idnits 2.17.1 draft-ietf-jose-json-web-key-37.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 19, 2014) is 3439 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ECMAScript' -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.X690.1994' ** Obsolete normative reference: RFC 2818 (Obsoleted by RFC 9110) ** Downref: Normative reference to an Informational RFC: RFC 4949 ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 6125 (Obsoleted by RFC 9525) ** Obsolete normative reference: RFC 7159 (Obsoleted by RFC 8259) -- Obsolete informational reference (is this intentional?): RFC 3447 (Obsoleted by RFC 8017) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 5 errors (**), 0 flaws (~~), 1 warning (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 JOSE Working Group M. Jones 3 Internet-Draft Microsoft 4 Intended status: Standards Track November 19, 2014 5 Expires: May 23, 2015 7 JSON Web Key (JWK) 8 draft-ietf-jose-json-web-key-37 10 Abstract 12 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data 13 structure that represents a cryptographic key. This specification 14 also defines a JSON Web Key Set (JWK Set) JSON data structure that 15 represents a set of JWKs. Cryptographic algorithms and identifiers 16 for use with this specification are described in the separate JSON 17 Web Algorithms (JWA) specification and IANA registries defined by 18 that specification. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on May 23, 2015. 37 Copyright Notice 39 Copyright (c) 2014 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 4 56 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. Example JWK . . . . . . . . . . . . . . . . . . . . . . . . . 5 58 4. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 5 59 4.1. "kty" (Key Type) Parameter . . . . . . . . . . . . . . . . 6 60 4.2. "use" (Public Key Use) Parameter . . . . . . . . . . . . . 6 61 4.3. "key_ops" (Key Operations) Parameter . . . . . . . . . . . 7 62 4.4. "alg" (Algorithm) Parameter . . . . . . . . . . . . . . . 8 63 4.5. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 8 64 4.6. "x5u" (X.509 URL) Parameter . . . . . . . . . . . . . . . 8 65 4.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 9 66 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 9 67 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) 68 Parameter . . . . . . . . . . . . . . . . . . . . . . . . 10 69 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 10 70 5.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 10 71 6. String Comparison Rules . . . . . . . . . . . . . . . . . . . 11 72 7. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 11 73 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 74 8.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 13 75 8.1.1. Registration Template . . . . . . . . . . . . . . . . 13 76 8.1.2. Initial Registry Contents . . . . . . . . . . . . . . 14 77 8.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 15 78 8.2.1. Registration Template . . . . . . . . . . . . . . . . 15 79 8.2.2. Initial Registry Contents . . . . . . . . . . . . . . 16 80 8.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 16 81 8.3.1. Registration Template . . . . . . . . . . . . . . . . 16 82 8.3.2. Initial Registry Contents . . . . . . . . . . . . . . 17 83 8.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 18 84 8.4.1. Registration Template . . . . . . . . . . . . . . . . 18 85 8.4.2. Initial Registry Contents . . . . . . . . . . . . . . 19 86 8.5. Media Type Registration . . . . . . . . . . . . . . . . . 19 87 8.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 19 88 9. Security Considerations . . . . . . . . . . . . . . . . . . . 20 89 9.1. Key Provenance and Trust . . . . . . . . . . . . . . . . . 20 90 9.2. Preventing Disclosure of Non-Public Key Information . . . 20 91 9.3. RSA Private Key Representations and Blinding . . . . . . . 21 92 9.4. Key Entropy and Random Values . . . . . . . . . . . . . . 21 93 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21 94 10.1. Normative References . . . . . . . . . . . . . . . . . . . 21 95 10.2. Informative References . . . . . . . . . . . . . . . . . . 23 97 Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 24 98 A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 24 99 A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 24 100 A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 26 101 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) 102 Parameter . . . . . . . . . . . . . . . . . . . . . . 26 103 Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 27 104 C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 28 105 C.2. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . 31 106 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 31 107 C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 32 108 C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 32 109 C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 32 110 C.7. Additional Authenticated Data . . . . . . . . . . . . . . 33 111 C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 33 112 C.9. Complete Representation . . . . . . . . . . . . . . . . . 36 113 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 37 114 Appendix E. Document History . . . . . . . . . . . . . . . . . . 38 115 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 45 117 1. Introduction 119 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7159] 120 data structure that represents a cryptographic key. This 121 specification also defines a JSON Web Key Set (JWK Set) JSON data 122 structure that represents a set of JWKs. Cryptographic algorithms 123 and identifiers for use with this specification are described in the 124 separate JSON Web Algorithms (JWA) [JWA] specification and IANA 125 registries defined by that specification. 127 Goals for this specification do not include representing new kinds of 128 certificate chains, representing new kinds of certified keys, or 129 replacing X.509 certificates. 131 JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and 132 JSON Web Encryption (JWE) [JWE] specifications. 134 Names defined by this specification are short because a core goal is 135 for the resulting representations to be compact. 137 1.1. Notational Conventions 139 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 140 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 141 "OPTIONAL" in this document are to be interpreted as described in Key 142 words for use in RFCs to Indicate Requirement Levels [RFC2119]. If 143 these words are used without being spelled in uppercase then they are 144 to be interpreted with their normal natural language meanings. 146 BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per 147 Section 2 of [JWS]. 149 UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation 150 of STRING. 152 ASCII(STRING) denotes the octets of the ASCII [RFC20] representation 153 of STRING. 155 The concatenation of two values A and B is denoted as A || B. 157 2. Terminology 159 These terms defined by the JSON Web Signature (JWS) [JWS] 160 specification are incorporated into this specification: "Base64url 161 Encoding", "Collision-Resistant Name", "Header Parameter", and "JOSE 162 Header". 164 These terms defined by the Internet Security Glossary, Version 2 165 [RFC4949] are incorporated into this specification: "Ciphertext", 166 "Digital Signature", "Message Authentication Code (MAC)", and 167 "Plaintext". 169 These terms are defined by this specification: 171 JSON Web Key (JWK) 172 A JSON object that represents a cryptographic key. The members of 173 the object represent properties of the key, including its value. 175 JSON Web Key Set (JWK Set) 176 A JSON object that represents a set of JWKs. The JSON object MUST 177 have a "keys" member, which is an array of JWK objects. 179 3. Example JWK 181 This section provides an example of a JWK. The following example JWK 182 declares that the key is an Elliptic Curve [DSS] key, it is used with 183 the P-256 Elliptic Curve, and its x and y coordinates are the 184 base64url encoded values shown. A key identifier is also provided 185 for the key. 187 {"kty":"EC", 188 "crv":"P-256", 189 "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", 190 "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", 191 "kid":"Public key used in JWS A.3 example" 192 } 194 Additional example JWK values can be found in Appendix A. 196 4. JSON Web Key (JWK) Format 198 A JSON Web Key (JWK) is a JSON object that represents a cryptographic 199 key. The members of the object represent properties of the key, 200 including its value. This JSON object MAY contain white space and/or 201 line breaks before or after any JSON values or structural characters, 202 in accordance with Section 2 of RFC 7159 [RFC7159]. This document 203 defines the key parameters that are not algorithm specific, and thus 204 common to many keys. 206 In addition to the common parameters, each JWK will have members that 207 are key type-specific. These members represent the parameters of the 208 key. Section 6 of the JSON Web Algorithms (JWA) [JWA] specification 209 defines multiple kinds of cryptographic keys and their associated 210 members. 212 The member names within a JWK MUST be unique; JWK parsers MUST either 213 reject JWKs with duplicate member names or use a JSON parser that 214 returns only the lexically last duplicate member name, as specified 215 in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. 217 Additional members can be present in the JWK; if not understood by 218 implementations encountering them, they MUST be ignored. Member 219 names used for representing key parameters for different keys types 220 need not be distinct. Any new member name should either be 221 registered in the IANA JSON Web Key Parameters registry defined in 222 Section 8.1 or be a value that contains a Collision-Resistant Name. 224 4.1. "kty" (Key Type) Parameter 226 The "kty" (key type) member identifies the cryptographic algorithm 227 family used with the key, such as "RSA" or "EC". "kty" values should 228 either be registered in the IANA JSON Web Key Types registry defined 229 in [JWA] or be a value that contains a Collision-Resistant Name. The 230 "kty" value is a case-sensitive string. This member MUST be present 231 in a JWK. 233 A list of defined "kty" values can be found in the IANA JSON Web Key 234 Types registry defined in [JWA]; the initial contents of this 235 registry are the values defined in Section 6.1 of the JSON Web 236 Algorithms (JWA) [JWA] specification. 238 The key type definitions include specification of the members to be 239 used for those key types. Additional members used with "kty" values 240 can also be found in the IANA JSON Web Key Parameters registry 241 defined in Section 8.1. 243 4.2. "use" (Public Key Use) Parameter 245 The "use" (public key use) member identifies the intended use of the 246 public key. The "use" parameter is employed to indicate whether a 247 public key is used for encrypting data or verifying the signature on 248 data. 250 Values defined by this specification are: 252 o "sig" (signature) 253 o "enc" (encryption) 255 Other values MAY be used. The "use" value is a case-sensitive 256 string. Use of the "use" member is OPTIONAL, unless the application 257 requires its presence. 259 When a key is used to wrap another key and a Public Key Use 260 designation for the first key is desired, the "enc" (encryption) key 261 use value is used, since key wrapping is a kind of encryption. The 262 "enc" value is also be used for public keys used for key agreement 263 operations. 265 Additional Public Key Use values can be registered in the IANA JSON 266 Web Key Use registry defined in Section 8.2. Registering any 267 extension values used is highly recommended when this specification 268 is used in open environments, in which multiple organizations need to 269 have a common understanding of any extensions used. However, 270 unregistered extension values can be used in closed environments, in 271 which the producing and consuming organization will always be the 272 same. 274 4.3. "key_ops" (Key Operations) Parameter 276 The "key_ops" (key operations) member identifies the operation(s) 277 that the key is intended to be used for. The "key_ops" parameter is 278 intended for use cases in which public, private, or symmetric keys 279 may be present. 281 Its value is an array of key operation values. Values defined by 282 this specification are: 284 o "sign" (compute digital signature or MAC) 285 o "verify" (verify digital signature or MAC) 286 o "encrypt" (encrypt content) 287 o "decrypt" (decrypt content and validate decryption, if applicable) 288 o "wrapKey" (encrypt key) 289 o "unwrapKey" (decrypt key and validate decryption, if applicable) 290 o "deriveKey" (derive key) 291 o "deriveBits" (derive bits not to be used as a key) 293 (Note that the "key_ops" values intentionally match the "KeyUsage" 294 values defined in the Web Cryptography API [WebCrypto] 295 specification.) 297 Other values MAY be used. The key operation values are case- 298 sensitive strings. Duplicate key operation values MUST NOT be 299 present in the array. Use of the "key_ops" member is OPTIONAL, 300 unless the application requires its presence. 302 Multiple unrelated key operations SHOULD NOT be specified for a key 303 because of the potential vulnerabilities associated with using the 304 same key with multiple algorithms. Thus, the combinations "sign" 305 with "verify", "encrypt" with "decrypt", and "wrapKey" with 306 "unwrapKey" are permitted, but other combinations SHOULD NOT be used. 308 Additional Key Operations values can be registered in the IANA JSON 309 Web Key Operations registry defined in Section 8.3. The same 310 considerations about registering extension values apply to the 311 "key_ops" member as do for the "use" member. 313 The "use" and "key_ops" JWK members SHOULD NOT be used together; 314 however, if both are used, the information they convey MUST be 315 consistent. Applications should specify which of these members they 316 use, if either is to be used by the application. 318 4.4. "alg" (Algorithm) Parameter 320 The "alg" (algorithm) member identifies the algorithm intended for 321 use with the key. The values used should either be registered in the 322 IANA JSON Web Signature and Encryption Algorithms registry defined in 323 [JWA] or be a value that contains a Collision-Resistant Name. The 324 "alg" value is a case-sensitive ASCII string. Use of this member is 325 OPTIONAL. 327 4.5. "kid" (Key ID) Parameter 329 The "kid" (key ID) member is used to match a specific key. This is 330 used, for instance, to choose among a set of keys within a JWK Set 331 during key rollover. The structure of the "kid" value is 332 unspecified. When "kid" values are used within a JWK Set, different 333 keys within the JWK Set SHOULD use distinct "kid" values. (One 334 example in which different keys might use the same "kid" value is if 335 they have different "kty" (key type) values but are considered to be 336 equivalent alternatives by the application using them.) The "kid" 337 value is a case-sensitive string. Use of this member is OPTIONAL. 339 When used with JWS or JWE, the "kid" value is used to match a JWS or 340 JWE "kid" Header Parameter value. 342 4.6. "x5u" (X.509 URL) Parameter 344 The "x5u" (X.509 URL) member is a URI [RFC3986] that refers to a 345 resource for an X.509 public key certificate or certificate chain 346 [RFC5280]. The identified resource MUST provide a representation of 347 the certificate or certificate chain that conforms to RFC 5280 348 [RFC5280] in PEM encoded form, with each certificate delimited as 349 specified in Section 6.1 of RFC 4945 [RFC4945]. The key in the first 350 certificate MUST match the public key represented by other members of 351 the JWK. The protocol used to acquire the resource MUST provide 352 integrity protection; an HTTP GET request to retrieve the certificate 353 MUST use TLS [RFC2818, RFC5246]; the identity of the server MUST be 354 validated, as per Section 6 of RFC 6125 [RFC6125]. Use of this 355 member is OPTIONAL. 357 While there is no requirement that optional JWK members providing key 358 usage, algorithm, or other information be present when the "x5u" 359 member is used, doing so may improve interoperability for 360 applications that do not handle PKIX certificates. If other members 361 are present, the contents of those members MUST be semantically 362 consistent with the related fields in the first certificate. For 363 instance, if the "use" member is present, then it MUST correspond to 364 the usage that is specified in the certificate, when it includes this 365 information. Similarly, if the "alg" member is present, it MUST 366 correspond to the algorithm specified in the certificate. 368 4.7. "x5c" (X.509 Certificate Chain) Parameter 370 The "x5c" (X.509 Certificate Chain) member contains a chain of one or 371 more PKIX certificates [RFC5280]. The certificate chain is 372 represented as a JSON array of certificate value strings. Each 373 string in the array is a base64 encoded ([RFC4648] Section 4 -- not 374 base64url encoded) DER [ITU.X690.1994] PKIX certificate value. The 375 PKIX certificate containing the key value MUST be the first 376 certificate. This MAY be followed by additional certificates, with 377 each subsequent certificate being the one used to certify the 378 previous one. The key in the first certificate MUST match the public 379 key represented by other members of the JWK. Use of this member is 380 OPTIONAL. 382 As with the "x5u" member, optional JWK members providing key usage, 383 algorithm, or other information MAY also be present when the "x5c" 384 member is used. If other members are present, the contents of those 385 members MUST be semantically consistent with the related fields in 386 the first certificate. See the last paragraph of Section 4.6 for 387 additional guidance on this. 389 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter 391 The "x5t" (X.509 Certificate SHA-1 Thumbprint) member is a base64url 392 encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an 393 X.509 certificate [RFC5280]. Note that certificate thumbprints are 394 also sometimes known as certificate fingerprints. The key in the 395 certificate MUST match the public key represented by other members of 396 the JWK. Use of this member is OPTIONAL. 398 As with the "x5u" member, optional JWK members providing key usage, 399 algorithm, or other information MAY also be present when the "x5t" 400 member is used. If other members are present, the contents of those 401 members MUST be semantically consistent with the related fields in 402 the referenced certificate. See the last paragraph of Section 4.6 403 for additional guidance on this. 405 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter 407 The "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) member is a 408 base64url encoded SHA-256 thumbprint (a.k.a. digest) of the DER 409 encoding of an X.509 certificate [RFC5280]. Note that certificate 410 thumbprints are also sometimes known as certificate fingerprints. 411 The key in the certificate MUST match the public key represented by 412 other members of the JWK. Use of this member is OPTIONAL. 414 As with the "x5u" member, optional JWK members providing key usage, 415 algorithm, or other information MAY also be present when the 416 "x5t#S256" member is used. If other members are present, the 417 contents of those members MUST be semantically consistent with the 418 related fields in the referenced certificate. See the last paragraph 419 of Section 4.6 for additional guidance on this. 421 5. JSON Web Key Set (JWK Set) Format 423 A JSON Web Key Set (JWK Set) is a JSON object that represents a set 424 of JWKs. The JSON object MUST have a "keys" member, with its value 425 being an array of JWK objects. This JSON object MAY contain white 426 space and/or line breaks. 428 The member names within a JWK Set MUST be unique; JWK Set parsers 429 MUST either reject JWK Sets with duplicate member names or use a JSON 430 parser that returns only the lexically last duplicate member name, as 431 specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 432 [ECMAScript]. 434 Additional members can be present in the JWK Set; if not understood 435 by implementations encountering them, they MUST be ignored. 436 Parameters for representing additional properties of JWK Sets should 437 either be registered in the IANA JSON Web Key Set Parameters registry 438 defined in Section 8.4 or be a value that contains a Collision- 439 Resistant Name. 441 Implementations SHOULD ignore JWKs within a JWK Set that use "kty" 442 (key type) values that are not understood by them, are missing 443 required members, or for which values are out of the supported 444 ranges. 446 5.1. "keys" Parameter 448 The value of the "keys" member is an array of JWK values. By 449 default, the order of the JWK values within the array does not imply 450 an order of preference among them, although applications of JWK Sets 451 can choose to assign a meaning to the order for their purposes, if 452 desired. 454 6. String Comparison Rules 456 The string comparison rules for this specification are the same as 457 those defined in Section 5.3 of [JWS]. 459 7. Encrypted JWK and Encrypted JWK Set Formats 461 Access to JWKs containing non-public key material by parties without 462 legitimate access to the non-public information MUST be prevented. 463 This can be accomplished by encrypting the JWK when potentially 464 observable by such parties to prevent the disclosure of private or 465 symmetric key values. The use of an Encrypted JWK, which is a JWE 466 with the UTF-8 encoding of a JWK as its plaintext value, is 467 recommended for this purpose. The processing of Encrypted JWKs is 468 identical to the processing of other JWEs. A "cty" (content type) 469 Header Parameter value of "jwk+json" MUST be used to indicate that 470 the content of the JWE is a JWK, unless the application knows that 471 the encrypted content is a JWK by another means or convention, in 472 which case the "cty" value would typically be omitted. 474 JWK Sets containing non-public key material will also need to be 475 encrypted under these circumstances. The use of an Encrypted JWK 476 Set, which is a JWE with the UTF-8 encoding of a JWK Set as its 477 plaintext value, is recommended for this purpose. The processing of 478 Encrypted JWK Sets is identical to the processing of other JWEs. A 479 "cty" (content type) Header Parameter value of "jwk-set+json" MUST be 480 used to indicate that the content of the JWE is a JWK Set, unless the 481 application knows that the encrypted content is a JWK Set by another 482 means or convention, in which case the "cty" value would typically be 483 omitted. 485 See Appendix C for an example encrypted JWK. 487 8. IANA Considerations 489 The following registration procedure is used for all the registries 490 established by this specification. 492 Values are registered on a Specification Required [RFC5226] basis 493 after a three-week review period on the jose-reg-review@ietf.org 494 mailing list, on the advice of one or more Designated Experts. 495 However, to allow for the allocation of values prior to publication, 496 the Designated Expert(s) may approve registration once they are 497 satisfied that such a specification will be published. 499 Registration requests must be sent to the jose-reg-review@ietf.org 500 mailing list for review and comment, with an appropriate subject 501 (e.g., "Request to register JWK parameter: example"). 503 Within the review period, the Designated Expert(s) will either 504 approve or deny the registration request, communicating this decision 505 to the review list and IANA. Denials should include an explanation 506 and, if applicable, suggestions as to how to make the request 507 successful. Registration requests that are undetermined for a period 508 longer than 21 days can be brought to the IESG's attention (using the 509 iesg@ietf.org mailing list) for resolution. 511 Criteria that should be applied by the Designated Expert(s) includes 512 determining whether the proposed registration duplicates existing 513 functionality, determining whether it is likely to be of general 514 applicability or whether it is useful only for a single application, 515 and whether the registration description is clear. 517 IANA must only accept registry updates from the Designated Expert(s) 518 and should direct all requests for registration to the review mailing 519 list. 521 It is suggested that multiple Designated Experts be appointed who are 522 able to represent the perspectives of different applications using 523 this specification, in order to enable broadly-informed review of 524 registration decisions. In cases where a registration decision could 525 be perceived as creating a conflict of interest for a particular 526 Expert, that Expert should defer to the judgment of the other 527 Expert(s). 529 [[ Note to the RFC Editor and IANA: Pearl Liang of ICANN had 530 requested that the draft supply the following proposed registry 531 description information. It is to be used for all registries 532 established by this specification. 534 o Protocol Category: JSON Object Signing and Encryption (JOSE) 536 o Registry Location: http://www.iana.org/assignments/jose 538 o Webpage Title: (same as the protocol category) 540 o Registry Name: (same as the section title, but excluding the word 541 "Registry", for example "JSON Web Key Parameters") 543 ]] 545 8.1. JSON Web Key Parameters Registry 547 This specification establishes the IANA JSON Web Key Parameters 548 registry for JWK parameter names. The registry records the parameter 549 name, the key type(s) that the parameter is used with, and a 550 reference to the specification that defines it. It also records 551 whether the parameter conveys public or private information. This 552 specification registers the parameter names defined in Section 4. 553 The same JWK parameter name may be registered multiple times, 554 provided that duplicate parameter registrations are only for key type 555 specific JWK parameters; in this case, the meaning of the duplicate 556 parameter name is disambiguated by the "kty" value of the JWK 557 containing it. 559 8.1.1. Registration Template 561 Parameter Name: 562 The name requested (e.g., "kid"). Because a core goal of this 563 specification is for the resulting representations to be compact, 564 it is RECOMMENDED that the name be short -- not to exceed 8 565 characters without a compelling reason to do so. This name is 566 case-sensitive. Names may not match other registered names in a 567 case-insensitive manner unless the Designated Expert(s) state that 568 there is a compelling reason to allow an exception in this 569 particular case. However, matching names may be registered, 570 provided that the accompanying sets of "kty" values that the 571 Parameter Name is used with are disjoint; for the purposes of 572 matching "kty" values, "*" matches all values. 574 Parameter Description: 575 Brief description of the parameter (e.g., "Key ID"). 577 Used with "kty" Value(s): 578 The key type parameter value(s) that the parameter name is to be 579 used with, or the value "*" if the parameter value is used with 580 all key types. Values may not match other registered "kty" values 581 in a case-insensitive manner when the registered Parameter Name is 582 the same (including when the Parameter Name matches in a case- 583 insensitive manner) unless the Designated Expert(s) state that 584 there is a compelling reason to allow an exception in this 585 particular case. 587 Parameter Information Class: 588 Registers whether the parameter conveys public or private 589 information. Its value must be one the words Public or Private. 591 Change Controller: 592 For Standards Track RFCs, state "IESG". For others, give the name 593 of the responsible party. Other details (e.g., postal address, 594 email address, home page URI) may also be included. 596 Specification Document(s): 597 Reference to the document(s) that specify the parameter, 598 preferably including URI(s) that can be used to retrieve copies of 599 the document(s). An indication of the relevant sections may also 600 be included but is not required. 602 8.1.2. Initial Registry Contents 604 o Parameter Name: "kty" 605 o Parameter Description: Key Type 606 o Used with "kty" Value(s): * 607 o Parameter Information Class: Public 608 o Change Controller: IESG 609 o Specification Document(s): Section 4.1 of [[ this document ]] 611 o Parameter Name: "use" 612 o Parameter Description: Public Key Use 613 o Used with "kty" Value(s): * 614 o Parameter Information Class: Public 615 o Change Controller: IESG 616 o Specification Document(s): Section 4.2 of [[ this document ]] 618 o Parameter Name: "key_ops" 619 o Parameter Description: Key Operations 620 o Used with "kty" Value(s): * 621 o Parameter Information Class: Public 622 o Change Controller: IESG 623 o Specification Document(s): Section 4.3 of [[ this document ]] 625 o Parameter Name: "alg" 626 o Parameter Description: Algorithm 627 o Used with "kty" Value(s): * 628 o Parameter Information Class: Public 629 o Change Controller: IESG 630 o Specification Document(s): Section 4.4 of [[ this document ]] 632 o Parameter Name: "kid" 633 o Parameter Description: Key ID 634 o Used with "kty" Value(s): * 635 o Parameter Information Class: Public 636 o Change Controller: IESG 637 o Specification Document(s): Section 4.5 of [[ this document ]] 639 o Parameter Name: "x5u" 640 o Parameter Description: X.509 URL 641 o Used with "kty" Value(s): * 642 o Parameter Information Class: Public 643 o Change Controller: IESG 644 o Specification Document(s): Section 4.6 of [[ this document ]] 646 o Parameter Name: "x5c" 647 o Parameter Description: X.509 Certificate Chain 648 o Used with "kty" Value(s): * 649 o Parameter Information Class: Public 650 o Change Controller: IESG 651 o Specification Document(s): Section 4.7 of [[ this document ]] 653 o Parameter Name: "x5t" 654 o Parameter Description: X.509 Certificate SHA-1 Thumbprint 655 o Used with "kty" Value(s): * 656 o Parameter Information Class: Public 657 o Change Controller: IESG 658 o Specification Document(s): Section 4.8 of [[ this document ]] 660 o Parameter Name: "x5t#S256" 661 o Parameter Description: X.509 Certificate SHA-256 Thumbprint 662 o Used with "kty" Value(s): * 663 o Parameter Information Class: Public 664 o Change Controller: IESG 665 o Specification Document(s): Section 4.9 of [[ this document ]] 667 8.2. JSON Web Key Use Registry 669 This specification establishes the IANA JSON Web Key Use registry for 670 JWK "use" (public key use) member values. The registry records the 671 public key use value and a reference to the specification that 672 defines it. This specification registers the parameter names defined 673 in Section 4.2. 675 8.2.1. Registration Template 677 Use Member Value: 678 The name requested (e.g., "sig"). Because a core goal of this 679 specification is for the resulting representations to be compact, 680 it is RECOMMENDED that the name be short -- not to exceed 8 681 characters without a compelling reason to do so. This name is 682 case-sensitive. Names may not match other registered names in a 683 case-insensitive manner unless the Designated Expert(s) state that 684 there is a compelling reason to allow an exception in this 685 particular case. 687 Use Description: 688 Brief description of the use (e.g., "Digital Signature or MAC"). 690 Change Controller: 691 For Standards Track RFCs, state "IESG". For others, give the name 692 of the responsible party. Other details (e.g., postal address, 693 email address, home page URI) may also be included. 695 Specification Document(s): 696 Reference to the document(s) that specify the parameter, 697 preferably including URI(s) that can be used to retrieve copies of 698 the document(s). An indication of the relevant sections may also 699 be included but is not required. 701 8.2.2. Initial Registry Contents 703 o Use Member Value: "sig" 704 o Use Description: Digital Signature or MAC 705 o Change Controller: IESG 706 o Specification Document(s): Section 4.2 of [[ this document ]] 708 o Use Member Value: "enc" 709 o Use Description: Encryption 710 o Change Controller: IESG 711 o Specification Document(s): Section 4.2 of [[ this document ]] 713 8.3. JSON Web Key Operations Registry 715 This specification establishes the IANA JSON Web Key Operations 716 registry for values of JWK "key_ops" array elements. The registry 717 records the key operation value and a reference to the specification 718 that defines it. This specification registers the parameter names 719 defined in Section 4.3. 721 8.3.1. Registration Template 723 Key Operation Value: 724 The name requested (e.g., "sign"). Because a core goal of this 725 specification is for the resulting representations to be compact, 726 it is RECOMMENDED that the name be short -- not to exceed 8 727 characters without a compelling reason to do so. This name is 728 case-sensitive. Names may not match other registered names in a 729 case-insensitive manner unless the Designated Expert(s) state that 730 there is a compelling reason to allow an exception in this 731 particular case. 733 Key Operation Description: 734 Brief description of the key operation (e.g., "Compute digital 735 signature or MAC"). 737 Change Controller: 738 For Standards Track RFCs, state "IESG". For others, give the name 739 of the responsible party. Other details (e.g., postal address, 740 email address, home page URI) may also be included. 742 Specification Document(s): 743 Reference to the document(s) that specify the parameter, 744 preferably including URI(s) that can be used to retrieve copies of 745 the document(s). An indication of the relevant sections may also 746 be included but is not required. 748 8.3.2. Initial Registry Contents 750 o Key Operation Value: "sign" 751 o Key Operation Description: Compute digital signature or MAC 752 o Change Controller: IESG 753 o Specification Document(s): Section 4.3 of [[ this document ]] 755 o Key Operation Value: "verify" 756 o Key Operation Description: Verify digital signature or MAC 757 o Change Controller: IESG 758 o Specification Document(s): Section 4.3 of [[ this document ]] 760 o Key Operation Value: "encrypt" 761 o Key Operation Description: Encrypt content 762 o Change Controller: IESG 763 o Specification Document(s): Section 4.3 of [[ this document ]] 765 o Key Operation Value: "decrypt" 766 o Key Operation Description: Decrypt content and validate 767 decryption, if applicable 768 o Change Controller: IESG 769 o Specification Document(s): Section 4.3 of [[ this document ]] 771 o Key Operation Value: "wrapKey" 772 o Key Operation Description: Encrypt key 773 o Change Controller: IESG 774 o Specification Document(s): Section 4.3 of [[ this document ]] 776 o Key Operation Value: "unwrapKey" 777 o Key Operation Description: Decrypt key and validate decryption, if 778 applicable 780 o Change Controller: IESG 781 o Specification Document(s): Section 4.3 of [[ this document ]] 783 o Key Operation Value: "deriveKey" 784 o Key Operation Description: Derive key 785 o Change Controller: IESG 786 o Specification Document(s): Section 4.3 of [[ this document ]] 788 o Key Operation Value: "deriveBits" 789 o Key Operation Description: Derive bits not to be used as a key 790 o Change Controller: IESG 791 o Specification Document(s): Section 4.3 of [[ this document ]] 793 8.4. JSON Web Key Set Parameters Registry 795 This specification establishes the IANA JSON Web Key Set Parameters 796 registry for JWK Set parameter names. The registry records the 797 parameter name and a reference to the specification that defines it. 798 This specification registers the parameter names defined in 799 Section 5. 801 8.4.1. Registration Template 803 Parameter Name: 804 The name requested (e.g., "keys"). Because a core goal of this 805 specification is for the resulting representations to be compact, 806 it is RECOMMENDED that the name be short -- not to exceed 8 807 characters without a compelling reason to do so. This name is 808 case-sensitive. Names may not match other registered names in a 809 case-insensitive manner unless the Designated Expert(s) state that 810 there is a compelling reason to allow an exception in this 811 particular case. 813 Parameter Description: 814 Brief description of the parameter (e.g., "Array of JWK values"). 816 Change Controller: 817 For Standards Track RFCs, state "IESG". For others, give the name 818 of the responsible party. Other details (e.g., postal address, 819 email address, home page URI) may also be included. 821 Specification Document(s): 822 Reference to the document(s) that specify the parameter, 823 preferably including URI(s) that can be used to retrieve copies of 824 the document(s). An indication of the relevant sections may also 825 be included but is not required. 827 8.4.2. Initial Registry Contents 829 o Parameter Name: "keys" 830 o Parameter Description: Array of JWK values 831 o Change Controller: IESG 832 o Specification Document(s): Section 5.1 of [[ this document ]] 834 8.5. Media Type Registration 836 8.5.1. Registry Contents 838 This specification registers the "application/jwk+json" and 839 "application/jwk-set+json" Media Types [RFC2046] in the MIME Media 840 Types registry [IANA.MediaTypes] in the manner described in RFC 6838 841 [RFC6838], which can be used to indicate, respectively, that the 842 content is a JWK or a JWK Set. 844 o Type Name: application 845 o Subtype Name: jwk+json 846 o Required Parameters: n/a 847 o Optional Parameters: n/a 848 o Encoding considerations: 8bit; application/jwk+json values are 849 represented as JSON object; UTF-8 encoding SHOULD be employed for 850 the JSON object. 851 o Security Considerations: See the Security Considerations section 852 of [[ this document ]] 853 o Interoperability Considerations: n/a 854 o Published Specification: [[ this document ]] 855 o Applications that use this media type: OpenID Connect, Salesforce, 856 Google, Android, Windows Azure, W3C WebCrypto API, numerous others 857 o Fragment identifier considerations: n/a 858 o Additional Information: Magic number(s): n/a, File extension(s): 859 n/a, Macintosh file type code(s): n/a 860 o Person & email address to contact for further information: Michael 861 B. Jones, mbj@microsoft.com 862 o Intended Usage: COMMON 863 o Restrictions on Usage: none 864 o Author: Michael B. Jones, mbj@microsoft.com 865 o Change Controller: IESG 866 o Provisional registration? No 868 o Type Name: application 869 o Subtype Name: jwk-set+json 870 o Required Parameters: n/a 871 o Optional Parameters: n/a 872 o Encoding considerations: 8bit; application/jwk-set+json values are 873 represented as a JSON Object; UTF-8 encoding SHOULD be employed 874 for the JSON object. 876 o Security Considerations: See the Security Considerations section 877 of [[ this document ]] 878 o Interoperability Considerations: n/a 879 o Published Specification: [[ this document ]] 880 o Applications that use this media type: OpenID Connect, Salesforce, 881 Google, Android, Windows Azure, W3C WebCrypto API, numerous others 882 o Fragment identifier considerations: n/a 883 o Additional Information: Magic number(s): n/a, File extension(s): 884 n/a, Macintosh file type code(s): n/a 885 o Person & email address to contact for further information: Michael 886 B. Jones, mbj@microsoft.com 887 o Intended Usage: COMMON 888 o Restrictions on Usage: none 889 o Author: Michael B. Jones, mbj@microsoft.com 890 o Change Controller: IESG 891 o Provisional registration? No 893 9. Security Considerations 895 All of the security issues that are pertinent to any cryptographic 896 application must be addressed by JWS/JWE/JWK agents. Among these 897 issues are protecting the user's asymmetric private and symmetric 898 secret keys and employing countermeasures to various attacks. 900 9.1. Key Provenance and Trust 902 One should place no more trust in the data cryptographically secured 903 by a key than in the method by which it was obtained and in the 904 trustworthiness of the entity asserting an association with the key. 905 Any data associated with a key that is obtained in an untrusted 906 manner should be treated with skepticism. See Section 10.3 of [JWS] 907 for security considerations on key origin authentication. 909 The security considerations in Section 12.3 of XML DSIG 2.0 910 [W3C.NOTE-xmldsig-core2-20130411] about the strength of a digital 911 signature depending upon all the links in the security chain also 912 apply to this specification. 914 The TLS Requirements in Section 8 of [JWS] also apply to this 915 specification, except that the "x5u" JWK member is the only feature 916 defined by this specification using TLS. 918 9.2. Preventing Disclosure of Non-Public Key Information 920 Private and symmetric keys MUST be protected from disclosure to 921 unintended parties. One recommended means of doing so is to encrypt 922 JWKs or JWK Sets containing them by using the JWK or JWK Set value as 923 the plaintext of a JWE. Of course, this requires that there be a 924 secure way to obtain the key used to encrypt the non-public key 925 information to the intended party and a secure way for that party to 926 obtain the corresponding decryption key. 928 The security considerations in RFC 3447 [RFC3447] and RFC 6030 929 [RFC6030] about protecting private and symmetric keys, key usage, and 930 information leakage also apply to this specification. 932 9.3. RSA Private Key Representations and Blinding 934 The RSA Key blinding operation [Kocher], which is a defense against 935 some timing attacks, requires all of the RSA key values "n", "e", and 936 "d". However, some RSA private key representations do not include 937 the public exponent "e", but only include the modulus "n" and the 938 private exponent "d". This is true, for instance, of the Java 939 RSAPrivateKeySpec API, which does not include the public exponent "e" 940 as a parameter. So as to enable RSA key blinding, such 941 representations should be avoided. For Java, the 942 RSAPrivateCrtKeySpec API can be used instead. Section 8.2.2(i) of 943 the Handbook of Applied Cryptography [HAC] discusses how to compute 944 the remaining RSA private key parameters, if needed, using only "n", 945 "e", and "d". 947 9.4. Key Entropy and Random Values 949 See Section 10.1 of [JWS] for security considerations on key entropy 950 and random values. 952 10. References 954 10.1. Normative References 956 [ECMAScript] 957 Ecma International, "ECMAScript Language Specification, 958 5.1 Edition", ECMA 262, June 2011. 960 [IANA.MediaTypes] 961 Internet Assigned Numbers Authority (IANA), "MIME Media 962 Types", 2005. 964 [ITU.X690.1994] 965 International Telecommunications Union, "Information 966 Technology - ASN.1 encoding rules: Specification of Basic 967 Encoding Rules (BER), Canonical Encoding Rules (CER) and 968 Distinguished Encoding Rules (DER)", ITU-T Recommendation 969 X.690, 1994. 971 [JWA] Jones, M., "JSON Web Algorithms (JWA)", 972 draft-ietf-jose-json-web-algorithms (work in progress), 973 November 2014. 975 [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", 976 draft-ietf-jose-json-web-encryption (work in progress), 977 November 2014. 979 [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web 980 Signature (JWS)", draft-ietf-jose-json-web-signature (work 981 in progress), November 2014. 983 [RFC20] Cerf, V., "ASCII format for Network Interchange", RFC 20, 984 October 1969. 986 [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 987 Extensions (MIME) Part Two: Media Types", RFC 2046, 988 November 1996. 990 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 991 Requirement Levels", BCP 14, RFC 2119, March 1997. 993 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 995 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 996 10646", STD 63, RFC 3629, November 2003. 998 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 999 Resource Identifier (URI): Generic Syntax", STD 66, 1000 RFC 3986, January 2005. 1002 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 1003 Encodings", RFC 4648, October 2006. 1005 [RFC4945] Korver, B., "The Internet IP Security PKI Profile of 1006 IKEv1/ISAKMP, IKEv2, and PKIX", RFC 4945, August 2007. 1008 [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", 1009 RFC 4949, August 2007. 1011 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 1012 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 1014 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 1015 Housley, R., and W. Polk, "Internet X.509 Public Key 1016 Infrastructure Certificate and Certificate Revocation List 1017 (CRL) Profile", RFC 5280, May 2008. 1019 [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and 1020 Verification of Domain-Based Application Service Identity 1021 within Internet Public Key Infrastructure Using X.509 1022 (PKIX) Certificates in the Context of Transport Layer 1023 Security (TLS)", RFC 6125, March 2011. 1025 [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data 1026 Interchange Format", RFC 7159, March 2014. 1028 10.2. Informative References 1030 [DSS] National Institute of Standards and Technology, "Digital 1031 Signature Standard (DSS)", FIPS PUB 186-4, July 2013. 1033 [HAC] Menezes, A., van Oorschot, P., and S. Vanstone, "Handbook 1034 of Applied Cryptography", CRC Press, 1996, 1035 . 1037 [Kocher] Kocher, P., "Timing Attacks on Implementations of Diffe- 1038 Hellman, RSA, DSS, and Other Systems", In Proceedings of 1039 the 16th Annual International Cryptology Conference 1040 Advances in Cryptology, Springer-Verlag, pp. 104-113, 1041 1996. 1043 [MagicSignatures] 1044 Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic 1045 Signatures", January 2011. 1047 [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography 1048 Standards (PKCS) #1: RSA Cryptography Specifications 1049 Version 2.1", RFC 3447, February 2003. 1051 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1052 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 1053 May 2008. 1055 [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric 1056 Key Container (PSKC)", RFC 6030, October 2010. 1058 [RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type 1059 Specifications and Registration Procedures", BCP 13, 1060 RFC 6838, January 2013. 1062 [W3C.NOTE-xmldsig-core2-20130411] 1063 Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Roessler, 1064 T., Yiu, K., Datta, P., and S. Cantor, "XML Signature 1065 Syntax and Processing Version 2.0", World Wide Web 1066 Consortium Note NOTE-xmldsig-core2-20130411, April 2013, 1067 . 1069 [WebCrypto] 1070 Sleevi, R. and M. Watson, "Web Cryptography API", World 1071 Wide Web Consortium Draft, March 2014, 1072 . 1074 Appendix A. Example JSON Web Key Sets 1076 A.1. Example Public Keys 1078 The following example JWK Set contains two public keys represented as 1079 JWKs: one using an Elliptic Curve algorithm and a second one using an 1080 RSA algorithm. The first specifies that the key is to be used for 1081 encryption. The second specifies that the key is to be used with the 1082 "RS256" algorithm. Both provide a Key ID for key matching purposes. 1083 In both cases, integers are represented using the base64url encoding 1084 of their big endian representations. (Long lines are broken are for 1085 display purposes only.) 1087 {"keys": 1088 [ 1089 {"kty":"EC", 1090 "crv":"P-256", 1091 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1092 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1093 "use":"enc", 1094 "kid":"1"}, 1096 {"kty":"RSA", 1097 "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 1098 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs 1099 tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 1100 QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI 1101 SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb 1102 w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1103 "e":"AQAB", 1104 "alg":"RS256", 1105 "kid":"2011-04-29"} 1106 ] 1107 } 1109 A.2. Example Private Keys 1111 The following example JWK Set contains two keys represented as JWKs 1112 containing both public and private key values: one using an Elliptic 1113 Curve algorithm and a second one using an RSA algorithm. This 1114 example extends the example in the previous section, adding private 1115 key values. (Line breaks are for display purposes only.) 1117 {"keys": 1118 [ 1119 {"kty":"EC", 1120 "crv":"P-256", 1121 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1122 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1123 "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", 1124 "use":"enc", 1125 "kid":"1"}, 1127 {"kty":"RSA", 1128 "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4 1129 cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMst 1130 n64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2Q 1131 vzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbIS 1132 D08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw 1133 0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1134 "e":"AQAB", 1135 "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9 1136 M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij 1137 wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d 1138 _cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz 1139 nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz 1140 me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", 1141 "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV 1142 nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV 1143 WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", 1144 "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum 1145 qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx 1146 kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", 1147 "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim 1148 YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu 1149 YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", 1150 "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU 1151 vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9 1152 GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", 1153 "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg 1154 UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx 1155 yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", 1156 "alg":"RS256", 1157 "kid":"2011-04-29"} 1158 ] 1159 } 1161 A.3. Example Symmetric Keys 1163 The following example JWK Set contains two symmetric keys represented 1164 as JWKs: one designated as being for use with the AES Key Wrap 1165 algorithm and a second one that is an HMAC key. (Line breaks are for 1166 display purposes only.) 1168 {"keys": 1169 [ 1170 {"kty":"oct", 1171 "alg":"A128KW", 1172 "k":"GawgguFyGrWKav7AX4VKUg"}, 1174 {"kty":"oct", 1175 "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75 1176 aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", 1177 "kid":"HMAC key used in JWS A.1 example"} 1178 ] 1179 } 1181 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter 1182 The following is an example of a JWK with a RSA signing key 1183 represented both as an RSA public key and as an X.509 certificate 1184 using the "x5c" parameter: 1186 {"kty":"RSA", 1187 "use":"sig", 1188 "kid":"1b94c", 1189 "n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08 1190 PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q 1191 u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a 1192 YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH 1193 MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv 1194 VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ", 1195 "e":"AQAB", 1196 "x5c": 1197 ["MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJB 1198 gNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYD 1199 VQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1 1200 wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBg 1201 NVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDV 1202 QQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1w 1203 YmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnH 1204 YMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66 1205 s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6 1206 SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpn 1207 fajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPq 1208 PvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVk 1209 aZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BA 1210 QUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL 1211 +9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1 1212 zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL 1213 2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo 1214 4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTq 1215 gawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA=="] 1216 } 1218 Appendix C. Example Encrypted RSA Private Key 1220 This example encrypts an RSA private key to the recipient using 1221 "PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for 1222 content encryption. 1224 NOTE: Unless otherwise indicated, all line breaks are included solely 1225 for readability. 1227 C.1. Plaintext RSA Private Key 1229 The following RSA key is the plaintext for the authenticated 1230 encryption operation, formatted as a JWK object: 1232 { 1233 "kty":"RSA", 1234 "kid":"juliet@capulet.lit", 1235 "use":"enc", 1236 "n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy 1237 O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP 1238 8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0 1239 Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X 1240 OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1 1241 _I8sLGuSiVdt3C_Fn2PZ3Z8i744FPFGGcG1qs2Wz-Q", 1242 "e":"AQAB", 1243 "d":"GRtbIQmhOZtyszfgKdg4u_N-R_mZGU_9k7JQ_jn1DnfTuMdSNprTeaSTyWfS 1244 NkuaAwnOEbIQVy1IQbWVV25NY3ybc_IhUJtfri7bAXYEReWaCl3hdlPKXy9U 1245 vqPYGR0kIXTQRqns-dVJ7jahlI7LyckrpTmrM8dWBo4_PMaenNnPiQgO0xnu 1246 ToxutRZJfJvG4Ox4ka3GORQd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu 1247 rY15k9qMSpG9OX_IJAXmxzAh_tWiZOwk2K4yxH9tS3Lq1yX8C1EWmeRDkK2a 1248 hecG85-oLKQt5VEpWHKmjOi_gJSdSgqcN96X52esAQ", 1249 "p":"2rnSOV4hKSN8sS4CgcQHFbs08XboFDqKum3sc4h3GRxrTmQdl1ZK9uw-PIHf 1250 QP0FkxXVrx-WE-ZEbrqivH_2iCLUS7wAl6XvARt1KkIaUxPPSYB9yk31s0Q8 1251 UK96E3_OrADAYtAJs-M3JxCLfNgqh56HDnETTQhH3rCT5T3yJws", 1252 "q":"1u_RiFDP7LBYh3N4GXLT9OpSKYP0uQZyiaZwBtOCBNJgQxaj10RWjsZu0c6I 1253 edis4S7B_coSKB0Kj9PaPaBzg-IySRvvcQuPamQu66riMhjVtG6TlV8CLCYK 1254 rYl52ziqK0E_ym2QnkwsUX7eYTB7LbAHRK9GqocDE5B0f808I4s", 1255 "dp":"KkMTWqBUefVwZ2_Dbj1pPQqyHSHjj90L5x_MOzqYAJMcLMZtbUtwKqvVDq3 1256 tbEo3ZIcohbDtt6SbfmWzggabpQxNxuBpoOOf_a_HgMXK_lhqigI4y_kqS1w 1257 Y52IwjUn5rgRrJ-yYo1h41KR-vz2pYhEAeYrhttWtxVqLCRViD6c", 1258 "dq":"AvfS0-gRxvn0bwJoMSnFxYcK1WnuEjQFluMGfwGitQBWtfZ1Er7t1xDkbN9 1259 GQTB9yqpDoYaN06H7CFtrkxhJIBQaj6nkF5KKS3TQtQ5qCzkOkmxIe3KRbBy 1260 mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu_lRFCOJ3xDea-ots", 1261 "qi":"lSQi-w9CpyUReMErP1RsBLk7wNtOvs5EQpPqmuMvqW57NBUczScEoPwmUqq 1262 abu9V0-Py4dQ57_bapoKRu1R90bvuFnU63SHWEFglZQvJDMeAvmj4sm-Fp0o 1263 Yu_neotgQ0hzbI5gry7ajdYy9-2lNx_76aBZoOUu9HCJ-UsfSOI8" 1264 } 1266 The octets representing the Plaintext used in this example (using 1267 JSON array notation) are: 1269 [123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107, 1270 105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112, 1271 117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34, 1272 58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56, 1273 80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78, 1274 89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87, 1275 101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49, 1276 103, 80, 78, 113, 70, 77, 83, 81, 82, 121, 79, 49, 50, 53, 71, 112, 1277 45, 84, 69, 107, 111, 100, 104, 87, 114, 48, 105, 117, 106, 106, 72, 1278 86, 120, 55, 66, 99, 86, 48, 108, 108, 83, 52, 119, 53, 65, 67, 71, 1279 103, 80, 114, 99, 65, 100, 54, 90, 99, 83, 82, 48, 45, 73, 113, 111, 1280 109, 45, 81, 70, 99, 78, 80, 56, 83, 106, 103, 48, 56, 54, 77, 119, 1281 111, 113, 81, 85, 95, 76, 89, 121, 119, 108, 65, 71, 90, 50, 49, 87, 1282 83, 100, 83, 95, 80, 69, 82, 121, 71, 70, 105, 78, 110, 106, 51, 81, 1283 81, 108, 79, 56, 89, 110, 115, 53, 106, 67, 116, 76, 67, 82, 119, 76, 1284 72, 76, 48, 80, 98, 49, 102, 69, 118, 52, 53, 65, 117, 82, 73, 117, 1285 85, 102, 86, 99, 80, 121, 83, 66, 87, 89, 110, 68, 121, 71, 120, 118, 1286 106, 89, 71, 68, 83, 77, 45, 65, 113, 87, 83, 57, 122, 73, 81, 50, 1287 90, 105, 108, 103, 84, 45, 71, 113, 85, 109, 105, 112, 103, 48, 88, 1288 79, 67, 48, 67, 99, 50, 48, 114, 103, 76, 101, 50, 121, 109, 76, 72, 1289 106, 112, 72, 99, 105, 67, 75, 86, 65, 98, 89, 53, 45, 76, 51, 50, 1290 45, 108, 83, 101, 90, 79, 45, 79, 115, 54, 85, 49, 53, 95, 97, 88, 1291 114, 107, 57, 71, 119, 56, 99, 80, 85, 97, 88, 49, 95, 73, 56, 115, 1292 76, 71, 117, 83, 105, 86, 100, 116, 51, 67, 95, 70, 110, 50, 80, 90, 1293 51, 90, 56, 105, 55, 52, 52, 70, 80, 70, 71, 71, 99, 71, 49, 113, 1294 115, 50, 87, 122, 45, 81, 34, 44, 34, 101, 34, 58, 34, 65, 81, 65, 1295 66, 34, 44, 34, 100, 34, 58, 34, 71, 82, 116, 98, 73, 81, 109, 104, 1296 79, 90, 116, 121, 115, 122, 102, 103, 75, 100, 103, 52, 117, 95, 78, 1297 45, 82, 95, 109, 90, 71, 85, 95, 57, 107, 55, 74, 81, 95, 106, 110, 1298 49, 68, 110, 102, 84, 117, 77, 100, 83, 78, 112, 114, 84, 101, 97, 1299 83, 84, 121, 87, 102, 83, 78, 107, 117, 97, 65, 119, 110, 79, 69, 98, 1300 73, 81, 86, 121, 49, 73, 81, 98, 87, 86, 86, 50, 53, 78, 89, 51, 121, 1301 98, 99, 95, 73, 104, 85, 74, 116, 102, 114, 105, 55, 98, 65, 88, 89, 1302 69, 82, 101, 87, 97, 67, 108, 51, 104, 100, 108, 80, 75, 88, 121, 57, 1303 85, 118, 113, 80, 89, 71, 82, 48, 107, 73, 88, 84, 81, 82, 113, 110, 1304 115, 45, 100, 86, 74, 55, 106, 97, 104, 108, 73, 55, 76, 121, 99, 1305 107, 114, 112, 84, 109, 114, 77, 56, 100, 87, 66, 111, 52, 95, 80, 1306 77, 97, 101, 110, 78, 110, 80, 105, 81, 103, 79, 48, 120, 110, 117, 1307 84, 111, 120, 117, 116, 82, 90, 74, 102, 74, 118, 71, 52, 79, 120, 1308 52, 107, 97, 51, 71, 79, 82, 81, 100, 57, 67, 115, 67, 90, 50, 118, 1309 115, 85, 68, 109, 115, 88, 79, 102, 85, 69, 78, 79, 121, 77, 113, 65, 1310 68, 67, 54, 112, 49, 77, 51, 104, 51, 51, 116, 115, 117, 114, 89, 49, 1311 53, 107, 57, 113, 77, 83, 112, 71, 57, 79, 88, 95, 73, 74, 65, 88, 1312 109, 120, 122, 65, 104, 95, 116, 87, 105, 90, 79, 119, 107, 50, 75, 1313 52, 121, 120, 72, 57, 116, 83, 51, 76, 113, 49, 121, 88, 56, 67, 49, 1314 69, 87, 109, 101, 82, 68, 107, 75, 50, 97, 104, 101, 99, 71, 56, 53, 1315 45, 111, 76, 75, 81, 116, 53, 86, 69, 112, 87, 72, 75, 109, 106, 79, 1316 105, 95, 103, 74, 83, 100, 83, 103, 113, 99, 78, 57, 54, 88, 53, 50, 1317 101, 115, 65, 81, 34, 44, 34, 112, 34, 58, 34, 50, 114, 110, 83, 79, 1318 86, 52, 104, 75, 83, 78, 56, 115, 83, 52, 67, 103, 99, 81, 72, 70, 1319 98, 115, 48, 56, 88, 98, 111, 70, 68, 113, 75, 117, 109, 51, 115, 99, 1320 52, 104, 51, 71, 82, 120, 114, 84, 109, 81, 100, 108, 49, 90, 75, 57, 1321 117, 119, 45, 80, 73, 72, 102, 81, 80, 48, 70, 107, 120, 88, 86, 114, 1322 120, 45, 87, 69, 45, 90, 69, 98, 114, 113, 105, 118, 72, 95, 50, 105, 1323 67, 76, 85, 83, 55, 119, 65, 108, 54, 88, 118, 65, 82, 116, 49, 75, 1324 107, 73, 97, 85, 120, 80, 80, 83, 89, 66, 57, 121, 107, 51, 49, 115, 1325 48, 81, 56, 85, 75, 57, 54, 69, 51, 95, 79, 114, 65, 68, 65, 89, 116, 1326 65, 74, 115, 45, 77, 51, 74, 120, 67, 76, 102, 78, 103, 113, 104, 53, 1327 54, 72, 68, 110, 69, 84, 84, 81, 104, 72, 51, 114, 67, 84, 53, 84, 1328 51, 121, 74, 119, 115, 34, 44, 34, 113, 34, 58, 34, 49, 117, 95, 82, 1329 105, 70, 68, 80, 55, 76, 66, 89, 104, 51, 78, 52, 71, 88, 76, 84, 57, 1330 79, 112, 83, 75, 89, 80, 48, 117, 81, 90, 121, 105, 97, 90, 119, 66, 1331 116, 79, 67, 66, 78, 74, 103, 81, 120, 97, 106, 49, 48, 82, 87, 106, 1332 115, 90, 117, 48, 99, 54, 73, 101, 100, 105, 115, 52, 83, 55, 66, 95, 1333 99, 111, 83, 75, 66, 48, 75, 106, 57, 80, 97, 80, 97, 66, 122, 103, 1334 45, 73, 121, 83, 82, 118, 118, 99, 81, 117, 80, 97, 109, 81, 117, 54, 1335 54, 114, 105, 77, 104, 106, 86, 116, 71, 54, 84, 108, 86, 56, 67, 76, 1336 67, 89, 75, 114, 89, 108, 53, 50, 122, 105, 113, 75, 48, 69, 95, 121, 1337 109, 50, 81, 110, 107, 119, 115, 85, 88, 55, 101, 89, 84, 66, 55, 76, 1338 98, 65, 72, 82, 75, 57, 71, 113, 111, 99, 68, 69, 53, 66, 48, 102, 1339 56, 48, 56, 73, 52, 115, 34, 44, 34, 100, 112, 34, 58, 34, 75, 107, 1340 77, 84, 87, 113, 66, 85, 101, 102, 86, 119, 90, 50, 95, 68, 98, 106, 1341 49, 112, 80, 81, 113, 121, 72, 83, 72, 106, 106, 57, 48, 76, 53, 120, 1342 95, 77, 79, 122, 113, 89, 65, 74, 77, 99, 76, 77, 90, 116, 98, 85, 1343 116, 119, 75, 113, 118, 86, 68, 113, 51, 116, 98, 69, 111, 51, 90, 1344 73, 99, 111, 104, 98, 68, 116, 116, 54, 83, 98, 102, 109, 87, 122, 1345 103, 103, 97, 98, 112, 81, 120, 78, 120, 117, 66, 112, 111, 79, 79, 1346 102, 95, 97, 95, 72, 103, 77, 88, 75, 95, 108, 104, 113, 105, 103, 1347 73, 52, 121, 95, 107, 113, 83, 49, 119, 89, 53, 50, 73, 119, 106, 85, 1348 110, 53, 114, 103, 82, 114, 74, 45, 121, 89, 111, 49, 104, 52, 49, 1349 75, 82, 45, 118, 122, 50, 112, 89, 104, 69, 65, 101, 89, 114, 104, 1350 116, 116, 87, 116, 120, 86, 113, 76, 67, 82, 86, 105, 68, 54, 99, 34, 1351 44, 34, 100, 113, 34, 58, 34, 65, 118, 102, 83, 48, 45, 103, 82, 120, 1352 118, 110, 48, 98, 119, 74, 111, 77, 83, 110, 70, 120, 89, 99, 75, 49, 1353 87, 110, 117, 69, 106, 81, 70, 108, 117, 77, 71, 102, 119, 71, 105, 1354 116, 81, 66, 87, 116, 102, 90, 49, 69, 114, 55, 116, 49, 120, 68, 1355 107, 98, 78, 57, 71, 81, 84, 66, 57, 121, 113, 112, 68, 111, 89, 97, 1356 78, 48, 54, 72, 55, 67, 70, 116, 114, 107, 120, 104, 74, 73, 66, 81, 1357 97, 106, 54, 110, 107, 70, 53, 75, 75, 83, 51, 84, 81, 116, 81, 53, 1358 113, 67, 122, 107, 79, 107, 109, 120, 73, 101, 51, 75, 82, 98, 66, 1359 121, 109, 88, 120, 107, 98, 53, 113, 119, 85, 112, 88, 53, 69, 76, 1360 68, 53, 120, 70, 99, 54, 70, 101, 105, 97, 102, 87, 89, 89, 54, 51, 1361 84, 109, 109, 69, 65, 117, 95, 108, 82, 70, 67, 79, 74, 51, 120, 68, 1362 101, 97, 45, 111, 116, 115, 34, 44, 34, 113, 105, 34, 58, 34, 108, 1363 83, 81, 105, 45, 119, 57, 67, 112, 121, 85, 82, 101, 77, 69, 114, 80, 1364 49, 82, 115, 66, 76, 107, 55, 119, 78, 116, 79, 118, 115, 53, 69, 81, 1365 112, 80, 113, 109, 117, 77, 118, 113, 87, 53, 55, 78, 66, 85, 99, 1366 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, 1367 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, 1368 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, 1369 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, 1370 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, 1371 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, 1372 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, 1373 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, 1374 125] 1376 C.2. JOSE Header 1378 The following example JWE Protected Header declares that: 1380 o the Content Encryption Key is encrypted to the recipient using the 1381 PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, 1383 o the Salt Input ("p2s") value is [217, 96, 147, 112, 150, 117, 70, 1384 247, 127, 8, 155, 137, 174, 42, 80, 215], 1386 o the Iteration Count ("p2c") value is 4096, 1388 o authenticated encryption is performed on the Plaintext using the 1389 AES_128_CBC_HMAC_SHA_256 algorithm to produce the Ciphertext and 1390 the Authentication Tag, and 1392 o the content type is application/jwk+json. 1394 { 1395 "alg":"PBES2-HS256+A128KW", 1396 "p2s":"2WCTcJZ1Rvd_CJuJripQ1w", 1397 "p2c":4096, 1398 "enc":"A128CBC-HS256", 1399 "cty":"jwk+json" 1400 } 1402 Encoding this JWE Protected Header as BASE64URL(UTF8(JWE Protected 1403 Header)) gives this value (with line breaks for display purposes 1404 only): 1406 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1407 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1408 andrK2pzb24ifQ 1410 C.3. Content Encryption Key (CEK) 1412 Generate a 256 bit random Content Encryption Key (CEK). In this 1413 example, the value (using JSON array notation) is: 1415 [111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 112, 1416 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 48, 1417 253, 182] 1419 C.4. Key Derivation 1421 Derive a key from a shared passphrase using the PBKDF2 algorithm with 1422 HMAC SHA-256 and the specified Salt and Iteration Count values and a 1423 128 bit requested output key size to produce the PBKDF2 Derived Key. 1424 This example uses the following passphrase: 1426 Thus from my lips, by yours, my sin is purged. 1428 The octets representing the passphrase are: 1430 [84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108, 1431 105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, 1432 109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103, 1433 101, 100, 46] 1435 The Salt value (UTF8(Alg) || 0x00 || Salt Input) is: 1437 [80, 66, 69, 83, 50, 45, 72, 83, 50, 53, 54, 43, 65, 49, 50, 56, 75, 1438 87, 0, 217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 155, 137, 174, 1439 42, 80, 215]. 1441 The resulting PBKDF2 Derived Key value is: 1443 [110, 171, 169, 92, 129, 92, 109, 117, 233, 242, 116, 233, 170, 14, 1444 24, 75] 1446 C.5. Key Encryption 1448 Encrypt the CEK with the "A128KW" algorithm using the PBKDF2 Derived 1449 Key. The resulting JWE Encrypted Key value is: 1451 [78, 186, 151, 59, 11, 141, 81, 240, 213, 245, 83, 211, 53, 188, 134, 1452 188, 66, 125, 36, 200, 222, 124, 5, 103, 249, 52, 117, 184, 140, 81, 1453 246, 158, 161, 177, 20, 33, 245, 57, 59, 4] 1455 Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives 1456 this value: 1458 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA 1460 C.6. Initialization Vector 1462 Generate a random 128 bit JWE Initialization Vector. In this 1463 example, the value is: 1465 [97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149, 1466 156] 1467 Encoding this JWE Initialization Vector as BASE64URL(JWE 1468 Initialization Vector) gives this value: 1470 Ye9j1qs22DmRSAddIh-VnA 1472 C.7. Additional Authenticated Data 1474 Let the Additional Authenticated Data encryption parameter be 1475 ASCII(BASE64URL(UTF8(JWE Protected Header))). This value is: 1477 [123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, 1478 50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, 1479 58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, 1480 117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, 1481 52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, 1482 66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, 1483 106, 119, 107, 43, 106, 115, 111, 110, 34, 125] 1485 C.8. Content Encryption 1487 Perform authenticated encryption on the Plaintext with the 1488 AES_128_CBC_HMAC_SHA_256 algorithm using the CEK as the encryption 1489 key, the JWE Initialization Vector, and the Additional Authenticated 1490 Data value above. The resulting Ciphertext is: 1492 [3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, 1493 131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, 1494 112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, 1495 157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, 1496 129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60, 1497 60, 47, 233, 132, 121, 13, 35, 188, 53, 19, 172, 77, 59, 54, 211, 1498 158, 172, 25, 60, 111, 0, 80, 201, 158, 160, 210, 68, 55, 12, 67, 1499 136, 130, 87, 216, 197, 95, 62, 20, 155, 205, 5, 140, 27, 168, 221, 1500 65, 114, 78, 157, 254, 46, 206, 182, 52, 135, 87, 239, 3, 34, 186, 1501 126, 220, 151, 17, 33, 237, 57, 96, 172, 183, 58, 45, 248, 103, 241, 1502 142, 136, 7, 53, 16, 173, 181, 7, 93, 92, 252, 1, 53, 212, 242, 8, 1503 255, 11, 239, 181, 24, 148, 136, 111, 24, 161, 244, 23, 106, 69, 157, 1504 215, 243, 189, 240, 166, 169, 249, 72, 38, 201, 99, 223, 173, 229, 9, 1505 222, 82, 79, 157, 176, 248, 85, 239, 121, 163, 1, 31, 48, 98, 206, 1506 61, 249, 104, 216, 201, 227, 105, 48, 194, 193, 10, 36, 160, 159, 1507 241, 166, 84, 54, 188, 211, 243, 242, 40, 46, 45, 193, 193, 160, 169, 1508 101, 201, 1, 73, 47, 105, 142, 88, 28, 42, 132, 26, 61, 58, 63, 142, 1509 243, 77, 26, 179, 153, 166, 46, 203, 208, 49, 55, 229, 34, 178, 4, 1510 109, 180, 204, 204, 115, 1, 103, 193, 5, 91, 215, 214, 195, 1, 110, 1511 208, 53, 144, 36, 105, 12, 54, 25, 129, 101, 15, 183, 150, 250, 147, 1512 115, 227, 58, 250, 5, 128, 232, 63, 15, 14, 19, 141, 124, 253, 142, 1513 137, 189, 135, 26, 44, 240, 27, 88, 132, 105, 127, 6, 71, 37, 41, 1514 124, 187, 165, 140, 34, 200, 123, 80, 228, 24, 231, 176, 132, 171, 1515 138, 145, 152, 116, 224, 50, 141, 51, 147, 91, 186, 7, 246, 106, 217, 1516 148, 244, 227, 244, 45, 220, 121, 165, 224, 148, 181, 17, 181, 128, 1517 197, 101, 237, 11, 169, 229, 149, 199, 78, 56, 15, 14, 190, 91, 216, 1518 222, 247, 213, 74, 40, 8, 96, 20, 168, 119, 96, 26, 24, 52, 37, 82, 1519 127, 57, 176, 147, 118, 59, 7, 224, 33, 117, 72, 155, 29, 82, 26, 1520 215, 189, 140, 119, 28, 152, 118, 93, 222, 194, 192, 148, 115, 83, 1521 253, 216, 212, 108, 88, 83, 175, 172, 220, 97, 79, 110, 42, 223, 170, 1522 161, 34, 164, 144, 193, 76, 122, 92, 160, 41, 178, 175, 6, 35, 96, 1523 113, 96, 158, 90, 129, 101, 26, 45, 70, 180, 189, 230, 15, 5, 247, 1524 150, 209, 94, 171, 26, 13, 142, 212, 129, 1, 176, 5, 0, 112, 203, 1525 174, 185, 119, 76, 233, 189, 54, 172, 189, 245, 223, 253, 205, 12, 1526 88, 9, 126, 157, 225, 90, 40, 229, 191, 63, 30, 160, 224, 69, 3, 140, 1527 109, 70, 89, 37, 213, 245, 194, 210, 180, 188, 63, 210, 139, 221, 2, 1528 144, 200, 20, 177, 216, 29, 227, 242, 106, 12, 135, 142, 139, 144, 1529 82, 225, 162, 171, 176, 108, 99, 6, 43, 193, 161, 116, 234, 216, 1, 1530 242, 21, 124, 162, 98, 205, 124, 193, 38, 12, 242, 90, 101, 76, 204, 1531 184, 124, 58, 180, 16, 240, 26, 76, 195, 250, 212, 191, 185, 191, 97, 1532 198, 186, 73, 225, 75, 14, 90, 123, 121, 172, 101, 50, 160, 221, 141, 1533 253, 205, 126, 77, 9, 87, 198, 110, 104, 182, 141, 120, 51, 25, 232, 1534 3, 32, 80, 6, 156, 8, 18, 4, 135, 221, 142, 25, 135, 2, 129, 132, 1535 115, 227, 74, 141, 28, 119, 11, 141, 117, 134, 198, 62, 150, 254, 97, 1536 75, 197, 251, 99, 89, 204, 224, 226, 67, 83, 175, 89, 0, 81, 29, 38, 1537 207, 89, 140, 255, 197, 177, 164, 128, 62, 116, 224, 180, 109, 169, 1538 28, 2, 59, 176, 130, 252, 44, 178, 81, 24, 181, 176, 75, 44, 61, 91, 1539 12, 37, 21, 255, 83, 130, 197, 16, 231, 60, 217, 56, 131, 118, 168, 1540 202, 58, 52, 84, 124, 162, 185, 174, 162, 226, 242, 112, 68, 246, 1541 202, 16, 208, 52, 154, 58, 129, 80, 102, 33, 171, 6, 186, 177, 14, 1542 195, 88, 136, 6, 0, 155, 28, 100, 162, 207, 162, 222, 117, 248, 170, 1543 208, 114, 87, 31, 57, 176, 33, 57, 83, 253, 12, 168, 110, 194, 59, 1544 22, 86, 48, 227, 196, 22, 176, 218, 122, 149, 21, 249, 195, 178, 174, 1545 250, 20, 34, 120, 60, 139, 201, 99, 40, 18, 177, 17, 54, 54, 6, 3, 1546 222, 128, 160, 88, 11, 27, 0, 81, 192, 36, 41, 169, 146, 8, 47, 64, 1547 136, 28, 64, 209, 67, 135, 202, 20, 234, 182, 91, 204, 146, 195, 187, 1548 0, 72, 77, 11, 111, 152, 204, 252, 177, 212, 89, 33, 50, 132, 184, 1549 44, 183, 186, 19, 250, 69, 176, 201, 102, 140, 14, 143, 212, 212, 1550 160, 123, 208, 185, 27, 155, 68, 77, 133, 198, 2, 126, 155, 215, 22, 1551 91, 30, 217, 176, 172, 244, 156, 174, 143, 75, 90, 21, 102, 1, 160, 1552 59, 253, 188, 88, 57, 185, 197, 83, 24, 22, 180, 174, 47, 207, 52, 1, 1553 141, 146, 119, 233, 68, 228, 224, 228, 193, 248, 155, 202, 90, 7, 1554 213, 88, 33, 108, 107, 14, 86, 8, 120, 250, 58, 142, 35, 164, 238, 1555 221, 219, 35, 123, 88, 199, 192, 143, 104, 83, 17, 166, 243, 247, 11, 1556 166, 67, 68, 204, 132, 23, 110, 103, 228, 14, 55, 122, 88, 57, 180, 1557 178, 237, 52, 130, 214, 245, 102, 123, 67, 73, 175, 1, 127, 112, 148, 1558 94, 132, 164, 197, 153, 217, 87, 25, 89, 93, 63, 22, 66, 166, 90, 1559 251, 101, 10, 145, 66, 17, 124, 36, 255, 165, 226, 97, 16, 86, 112, 1560 154, 88, 105, 253, 56, 209, 229, 122, 103, 51, 24, 228, 190, 3, 236, 1561 48, 182, 121, 176, 140, 128, 117, 87, 251, 224, 37, 23, 248, 21, 218, 1562 85, 251, 136, 84, 147, 143, 144, 46, 155, 183, 251, 89, 86, 23, 26, 1563 237, 100, 167, 32, 130, 173, 237, 89, 55, 110, 70, 142, 127, 65, 230, 1564 208, 109, 69, 19, 253, 84, 130, 130, 193, 92, 58, 108, 150, 42, 136, 1565 249, 234, 86, 241, 182, 19, 117, 246, 26, 181, 92, 101, 155, 44, 103, 1566 235, 173, 30, 140, 90, 29, 183, 190, 77, 53, 206, 127, 5, 87, 8, 187, 1567 184, 92, 4, 157, 22, 18, 105, 251, 39, 88, 182, 181, 103, 148, 233, 1568 6, 63, 70, 188, 7, 101, 216, 127, 77, 31, 12, 233, 7, 147, 106, 30, 1569 150, 77, 145, 13, 205, 48, 56, 245, 220, 89, 252, 127, 51, 180, 36, 1570 31, 55, 18, 214, 230, 254, 217, 197, 65, 247, 27, 215, 117, 247, 108, 1571 157, 121, 11, 63, 150, 195, 83, 6, 134, 242, 41, 24, 105, 204, 5, 63, 1572 192, 14, 159, 113, 72, 140, 128, 51, 215, 80, 215, 39, 149, 94, 79, 1573 128, 34, 5, 129, 82, 83, 121, 187, 37, 146, 27, 32, 177, 167, 71, 9, 1574 195, 30, 199, 196, 205, 252, 207, 69, 8, 120, 27, 190, 51, 43, 75, 1575 249, 234, 167, 116, 206, 203, 199, 43, 108, 87, 48, 155, 140, 228, 1576 210, 85, 25, 161, 96, 67, 8, 205, 64, 39, 75, 88, 44, 238, 227, 16, 1577 0, 100, 93, 129, 18, 4, 149, 50, 68, 72, 99, 35, 111, 254, 27, 102, 1578 175, 108, 233, 87, 181, 44, 169, 18, 139, 79, 208, 14, 202, 192, 5, 1579 162, 222, 231, 149, 24, 211, 49, 120, 101, 39, 206, 87, 147, 204, 1580 200, 251, 104, 115, 5, 127, 117, 195, 79, 151, 18, 224, 52, 0, 245, 1581 4, 85, 255, 103, 217, 0, 116, 198, 80, 91, 167, 192, 154, 199, 197, 1582 149, 237, 51, 2, 131, 30, 226, 95, 105, 48, 68, 135, 208, 144, 120, 1583 176, 145, 157, 8, 171, 80, 94, 61, 92, 92, 220, 157, 13, 138, 51, 23, 1584 185, 124, 31, 77, 1, 87, 241, 43, 239, 55, 122, 86, 210, 48, 208, 1585 204, 112, 144, 80, 147, 106, 219, 47, 253, 31, 134, 176, 16, 135, 1586 219, 95, 17, 129, 83, 236, 125, 136, 112, 86, 228, 252, 71, 129, 218, 1587 174, 156, 236, 12, 27, 159, 11, 138, 252, 253, 207, 31, 115, 214, 1588 118, 239, 203, 16, 211, 205, 99, 22, 51, 163, 107, 162, 246, 199, 67, 1589 127, 34, 108, 197, 53, 117, 58, 199, 3, 190, 74, 70, 190, 65, 235, 1590 175, 97, 157, 215, 252, 189, 245, 100, 229, 248, 46, 90, 126, 237, 4, 1591 159, 128, 58, 7, 156, 236, 69, 191, 85, 240, 179, 224, 249, 152, 49, 1592 195, 223, 60, 78, 186, 157, 155, 217, 58, 105, 116, 164, 217, 111, 1593 215, 150, 218, 252, 84, 86, 248, 140, 240, 226, 61, 106, 208, 95, 60, 1594 163, 6, 0, 235, 253, 162, 96, 62, 234, 251, 249, 35, 21, 7, 211, 233, 1595 86, 50, 33, 203, 67, 248, 60, 190, 123, 48, 167, 226, 90, 191, 71, 1596 56, 183, 165, 17, 85, 76, 238, 140, 211, 168, 53, 223, 194, 4, 97, 1597 149, 156, 120, 137, 76, 33, 229, 243, 194, 208, 198, 202, 139, 28, 1598 114, 46, 224, 92, 254, 83, 100, 134, 158, 92, 70, 78, 61, 62, 138, 1599 24, 173, 216, 66, 198, 70, 254, 47, 59, 193, 53, 6, 139, 19, 153, 1600 253, 28, 199, 122, 160, 27, 67, 234, 209, 227, 139, 4, 50, 7, 178, 1601 183, 89, 252, 32, 128, 137, 55, 52, 29, 89, 12, 111, 42, 181, 51, 1602 170, 132, 132, 207, 170, 228, 254, 178, 213, 0, 136, 175, 8] 1604 The resulting Authentication Tag value is: 1606 [208, 113, 102, 132, 236, 236, 67, 223, 39, 53, 98, 99, 32, 121, 17, 1607 236] 1609 Encoding this JWE Ciphertext as BASE64URL(JWE Ciphertext) gives this 1610 value (with line breaks for display purposes only): 1612 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1613 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1614 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1615 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1616 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1617 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1618 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1619 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1620 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1621 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1622 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1623 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1624 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1625 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1626 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1627 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1628 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1629 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1630 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1631 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1632 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1633 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1634 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1635 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1636 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1637 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1638 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1639 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1640 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1641 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1642 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1643 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1644 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1645 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg 1647 Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication 1648 Tag) gives this value: 1650 0HFmhOzsQ98nNWJjIHkR7A 1652 C.9. Complete Representation 1654 Assemble the final representation: The JWE Compact Serialization of 1655 this result, as defined in Section 7.1 of [JWE], is the string 1656 BASE64URL(UTF8(JWE Protected Header)) || '.' || BASE64URL(JWE 1657 Encrypted Key) || '.' || BASE64URL(JWE Initialization Vector) || '.' 1658 || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE Authentication 1659 Tag). 1661 The final result in this example is: 1663 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1664 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1665 andrK2pzb24ifQ. 1666 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA. 1667 Ye9j1qs22DmRSAddIh-VnA. 1668 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1669 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1670 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1671 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1672 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1673 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1674 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1675 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1676 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1677 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1678 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1679 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1680 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1681 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1682 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1683 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1684 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1685 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1686 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1687 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1688 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1689 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1690 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1691 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1692 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1693 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1694 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1695 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1696 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1697 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1698 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1699 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1700 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1701 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg. 1702 0HFmhOzsQ98nNWJjIHkR7A 1704 Appendix D. Acknowledgements 1706 A JSON representation for RSA public keys was previously introduced 1707 by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures 1709 [MagicSignatures]. 1711 Thanks to Matt Miller for creating the encrypted key example and to 1712 Edmund Jay and Brian Campbell for validating the example. 1714 This specification is the work of the JOSE Working Group, which 1715 includes dozens of active and dedicated participants. In particular, 1716 the following individuals contributed ideas, feedback, and wording 1717 that influenced this specification: 1719 Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de 1720 Medeiros, Stephen Farrell, Joe Hildebrand, Edmund Jay, Stephen Kent, 1721 Ben Laurie, James Manger, Matt Miller, Kathleen Moriarty, Chuck 1722 Mortimore, Tony Nadalin, Axel Nennker, John Panzer, Eric Rescorla, 1723 Pete Resnick, Nat Sakimura, Jim Schaad, Ryan Sleevi, Paul Tarjan, 1724 Hannes Tschofenig, and Sean Turner. 1726 Jim Schaad and Karen O'Donoghue chaired the JOSE working group and 1727 Sean Turner, Stephen Farrell, and Kathleen Moriarty served as 1728 Security area directors during the creation of this specification. 1730 Appendix E. Document History 1732 [[ to be removed by the RFC Editor before publication as an RFC ]] 1734 -37 1736 o Updated the TLS requirements language to only require 1737 implementations to support TLS when they support features using 1738 TLS. 1740 o Restricted algorithm names to using only ASCII characters. 1742 o Updated the example IANA registration request subject line. 1744 -36 1746 o Stated that if both "use" and "key_ops" are used, the information 1747 they convey MUST be consistent. 1749 o Clarified where white space and line breaks may occur in JSON 1750 objects by referencing Section 2 of RFC 7159. 1752 o Specified that registration reviews occur on the 1753 jose-reg-review@ietf.org mailing list. 1755 -35 1756 o Used real values for examples in the IANA Registration Templates. 1758 -34 1760 o Addressed IESG review comments by Pete Resnick, Stephen Farrell, 1761 and Richard Barnes. 1763 o Referenced RFC 4945 for PEM certificate delimiter syntax. 1765 -33 1767 o Addressed secdir review comments by Stephen Kent for which 1768 resolutions had mistakenly been omitted in the previous draft. 1770 o Acknowledged additional contributors. 1772 -32 1774 o Addressed Gen-ART review comments by Russ Housley. 1776 o Addressed secdir review comments by Stephen Kent. 1778 -31 1780 o No changes were made, other than to the version number and date. 1782 -30 1784 o Added references and cleaned up the reference syntax in a few 1785 places. 1787 o Applied minor wording changes to the Security Considerations 1788 section. 1790 -29 1792 o Replaced the terms JWS Header, JWE Header, and JWT Header with a 1793 single JOSE Header term defined in the JWS specification. This 1794 also enabled a single Header Parameter definition to be used and 1795 reduced other areas of duplication between specifications. 1797 -28 1799 o Revised the introduction to the Security Considerations section. 1801 o Refined the text about when applications using encrypted JWKs and 1802 JWK Sets would not need to use the "cty" header parameter. 1804 -27 1806 o Added an example JWK early in the draft. 1808 o Described additional security considerations. 1810 o Added the "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) JWK 1811 member. 1813 o Addressed a few editorial issues. 1815 -26 1817 o Referenced Section 6 of RFC 6125 for TLS server certificate 1818 identity validation. 1820 o Deleted misleading non-normative phrase from the "use" 1821 description. 1823 o Noted that octet sequences are depicted using JSON array notation. 1825 o Updated references, including to W3C specifications. 1827 -25 1829 o Updated WebCrypto reference to refer to W3C Last Call draft. 1831 -24 1833 o Corrected the authentication tag value in the encrypted key 1834 example. 1836 o Updated the JSON reference to RFC 7159. 1838 -23 1840 o No changes were made, other than to the version number and date. 1842 -22 1844 o Corrected RFC 2119 terminology usage. 1846 o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158. 1848 -21 1850 o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey" 1851 and "unwrapKey" to match the "KeyUsage" values defined in the 1852 current Web Cryptography API [WebCrypto] editor's draft. 1854 o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt 1855 Input), where the "p2s" Header Parameter encodes the Salt Input 1856 value and Alg is the "alg" Header Parameter value. 1858 o Changed some references from being normative to informative, 1859 addressing issue #90. 1861 -20 1863 o Renamed "use_details" to "key_ops" (key operations). 1865 o Clarified that "use" is meant for public key use cases, "key_ops" 1866 is meant for use cases in which public, private, or symmetric keys 1867 may be present, and that "use" and "key_ops" should not be used 1868 together. 1870 o Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis, 1871 addressing issue #90. 1873 -19 1875 o Added optional "use_details" (key use details) JWK member. 1877 o Reordered the key selection parameters. 1879 -18 1881 o Changes to address editorial and minor issues #68, #69, #73, #74, 1882 #76, #77, #78, #79, #82, #85, #89, and #135. 1884 o Added and used Description registry fields. 1886 -17 1888 o Refined the "typ" and "cty" definitions to always be MIME Media 1889 Types, with the omission of "application/" prefixes recommended 1890 for brevity, addressing issue #50. 1892 o Added an example encrypting an RSA private key with 1893 "PBES2-HS256+A128KW" and "A128CBC-HS256". Thanks to Matt Miller 1894 for producing this! 1896 o Processing rules occurring in both JWS and JWK are now referenced 1897 in JWS by JWK, rather than duplicated, addressing issue #57. 1899 o Terms used in multiple documents are now defined in one place and 1900 incorporated by reference. Some lightly used or obvious terms 1901 were also removed. This addresses issue #58. 1903 -16 1905 o Changes to address editorial and minor issues #41, #42, #43, #47, 1906 #51, #67, #71, #76, #80, #83, #84, #85, #86, #87, and #88. 1908 -15 1910 o Changes to address editorial issues #48, #64, #65, #66, and #91. 1912 -14 1914 o Relaxed language introducing key parameters since some parameters 1915 are applicable to multiple, but not all, key types. 1917 -13 1919 o Applied spelling and grammar corrections. 1921 -12 1923 o Stated that recipients MUST either reject JWKs and JWK Sets with 1924 duplicate member names or use a JSON parser that returns only the 1925 lexically last duplicate member name. 1927 -11 1929 o Stated that when "kid" values are used within a JWK Set, different 1930 keys within the JWK Set SHOULD use distinct "kid" values. 1932 o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate 1933 Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters. 1935 o Added section on Encrypted JWK and Encrypted JWK Set Formats. 1937 o Added a Parameter Information Class value to the JSON Web Key 1938 Parameters registry, which registers whether the parameter conveys 1939 public or private information. 1941 o Registered "application/jwk+json" and "application/jwk-set+json" 1942 MIME types and "JWK" and "JWK-SET" typ header parameter values, 1943 addressing issue #21. 1945 -10 1946 o No changes were made, other than to the version number and date. 1948 -09 1950 o Expanded the scope of the JWK specification to include private and 1951 symmetric key representations, as specified by 1952 draft-jones-jose-json-private-and-symmetric-key-00. 1954 o Defined that members that are not understood must be ignored. 1956 -08 1958 o Changed the name of the JWK key type parameter from "alg" to "kty" 1959 to enable use of "alg" to indicate the particular algorithm that 1960 the key is intended to be used with. 1962 o Clarified statements of the form "This member is OPTIONAL" to "Use 1963 of this member is OPTIONAL". 1965 o Referenced String Comparison Rules in JWS. 1967 o Added seriesInfo information to Internet Draft references. 1969 -07 1971 o Changed the name of the JWK RSA modulus parameter from "mod" to 1972 "n" and the name of the JWK RSA exponent parameter from "xpo" to 1973 "e", so that the identifiers are the same as those used in RFC 1974 3447. 1976 -06 1978 o Changed the name of the JWK RSA exponent parameter from "exp" to 1979 "xpo" so as to allow the potential use of the name "exp" for a 1980 future extension that might define an expiration parameter for 1981 keys. (The "exp" name is already used for this purpose in the JWT 1982 specification.) 1984 o Clarify that the "alg" (algorithm family) member is REQUIRED. 1986 o Correct an instance of "JWK" that should have been "JWK Set". 1988 o Applied changes made by the RFC Editor to RFC 6749's registry 1989 language to this specification. 1991 -05 1992 o Indented artwork elements to better distinguish them from the body 1993 text. 1995 -04 1997 o Refer to the registries as the primary sources of defined values 1998 and then secondarily reference the sections defining the initial 1999 contents of the registries. 2001 o Normatively reference XML DSIG 2.0 for its security 2002 considerations. 2004 o Added this language to Registration Templates: "This name is case 2005 sensitive. Names that match other registered names in a case 2006 insensitive manner SHOULD NOT be accepted." 2008 o Described additional open issues. 2010 o Applied editorial suggestions. 2012 -03 2014 o Clarified that "kid" values need not be unique within a JWK Set. 2016 o Moved JSON Web Key Parameters registry to the JWK specification. 2018 o Added "Collision Resistant Namespace" to the terminology section. 2020 o Changed registration requirements from RFC Required to 2021 Specification Required with Expert Review. 2023 o Added Registration Template sections for defined registries. 2025 o Added Registry Contents sections to populate registry values. 2027 o Numerous editorial improvements. 2029 -02 2031 o Simplified JWK terminology to get replace the "JWK Key Object" and 2032 "JWK Container Object" terms with simply "JSON Web Key (JWK)" and 2033 "JSON Web Key Set (JWK Set)" and to eliminate potential confusion 2034 between single keys and sets of keys. As part of this change, the 2035 top-level member name for a set of keys was changed from "jwk" to 2036 "keys". 2038 o Clarified that values with duplicate member names MUST be 2039 rejected. 2041 o Established JSON Web Key Set Parameters registry. 2043 o Explicitly listed non-goals in the introduction. 2045 o Moved algorithm-specific definitions from JWK to JWA. 2047 o Reformatted to give each member definition its own section 2048 heading. 2050 -01 2052 o Corrected the Magic Signatures reference. 2054 -00 2056 o Created the initial IETF draft based upon 2057 draft-jones-json-web-key-03 with no normative changes. 2059 Author's Address 2061 Michael B. Jones 2062 Microsoft 2064 Email: mbj@microsoft.com 2065 URI: http://self-issued.info/