134 Names defined by this specification are short because a core goal is 135 for the resulting representations to be compact. 137 1.1. Notational Conventions 139 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 140 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 141 "OPTIONAL" in this document are to be interpreted as described in Key 142 words for use in RFCs to Indicate Requirement Levels [RFC2119]. If 143 these words are used without being spelled in uppercase then they are 144 to be interpreted with their normal natural language meanings. 146 BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per 147 Section 2. 149 UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation 150 of STRING. 152 ASCII(STRING) denotes the octets of the ASCII [USASCII] 153 representation of STRING. 155 The concatenation of two values A and B is denoted as A || B. 157 2. Terminology 159 These terms defined by the JSON Web Signature (JWS) [JWS] 160 specification are incorporated into this specification: "Base64url 161 Encoding", "Collision-Resistant Name", "Header Parameter", and "JOSE 162 Header". 164 These terms are defined by this specification: 166 JSON Web Key (JWK) 167 A JSON object that represents a cryptographic key. The members of 168 the object represent properties of the key, including its value. 170 JSON Web Key Set (JWK Set) 171 A JSON object that represents a set of JWKs. The JSON object MUST 172 have a "keys" member, which is an array of JWK objects. 174 3. Example JWK 176 This section provides an example of a JWK. The following example JWK 177 declares that the key is an Elliptic Curve [DSS] key, it is used with 178 the P-256 Elliptic Curve, and its x and y coordinates are the 179 base64url encoded values shown. A key identifier is also provided 180 for the key. 182 {"kty":"EC", 183 "crv":"P-256", 184 "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", 185 "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", 186 "kid":"Public key used in JWS A.3 example" 187 } 189 Additional example JWK values can be found in Appendix A. 191 4. JSON Web Key (JWK) Format 193 A JSON Web Key (JWK) is a JSON object that represents a cryptographic 194 key. The members of the object represent properties of the key, 195 including its value. This JSON object MAY contain white space and/or 196 line breaks. This document defines the key parameters that are not 197 algorithm specific, and thus common to many keys. 199 In addition to the common parameters, each JWK will have members that 200 are key type-specific. These members represent the parameters of the 201 key. Section 6 of the JSON Web Algorithms (JWA) [JWA] specification 202 defines multiple kinds of cryptographic keys and their associated 203 members. 205 The member names within a JWK MUST be unique; recipients MUST either 206 reject JWKs with duplicate member names or use a JSON parser that 207 returns only the lexically last duplicate member name, as specified 208 in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. 210 Additional members can be present in the JWK; if not understood by 211 implementations encountering them, they MUST be ignored. Member 212 names used for representing key parameters for different keys types 213 need not be distinct. Any new member name should either be 214 registered in the IANA JSON Web Key Parameters registry defined in 215 Section 8.1 or be a value that contains a Collision-Resistant Name. 217 4.1. "kty" (Key Type) Parameter 219 The "kty" (key type) member identifies the cryptographic algorithm 220 family used with the key. "kty" values should either be registered in 221 the IANA JSON Web Key Types registry defined in [JWA] or be a value 222 that contains a Collision-Resistant Name. The "kty" value is a case- 223 sensitive string. This member MUST be present in a JWK. 225 A list of defined "kty" values can be found in the IANA JSON Web Key 226 Types registry defined in [JWA]; the initial contents of this 227 registry are the values defined in Section 6.1 of the JSON Web 228 Algorithms (JWA) [JWA] specification. 230 The key type definitions include specification of the members to be 231 used for those key types. Additional members used with "kty" values 232 can also be found in the IANA JSON Web Key Parameters registry 233 defined in Section 8.1. 235 4.2. "use" (Public Key Use) Parameter 237 The "use" (public key use) member identifies the intended use of the 238 public key. The "use" parameter is employed to indicate whether a 239 public key is used for encrypting data or verifying the signature on 240 data. 242 Values defined by this specification are: 244 o "sig" (signature) 245 o "enc" (encryption) 247 Other values MAY be used. The "use" value is a case-sensitive 248 string. Use of the "use" member is OPTIONAL, unless the application 249 requires its presence. 251 When a key is used to wrap another key and a Public Key Use 252 designation for the first key is desired, the "enc" (encryption) key 253 use value is used, since key wrapping is a kind of encryption. The 254 "enc" value is also be used for public keys used for key agreement 255 operations. 257 Additional Public Key Use values can be registered in the IANA JSON 258 Web Key Use registry defined in Section 8.2. Registering any 259 extension values used is highly recommended when this specification 260 is used in open environments, in which multiple organizations need to 261 have a common understanding of any extensions used. However, 262 unregistered extension values can be used in closed environments, in 263 which the producing and consuming organization will always be the 264 same. 266 4.3. "key_ops" (Key Operations) Parameter 268 The "key_ops" (key operations) member identifies the operation(s) 269 that the key is intended to be used for. The "key_ops" parameter is 270 intended for use cases in which public, private, or symmetric keys 271 may be present. 273 Its value is an array of key operation values. Values defined by 274 this specification are: 276 o "sign" (compute signature or MAC) 277 o "verify" (verify signature or MAC) 278 o "encrypt" (encrypt content) 279 o "decrypt" (decrypt content and validate decryption, if applicable) 280 o "wrapKey" (encrypt key) 281 o "unwrapKey" (decrypt key and validate decryption, if applicable) 282 o "deriveKey" (derive key) 283 o "deriveBits" (derive bits not to be used as a key) 285 (Note that the "key_ops" values intentionally match the "KeyUsage" 286 values defined in the Web Cryptography API [WebCrypto] 287 specification.) 289 Other values MAY be used. The key operation values are case- 290 sensitive strings. Duplicate key operation values MUST NOT be 291 present in the array. Use of the "key_ops" member is OPTIONAL, 292 unless the application requires its presence. 294 Multiple unrelated key operations SHOULD NOT be specified for a key 295 because of the potential vulnerabilities associated with using the 296 same key with multiple algorithms. Thus, the combinations "sign" 297 with "verify", "encrypt" with "decrypt", and "wrapKey" with 298 "unwrapKey" are permitted, but other combinations SHOULD NOT be used. 300 Additional Key Operations values can be registered in the IANA JSON 301 Web Key Operations registry defined in Section 8.3. The same 302 considerations about registering extension values apply to the 303 "key_ops" member as do for the "use" member. 305 The "use" and "key_ops" JWK members SHOULD NOT be used together. 307 Applications should specify which of these members they use, if 308 either is to be used by the application. 310 4.4. "alg" (Algorithm) Parameter 312 The "alg" (algorithm) member identifies the algorithm intended for 313 use with the key. The values used should either be registered in the 314 IANA JSON Web Signature and Encryption Algorithms registry defined in 315 [JWA] or be a value that contains a Collision-Resistant Name. Use of 316 this member is OPTIONAL. 318 4.5. "kid" (Key ID) Parameter 320 The "kid" (key ID) member is used to match a specific key. This is 321 used, for instance, to choose among a set of keys within a JWK Set 322 during key rollover. The structure of the "kid" value is 323 unspecified. When "kid" values are used within a JWK Set, different 324 keys within the JWK Set SHOULD use distinct "kid" values. (One 325 example in which different keys might use the same "kid" value is if 326 they have different "kty" (key type) values but are considered to be 327 equivalent alternatives by the application using them.) The "kid" 328 value is a case-sensitive string. Use of this member is OPTIONAL. 330 When used with JWS or JWE, the "kid" value is used to match a JWS or 331 JWE "kid" Header Parameter value. 333 4.6. "x5u" (X.509 URL) Parameter 335 The "x5u" (X.509 URL) member is a URI [RFC3986] that refers to a 336 resource for an X.509 public key certificate or certificate chain 337 [RFC5280]. The identified resource MUST provide a representation of 338 the certificate or certificate chain that conforms to RFC 5280 339 [RFC5280] in PEM encoded form [RFC1421]. The key in the first 340 certificate MUST match the public key represented by other members of 341 the JWK. The protocol used to acquire the resource MUST provide 342 integrity protection; an HTTP GET request to retrieve the certificate 343 MUST use TLS [RFC2818, RFC5246]; the identity of the server MUST be 344 validated, as per Section 6 of RFC 6125 [RFC6125]. Use of this 345 member is OPTIONAL. 347 While there is no requirement that optional JWK members providing key 348 usage, algorithm, or other information be present when the "x5u" 349 member is used, doing so may improve interoperability for 350 applications that do not handle PKIX certificates. If other members 351 are present, the contents of those members MUST be semantically 352 consistent with the related fields in the first certificate. For 353 instance, if the "use" member is present, then it MUST correspond to 354 the usage that is specified in the certificate, when it includes this 355 information. Similarly, if the "alg" member is present, it MUST 356 correspond to the algorithm specified in the certificate. 358 4.7. "x5c" (X.509 Certificate Chain) Parameter 360 The "x5c" (X.509 Certificate Chain) member contains a chain of one or 361 more PKIX certificates [RFC5280]. The certificate chain is 362 represented as a JSON array of certificate value strings. Each 363 string in the array is a base64 encoded ([RFC4648] Section 4 -- not 364 base64url encoded) DER [ITU.X690.1994] PKIX certificate value. The 365 PKIX certificate containing the key value MUST be the first 366 certificate. This MAY be followed by additional certificates, with 367 each subsequent certificate being the one used to certify the 368 previous one. The key in the first certificate MUST match the public 369 key represented by other members of the JWK. Use of this member is 370 OPTIONAL. 372 As with the "x5u" member, optional JWK members providing key usage, 373 algorithm, or other information MAY also be present when the "x5c" 374 member is used. If other members are present, the contents of those 375 members MUST be semantically consistent with the related fields in 376 the first certificate. See the last paragraph of Section 4.6 for 377 additional guidance on this. 379 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter 381 The "x5t" (X.509 Certificate SHA-1 Thumbprint) member is a base64url 382 encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an 383 X.509 certificate [RFC5280]. Note that certificate thumbprints are 384 also sometimes known as certificate fingerprints. The key in the 385 certificate MUST match the public key represented by other members of 386 the JWK. Use of this member is OPTIONAL. 388 As with the "x5u" member, optional JWK members providing key usage, 389 algorithm, or other information MAY also be present when the "x5t" 390 member is used. If other members are present, the contents of those 391 members MUST be semantically consistent with the related fields in 392 the referenced certificate. See the last paragraph of Section 4.6 393 for additional guidance on this. 395 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter 397 The "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) member is a 398 base64url encoded SHA-256 thumbprint (a.k.a. digest) of the DER 399 encoding of an X.509 certificate [RFC5280]. Note that certificate 400 thumbprints are also sometimes known as certificate fingerprints. 401 The key in the certificate MUST match the public key represented by 402 other members of the JWK. Use of this member is OPTIONAL. 404 As with the "x5u" member, optional JWK members providing key usage, 405 algorithm, or other information MAY also be present when the 406 "x5t#S256" member is used. If other members are present, the 407 contents of those members MUST be semantically consistent with the 408 related fields in the referenced certificate. See the last paragraph 409 of Section 4.6 for additional guidance on this. 411 5. JSON Web Key Set (JWK Set) Format 413 A JSON Web Key Set (JWK Set) is a JSON object that represents a set 414 of JWKs. The JSON object MUST have a "keys" member, which is an 415 array of JWK objects. This JSON object MAY contain white space 416 and/or line breaks. 418 The member names within a JWK Set MUST be unique; recipients MUST 419 either reject JWK Sets with duplicate member names or use a JSON 420 parser that returns only the lexically last duplicate member name, as 421 specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 422 [ECMAScript]. 424 Additional members can be present in the JWK Set; if not understood 425 by implementations encountering them, they MUST be ignored. 426 Parameters for representing additional properties of JWK Sets should 427 either be registered in the IANA JSON Web Key Set Parameters registry 428 defined in Section 8.4 or be a value that contains a Collision- 429 Resistant Name. 431 Implementations SHOULD ignore JWKs within a JWK Set that use "kty" 432 (key type) values that are not understood by them, are missing 433 required members, or for which values are out of the supported 434 ranges. 436 5.1. "keys" Parameter 438 The value of the "keys" member is an array of JWK values. By 439 default, the order of the JWK values within the array does not imply 440 an order of preference among them, although applications of JWK Sets 441 can choose to assign a meaning to the order for their purposes, if 442 desired. This member MUST be present in a JWK Set. 444 6. String Comparison Rules 446 The string comparison rules for this specification are the same as 447 those defined in Section 5.3 of [JWS]. 449 7. Encrypted JWK and Encrypted JWK Set Formats 451 Access to JWKs containing non-public key material by parties without 452 legitimate access to the non-public information MUST be prevented. 453 This can be accomplished by encrypting the JWK when potentially 454 observable by such parties to prevent the disclosure of private or 455 symmetric key values. The use of an Encrypted JWK, which is a JWE 456 with the UTF-8 encoding of a JWK as its plaintext value, is 457 recommended for this purpose. The processing of Encrypted JWKs is 458 identical to the processing of other JWEs. A "cty" (content type) 459 Header Parameter value of "jwk+json" MUST be used to indicate that 460 the content of the JWE is a JWK, unless the application knows that 461 the encrypted content is a JWK by another means or convention, in 462 which case the "cty" value would typically be omitted. 464 JWK Sets containing non-public key material will also need to be 465 encrypted under these circumstances. The use of an Encrypted JWK 466 Set, which is a JWE with the UTF-8 encoding of a JWK Set as its 467 plaintext value, is recommended for this purpose. The processing of 468 Encrypted JWK Sets is identical to the processing of other JWEs. A 469 "cty" (content type) Header Parameter value of "jwk-set+json" MUST be 470 used to indicate that the content of the JWE is a JWK Set, unless the 471 application knows that the encrypted content is a JWK Set by another 472 means or convention, in which case the "cty" value would typically be 473 omitted. 475 See Appendix C for an example encrypted JWK. 477 8. IANA Considerations 479 The following registration procedure is used for all the registries 480 established by this specification. 482 Values are registered on a Specification Required [RFC5226] basis 483 after a three-week review period on the [TBD]@ietf.org mailing list, 484 on the advice of one or more Designated Experts. However, to allow 485 for the allocation of values prior to publication, the Designated 486 Expert(s) may approve registration once they are satisfied that such 487 a specification will be published. 489 Registration requests must be sent to the [TBD]@ietf.org mailing list 490 for review and comment, with an appropriate subject (e.g., "Request 491 for access token type: example"). [[ Note to the RFC Editor: The name 492 of the mailing list should be determined in consultation with the 493 IESG and IANA. Suggested name: jose-reg-review. ]] 495 Within the review period, the Designated Expert(s) will either 496 approve or deny the registration request, communicating this decision 497 to the review list and IANA. Denials should include an explanation 498 and, if applicable, suggestions as to how to make the request 499 successful. Registration requests that are undetermined for a period 500 longer than 21 days can be brought to the IESG's attention (using the 501 iesg@iesg.org mailing list) for resolution. 503 Criteria that should be applied by the Designated Expert(s) includes 504 determining whether the proposed registration duplicates existing 505 functionality, determining whether it is likely to be of general 506 applicability or whether it is useful only for a single application, 507 and whether the registration makes sense. 509 IANA must only accept registry updates from the Designated Expert(s) 510 and should direct all requests for registration to the review mailing 511 list. 513 It is suggested that multiple Designated Experts be appointed who are 514 able to represent the perspectives of different applications using 515 this specification, in order to enable broadly-informed review of 516 registration decisions. In cases where a registration decision could 517 be perceived as creating a conflict of interest for a particular 518 Expert, that Expert should defer to the judgment of the other 519 Expert(s). 521 8.1. JSON Web Key Parameters Registry 523 This specification establishes the IANA JSON Web Key Parameters 524 registry for JWK parameter names. The registry records the parameter 525 name, the key type(s) that the parameter is used with, and a 526 reference to the specification that defines it. It also records 527 whether the parameter conveys public or private information. This 528 specification registers the parameter names defined in Section 4. 529 The same JWK parameter name may be registered multiple times, 530 provided that duplicate parameter registrations are only for key type 531 specific JWK parameters; in this case, the meaning of the duplicate 532 parameter name is disambiguated by the "kty" value of the JWK 533 containing it. 535 8.1.1. Registration Template 537 Parameter Name: 538 The name requested (e.g., "example"). Because a core goal of this 539 specification is for the resulting representations to be compact, 540 it is RECOMMENDED that the name be short -- not to exceed 8 541 characters without a compelling reason to do so. This name is 542 case-sensitive. Names may not match other registered names in a 543 case-insensitive manner unless the Designated Expert(s) state that 544 there is a compelling reason to allow an exception in this 545 particular case. However, matching names may be registered, 546 provided that the accompanying sets of "kty" values that the 547 Parameter Name is used with are disjoint; for the purposes of 548 matching "kty" values, "*" matches all values. 550 Parameter Description: 551 Brief description of the parameter (e.g., "Example description"). 553 Used with "kty" Value(s): 554 The key type parameter value(s) that the parameter name is to be 555 used with, or the value "*" if the parameter value is used with 556 all key types. Values may not match other registered "kty" values 557 in a case-insensitive manner when the registered Parameter Name is 558 the same (including when the Parameter Name matches in a case- 559 insensitive manner) unless the Designated Expert(s) state that 560 there is a compelling reason to allow an exception in this 561 particular case. 563 Parameter Information Class: 564 Registers whether the parameter conveys public or private 565 information. Its value must be one the words Public or Private. 567 Change Controller: 568 For Standards Track RFCs, state "IESG". For others, give the name 569 of the responsible party. Other details (e.g., postal address, 570 email address, home page URI) may also be included. 572 Specification Document(s): 573 Reference to the document(s) that specify the parameter, 574 preferably including URI(s) that can be used to retrieve copies of 575 the document(s). An indication of the relevant sections may also 576 be included but is not required. 578 8.1.2. Initial Registry Contents 580 o Parameter Name: "kty" 581 o Parameter Description: Key Type 582 o Used with "kty" Value(s): * 583 o Parameter Information Class: Public 584 o Change Controller: IESG 585 o Specification Document(s): Section 4.1 of [[ this document ]] 587 o Parameter Name: "use" 588 o Parameter Description: Public Key Use 589 o Used with "kty" Value(s): * 590 o Parameter Information Class: Public 591 o Change Controller: IESG 592 o Specification Document(s): Section 4.2 of [[ this document ]] 594 o Parameter Name: "key_ops" 595 o Parameter Description: Key Operations 596 o Used with "kty" Value(s): * 597 o Parameter Information Class: Public 598 o Change Controller: IESG 599 o Specification Document(s): Section 4.3 of [[ this document ]] 601 o Parameter Name: "alg" 602 o Parameter Description: Algorithm 603 o Used with "kty" Value(s): * 604 o Parameter Information Class: Public 605 o Change Controller: IESG 606 o Specification Document(s): Section 4.4 of [[ this document ]] 608 o Parameter Name: "kid" 609 o Parameter Description: Key ID 610 o Used with "kty" Value(s): * 611 o Parameter Information Class: Public 612 o Change Controller: IESG 613 o Specification Document(s): Section 4.5 of [[ this document ]] 615 o Parameter Name: "x5u" 616 o Parameter Description: X.509 URL 617 o Used with "kty" Value(s): * 618 o Parameter Information Class: Public 619 o Change Controller: IESG 620 o Specification Document(s): Section 4.6 of [[ this document ]] 622 o Parameter Name: "x5c" 623 o Parameter Description: X.509 Certificate Chain 624 o Used with "kty" Value(s): * 625 o Parameter Information Class: Public 626 o Change Controller: IESG 627 o Specification Document(s): Section 4.7 of [[ this document ]] 629 o Parameter Name: "x5t" 630 o Parameter Description: X.509 Certificate SHA-1 Thumbprint 631 o Used with "kty" Value(s): * 632 o Parameter Information Class: Public 633 o Change Controller: IESG 634 o Specification Document(s): Section 4.8 of [[ this document ]] 635 o Parameter Name: "x5t#S256" 636 o Parameter Description: X.509 Certificate SHA-256 Thumbprint 637 o Used with "kty" Value(s): * 638 o Parameter Information Class: Public 639 o Change Controller: IESG 640 o Specification Document(s): Section 4.9 of [[ this document ]] 642 8.2. JSON Web Key Use Registry 644 This specification establishes the IANA JSON Web Key Use registry for 645 JWK "use" (public key use) member values. The registry records the 646 public key use value and a reference to the specification that 647 defines it. This specification registers the parameter names defined 648 in Section 4.2. 650 8.2.1. Registration Template 652 Use Member Value: 653 The name requested (e.g., "example"). Because a core goal of this 654 specification is for the resulting representations to be compact, 655 it is RECOMMENDED that the name be short -- not to exceed 8 656 characters without a compelling reason to do so. This name is 657 case-sensitive. Names may not match other registered names in a 658 case-insensitive manner unless the Designated Expert(s) state that 659 there is a compelling reason to allow an exception in this 660 particular case. 662 Use Description: 663 Brief description of the use (e.g., "Example description"). 665 Change Controller: 666 For Standards Track RFCs, state "IESG". For others, give the name 667 of the responsible party. Other details (e.g., postal address, 668 email address, home page URI) may also be included. 670 Specification Document(s): 671 Reference to the document(s) that specify the parameter, 672 preferably including URI(s) that can be used to retrieve copies of 673 the document(s). An indication of the relevant sections may also 674 be included but is not required. 676 8.2.2. Initial Registry Contents 678 o Use Member Value: "sig" 679 o Use Description: Signature or MAC 680 o Change Controller: IESG 681 o Specification Document(s): Section 4.2 of [[ this document ]] 683 o Use Member Value: "enc" 684 o Use Description: Encryption 685 o Change Controller: IESG 686 o Specification Document(s): Section 4.2 of [[ this document ]] 688 8.3. JSON Web Key Operations Registry 690 This specification establishes the IANA JSON Web Key Operations 691 registry for values of JWK "key_ops" array elements. The registry 692 records the key operation value and a reference to the specification 693 that defines it. This specification registers the parameter names 694 defined in Section 4.3. 696 8.3.1. Registration Template 698 Key Operation Value: 699 The name requested (e.g., "example"). Because a core goal of this 700 specification is for the resulting representations to be compact, 701 it is RECOMMENDED that the name be short -- not to exceed 8 702 characters without a compelling reason to do so. This name is 703 case-sensitive. Names may not match other registered names in a 704 case-insensitive manner unless the Designated Expert(s) state that 705 there is a compelling reason to allow an exception in this 706 particular case. 708 Key Operation Description: 709 Brief description of the key operation (e.g., "Example 710 description"). 712 Change Controller: 713 For Standards Track RFCs, state "IESG". For others, give the name 714 of the responsible party. Other details (e.g., postal address, 715 email address, home page URI) may also be included. 717 Specification Document(s): 718 Reference to the document(s) that specify the parameter, 719 preferably including URI(s) that can be used to retrieve copies of 720 the document(s). An indication of the relevant sections may also 721 be included but is not required. 723 8.3.2. Initial Registry Contents 725 o Key Operation Value: "sign" 726 o Key Operation Description: Compute signature or MAC 727 o Change Controller: IESG 728 o Specification Document(s): Section 4.3 of [[ this document ]] 730 o Key Operation Value: "verify" 731 o Key Operation Description: Verify signature or MAC 732 o Change Controller: IESG 733 o Specification Document(s): Section 4.3 of [[ this document ]] 735 o Key Operation Value: "encrypt" 736 o Key Operation Description: Encrypt content 737 o Change Controller: IESG 738 o Specification Document(s): Section 4.3 of [[ this document ]] 740 o Key Operation Value: "decrypt" 741 o Key Operation Description: Decrypt content and validate 742 decryption, if applicable 743 o Change Controller: IESG 744 o Specification Document(s): Section 4.3 of [[ this document ]] 746 o Key Operation Value: "wrapKey" 747 o Key Operation Description: Encrypt key 748 o Change Controller: IESG 749 o Specification Document(s): Section 4.3 of [[ this document ]] 751 o Key Operation Value: "unwrapKey" 752 o Key Operation Description: Decrypt key and validate decryption, if 753 applicable 754 o Change Controller: IESG 755 o Specification Document(s): Section 4.3 of [[ this document ]] 757 o Key Operation Value: "deriveKey" 758 o Key Operation Description: Derive key 759 o Change Controller: IESG 760 o Specification Document(s): Section 4.3 of [[ this document ]] 762 o Key Operation Value: "deriveBits" 763 o Key Operation Description: Derive bits not to be used as a key 764 o Change Controller: IESG 765 o Specification Document(s): Section 4.3 of [[ this document ]] 767 8.4. JSON Web Key Set Parameters Registry 769 This specification establishes the IANA JSON Web Key Set Parameters 770 registry for JWK Set parameter names. The registry records the 771 parameter name and a reference to the specification that defines it. 772 This specification registers the parameter names defined in 773 Section 5. 775 8.4.1. Registration Template 777 Parameter Name: 778 The name requested (e.g., "example"). Because a core goal of this 779 specification is for the resulting representations to be compact, 780 it is RECOMMENDED that the name be short -- not to exceed 8 781 characters without a compelling reason to do so. This name is 782 case-sensitive. Names may not match other registered names in a 783 case-insensitive manner unless the Designated Expert(s) state that 784 there is a compelling reason to allow an exception in this 785 particular case. 787 Parameter Description: 788 Brief description of the parameter (e.g., "Example description"). 790 Change Controller: 791 For Standards Track RFCs, state "IESG". For others, give the name 792 of the responsible party. Other details (e.g., postal address, 793 email address, home page URI) may also be included. 795 Specification Document(s): 796 Reference to the document(s) that specify the parameter, 797 preferably including URI(s) that can be used to retrieve copies of 798 the document(s). An indication of the relevant sections may also 799 be included but is not required. 801 8.4.2. Initial Registry Contents 803 o Parameter Name: "keys" 804 o Parameter Description: Array of JWK values 805 o Change Controller: IESG 806 o Specification Document(s): Section 5.1 of [[ this document ]] 808 8.5. Media Type Registration 810 8.5.1. Registry Contents 812 This specification registers the "application/jwk+json" and 813 "application/jwk-set+json" Media Types [RFC2046] in the MIME Media 814 Types registry [IANA.MediaTypes], which can be used to indicate, 815 respectively, that the content is a JWK or a JWK Set. 817 o Type Name: application 818 o Subtype Name: jwk+json 819 o Required Parameters: n/a 820 o Optional Parameters: n/a 821 o Encoding considerations: 8bit; application/jwk+json values are 822 represented as JSON object; UTF-8 encoding SHOULD be employed for 823 the JSON object. 824 o Security Considerations: See the Security Considerations section 825 of [[ this document ]] 826 o Interoperability Considerations: n/a 827 o Published Specification: [[ this document ]] 828 o Applications that use this media type: TBD 829 o Additional Information: Magic number(s): n/a, File extension(s): 830 n/a, Macintosh file type code(s): n/a 831 o Person & email address to contact for further information: Michael 832 B. Jones, mbj@microsoft.com 833 o Intended Usage: COMMON 834 o Restrictions on Usage: none 835 o Author: Michael B. Jones, mbj@microsoft.com 836 o Change Controller: IESG 838 o Type Name: application 839 o Subtype Name: jwk-set+json 840 o Required Parameters: n/a 841 o Optional Parameters: n/a 842 o Encoding considerations: 8bit; application/jwk-set+json values are 843 represented as a JSON Object; UTF-8 encoding SHOULD be employed 844 for the JSON object. 845 o Security Considerations: See the Security Considerations section 846 of [[ this document ]] 847 o Interoperability Considerations: n/a 848 o Published Specification: [[ this document ]] 849 o Applications that use this media type: TBD 850 o Additional Information: Magic number(s): n/a, File extension(s): 851 n/a, Macintosh file type code(s): n/a 852 o Person & email address to contact for further information: Michael 853 B. Jones, mbj@microsoft.com 854 o Intended Usage: COMMON 855 o Restrictions on Usage: none 856 o Author: Michael B. Jones, mbj@microsoft.com 857 o Change Controller: IESG 859 9. Security Considerations 861 All of the security issues that are pertinent to any cryptographic 862 application must be addressed by JWS/JWE/JWK agents. Among these 863 issues are protecting the user's asymmetric private and symmetric 864 secret keys and employing countermeasures to various attacks. 866 9.1. Key Provenance and Trust 868 One should place no more trust in the data cryptographically secured 869 by a key than in the method by which it was obtained and in the 870 trustworthiness of the entity asserting an association with the key. 871 Any data associated with a key that is obtained in an untrusted 872 manner should be treated with skepticism. See Section 10.3 of [JWS] 873 for security considerations on key origin authentication. 875 The security considerations in Section 12.3 of XML DSIG 2.0 876 [W3C.NOTE-xmldsig-core2-20130411] about the strength of a signature 877 depending upon all the links in the security chain also apply to this 878 specification. 880 The TLS Requirements in Section 8 of [JWS] also apply to this 881 specification. 883 9.2. Preventing Disclosure of Non-Public Key Information 885 Private and symmetric keys MUST be protected from disclosure to 886 unintended parties. One recommended means of doing so is to encrypt 887 JWKs or JWK Sets containing them by using the JWK or JWK Set value as 888 the plaintext of a JWE. Of course, this requires that there be a 889 secure way to obtain the key used to encrypt the non-public key 890 information to the intended party and a secure way for that party to 891 obtain the corresponding decryption key. 893 The security considerations in RFC 3447 [RFC3447] and RFC 6030 894 [RFC6030] about protecting private and symmetric keys, key usage, and 895 information leakage also apply to this specification. 897 9.3. RSA Private Key Representations and Blinding 899 The RSA Key blinding operation [Kocher], which is a defense against 900 some timing attacks, requires all of the RSA key values "n", "e", and 901 "d". However, some RSA private key representations do not include 902 the public exponent "e", but only include the modulus "n" and the 903 private exponent "d". This is true, for instance, of the Java 904 RSAPrivateKeySpec API, which does not include the public exponent "e" 905 as a parameter. So as to enable RSA key blinding, such 906 representations should be avoided. For Java, the 907 RSAPrivateCrtKeySpec API can be used instead. Section 8.2.2(i) of 908 the Handbook of Applied Cryptography [HAC] discusses how to compute 909 the remaining RSA private key parameters, if needed, using only "n", 910 "e", and "d". 912 9.4. Key Entropy and Random Values 914 See Section 10.1 of [JWS] for security considerations on key entropy 915 and random values. 917 10. References 919 10.1. Normative References 921 [ECMAScript] 922 Ecma International, "ECMAScript Language Specification, 923 5.1 Edition", ECMA 262, June 2011. 925 [IANA.MediaTypes] 926 Internet Assigned Numbers Authority (IANA), "MIME Media 927 Types", 2005. 929 [ITU.X690.1994] 930 International Telecommunications Union, "Information 931 Technology - ASN.1 encoding rules: Specification of Basic 932 Encoding Rules (BER), Canonical Encoding Rules (CER) and 933 Distinguished Encoding Rules (DER)", ITU-T Recommendation 934 X.690, 1994. 936 [JWA] Jones, M., "JSON Web Algorithms (JWA)", 937 draft-ietf-jose-json-web-algorithms (work in progress), 938 September 2014. 940 [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", 941 draft-ietf-jose-json-web-encryption (work in progress), 942 September 2014. 944 [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web 945 Signature (JWS)", draft-ietf-jose-json-web-signature (work 946 in progress), September 2014. 948 [RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic 949 Mail: Part I: Message Encryption and Authentication 950 Procedures", RFC 1421, February 1993. 952 [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 953 Extensions (MIME) Part Two: Media Types", RFC 2046, 954 November 1996. 956 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 957 Requirement Levels", BCP 14, RFC 2119, March 1997. 959 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 961 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 962 10646", STD 63, RFC 3629, November 2003. 964 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 965 Resource Identifier (URI): Generic Syntax", STD 66, 966 RFC 3986, January 2005. 968 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 969 Encodings", RFC 4648, October 2006. 971 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 972 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 974 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 975 Housley, R., and W. Polk, "Internet X.509 Public Key 976 Infrastructure Certificate and Certificate Revocation List 977 (CRL) Profile", RFC 5280, May 2008. 979 [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and 980 Verification of Domain-Based Application Service Identity 981 within Internet Public Key Infrastructure Using X.509 982 (PKIX) Certificates in the Context of Transport Layer 983 Security (TLS)", RFC 6125, March 2011. 985 [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data 986 Interchange Format", RFC 7159, March 2014. 988 [USASCII] American National Standards Institute, "Coded Character 989 Set -- 7-bit American Standard Code for Information 990 Interchange", ANSI X3.4, 1986. 992 10.2. Informative References 994 [DSS] National Institute of Standards and Technology, "Digital 995 Signature Standard (DSS)", FIPS PUB 186-4, July 2013. 997 [HAC] Menezes, A., van Oorschot, P., and S. Vanstone, "Handbook 998 of Applied Cryptography", CRC Press, 1996, 999 . 1001 [Kocher] Kocher, P., "Timing Attacks on Implementations of Diffe- 1002 Hellman, RSA, DSS, and Other Systems", In Proceedings of 1003 the 16th Annual International Cryptology Conference 1004 Advances in Cryptology, Springer-Verlag, pp. 104-113, 1005 1996. 1007 [MagicSignatures] 1008 Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic 1009 Signatures", January 2011. 1011 [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography 1012 Standards (PKCS) #1: RSA Cryptography Specifications 1013 Version 2.1", RFC 3447, February 2003. 1015 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1016 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 1017 May 2008. 1019 [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric 1020 Key Container (PSKC)", RFC 6030, October 2010. 1022 [W3C.NOTE-xmldsig-core2-20130411] 1023 Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Roessler, 1024 T., Yiu, K., Datta, P., and S. Cantor, "XML Signature 1025 Syntax and Processing Version 2.0", World Wide Web 1026 Consortium Note NOTE-xmldsig-core2-20130411, April 2013, 1027 . 1029 [WebCrypto] 1030 Sleevi, R. and M. Watson, "Web Cryptography API", World 1031 Wide Web Consortium Draft, March 2014, 1032 . 1034 Appendix A. Example JSON Web Key Sets 1036 A.1. Example Public Keys 1038 The following example JWK Set contains two public keys represented as 1039 JWKs: one using an Elliptic Curve algorithm and a second one using an 1040 RSA algorithm. The first specifies that the key is to be used for 1041 encryption. The second specifies that the key is to be used with the 1042 "RS256" algorithm. Both provide a Key ID for key matching purposes. 1043 In both cases, integers are represented using the base64url encoding 1044 of their big endian representations. (Long lines are broken are for 1045 display purposes only.) 1046 {"keys": 1047 [ 1048 {"kty":"EC", 1049 "crv":"P-256", 1050 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1051 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1052 "use":"enc", 1053 "kid":"1"}, 1055 {"kty":"RSA", 1056 "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 1057 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs 1058 tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 1059 QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI 1060 SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb 1061 w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1062 "e":"AQAB", 1063 "alg":"RS256", 1064 "kid":"2011-04-29"} 1065 ] 1066 } 1068 A.2. Example Private Keys 1070 The following example JWK Set contains two keys represented as JWKs 1071 containing both public and private key values: one using an Elliptic 1072 Curve algorithm and a second one using an RSA algorithm. This 1073 example extends the example in the previous section, adding private 1074 key values. (Line breaks are for display purposes only.) 1075 {"keys": 1076 [ 1077 {"kty":"EC", 1078 "crv":"P-256", 1079 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1080 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1081 "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", 1082 "use":"enc", 1083 "kid":"1"}, 1085 {"kty":"RSA", 1086 "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4 1087 cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMst 1088 n64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2Q 1089 vzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbIS 1090 D08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw 1091 0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1092 "e":"AQAB", 1093 "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9 1094 M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij 1095 wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d 1096 _cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz 1097 nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz 1098 me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", 1099 "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV 1100 nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV 1101 WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", 1102 "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum 1103 qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx 1104 kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", 1105 "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim 1106 YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu 1107 YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", 1108 "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU 1109 vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9 1110 GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", 1111 "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg 1112 UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx 1113 yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", 1114 "alg":"RS256", 1115 "kid":"2011-04-29"} 1116 ] 1117 } 1119 A.3. Example Symmetric Keys 1121 The following example JWK Set contains two symmetric keys represented 1122 as JWKs: one designated as being for use with the AES Key Wrap 1123 algorithm and a second one that is an HMAC key. (Line breaks are for 1124 display purposes only.) 1126 {"keys": 1127 [ 1128 {"kty":"oct", 1129 "alg":"A128KW", 1130 "k":"GawgguFyGrWKav7AX4VKUg"}, 1132 {"kty":"oct", 1133 "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75 1134 aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", 1135 "kid":"HMAC key used in JWS A.1 example"} 1136 ] 1137 } 1139 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter 1140 The following is an example of a JWK with a RSA signing key 1141 represented both as an RSA public key and as an X.509 certificate 1142 using the "x5c" parameter: 1144 {"kty":"RSA", 1145 "use":"sig", 1146 "kid":"1b94c", 1147 "n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08 1148 PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q 1149 u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a 1150 YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH 1151 MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv 1152 VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ", 1153 "e":"AQAB", 1154 "x5c": 1155 ["MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJB 1156 gNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYD 1157 VQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1 1158 wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBg 1159 NVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDV 1160 QQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1w 1161 YmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnH 1162 YMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66 1163 s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6 1164 SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpn 1165 fajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPq 1166 PvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVk 1167 aZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BA 1168 QUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL 1169 +9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1 1170 zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL 1171 2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo 1172 4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTq 1173 gawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA=="] 1174 } 1176 Appendix C. Example Encrypted RSA Private Key 1178 This example encrypts an RSA private key to the recipient using 1179 "PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for 1180 content encryption. 1182 NOTE: Unless otherwise indicated, all line breaks are included solely 1183 for readability. 1185 C.1. Plaintext RSA Private Key 1187 The following RSA key is the plaintext for the authenticated 1188 encryption operation, formatted as a JWK object: 1190 { 1191 "kty":"RSA", 1192 "kid":"juliet@capulet.lit", 1193 "use":"enc", 1194 "n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy 1195 O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP 1196 8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0 1197 Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X 1198 OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1 1199 _I8sLGuSiVdt3C_Fn2PZ3Z8i744FPFGGcG1qs2Wz-Q", 1200 "e":"AQAB", 1201 "d":"GRtbIQmhOZtyszfgKdg4u_N-R_mZGU_9k7JQ_jn1DnfTuMdSNprTeaSTyWfS 1202 NkuaAwnOEbIQVy1IQbWVV25NY3ybc_IhUJtfri7bAXYEReWaCl3hdlPKXy9U 1203 vqPYGR0kIXTQRqns-dVJ7jahlI7LyckrpTmrM8dWBo4_PMaenNnPiQgO0xnu 1204 ToxutRZJfJvG4Ox4ka3GORQd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu 1205 rY15k9qMSpG9OX_IJAXmxzAh_tWiZOwk2K4yxH9tS3Lq1yX8C1EWmeRDkK2a 1206 hecG85-oLKQt5VEpWHKmjOi_gJSdSgqcN96X52esAQ", 1207 "p":"2rnSOV4hKSN8sS4CgcQHFbs08XboFDqKum3sc4h3GRxrTmQdl1ZK9uw-PIHf 1208 QP0FkxXVrx-WE-ZEbrqivH_2iCLUS7wAl6XvARt1KkIaUxPPSYB9yk31s0Q8 1209 UK96E3_OrADAYtAJs-M3JxCLfNgqh56HDnETTQhH3rCT5T3yJws", 1210 "q":"1u_RiFDP7LBYh3N4GXLT9OpSKYP0uQZyiaZwBtOCBNJgQxaj10RWjsZu0c6I 1211 edis4S7B_coSKB0Kj9PaPaBzg-IySRvvcQuPamQu66riMhjVtG6TlV8CLCYK 1212 rYl52ziqK0E_ym2QnkwsUX7eYTB7LbAHRK9GqocDE5B0f808I4s", 1213 "dp":"KkMTWqBUefVwZ2_Dbj1pPQqyHSHjj90L5x_MOzqYAJMcLMZtbUtwKqvVDq3 1214 tbEo3ZIcohbDtt6SbfmWzggabpQxNxuBpoOOf_a_HgMXK_lhqigI4y_kqS1w 1215 Y52IwjUn5rgRrJ-yYo1h41KR-vz2pYhEAeYrhttWtxVqLCRViD6c", 1216 "dq":"AvfS0-gRxvn0bwJoMSnFxYcK1WnuEjQFluMGfwGitQBWtfZ1Er7t1xDkbN9 1217 GQTB9yqpDoYaN06H7CFtrkxhJIBQaj6nkF5KKS3TQtQ5qCzkOkmxIe3KRbBy 1218 mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu_lRFCOJ3xDea-ots", 1219 "qi":"lSQi-w9CpyUReMErP1RsBLk7wNtOvs5EQpPqmuMvqW57NBUczScEoPwmUqq 1220 abu9V0-Py4dQ57_bapoKRu1R90bvuFnU63SHWEFglZQvJDMeAvmj4sm-Fp0o 1221 Yu_neotgQ0hzbI5gry7ajdYy9-2lNx_76aBZoOUu9HCJ-UsfSOI8" 1222 } 1224 The octets representing the Plaintext used in this example (using 1225 JSON array notation) are: 1227 [123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107, 1228 105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112, 1229 117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34, 1230 58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56, 1231 80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78, 1232 89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87, 1233 101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49, 1234 103, 80, 78, 113, 70, 77, 83, 81, 82, 121, 79, 49, 50, 53, 71, 112, 1235 45, 84, 69, 107, 111, 100, 104, 87, 114, 48, 105, 117, 106, 106, 72, 1236 86, 120, 55, 66, 99, 86, 48, 108, 108, 83, 52, 119, 53, 65, 67, 71, 1237 103, 80, 114, 99, 65, 100, 54, 90, 99, 83, 82, 48, 45, 73, 113, 111, 1238 109, 45, 81, 70, 99, 78, 80, 56, 83, 106, 103, 48, 56, 54, 77, 119, 1239 111, 113, 81, 85, 95, 76, 89, 121, 119, 108, 65, 71, 90, 50, 49, 87, 1240 83, 100, 83, 95, 80, 69, 82, 121, 71, 70, 105, 78, 110, 106, 51, 81, 1241 81, 108, 79, 56, 89, 110, 115, 53, 106, 67, 116, 76, 67, 82, 119, 76, 1242 72, 76, 48, 80, 98, 49, 102, 69, 118, 52, 53, 65, 117, 82, 73, 117, 1243 85, 102, 86, 99, 80, 121, 83, 66, 87, 89, 110, 68, 121, 71, 120, 118, 1244 106, 89, 71, 68, 83, 77, 45, 65, 113, 87, 83, 57, 122, 73, 81, 50, 1245 90, 105, 108, 103, 84, 45, 71, 113, 85, 109, 105, 112, 103, 48, 88, 1246 79, 67, 48, 67, 99, 50, 48, 114, 103, 76, 101, 50, 121, 109, 76, 72, 1247 106, 112, 72, 99, 105, 67, 75, 86, 65, 98, 89, 53, 45, 76, 51, 50, 1248 45, 108, 83, 101, 90, 79, 45, 79, 115, 54, 85, 49, 53, 95, 97, 88, 1249 114, 107, 57, 71, 119, 56, 99, 80, 85, 97, 88, 49, 95, 73, 56, 115, 1250 76, 71, 117, 83, 105, 86, 100, 116, 51, 67, 95, 70, 110, 50, 80, 90, 1251 51, 90, 56, 105, 55, 52, 52, 70, 80, 70, 71, 71, 99, 71, 49, 113, 1252 115, 50, 87, 122, 45, 81, 34, 44, 34, 101, 34, 58, 34, 65, 81, 65, 1253 66, 34, 44, 34, 100, 34, 58, 34, 71, 82, 116, 98, 73, 81, 109, 104, 1254 79, 90, 116, 121, 115, 122, 102, 103, 75, 100, 103, 52, 117, 95, 78, 1255 45, 82, 95, 109, 90, 71, 85, 95, 57, 107, 55, 74, 81, 95, 106, 110, 1256 49, 68, 110, 102, 84, 117, 77, 100, 83, 78, 112, 114, 84, 101, 97, 1257 83, 84, 121, 87, 102, 83, 78, 107, 117, 97, 65, 119, 110, 79, 69, 98, 1258 73, 81, 86, 121, 49, 73, 81, 98, 87, 86, 86, 50, 53, 78, 89, 51, 121, 1259 98, 99, 95, 73, 104, 85, 74, 116, 102, 114, 105, 55, 98, 65, 88, 89, 1260 69, 82, 101, 87, 97, 67, 108, 51, 104, 100, 108, 80, 75, 88, 121, 57, 1261 85, 118, 113, 80, 89, 71, 82, 48, 107, 73, 88, 84, 81, 82, 113, 110, 1262 115, 45, 100, 86, 74, 55, 106, 97, 104, 108, 73, 55, 76, 121, 99, 1263 107, 114, 112, 84, 109, 114, 77, 56, 100, 87, 66, 111, 52, 95, 80, 1264 77, 97, 101, 110, 78, 110, 80, 105, 81, 103, 79, 48, 120, 110, 117, 1265 84, 111, 120, 117, 116, 82, 90, 74, 102, 74, 118, 71, 52, 79, 120, 1266 52, 107, 97, 51, 71, 79, 82, 81, 100, 57, 67, 115, 67, 90, 50, 118, 1267 115, 85, 68, 109, 115, 88, 79, 102, 85, 69, 78, 79, 121, 77, 113, 65, 1268 68, 67, 54, 112, 49, 77, 51, 104, 51, 51, 116, 115, 117, 114, 89, 49, 1269 53, 107, 57, 113, 77, 83, 112, 71, 57, 79, 88, 95, 73, 74, 65, 88, 1270 109, 120, 122, 65, 104, 95, 116, 87, 105, 90, 79, 119, 107, 50, 75, 1271 52, 121, 120, 72, 57, 116, 83, 51, 76, 113, 49, 121, 88, 56, 67, 49, 1272 69, 87, 109, 101, 82, 68, 107, 75, 50, 97, 104, 101, 99, 71, 56, 53, 1273 45, 111, 76, 75, 81, 116, 53, 86, 69, 112, 87, 72, 75, 109, 106, 79, 1274 105, 95, 103, 74, 83, 100, 83, 103, 113, 99, 78, 57, 54, 88, 53, 50, 1275 101, 115, 65, 81, 34, 44, 34, 112, 34, 58, 34, 50, 114, 110, 83, 79, 1276 86, 52, 104, 75, 83, 78, 56, 115, 83, 52, 67, 103, 99, 81, 72, 70, 1277 98, 115, 48, 56, 88, 98, 111, 70, 68, 113, 75, 117, 109, 51, 115, 99, 1278 52, 104, 51, 71, 82, 120, 114, 84, 109, 81, 100, 108, 49, 90, 75, 57, 1279 117, 119, 45, 80, 73, 72, 102, 81, 80, 48, 70, 107, 120, 88, 86, 114, 1280 120, 45, 87, 69, 45, 90, 69, 98, 114, 113, 105, 118, 72, 95, 50, 105, 1281 67, 76, 85, 83, 55, 119, 65, 108, 54, 88, 118, 65, 82, 116, 49, 75, 1282 107, 73, 97, 85, 120, 80, 80, 83, 89, 66, 57, 121, 107, 51, 49, 115, 1283 48, 81, 56, 85, 75, 57, 54, 69, 51, 95, 79, 114, 65, 68, 65, 89, 116, 1284 65, 74, 115, 45, 77, 51, 74, 120, 67, 76, 102, 78, 103, 113, 104, 53, 1285 54, 72, 68, 110, 69, 84, 84, 81, 104, 72, 51, 114, 67, 84, 53, 84, 1286 51, 121, 74, 119, 115, 34, 44, 34, 113, 34, 58, 34, 49, 117, 95, 82, 1287 105, 70, 68, 80, 55, 76, 66, 89, 104, 51, 78, 52, 71, 88, 76, 84, 57, 1288 79, 112, 83, 75, 89, 80, 48, 117, 81, 90, 121, 105, 97, 90, 119, 66, 1289 116, 79, 67, 66, 78, 74, 103, 81, 120, 97, 106, 49, 48, 82, 87, 106, 1290 115, 90, 117, 48, 99, 54, 73, 101, 100, 105, 115, 52, 83, 55, 66, 95, 1291 99, 111, 83, 75, 66, 48, 75, 106, 57, 80, 97, 80, 97, 66, 122, 103, 1292 45, 73, 121, 83, 82, 118, 118, 99, 81, 117, 80, 97, 109, 81, 117, 54, 1293 54, 114, 105, 77, 104, 106, 86, 116, 71, 54, 84, 108, 86, 56, 67, 76, 1294 67, 89, 75, 114, 89, 108, 53, 50, 122, 105, 113, 75, 48, 69, 95, 121, 1295 109, 50, 81, 110, 107, 119, 115, 85, 88, 55, 101, 89, 84, 66, 55, 76, 1296 98, 65, 72, 82, 75, 57, 71, 113, 111, 99, 68, 69, 53, 66, 48, 102, 1297 56, 48, 56, 73, 52, 115, 34, 44, 34, 100, 112, 34, 58, 34, 75, 107, 1298 77, 84, 87, 113, 66, 85, 101, 102, 86, 119, 90, 50, 95, 68, 98, 106, 1299 49, 112, 80, 81, 113, 121, 72, 83, 72, 106, 106, 57, 48, 76, 53, 120, 1300 95, 77, 79, 122, 113, 89, 65, 74, 77, 99, 76, 77, 90, 116, 98, 85, 1301 116, 119, 75, 113, 118, 86, 68, 113, 51, 116, 98, 69, 111, 51, 90, 1302 73, 99, 111, 104, 98, 68, 116, 116, 54, 83, 98, 102, 109, 87, 122, 1303 103, 103, 97, 98, 112, 81, 120, 78, 120, 117, 66, 112, 111, 79, 79, 1304 102, 95, 97, 95, 72, 103, 77, 88, 75, 95, 108, 104, 113, 105, 103, 1305 73, 52, 121, 95, 107, 113, 83, 49, 119, 89, 53, 50, 73, 119, 106, 85, 1306 110, 53, 114, 103, 82, 114, 74, 45, 121, 89, 111, 49, 104, 52, 49, 1307 75, 82, 45, 118, 122, 50, 112, 89, 104, 69, 65, 101, 89, 114, 104, 1308 116, 116, 87, 116, 120, 86, 113, 76, 67, 82, 86, 105, 68, 54, 99, 34, 1309 44, 34, 100, 113, 34, 58, 34, 65, 118, 102, 83, 48, 45, 103, 82, 120, 1310 118, 110, 48, 98, 119, 74, 111, 77, 83, 110, 70, 120, 89, 99, 75, 49, 1311 87, 110, 117, 69, 106, 81, 70, 108, 117, 77, 71, 102, 119, 71, 105, 1312 116, 81, 66, 87, 116, 102, 90, 49, 69, 114, 55, 116, 49, 120, 68, 1313 107, 98, 78, 57, 71, 81, 84, 66, 57, 121, 113, 112, 68, 111, 89, 97, 1314 78, 48, 54, 72, 55, 67, 70, 116, 114, 107, 120, 104, 74, 73, 66, 81, 1315 97, 106, 54, 110, 107, 70, 53, 75, 75, 83, 51, 84, 81, 116, 81, 53, 1316 113, 67, 122, 107, 79, 107, 109, 120, 73, 101, 51, 75, 82, 98, 66, 1317 121, 109, 88, 120, 107, 98, 53, 113, 119, 85, 112, 88, 53, 69, 76, 1318 68, 53, 120, 70, 99, 54, 70, 101, 105, 97, 102, 87, 89, 89, 54, 51, 1319 84, 109, 109, 69, 65, 117, 95, 108, 82, 70, 67, 79, 74, 51, 120, 68, 1320 101, 97, 45, 111, 116, 115, 34, 44, 34, 113, 105, 34, 58, 34, 108, 1321 83, 81, 105, 45, 119, 57, 67, 112, 121, 85, 82, 101, 77, 69, 114, 80, 1322 49, 82, 115, 66, 76, 107, 55, 119, 78, 116, 79, 118, 115, 53, 69, 81, 1323 112, 80, 113, 109, 117, 77, 118, 113, 87, 53, 55, 78, 66, 85, 99, 1324 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, 1325 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, 1326 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, 1327 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, 1328 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, 1329 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, 1330 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, 1331 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, 1332 125] 1334 C.2. JOSE Header 1336 The following example JWE Protected Header declares that: 1338 o the Content Encryption Key is encrypted to the recipient using the 1339 PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, 1341 o the Salt Input ("p2s") value is [217, 96, 147, 112, 150, 117, 70, 1342 247, 127, 8, 155, 137, 174, 42, 80, 215], 1344 o the Iteration Count ("p2c") value is 4096, 1346 o authenticated encryption is performed on the Plaintext using the 1347 AES_128_CBC_HMAC_SHA_256 algorithm to produce the Ciphertext and 1348 the Authentication Tag, and 1350 o the content type is application/jwk+json. 1352 { 1353 "alg":"PBES2-HS256+A128KW", 1354 "p2s":"2WCTcJZ1Rvd_CJuJripQ1w", 1355 "p2c":4096, 1356 "enc":"A128CBC-HS256", 1357 "cty":"jwk+json" 1358 } 1360 Encoding this JWE Protected Header as BASE64URL(UTF8(JWE Protected 1361 Header)) gives this value (with line breaks for display purposes 1362 only): 1364 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1365 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1366 andrK2pzb24ifQ 1368 C.3. Content Encryption Key (CEK) 1370 Generate a 256 bit random Content Encryption Key (CEK). In this 1371 example, the value (using JSON array notation) is: 1373 [111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 112, 1374 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 48, 1375 253, 182] 1377 C.4. Key Derivation 1379 Derive a key from a shared passphrase using the PBKDF2 algorithm with 1380 HMAC SHA-256 and the specified Salt and Iteration Count values and a 1381 128 bit requested output key size to produce the PBKDF2 Derived Key. 1382 This example uses the following passphrase: 1384 Thus from my lips, by yours, my sin is purged. 1386 The octets representing the passphrase are: 1388 [84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108, 1389 105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, 1390 109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103, 1391 101, 100, 46] 1393 The Salt value (UTF8(Alg) || 0x00 || Salt Input) is: 1395 [80, 66, 69, 83, 50, 45, 72, 83, 50, 53, 54, 43, 65, 49, 50, 56, 75, 1396 87, 0, 217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 155, 137, 174, 1397 42, 80, 215]. 1399 The resulting PBKDF2 Derived Key value is: 1401 [110, 171, 169, 92, 129, 92, 109, 117, 233, 242, 116, 233, 170, 14, 1402 24, 75] 1404 C.5. Key Encryption 1406 Encrypt the CEK with the "A128KW" algorithm using the PBKDF2 Derived 1407 Key. The resulting JWE Encrypted Key value is: 1409 [78, 186, 151, 59, 11, 141, 81, 240, 213, 245, 83, 211, 53, 188, 134, 1410 188, 66, 125, 36, 200, 222, 124, 5, 103, 249, 52, 117, 184, 140, 81, 1411 246, 158, 161, 177, 20, 33, 245, 57, 59, 4] 1413 Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives 1414 this value: 1416 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA 1418 C.6. Initialization Vector 1420 Generate a random 128 bit JWE Initialization Vector. In this 1421 example, the value is: 1423 [97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149, 1424 156] 1425 Encoding this JWE Initialization Vector as BASE64URL(JWE 1426 Initialization Vector) gives this value: 1428 Ye9j1qs22DmRSAddIh-VnA 1430 C.7. Additional Authenticated Data 1432 Let the Additional Authenticated Data encryption parameter be 1433 ASCII(BASE64URL(UTF8(JWE Protected Header))). This value is: 1435 [123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, 1436 50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, 1437 58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, 1438 117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, 1439 52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, 1440 66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, 1441 106, 119, 107, 43, 106, 115, 111, 110, 34, 125] 1443 C.8. Content Encryption 1445 Perform authenticated encryption on the Plaintext with the 1446 AES_128_CBC_HMAC_SHA_256 algorithm using the CEK as the encryption 1447 key, the JWE Initialization Vector, and the Additional Authenticated 1448 Data value above. The resulting Ciphertext is: 1450 [3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, 1451 131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, 1452 112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, 1453 157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, 1454 129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60, 1455 60, 47, 233, 132, 121, 13, 35, 188, 53, 19, 172, 77, 59, 54, 211, 1456 158, 172, 25, 60, 111, 0, 80, 201, 158, 160, 210, 68, 55, 12, 67, 1457 136, 130, 87, 216, 197, 95, 62, 20, 155, 205, 5, 140, 27, 168, 221, 1458 65, 114, 78, 157, 254, 46, 206, 182, 52, 135, 87, 239, 3, 34, 186, 1459 126, 220, 151, 17, 33, 237, 57, 96, 172, 183, 58, 45, 248, 103, 241, 1460 142, 136, 7, 53, 16, 173, 181, 7, 93, 92, 252, 1, 53, 212, 242, 8, 1461 255, 11, 239, 181, 24, 148, 136, 111, 24, 161, 244, 23, 106, 69, 157, 1462 215, 243, 189, 240, 166, 169, 249, 72, 38, 201, 99, 223, 173, 229, 9, 1463 222, 82, 79, 157, 176, 248, 85, 239, 121, 163, 1, 31, 48, 98, 206, 1464 61, 249, 104, 216, 201, 227, 105, 48, 194, 193, 10, 36, 160, 159, 1465 241, 166, 84, 54, 188, 211, 243, 242, 40, 46, 45, 193, 193, 160, 169, 1466 101, 201, 1, 73, 47, 105, 142, 88, 28, 42, 132, 26, 61, 58, 63, 142, 1467 243, 77, 26, 179, 153, 166, 46, 203, 208, 49, 55, 229, 34, 178, 4, 1468 109, 180, 204, 204, 115, 1, 103, 193, 5, 91, 215, 214, 195, 1, 110, 1469 208, 53, 144, 36, 105, 12, 54, 25, 129, 101, 15, 183, 150, 250, 147, 1470 115, 227, 58, 250, 5, 128, 232, 63, 15, 14, 19, 141, 124, 253, 142, 1471 137, 189, 135, 26, 44, 240, 27, 88, 132, 105, 127, 6, 71, 37, 41, 1472 124, 187, 165, 140, 34, 200, 123, 80, 228, 24, 231, 176, 132, 171, 1473 138, 145, 152, 116, 224, 50, 141, 51, 147, 91, 186, 7, 246, 106, 217, 1474 148, 244, 227, 244, 45, 220, 121, 165, 224, 148, 181, 17, 181, 128, 1475 197, 101, 237, 11, 169, 229, 149, 199, 78, 56, 15, 14, 190, 91, 216, 1476 222, 247, 213, 74, 40, 8, 96, 20, 168, 119, 96, 26, 24, 52, 37, 82, 1477 127, 57, 176, 147, 118, 59, 7, 224, 33, 117, 72, 155, 29, 82, 26, 1478 215, 189, 140, 119, 28, 152, 118, 93, 222, 194, 192, 148, 115, 83, 1479 253, 216, 212, 108, 88, 83, 175, 172, 220, 97, 79, 110, 42, 223, 170, 1480 161, 34, 164, 144, 193, 76, 122, 92, 160, 41, 178, 175, 6, 35, 96, 1481 113, 96, 158, 90, 129, 101, 26, 45, 70, 180, 189, 230, 15, 5, 247, 1482 150, 209, 94, 171, 26, 13, 142, 212, 129, 1, 176, 5, 0, 112, 203, 1483 174, 185, 119, 76, 233, 189, 54, 172, 189, 245, 223, 253, 205, 12, 1484 88, 9, 126, 157, 225, 90, 40, 229, 191, 63, 30, 160, 224, 69, 3, 140, 1485 109, 70, 89, 37, 213, 245, 194, 210, 180, 188, 63, 210, 139, 221, 2, 1486 144, 200, 20, 177, 216, 29, 227, 242, 106, 12, 135, 142, 139, 144, 1487 82, 225, 162, 171, 176, 108, 99, 6, 43, 193, 161, 116, 234, 216, 1, 1488 242, 21, 124, 162, 98, 205, 124, 193, 38, 12, 242, 90, 101, 76, 204, 1489 184, 124, 58, 180, 16, 240, 26, 76, 195, 250, 212, 191, 185, 191, 97, 1490 198, 186, 73, 225, 75, 14, 90, 123, 121, 172, 101, 50, 160, 221, 141, 1491 253, 205, 126, 77, 9, 87, 198, 110, 104, 182, 141, 120, 51, 25, 232, 1492 3, 32, 80, 6, 156, 8, 18, 4, 135, 221, 142, 25, 135, 2, 129, 132, 1493 115, 227, 74, 141, 28, 119, 11, 141, 117, 134, 198, 62, 150, 254, 97, 1494 75, 197, 251, 99, 89, 204, 224, 226, 67, 83, 175, 89, 0, 81, 29, 38, 1495 207, 89, 140, 255, 197, 177, 164, 128, 62, 116, 224, 180, 109, 169, 1496 28, 2, 59, 176, 130, 252, 44, 178, 81, 24, 181, 176, 75, 44, 61, 91, 1497 12, 37, 21, 255, 83, 130, 197, 16, 231, 60, 217, 56, 131, 118, 168, 1498 202, 58, 52, 84, 124, 162, 185, 174, 162, 226, 242, 112, 68, 246, 1499 202, 16, 208, 52, 154, 58, 129, 80, 102, 33, 171, 6, 186, 177, 14, 1500 195, 88, 136, 6, 0, 155, 28, 100, 162, 207, 162, 222, 117, 248, 170, 1501 208, 114, 87, 31, 57, 176, 33, 57, 83, 253, 12, 168, 110, 194, 59, 1502 22, 86, 48, 227, 196, 22, 176, 218, 122, 149, 21, 249, 195, 178, 174, 1503 250, 20, 34, 120, 60, 139, 201, 99, 40, 18, 177, 17, 54, 54, 6, 3, 1504 222, 128, 160, 88, 11, 27, 0, 81, 192, 36, 41, 169, 146, 8, 47, 64, 1505 136, 28, 64, 209, 67, 135, 202, 20, 234, 182, 91, 204, 146, 195, 187, 1506 0, 72, 77, 11, 111, 152, 204, 252, 177, 212, 89, 33, 50, 132, 184, 1507 44, 183, 186, 19, 250, 69, 176, 201, 102, 140, 14, 143, 212, 212, 1508 160, 123, 208, 185, 27, 155, 68, 77, 133, 198, 2, 126, 155, 215, 22, 1509 91, 30, 217, 176, 172, 244, 156, 174, 143, 75, 90, 21, 102, 1, 160, 1510 59, 253, 188, 88, 57, 185, 197, 83, 24, 22, 180, 174, 47, 207, 52, 1, 1511 141, 146, 119, 233, 68, 228, 224, 228, 193, 248, 155, 202, 90, 7, 1512 213, 88, 33, 108, 107, 14, 86, 8, 120, 250, 58, 142, 35, 164, 238, 1513 221, 219, 35, 123, 88, 199, 192, 143, 104, 83, 17, 166, 243, 247, 11, 1514 166, 67, 68, 204, 132, 23, 110, 103, 228, 14, 55, 122, 88, 57, 180, 1515 178, 237, 52, 130, 214, 245, 102, 123, 67, 73, 175, 1, 127, 112, 148, 1516 94, 132, 164, 197, 153, 217, 87, 25, 89, 93, 63, 22, 66, 166, 90, 1517 251, 101, 10, 145, 66, 17, 124, 36, 255, 165, 226, 97, 16, 86, 112, 1518 154, 88, 105, 253, 56, 209, 229, 122, 103, 51, 24, 228, 190, 3, 236, 1519 48, 182, 121, 176, 140, 128, 117, 87, 251, 224, 37, 23, 248, 21, 218, 1520 85, 251, 136, 84, 147, 143, 144, 46, 155, 183, 251, 89, 86, 23, 26, 1521 237, 100, 167, 32, 130, 173, 237, 89, 55, 110, 70, 142, 127, 65, 230, 1522 208, 109, 69, 19, 253, 84, 130, 130, 193, 92, 58, 108, 150, 42, 136, 1523 249, 234, 86, 241, 182, 19, 117, 246, 26, 181, 92, 101, 155, 44, 103, 1524 235, 173, 30, 140, 90, 29, 183, 190, 77, 53, 206, 127, 5, 87, 8, 187, 1525 184, 92, 4, 157, 22, 18, 105, 251, 39, 88, 182, 181, 103, 148, 233, 1526 6, 63, 70, 188, 7, 101, 216, 127, 77, 31, 12, 233, 7, 147, 106, 30, 1527 150, 77, 145, 13, 205, 48, 56, 245, 220, 89, 252, 127, 51, 180, 36, 1528 31, 55, 18, 214, 230, 254, 217, 197, 65, 247, 27, 215, 117, 247, 108, 1529 157, 121, 11, 63, 150, 195, 83, 6, 134, 242, 41, 24, 105, 204, 5, 63, 1530 192, 14, 159, 113, 72, 140, 128, 51, 215, 80, 215, 39, 149, 94, 79, 1531 128, 34, 5, 129, 82, 83, 121, 187, 37, 146, 27, 32, 177, 167, 71, 9, 1532 195, 30, 199, 196, 205, 252, 207, 69, 8, 120, 27, 190, 51, 43, 75, 1533 249, 234, 167, 116, 206, 203, 199, 43, 108, 87, 48, 155, 140, 228, 1534 210, 85, 25, 161, 96, 67, 8, 205, 64, 39, 75, 88, 44, 238, 227, 16, 1535 0, 100, 93, 129, 18, 4, 149, 50, 68, 72, 99, 35, 111, 254, 27, 102, 1536 175, 108, 233, 87, 181, 44, 169, 18, 139, 79, 208, 14, 202, 192, 5, 1537 162, 222, 231, 149, 24, 211, 49, 120, 101, 39, 206, 87, 147, 204, 1538 200, 251, 104, 115, 5, 127, 117, 195, 79, 151, 18, 224, 52, 0, 245, 1539 4, 85, 255, 103, 217, 0, 116, 198, 80, 91, 167, 192, 154, 199, 197, 1540 149, 237, 51, 2, 131, 30, 226, 95, 105, 48, 68, 135, 208, 144, 120, 1541 176, 145, 157, 8, 171, 80, 94, 61, 92, 92, 220, 157, 13, 138, 51, 23, 1542 185, 124, 31, 77, 1, 87, 241, 43, 239, 55, 122, 86, 210, 48, 208, 1543 204, 112, 144, 80, 147, 106, 219, 47, 253, 31, 134, 176, 16, 135, 1544 219, 95, 17, 129, 83, 236, 125, 136, 112, 86, 228, 252, 71, 129, 218, 1545 174, 156, 236, 12, 27, 159, 11, 138, 252, 253, 207, 31, 115, 214, 1546 118, 239, 203, 16, 211, 205, 99, 22, 51, 163, 107, 162, 246, 199, 67, 1547 127, 34, 108, 197, 53, 117, 58, 199, 3, 190, 74, 70, 190, 65, 235, 1548 175, 97, 157, 215, 252, 189, 245, 100, 229, 248, 46, 90, 126, 237, 4, 1549 159, 128, 58, 7, 156, 236, 69, 191, 85, 240, 179, 224, 249, 152, 49, 1550 195, 223, 60, 78, 186, 157, 155, 217, 58, 105, 116, 164, 217, 111, 1551 215, 150, 218, 252, 84, 86, 248, 140, 240, 226, 61, 106, 208, 95, 60, 1552 163, 6, 0, 235, 253, 162, 96, 62, 234, 251, 249, 35, 21, 7, 211, 233, 1553 86, 50, 33, 203, 67, 248, 60, 190, 123, 48, 167, 226, 90, 191, 71, 1554 56, 183, 165, 17, 85, 76, 238, 140, 211, 168, 53, 223, 194, 4, 97, 1555 149, 156, 120, 137, 76, 33, 229, 243, 194, 208, 198, 202, 139, 28, 1556 114, 46, 224, 92, 254, 83, 100, 134, 158, 92, 70, 78, 61, 62, 138, 1557 24, 173, 216, 66, 198, 70, 254, 47, 59, 193, 53, 6, 139, 19, 153, 1558 253, 28, 199, 122, 160, 27, 67, 234, 209, 227, 139, 4, 50, 7, 178, 1559 183, 89, 252, 32, 128, 137, 55, 52, 29, 89, 12, 111, 42, 181, 51, 1560 170, 132, 132, 207, 170, 228, 254, 178, 213, 0, 136, 175, 8] 1562 The resulting Authentication Tag value is: 1564 [208, 113, 102, 132, 236, 236, 67, 223, 39, 53, 98, 99, 32, 121, 17, 1565 236] 1567 Encoding this JWE Ciphertext as BASE64URL(JWE Ciphertext) gives this 1568 value (with line breaks for display purposes only): 1570 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1571 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1572 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1573 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1574 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1575 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1576 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1577 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1578 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1579 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1580 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1581 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1582 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1583 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1584 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1585 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1586 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1587 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1588 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1589 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1590 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1591 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1592 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1593 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1594 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1595 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1596 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1597 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1598 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1599 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1600 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1601 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1602 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1603 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg 1605 Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication 1606 Tag) gives this value: 1608 0HFmhOzsQ98nNWJjIHkR7A 1610 C.9. Complete Representation 1612 Assemble the final representation: The Compact Serialization of this 1613 result is the string BASE64URL(UTF8(JWE Protected Header)) || '.' || 1614 BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization 1615 Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE 1616 Authentication Tag). 1618 The final result in this example is: 1620 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1621 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1622 andrK2pzb24ifQ. 1623 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA. 1624 Ye9j1qs22DmRSAddIh-VnA. 1625 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1626 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1627 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1628 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1629 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1630 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1631 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1632 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1633 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1634 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1635 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1636 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1637 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1638 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1639 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1640 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1641 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1642 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1643 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1644 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1645 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1646 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1647 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1648 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1649 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1650 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1651 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1652 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1653 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1654 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1655 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1656 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1657 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1658 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg. 1659 0HFmhOzsQ98nNWJjIHkR7A 1661 Appendix D. Acknowledgements 1663 A JSON representation for RSA public keys was previously introduced 1664 by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures 1666 [MagicSignatures]. 1668 Thanks to Matt Miller for creating the encrypted key example and to 1669 Edmund Jay and Brian Campbell for validating the example. 1671 This specification is the work of the JOSE Working Group, which 1672 includes dozens of active and dedicated participants. In particular, 1673 the following individuals contributed ideas, feedback, and wording 1674 that influenced this specification: 1676 Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de 1677 Medeiros, Joe Hildebrand, Edmund Jay, Stephen Kent, Ben Laurie, James 1678 Manger, Matt Miller, Kathleen Moriarty, Chuck Mortimore, Tony 1679 Nadalin, Axel Nennker, John Panzer, Eric Rescorla, Nat Sakimura, Jim 1680 Schaad, Ryan Sleevi, Paul Tarjan, Hannes Tschofenig, and Sean Turner. 1682 Jim Schaad and Karen O'Donoghue chaired the JOSE working group and 1683 Sean Turner, Stephen Farrell, and Kathleen Moriarty served as 1684 Security area directors during the creation of this specification. 1686 Appendix E. Document History 1688 [[ to be removed by the RFC Editor before publication as an RFC ]] 1690 -33 1692 o Addressed secdir review comments by Stephen Kent for which 1693 resolutions had mistakenly been omitted in the previous draft. 1695 o Acknowledged additional contributors. 1697 -32 1699 o Addressed Gen-ART review comments by Russ Housley. 1701 o Addressed secdir review comments by Stephen Kent. 1703 -31 1705 o No changes were made, other than to the version number and date. 1707 -30 1709 o Added references and cleaned up the reference syntax in a few 1710 places. 1712 o Applied minor wording changes to the Security Considerations 1713 section. 1715 -29 1717 o Replaced the terms JWS Header, JWE Header, and JWT Header with a 1718 single JOSE Header term defined in the JWS specification. This 1719 also enabled a single Header Parameter definition to be used and 1720 reduced other areas of duplication between specifications. 1722 -28 1724 o Revised the introduction to the Security Considerations section. 1726 o Refined the text about when applications using encrypted JWKs and 1727 JWK Sets would not need to use the "cty" header parameter. 1729 -27 1731 o Added an example JWK early in the draft. 1733 o Described additional security considerations. 1735 o Added the "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) JWK 1736 member. 1738 o Addressed a few editorial issues. 1740 -26 1742 o Referenced Section 6 of RFC 6125 for TLS server certificate 1743 identity validation. 1745 o Deleted misleading non-normative phrase from the "use" 1746 description. 1748 o Noted that octet sequences are depicted using JSON array notation. 1750 o Updated references, including to W3C specifications. 1752 -25 1754 o Updated WebCrypto reference to refer to W3C Last Call draft. 1756 -24 1758 o Corrected the authentication tag value in the encrypted key 1759 example. 1761 o Updated the JSON reference to RFC 7159. 1763 -23 1765 o No changes were made, other than to the version number and date. 1767 -22 1769 o Corrected RFC 2119 terminology usage. 1771 o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158. 1773 -21 1775 o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey" 1776 and "unwrapKey" to match the "KeyUsage" values defined in the 1777 current Web Cryptography API [WebCrypto] editor's draft. 1779 o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt 1780 Input), where the "p2s" Header Parameter encodes the Salt Input 1781 value and Alg is the "alg" Header Parameter value. 1783 o Changed some references from being normative to informative, 1784 addressing issue #90. 1786 -20 1788 o Renamed "use_details" to "key_ops" (key operations). 1790 o Clarified that "use" is meant for public key use cases, "key_ops" 1791 is meant for use cases in which public, private, or symmetric keys 1792 may be present, and that "use" and "key_ops" should not be used 1793 together. 1795 o Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis, 1796 addressing issue #90. 1798 -19 1800 o Added optional "use_details" (key use details) JWK member. 1802 o Reordered the key selection parameters. 1804 -18 1806 o Changes to address editorial and minor issues #68, #69, #73, #74, 1807 #76, #77, #78, #79, #82, #85, #89, and #135. 1809 o Added and used Description registry fields. 1811 -17 1813 o Refined the "typ" and "cty" definitions to always be MIME Media 1814 Types, with the omission of "application/" prefixes recommended 1815 for brevity, addressing issue #50. 1817 o Added an example encrypting an RSA private key with 1818 "PBES2-HS256+A128KW" and "A128CBC-HS256". Thanks to Matt Miller 1819 for producing this! 1821 o Processing rules occurring in both JWS and JWK are now referenced 1822 in JWS by JWK, rather than duplicated, addressing issue #57. 1824 o Terms used in multiple documents are now defined in one place and 1825 incorporated by reference. Some lightly used or obvious terms 1826 were also removed. This addresses issue #58. 1828 -16 1830 o Changes to address editorial and minor issues #41, #42, #43, #47, 1831 #51, #67, #71, #76, #80, #83, #84, #85, #86, #87, and #88. 1833 -15 1835 o Changes to address editorial issues #48, #64, #65, #66, and #91. 1837 -14 1839 o Relaxed language introducing key parameters since some parameters 1840 are applicable to multiple, but not all, key types. 1842 -13 1844 o Applied spelling and grammar corrections. 1846 -12 1848 o Stated that recipients MUST either reject JWKs and JWK Sets with 1849 duplicate member names or use a JSON parser that returns only the 1850 lexically last duplicate member name. 1852 -11 1854 o Stated that when "kid" values are used within a JWK Set, different 1855 keys within the JWK Set SHOULD use distinct "kid" values. 1857 o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate 1858 Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters. 1860 o Added section on Encrypted JWK and Encrypted JWK Set Formats. 1862 o Added a Parameter Information Class value to the JSON Web Key 1863 Parameters registry, which registers whether the parameter conveys 1864 public or private information. 1866 o Registered "application/jwk+json" and "application/jwk-set+json" 1867 MIME types and "JWK" and "JWK-SET" typ header parameter values, 1868 addressing issue #21. 1870 -10 1872 o No changes were made, other than to the version number and date. 1874 -09 1876 o Expanded the scope of the JWK specification to include private and 1877 symmetric key representations, as specified by 1878 draft-jones-jose-json-private-and-symmetric-key-00. 1880 o Defined that members that are not understood must be ignored. 1882 -08 1884 o Changed the name of the JWK key type parameter from "alg" to "kty" 1885 to enable use of "alg" to indicate the particular algorithm that 1886 the key is intended to be used with. 1888 o Clarified statements of the form "This member is OPTIONAL" to "Use 1889 of this member is OPTIONAL". 1891 o Referenced String Comparison Rules in JWS. 1893 o Added seriesInfo information to Internet Draft references. 1895 -07 1897 o Changed the name of the JWK RSA modulus parameter from "mod" to 1898 "n" and the name of the JWK RSA exponent parameter from "xpo" to 1899 "e", so that the identifiers are the same as those used in RFC 1900 3447. 1902 -06 1903 o Changed the name of the JWK RSA exponent parameter from "exp" to 1904 "xpo" so as to allow the potential use of the name "exp" for a 1905 future extension that might define an expiration parameter for 1906 keys. (The "exp" name is already used for this purpose in the JWT 1907 specification.) 1909 o Clarify that the "alg" (algorithm family) member is REQUIRED. 1911 o Correct an instance of "JWK" that should have been "JWK Set". 1913 o Applied changes made by the RFC Editor to RFC 6749's registry 1914 language to this specification. 1916 -05 1918 o Indented artwork elements to better distinguish them from the body 1919 text. 1921 -04 1923 o Refer to the registries as the primary sources of defined values 1924 and then secondarily reference the sections defining the initial 1925 contents of the registries. 1927 o Normatively reference XML DSIG 2.0 for its security 1928 considerations. 1930 o Added this language to Registration Templates: "This name is case 1931 sensitive. Names that match other registered names in a case 1932 insensitive manner SHOULD NOT be accepted." 1934 o Described additional open issues. 1936 o Applied editorial suggestions. 1938 -03 1940 o Clarified that "kid" values need not be unique within a JWK Set. 1942 o Moved JSON Web Key Parameters registry to the JWK specification. 1944 o Added "Collision Resistant Namespace" to the terminology section. 1946 o Changed registration requirements from RFC Required to 1947 Specification Required with Expert Review. 1949 o Added Registration Template sections for defined registries. 1951 o Added Registry Contents sections to populate registry values. 1953 o Numerous editorial improvements. 1955 -02 1957 o Simplified JWK terminology to get replace the "JWK Key Object" and 1958 "JWK Container Object" terms with simply "JSON Web Key (JWK)" and 1959 "JSON Web Key Set (JWK Set)" and to eliminate potential confusion 1960 between single keys and sets of keys. As part of this change, the 1961 top-level member name for a set of keys was changed from "jwk" to 1962 "keys". 1964 o Clarified that values with duplicate member names MUST be 1965 rejected. 1967 o Established JSON Web Key Set Parameters registry. 1969 o Explicitly listed non-goals in the introduction. 1971 o Moved algorithm-specific definitions from JWK to JWA. 1973 o Reformatted to give each member definition its own section 1974 heading. 1976 -01 1978 o Corrected the Magic Signatures reference. 1980 -00 1982 o Created the initial IETF draft based upon 1983 draft-jones-json-web-key-03 with no normative changes. 1985 Author's Address 1987 Michael B. Jones 1988 Microsoft 1990 Email: mbj@microsoft.com 1991 URI: http://self-issued.info/