idnits 2.17.1 draft-ietf-jose-json-web-key-40.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 13, 2015) is 3385 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ECMAScript' -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.X690.1994' ** Obsolete normative reference: RFC 2818 (Obsoleted by RFC 9110) ** Downref: Normative reference to an Informational RFC: RFC 4949 ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 6125 (Obsoleted by RFC 9525) ** Obsolete normative reference: RFC 7159 (Obsoleted by RFC 8259) -- Possible downref: Non-RFC (?) normative reference: ref. 'UNICODE' -- Obsolete informational reference (is this intentional?): RFC 3447 (Obsoleted by RFC 8017) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 5 errors (**), 0 flaws (~~), 1 warning (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 JOSE Working Group M. Jones 3 Internet-Draft Microsoft 4 Intended status: Standards Track January 13, 2015 5 Expires: July 17, 2015 7 JSON Web Key (JWK) 8 draft-ietf-jose-json-web-key-40 10 Abstract 12 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data 13 structure that represents a cryptographic key. This specification 14 also defines a JSON Web Key Set (JWK Set) JSON data structure that 15 represents a set of JWKs. Cryptographic algorithms and identifiers 16 for use with this specification are described in the separate JSON 17 Web Algorithms (JWA) specification and IANA registries defined by 18 that specification. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on July 17, 2015. 37 Copyright Notice 39 Copyright (c) 2015 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 4 56 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. Example JWK . . . . . . . . . . . . . . . . . . . . . . . . . 5 58 4. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 5 59 4.1. "kty" (Key Type) Parameter . . . . . . . . . . . . . . . . 6 60 4.2. "use" (Public Key Use) Parameter . . . . . . . . . . . . . 6 61 4.3. "key_ops" (Key Operations) Parameter . . . . . . . . . . . 7 62 4.4. "alg" (Algorithm) Parameter . . . . . . . . . . . . . . . 8 63 4.5. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 8 64 4.6. "x5u" (X.509 URL) Parameter . . . . . . . . . . . . . . . 8 65 4.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 9 66 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 9 67 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) 68 Parameter . . . . . . . . . . . . . . . . . . . . . . . . 10 69 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 10 70 5.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 11 71 6. String Comparison Rules . . . . . . . . . . . . . . . . . . . 11 72 7. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 11 73 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 74 8.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 13 75 8.1.1. Registration Template . . . . . . . . . . . . . . . . 13 76 8.1.2. Initial Registry Contents . . . . . . . . . . . . . . 14 77 8.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 15 78 8.2.1. Registration Template . . . . . . . . . . . . . . . . 15 79 8.2.2. Initial Registry Contents . . . . . . . . . . . . . . 16 80 8.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 16 81 8.3.1. Registration Template . . . . . . . . . . . . . . . . 16 82 8.3.2. Initial Registry Contents . . . . . . . . . . . . . . 17 83 8.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 18 84 8.4.1. Registration Template . . . . . . . . . . . . . . . . 18 85 8.4.2. Initial Registry Contents . . . . . . . . . . . . . . 19 86 8.5. Media Type Registration . . . . . . . . . . . . . . . . . 19 87 8.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 19 88 9. Security Considerations . . . . . . . . . . . . . . . . . . . 20 89 9.1. Key Provenance and Trust . . . . . . . . . . . . . . . . . 20 90 9.2. Preventing Disclosure of Non-Public Key Information . . . 21 91 9.3. RSA Private Key Representations and Blinding . . . . . . . 21 92 9.4. Key Entropy and Random Values . . . . . . . . . . . . . . 21 93 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 22 94 10.1. Normative References . . . . . . . . . . . . . . . . . . . 22 95 10.2. Informative References . . . . . . . . . . . . . . . . . . 23 97 Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 24 98 A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 24 99 A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 25 100 A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 27 101 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) 102 Parameter . . . . . . . . . . . . . . . . . . . . . . 27 103 Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 28 104 C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 29 105 C.2. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . 32 106 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 32 107 C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 33 108 C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 33 109 C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 33 110 C.7. Additional Authenticated Data . . . . . . . . . . . . . . 34 111 C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 34 112 C.9. Complete Representation . . . . . . . . . . . . . . . . . 37 113 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 39 114 Appendix E. Document History . . . . . . . . . . . . . . . . . . 39 115 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 46 117 1. Introduction 119 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7159] 120 data structure that represents a cryptographic key. This 121 specification also defines a JSON Web Key Set (JWK Set) JSON data 122 structure that represents a set of JWKs. Cryptographic algorithms 123 and identifiers for use with this specification are described in the 124 separate JSON Web Algorithms (JWA) [JWA] specification and IANA 125 registries defined by that specification. 127 Goals for this specification do not include representing new kinds of 128 certificate chains, representing new kinds of certified keys, or 129 replacing X.509 certificates. 131 JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and 132 JSON Web Encryption (JWE) [JWE] specifications. 134 Names defined by this specification are short because a core goal is 135 for the resulting representations to be compact. 137 1.1. Notational Conventions 139 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 140 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 141 "OPTIONAL" in this document are to be interpreted as described in Key 142 words for use in RFCs to Indicate Requirement Levels [RFC2119]. If 143 these words are used without being spelled in uppercase then they are 144 to be interpreted with their normal natural language meanings. 146 BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per 147 Section 2 of [JWS]. 149 UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation 150 of STRING, where STRING is a sequence of zero or more Unicode 151 [UNICODE] characters. 153 ASCII(STRING) denotes the octets of the ASCII [RFC20] representation 154 of STRING, where STRING is a sequence of zero or more ASCII 155 characters. 157 The concatenation of two values A and B is denoted as A || B. 159 2. Terminology 161 These terms defined by the JSON Web Signature (JWS) [JWS] 162 specification are incorporated into this specification: "Base64url 163 Encoding", "Collision-Resistant Name", "Header Parameter", and "JOSE 164 Header". 166 These terms defined by the Internet Security Glossary, Version 2 167 [RFC4949] are incorporated into this specification: "Ciphertext", 168 "Digital Signature", "Message Authentication Code (MAC)", and 169 "Plaintext". 171 These terms are defined by this specification: 173 JSON Web Key (JWK) 174 A JSON object that represents a cryptographic key. The members of 175 the object represent properties of the key, including its value. 177 JSON Web Key Set (JWK Set) 178 A JSON object that represents a set of JWKs. The JSON object MUST 179 have a "keys" member, which is an array of JWKs. 181 3. Example JWK 183 This section provides an example of a JWK. The following example JWK 184 declares that the key is an Elliptic Curve [DSS] key, it is used with 185 the P-256 Elliptic Curve, and its x and y coordinates are the 186 base64url encoded values shown. A key identifier is also provided 187 for the key. 189 {"kty":"EC", 190 "crv":"P-256", 191 "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", 192 "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", 193 "kid":"Public key used in JWS A.3 example" 194 } 196 Additional example JWK values can be found in Appendix A. 198 4. JSON Web Key (JWK) Format 200 A JSON Web Key (JWK) is a JSON object that represents a cryptographic 201 key. The members of the object represent properties of the key, 202 including its value. This JSON object MAY contain white space and/or 203 line breaks before or after any JSON values or structural characters, 204 in accordance with Section 2 of RFC 7159 [RFC7159]. This document 205 defines the key parameters that are not algorithm specific, and thus 206 common to many keys. 208 In addition to the common parameters, each JWK will have members that 209 are key type-specific. These members represent the parameters of the 210 key. Section 6 of the JSON Web Algorithms (JWA) [JWA] specification 211 defines multiple kinds of cryptographic keys and their associated 212 members. 214 The member names within a JWK MUST be unique; JWK parsers MUST either 215 reject JWKs with duplicate member names or use a JSON parser that 216 returns only the lexically last duplicate member name, as specified 217 in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. 219 Additional members can be present in the JWK; if not understood by 220 implementations encountering them, they MUST be ignored. Member 221 names used for representing key parameters for different keys types 222 need not be distinct. Any new member name should either be 223 registered in the IANA JSON Web Key Parameters registry defined in 224 Section 8.1 or be a value that contains a Collision-Resistant Name. 226 4.1. "kty" (Key Type) Parameter 228 The "kty" (key type) member identifies the cryptographic algorithm 229 family used with the key, such as "RSA" or "EC". "kty" values should 230 either be registered in the IANA JSON Web Key Types registry defined 231 in [JWA] or be a value that contains a Collision-Resistant Name. The 232 "kty" value is a case-sensitive string. This member MUST be present 233 in a JWK. 235 A list of defined "kty" values can be found in the IANA JSON Web Key 236 Types registry defined in [JWA]; the initial contents of this 237 registry are the values defined in Section 6.1 of the JSON Web 238 Algorithms (JWA) [JWA] specification. 240 The key type definitions include specification of the members to be 241 used for those key types. Additional members used with "kty" values 242 can also be found in the IANA JSON Web Key Parameters registry 243 defined in Section 8.1. 245 4.2. "use" (Public Key Use) Parameter 247 The "use" (public key use) member identifies the intended use of the 248 public key. The "use" parameter is employed to indicate whether a 249 public key is used for encrypting data or verifying the signature on 250 data. 252 Values defined by this specification are: 254 o "sig" (signature) 255 o "enc" (encryption) 257 Other values MAY be used. The "use" value is a case-sensitive 258 string. Use of the "use" member is OPTIONAL, unless the application 259 requires its presence. 261 When a key is used to wrap another key and a Public Key Use 262 designation for the first key is desired, the "enc" (encryption) key 263 use value is used, since key wrapping is a kind of encryption. The 264 "enc" value is also be used for public keys used for key agreement 265 operations. 267 Additional Public Key Use values can be registered in the IANA JSON 268 Web Key Use registry defined in Section 8.2. Registering any 269 extension values used is highly recommended when this specification 270 is used in open environments, in which multiple organizations need to 271 have a common understanding of any extensions used. However, 272 unregistered extension values can be used in closed environments, in 273 which the producing and consuming organization will always be the 274 same. 276 4.3. "key_ops" (Key Operations) Parameter 278 The "key_ops" (key operations) member identifies the operation(s) 279 that the key is intended to be used for. The "key_ops" parameter is 280 intended for use cases in which public, private, or symmetric keys 281 may be present. 283 Its value is an array of key operation values. Values defined by 284 this specification are: 286 o "sign" (compute digital signature or MAC) 287 o "verify" (verify digital signature or MAC) 288 o "encrypt" (encrypt content) 289 o "decrypt" (decrypt content and validate decryption, if applicable) 290 o "wrapKey" (encrypt key) 291 o "unwrapKey" (decrypt key and validate decryption, if applicable) 292 o "deriveKey" (derive key) 293 o "deriveBits" (derive bits not to be used as a key) 295 (Note that the "key_ops" values intentionally match the "KeyUsage" 296 values defined in the Web Cryptography API 297 [W3C.CR-WebCryptoAPI-20141211] specification.) 299 Other values MAY be used. The key operation values are case- 300 sensitive strings. Duplicate key operation values MUST NOT be 301 present in the array. Use of the "key_ops" member is OPTIONAL, 302 unless the application requires its presence. 304 Multiple unrelated key operations SHOULD NOT be specified for a key 305 because of the potential vulnerabilities associated with using the 306 same key with multiple algorithms. Thus, the combinations "sign" 307 with "verify", "encrypt" with "decrypt", and "wrapKey" with 308 "unwrapKey" are permitted, but other combinations SHOULD NOT be used. 310 Additional Key Operations values can be registered in the IANA JSON 311 Web Key Operations registry defined in Section 8.3. The same 312 considerations about registering extension values apply to the 313 "key_ops" member as do for the "use" member. 315 The "use" and "key_ops" JWK members SHOULD NOT be used together; 316 however, if both are used, the information they convey MUST be 317 consistent. Applications should specify which of these members they 318 use, if either is to be used by the application. 320 4.4. "alg" (Algorithm) Parameter 322 The "alg" (algorithm) member identifies the algorithm intended for 323 use with the key. The values used should either be registered in the 324 IANA JSON Web Signature and Encryption Algorithms registry defined in 325 [JWA] or be a value that contains a Collision-Resistant Name. The 326 "alg" value is a case-sensitive ASCII string. Use of this member is 327 OPTIONAL. 329 4.5. "kid" (Key ID) Parameter 331 The "kid" (key ID) member is used to match a specific key. This is 332 used, for instance, to choose among a set of keys within a JWK Set 333 during key rollover. The structure of the "kid" value is 334 unspecified. When "kid" values are used within a JWK Set, different 335 keys within the JWK Set SHOULD use distinct "kid" values. (One 336 example in which different keys might use the same "kid" value is if 337 they have different "kty" (key type) values but are considered to be 338 equivalent alternatives by the application using them.) The "kid" 339 value is a case-sensitive string. Use of this member is OPTIONAL. 341 When used with JWS or JWE, the "kid" value is used to match a JWS or 342 JWE "kid" Header Parameter value. 344 4.6. "x5u" (X.509 URL) Parameter 346 The "x5u" (X.509 URL) member is a URI [RFC3986] that refers to a 347 resource for an X.509 public key certificate or certificate chain 348 [RFC5280]. The identified resource MUST provide a representation of 349 the certificate or certificate chain that conforms to RFC 5280 350 [RFC5280] in PEM encoded form, with each certificate delimited as 351 specified in Section 6.1 of RFC 4945 [RFC4945]. The key in the first 352 certificate MUST match the public key represented by other members of 353 the JWK. The protocol used to acquire the resource MUST provide 354 integrity protection; an HTTP GET request to retrieve the certificate 355 MUST use TLS [RFC2818, RFC5246]; the identity of the server MUST be 356 validated, as per Section 6 of RFC 6125 [RFC6125]. Use of this 357 member is OPTIONAL. 359 While there is no requirement that optional JWK members providing key 360 usage, algorithm, or other information be present when the "x5u" 361 member is used, doing so may improve interoperability for 362 applications that do not handle PKIX certificates. If other members 363 are present, the contents of those members MUST be semantically 364 consistent with the related fields in the first certificate. For 365 instance, if the "use" member is present, then it MUST correspond to 366 the usage that is specified in the certificate, when it includes this 367 information. Similarly, if the "alg" member is present, it MUST 368 correspond to the algorithm specified in the certificate. 370 4.7. "x5c" (X.509 Certificate Chain) Parameter 372 The "x5c" (X.509 Certificate Chain) member contains a chain of one or 373 more PKIX certificates [RFC5280]. The certificate chain is 374 represented as a JSON array of certificate value strings. Each 375 string in the array is a base64 encoded ([RFC4648] Section 4 -- not 376 base64url encoded) DER [ITU.X690.1994] PKIX certificate value. The 377 PKIX certificate containing the key value MUST be the first 378 certificate. This MAY be followed by additional certificates, with 379 each subsequent certificate being the one used to certify the 380 previous one. The key in the first certificate MUST match the public 381 key represented by other members of the JWK. Use of this member is 382 OPTIONAL. 384 As with the "x5u" member, optional JWK members providing key usage, 385 algorithm, or other information MAY also be present when the "x5c" 386 member is used. If other members are present, the contents of those 387 members MUST be semantically consistent with the related fields in 388 the first certificate. See the last paragraph of Section 4.6 for 389 additional guidance on this. 391 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter 393 The "x5t" (X.509 Certificate SHA-1 Thumbprint) member is a base64url 394 encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an 395 X.509 certificate [RFC5280]. Note that certificate thumbprints are 396 also sometimes known as certificate fingerprints. The key in the 397 certificate MUST match the public key represented by other members of 398 the JWK. Use of this member is OPTIONAL. 400 As with the "x5u" member, optional JWK members providing key usage, 401 algorithm, or other information MAY also be present when the "x5t" 402 member is used. If other members are present, the contents of those 403 members MUST be semantically consistent with the related fields in 404 the referenced certificate. See the last paragraph of Section 4.6 405 for additional guidance on this. 407 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter 409 The "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) member is a 410 base64url encoded SHA-256 thumbprint (a.k.a. digest) of the DER 411 encoding of an X.509 certificate [RFC5280]. Note that certificate 412 thumbprints are also sometimes known as certificate fingerprints. 413 The key in the certificate MUST match the public key represented by 414 other members of the JWK. Use of this member is OPTIONAL. 416 As with the "x5u" member, optional JWK members providing key usage, 417 algorithm, or other information MAY also be present when the 418 "x5t#S256" member is used. If other members are present, the 419 contents of those members MUST be semantically consistent with the 420 related fields in the referenced certificate. See the last paragraph 421 of Section 4.6 for additional guidance on this. 423 5. JSON Web Key Set (JWK Set) Format 425 A JSON Web Key Set (JWK Set) is a JSON object that represents a set 426 of JWKs. The JSON object MUST have a "keys" member, with its value 427 being an array of JWKs. This JSON object MAY contain white space 428 and/or line breaks. 430 The member names within a JWK Set MUST be unique; JWK Set parsers 431 MUST either reject JWK Sets with duplicate member names or use a JSON 432 parser that returns only the lexically last duplicate member name, as 433 specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 434 [ECMAScript]. 436 Additional members can be present in the JWK Set; if not understood 437 by implementations encountering them, they MUST be ignored. 438 Parameters for representing additional properties of JWK Sets should 439 either be registered in the IANA JSON Web Key Set Parameters registry 440 defined in Section 8.4 or be a value that contains a Collision- 441 Resistant Name. 443 Implementations SHOULD ignore JWKs within a JWK Set that use "kty" 444 (key type) values that are not understood by them, are missing 445 required members, or for which values are out of the supported 446 ranges. 448 5.1. "keys" Parameter 450 The value of the "keys" member is an array of JWK values. By 451 default, the order of the JWK values within the array does not imply 452 an order of preference among them, although applications of JWK Sets 453 can choose to assign a meaning to the order for their purposes, if 454 desired. 456 6. String Comparison Rules 458 The string comparison rules for this specification are the same as 459 those defined in Section 5.3 of [JWS]. 461 7. Encrypted JWK and Encrypted JWK Set Formats 463 Access to JWKs containing non-public key material by parties without 464 legitimate access to the non-public information MUST be prevented. 465 This can be accomplished by encrypting the JWK when potentially 466 observable by such parties to prevent the disclosure of private or 467 symmetric key values. The use of an Encrypted JWK, which is a JWE 468 with the UTF-8 encoding of a JWK as its plaintext value, is 469 recommended for this purpose. The processing of Encrypted JWKs is 470 identical to the processing of other JWEs. A "cty" (content type) 471 Header Parameter value of "jwk+json" MUST be used to indicate that 472 the content of the JWE is a JWK, unless the application knows that 473 the encrypted content is a JWK by another means or convention, in 474 which case the "cty" value would typically be omitted. 476 JWK Sets containing non-public key material will also need to be 477 encrypted under these circumstances. The use of an Encrypted JWK 478 Set, which is a JWE with the UTF-8 encoding of a JWK Set as its 479 plaintext value, is recommended for this purpose. The processing of 480 Encrypted JWK Sets is identical to the processing of other JWEs. A 481 "cty" (content type) Header Parameter value of "jwk-set+json" MUST be 482 used to indicate that the content of the JWE is a JWK Set, unless the 483 application knows that the encrypted content is a JWK Set by another 484 means or convention, in which case the "cty" value would typically be 485 omitted. 487 See Appendix C for an example encrypted JWK. 489 8. IANA Considerations 491 The following registration procedure is used for all the registries 492 established by this specification. 494 Values are registered on a Specification Required [RFC5226] basis 495 after a three-week review period on the jose-reg-review@ietf.org 496 mailing list, on the advice of one or more Designated Experts. 497 However, to allow for the allocation of values prior to publication, 498 the Designated Expert(s) may approve registration once they are 499 satisfied that such a specification will be published. 501 Registration requests must be sent to the jose-reg-review@ietf.org 502 mailing list for review and comment, with an appropriate subject 503 (e.g., "Request to register JWK parameter: example"). 505 Within the review period, the Designated Expert(s) will either 506 approve or deny the registration request, communicating this decision 507 to the review list and IANA. Denials should include an explanation 508 and, if applicable, suggestions as to how to make the request 509 successful. Registration requests that are undetermined for a period 510 longer than 21 days can be brought to the IESG's attention (using the 511 iesg@ietf.org mailing list) for resolution. 513 Criteria that should be applied by the Designated Expert(s) includes 514 determining whether the proposed registration duplicates existing 515 functionality, determining whether it is likely to be of general 516 applicability or whether it is useful only for a single application, 517 and whether the registration description is clear. 519 IANA must only accept registry updates from the Designated Expert(s) 520 and should direct all requests for registration to the review mailing 521 list. 523 It is suggested that multiple Designated Experts be appointed who are 524 able to represent the perspectives of different applications using 525 this specification, in order to enable broadly-informed review of 526 registration decisions. In cases where a registration decision could 527 be perceived as creating a conflict of interest for a particular 528 Expert, that Expert should defer to the judgment of the other 529 Expert(s). 531 [[ Note to the RFC Editor and IANA: Pearl Liang of ICANN had 532 requested that the draft supply the following proposed registry 533 description information. It is to be used for all registries 534 established by this specification. 536 o Protocol Category: JSON Object Signing and Encryption (JOSE) 538 o Registry Location: http://www.iana.org/assignments/jose 540 o Webpage Title: (same as the protocol category) 541 o Registry Name: (same as the section title, but excluding the word 542 "Registry", for example "JSON Web Key Parameters") 544 ]] 546 8.1. JSON Web Key Parameters Registry 548 This specification establishes the IANA JSON Web Key Parameters 549 registry for JWK parameter names. The registry records the parameter 550 name, the key type(s) that the parameter is used with, and a 551 reference to the specification that defines it. It also records 552 whether the parameter conveys public or private information. This 553 specification registers the parameter names defined in Section 4. 554 The same JWK parameter name may be registered multiple times, 555 provided that duplicate parameter registrations are only for key type 556 specific JWK parameters; in this case, the meaning of the duplicate 557 parameter name is disambiguated by the "kty" value of the JWK 558 containing it. 560 8.1.1. Registration Template 562 Parameter Name: 563 The name requested (e.g., "kid"). Because a core goal of this 564 specification is for the resulting representations to be compact, 565 it is RECOMMENDED that the name be short -- not to exceed 8 566 characters without a compelling reason to do so. This name is 567 case-sensitive. Names may not match other registered names in a 568 case-insensitive manner unless the Designated Expert(s) state that 569 there is a compelling reason to allow an exception in this 570 particular case. However, matching names may be registered, 571 provided that the accompanying sets of "kty" values that the 572 Parameter Name is used with are disjoint; for the purposes of 573 matching "kty" values, "*" matches all values. 575 Parameter Description: 576 Brief description of the parameter (e.g., "Key ID"). 578 Used with "kty" Value(s): 579 The key type parameter value(s) that the parameter name is to be 580 used with, or the value "*" if the parameter value is used with 581 all key types. Values may not match other registered "kty" values 582 in a case-insensitive manner when the registered Parameter Name is 583 the same (including when the Parameter Name matches in a case- 584 insensitive manner) unless the Designated Expert(s) state that 585 there is a compelling reason to allow an exception in this 586 particular case. 588 Parameter Information Class: 589 Registers whether the parameter conveys public or private 590 information. Its value must be one the words Public or Private. 592 Change Controller: 593 For Standards Track RFCs, state "IESG". For others, give the name 594 of the responsible party. Other details (e.g., postal address, 595 email address, home page URI) may also be included. 597 Specification Document(s): 598 Reference to the document(s) that specify the parameter, 599 preferably including URI(s) that can be used to retrieve copies of 600 the document(s). An indication of the relevant sections may also 601 be included but is not required. 603 8.1.2. Initial Registry Contents 605 o Parameter Name: "kty" 606 o Parameter Description: Key Type 607 o Used with "kty" Value(s): * 608 o Parameter Information Class: Public 609 o Change Controller: IESG 610 o Specification Document(s): Section 4.1 of [[ this document ]] 612 o Parameter Name: "use" 613 o Parameter Description: Public Key Use 614 o Used with "kty" Value(s): * 615 o Parameter Information Class: Public 616 o Change Controller: IESG 617 o Specification Document(s): Section 4.2 of [[ this document ]] 619 o Parameter Name: "key_ops" 620 o Parameter Description: Key Operations 621 o Used with "kty" Value(s): * 622 o Parameter Information Class: Public 623 o Change Controller: IESG 624 o Specification Document(s): Section 4.3 of [[ this document ]] 626 o Parameter Name: "alg" 627 o Parameter Description: Algorithm 628 o Used with "kty" Value(s): * 629 o Parameter Information Class: Public 630 o Change Controller: IESG 631 o Specification Document(s): Section 4.4 of [[ this document ]] 633 o Parameter Name: "kid" 634 o Parameter Description: Key ID 635 o Used with "kty" Value(s): * 636 o Parameter Information Class: Public 637 o Change Controller: IESG 638 o Specification Document(s): Section 4.5 of [[ this document ]] 640 o Parameter Name: "x5u" 641 o Parameter Description: X.509 URL 642 o Used with "kty" Value(s): * 643 o Parameter Information Class: Public 644 o Change Controller: IESG 645 o Specification Document(s): Section 4.6 of [[ this document ]] 647 o Parameter Name: "x5c" 648 o Parameter Description: X.509 Certificate Chain 649 o Used with "kty" Value(s): * 650 o Parameter Information Class: Public 651 o Change Controller: IESG 652 o Specification Document(s): Section 4.7 of [[ this document ]] 654 o Parameter Name: "x5t" 655 o Parameter Description: X.509 Certificate SHA-1 Thumbprint 656 o Used with "kty" Value(s): * 657 o Parameter Information Class: Public 658 o Change Controller: IESG 659 o Specification Document(s): Section 4.8 of [[ this document ]] 661 o Parameter Name: "x5t#S256" 662 o Parameter Description: X.509 Certificate SHA-256 Thumbprint 663 o Used with "kty" Value(s): * 664 o Parameter Information Class: Public 665 o Change Controller: IESG 666 o Specification Document(s): Section 4.9 of [[ this document ]] 668 8.2. JSON Web Key Use Registry 670 This specification establishes the IANA JSON Web Key Use registry for 671 JWK "use" (public key use) member values. The registry records the 672 public key use value and a reference to the specification that 673 defines it. This specification registers the parameter names defined 674 in Section 4.2. 676 8.2.1. Registration Template 677 Use Member Value: 678 The name requested (e.g., "sig"). Because a core goal of this 679 specification is for the resulting representations to be compact, 680 it is RECOMMENDED that the name be short -- not to exceed 8 681 characters without a compelling reason to do so. This name is 682 case-sensitive. Names may not match other registered names in a 683 case-insensitive manner unless the Designated Expert(s) state that 684 there is a compelling reason to allow an exception in this 685 particular case. 687 Use Description: 688 Brief description of the use (e.g., "Digital Signature or MAC"). 690 Change Controller: 691 For Standards Track RFCs, state "IESG". For others, give the name 692 of the responsible party. Other details (e.g., postal address, 693 email address, home page URI) may also be included. 695 Specification Document(s): 696 Reference to the document(s) that specify the parameter, 697 preferably including URI(s) that can be used to retrieve copies of 698 the document(s). An indication of the relevant sections may also 699 be included but is not required. 701 8.2.2. Initial Registry Contents 703 o Use Member Value: "sig" 704 o Use Description: Digital Signature or MAC 705 o Change Controller: IESG 706 o Specification Document(s): Section 4.2 of [[ this document ]] 708 o Use Member Value: "enc" 709 o Use Description: Encryption 710 o Change Controller: IESG 711 o Specification Document(s): Section 4.2 of [[ this document ]] 713 8.3. JSON Web Key Operations Registry 715 This specification establishes the IANA JSON Web Key Operations 716 registry for values of JWK "key_ops" array elements. The registry 717 records the key operation value and a reference to the specification 718 that defines it. This specification registers the parameter names 719 defined in Section 4.3. 721 8.3.1. Registration Template 722 Key Operation Value: 723 The name requested (e.g., "sign"). Because a core goal of this 724 specification is for the resulting representations to be compact, 725 it is RECOMMENDED that the name be short -- not to exceed 8 726 characters without a compelling reason to do so. This name is 727 case-sensitive. Names may not match other registered names in a 728 case-insensitive manner unless the Designated Expert(s) state that 729 there is a compelling reason to allow an exception in this 730 particular case. 732 Key Operation Description: 733 Brief description of the key operation (e.g., "Compute digital 734 signature or MAC"). 736 Change Controller: 737 For Standards Track RFCs, state "IESG". For others, give the name 738 of the responsible party. Other details (e.g., postal address, 739 email address, home page URI) may also be included. 741 Specification Document(s): 742 Reference to the document(s) that specify the parameter, 743 preferably including URI(s) that can be used to retrieve copies of 744 the document(s). An indication of the relevant sections may also 745 be included but is not required. 747 8.3.2. Initial Registry Contents 749 o Key Operation Value: "sign" 750 o Key Operation Description: Compute digital signature or MAC 751 o Change Controller: IESG 752 o Specification Document(s): Section 4.3 of [[ this document ]] 754 o Key Operation Value: "verify" 755 o Key Operation Description: Verify digital signature or MAC 756 o Change Controller: IESG 757 o Specification Document(s): Section 4.3 of [[ this document ]] 759 o Key Operation Value: "encrypt" 760 o Key Operation Description: Encrypt content 761 o Change Controller: IESG 762 o Specification Document(s): Section 4.3 of [[ this document ]] 764 o Key Operation Value: "decrypt" 765 o Key Operation Description: Decrypt content and validate 766 decryption, if applicable 767 o Change Controller: IESG 768 o Specification Document(s): Section 4.3 of [[ this document ]] 770 o Key Operation Value: "wrapKey" 771 o Key Operation Description: Encrypt key 772 o Change Controller: IESG 773 o Specification Document(s): Section 4.3 of [[ this document ]] 775 o Key Operation Value: "unwrapKey" 776 o Key Operation Description: Decrypt key and validate decryption, if 777 applicable 778 o Change Controller: IESG 779 o Specification Document(s): Section 4.3 of [[ this document ]] 781 o Key Operation Value: "deriveKey" 782 o Key Operation Description: Derive key 783 o Change Controller: IESG 784 o Specification Document(s): Section 4.3 of [[ this document ]] 786 o Key Operation Value: "deriveBits" 787 o Key Operation Description: Derive bits not to be used as a key 788 o Change Controller: IESG 789 o Specification Document(s): Section 4.3 of [[ this document ]] 791 8.4. JSON Web Key Set Parameters Registry 793 This specification establishes the IANA JSON Web Key Set Parameters 794 registry for JWK Set parameter names. The registry records the 795 parameter name and a reference to the specification that defines it. 796 This specification registers the parameter names defined in 797 Section 5. 799 8.4.1. Registration Template 801 Parameter Name: 802 The name requested (e.g., "keys"). Because a core goal of this 803 specification is for the resulting representations to be compact, 804 it is RECOMMENDED that the name be short -- not to exceed 8 805 characters without a compelling reason to do so. This name is 806 case-sensitive. Names may not match other registered names in a 807 case-insensitive manner unless the Designated Expert(s) state that 808 there is a compelling reason to allow an exception in this 809 particular case. 811 Parameter Description: 812 Brief description of the parameter (e.g., "Array of JWK values"). 814 Change Controller: 815 For Standards Track RFCs, state "IESG". For others, give the name 816 of the responsible party. Other details (e.g., postal address, 817 email address, home page URI) may also be included. 819 Specification Document(s): 820 Reference to the document(s) that specify the parameter, 821 preferably including URI(s) that can be used to retrieve copies of 822 the document(s). An indication of the relevant sections may also 823 be included but is not required. 825 8.4.2. Initial Registry Contents 827 o Parameter Name: "keys" 828 o Parameter Description: Array of JWK values 829 o Change Controller: IESG 830 o Specification Document(s): Section 5.1 of [[ this document ]] 832 8.5. Media Type Registration 834 8.5.1. Registry Contents 836 This specification registers the "application/jwk+json" and 837 "application/jwk-set+json" Media Types [RFC2046] in the MIME Media 838 Types registry [IANA.MediaTypes] in the manner described in RFC 6838 839 [RFC6838], which can be used to indicate, respectively, that the 840 content is a JWK or a JWK Set. 842 o Type Name: application 843 o Subtype Name: jwk+json 844 o Required Parameters: n/a 845 o Optional Parameters: n/a 846 o Encoding considerations: 8bit; application/jwk+json values are 847 represented as JSON object; UTF-8 encoding SHOULD be employed for 848 the JSON object. 849 o Security Considerations: See the Security Considerations section 850 of [[ this document ]] 851 o Interoperability Considerations: n/a 852 o Published Specification: [[ this document ]] 853 o Applications that use this media type: OpenID Connect, Salesforce, 854 Google, Android, Windows Azure, W3C WebCrypto API, numerous others 855 o Fragment identifier considerations: n/a 856 o Additional Information: Magic number(s): n/a, File extension(s): 857 n/a, Macintosh file type code(s): n/a 858 o Person & email address to contact for further information: Michael 859 B. Jones, mbj@microsoft.com 861 o Intended Usage: COMMON 862 o Restrictions on Usage: none 863 o Author: Michael B. Jones, mbj@microsoft.com 864 o Change Controller: IESG 865 o Provisional registration? No 867 o Type Name: application 868 o Subtype Name: jwk-set+json 869 o Required Parameters: n/a 870 o Optional Parameters: n/a 871 o Encoding considerations: 8bit; application/jwk-set+json values are 872 represented as a JSON Object; UTF-8 encoding SHOULD be employed 873 for the JSON object. 874 o Security Considerations: See the Security Considerations section 875 of [[ this document ]] 876 o Interoperability Considerations: n/a 877 o Published Specification: [[ this document ]] 878 o Applications that use this media type: OpenID Connect, Salesforce, 879 Google, Android, Windows Azure, W3C WebCrypto API, numerous others 880 o Fragment identifier considerations: n/a 881 o Additional Information: Magic number(s): n/a, File extension(s): 882 n/a, Macintosh file type code(s): n/a 883 o Person & email address to contact for further information: Michael 884 B. Jones, mbj@microsoft.com 885 o Intended Usage: COMMON 886 o Restrictions on Usage: none 887 o Author: Michael B. Jones, mbj@microsoft.com 888 o Change Controller: IESG 889 o Provisional registration? No 891 9. Security Considerations 893 All of the security issues that are pertinent to any cryptographic 894 application must be addressed by JWS/JWE/JWK agents. Among these 895 issues are protecting the user's asymmetric private and symmetric 896 secret keys and employing countermeasures to various attacks. 898 9.1. Key Provenance and Trust 900 One should place no more trust in the data cryptographically secured 901 by a key than in the method by which it was obtained and in the 902 trustworthiness of the entity asserting an association with the key. 903 Any data associated with a key that is obtained in an untrusted 904 manner should be treated with skepticism. See Section 10.3 of [JWS] 905 for security considerations on key origin authentication. 907 The security considerations in Section 12.3 of XML DSIG 2.0 909 [W3C.NOTE-xmldsig-core2-20130411] about the strength of a digital 910 signature depending upon all the links in the security chain also 911 apply to this specification. 913 The TLS Requirements in Section 8 of [JWS] also apply to this 914 specification, except that the "x5u" JWK member is the only feature 915 defined by this specification using TLS. 917 9.2. Preventing Disclosure of Non-Public Key Information 919 Private and symmetric keys MUST be protected from disclosure to 920 unintended parties. One recommended means of doing so is to encrypt 921 JWKs or JWK Sets containing them by using the JWK or JWK Set value as 922 the plaintext of a JWE. Of course, this requires that there be a 923 secure way to obtain the key used to encrypt the non-public key 924 information to the intended party and a secure way for that party to 925 obtain the corresponding decryption key. 927 The security considerations in RFC 3447 [RFC3447] and RFC 6030 928 [RFC6030] about protecting private and symmetric keys, key usage, and 929 information leakage also apply to this specification. 931 9.3. RSA Private Key Representations and Blinding 933 The RSA Key blinding operation [Kocher], which is a defense against 934 some timing attacks, requires all of the RSA key values "n", "e", and 935 "d". However, some RSA private key representations do not include 936 the public exponent "e", but only include the modulus "n" and the 937 private exponent "d". This is true, for instance, of the Java 938 RSAPrivateKeySpec API, which does not include the public exponent "e" 939 as a parameter. So as to enable RSA key blinding, such 940 representations should be avoided. For Java, the 941 RSAPrivateCrtKeySpec API can be used instead. Section 8.2.2(i) of 942 the Handbook of Applied Cryptography [HAC] discusses how to compute 943 the remaining RSA private key parameters, if needed, using only "n", 944 "e", and "d". 946 9.4. Key Entropy and Random Values 948 See Section 10.1 of [JWS] for security considerations on key entropy 949 and random values. 951 10. References 952 10.1. Normative References 954 [ECMAScript] 955 Ecma International, "ECMAScript Language Specification, 956 5.1 Edition", ECMA 262, June 2011. 958 [IANA.MediaTypes] 959 Internet Assigned Numbers Authority (IANA), "MIME Media 960 Types", 2005. 962 [ITU.X690.1994] 963 International Telecommunications Union, "Information 964 Technology - ASN.1 encoding rules: Specification of Basic 965 Encoding Rules (BER), Canonical Encoding Rules (CER) and 966 Distinguished Encoding Rules (DER)", ITU-T Recommendation 967 X.690, 1994. 969 [JWA] Jones, M., "JSON Web Algorithms (JWA)", 970 draft-ietf-jose-json-web-algorithms (work in progress), 971 January 2015. 973 [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", 974 draft-ietf-jose-json-web-encryption (work in progress), 975 January 2015. 977 [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web 978 Signature (JWS)", draft-ietf-jose-json-web-signature (work 979 in progress), January 2015. 981 [RFC20] Cerf, V., "ASCII format for Network Interchange", RFC 20, 982 October 1969. 984 [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 985 Extensions (MIME) Part Two: Media Types", RFC 2046, 986 November 1996. 988 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 989 Requirement Levels", BCP 14, RFC 2119, March 1997. 991 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 993 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 994 10646", STD 63, RFC 3629, November 2003. 996 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 997 Resource Identifier (URI): Generic Syntax", STD 66, 998 RFC 3986, January 2005. 1000 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 1001 Encodings", RFC 4648, October 2006. 1003 [RFC4945] Korver, B., "The Internet IP Security PKI Profile of 1004 IKEv1/ISAKMP, IKEv2, and PKIX", RFC 4945, August 2007. 1006 [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", 1007 RFC 4949, August 2007. 1009 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 1010 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 1012 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 1013 Housley, R., and W. Polk, "Internet X.509 Public Key 1014 Infrastructure Certificate and Certificate Revocation List 1015 (CRL) Profile", RFC 5280, May 2008. 1017 [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and 1018 Verification of Domain-Based Application Service Identity 1019 within Internet Public Key Infrastructure Using X.509 1020 (PKIX) Certificates in the Context of Transport Layer 1021 Security (TLS)", RFC 6125, March 2011. 1023 [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data 1024 Interchange Format", RFC 7159, March 2014. 1026 [UNICODE] The Unicode Consortium, "The Unicode Standard", 1991-, 1027 . 1029 10.2. Informative References 1031 [DSS] National Institute of Standards and Technology, "Digital 1032 Signature Standard (DSS)", FIPS PUB 186-4, July 2013. 1034 [HAC] Menezes, A., van Oorschot, P., and S. Vanstone, "Handbook 1035 of Applied Cryptography", CRC Press, 1996, 1036 . 1038 [Kocher] Kocher, P., "Timing Attacks on Implementations of Diffe- 1039 Hellman, RSA, DSS, and Other Systems", In Proceedings of 1040 the 16th Annual International Cryptology Conference 1041 Advances in Cryptology, Springer-Verlag, pp. 104-113, 1042 1996. 1044 [MagicSignatures] 1045 Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic 1046 Signatures", January 2011. 1048 [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography 1049 Standards (PKCS) #1: RSA Cryptography Specifications 1050 Version 2.1", RFC 3447, February 2003. 1052 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1053 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 1054 May 2008. 1056 [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric 1057 Key Container (PSKC)", RFC 6030, October 2010. 1059 [RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type 1060 Specifications and Registration Procedures", BCP 13, 1061 RFC 6838, January 2013. 1063 [W3C.CR-WebCryptoAPI-20141211] 1064 Sleevi, R. and M. Watson, "Web Cryptography API", World 1065 Wide Web Consortium Candidate Recommendation CR- 1066 WebCryptoAPI-20141211, December 2014, 1067 . 1069 [W3C.NOTE-xmldsig-core2-20130411] 1070 Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Roessler, 1071 T., Yiu, K., Datta, P., and S. Cantor, "XML Signature 1072 Syntax and Processing Version 2.0", World Wide Web 1073 Consortium Note NOTE-xmldsig-core2-20130411, April 2013, 1074 . 1076 Appendix A. Example JSON Web Key Sets 1078 A.1. Example Public Keys 1080 The following example JWK Set contains two public keys represented as 1081 JWKs: one using an Elliptic Curve algorithm and a second one using an 1082 RSA algorithm. The first specifies that the key is to be used for 1083 encryption. The second specifies that the key is to be used with the 1084 "RS256" algorithm. Both provide a Key ID for key matching purposes. 1085 In both cases, integers are represented using the base64url encoding 1086 of their big endian representations. (Line breaks within values are 1087 for display purposes only.) 1088 {"keys": 1089 [ 1090 {"kty":"EC", 1091 "crv":"P-256", 1092 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1093 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1094 "use":"enc", 1095 "kid":"1"}, 1097 {"kty":"RSA", 1098 "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 1099 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs 1100 tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 1101 QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI 1102 SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb 1103 w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1104 "e":"AQAB", 1105 "alg":"RS256", 1106 "kid":"2011-04-29"} 1107 ] 1108 } 1110 A.2. Example Private Keys 1112 The following example JWK Set contains two keys represented as JWKs 1113 containing both public and private key values: one using an Elliptic 1114 Curve algorithm and a second one using an RSA algorithm. This 1115 example extends the example in the previous section, adding private 1116 key values. (Line breaks within values are for display purposes 1117 only.) 1118 {"keys": 1119 [ 1120 {"kty":"EC", 1121 "crv":"P-256", 1122 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1123 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1124 "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", 1125 "use":"enc", 1126 "kid":"1"}, 1128 {"kty":"RSA", 1129 "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4 1130 cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMst 1131 n64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2Q 1132 vzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbIS 1133 D08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw 1134 0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1135 "e":"AQAB", 1136 "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9 1137 M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij 1138 wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d 1139 _cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz 1140 nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz 1141 me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", 1142 "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV 1143 nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV 1144 WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", 1145 "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum 1146 qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx 1147 kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", 1148 "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim 1149 YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu 1150 YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", 1151 "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU 1152 vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9 1153 GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", 1154 "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg 1155 UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx 1156 yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", 1157 "alg":"RS256", 1158 "kid":"2011-04-29"} 1159 ] 1160 } 1162 A.3. Example Symmetric Keys 1164 The following example JWK Set contains two symmetric keys represented 1165 as JWKs: one designated as being for use with the AES Key Wrap 1166 algorithm and a second one that is an HMAC key. (Line breaks within 1167 values are for display purposes only.) 1169 {"keys": 1170 [ 1171 {"kty":"oct", 1172 "alg":"A128KW", 1173 "k":"GawgguFyGrWKav7AX4VKUg"}, 1175 {"kty":"oct", 1176 "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75 1177 aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", 1178 "kid":"HMAC key used in JWS A.1 example"} 1179 ] 1180 } 1182 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter 1183 The following is an example of a JWK with a RSA signing key 1184 represented both as an RSA public key and as an X.509 certificate 1185 using the "x5c" parameter (with line breaks within values for display 1186 purposes only): 1188 {"kty":"RSA", 1189 "use":"sig", 1190 "kid":"1b94c", 1191 "n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08 1192 PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q 1193 u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a 1194 YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH 1195 MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv 1196 VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ", 1197 "e":"AQAB", 1198 "x5c": 1199 ["MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJB 1200 gNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYD 1201 VQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1 1202 wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBg 1203 NVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDV 1204 QQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1w 1205 YmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnH 1206 YMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66 1207 s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6 1208 SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpn 1209 fajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPq 1210 PvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVk 1211 aZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BA 1212 QUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL 1213 +9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1 1214 zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL 1215 2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo 1216 4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTq 1217 gawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA=="] 1218 } 1220 Appendix C. Example Encrypted RSA Private Key 1222 This example encrypts an RSA private key to the recipient using 1223 "PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for 1224 content encryption. 1226 NOTE: Unless otherwise indicated, all line breaks are included solely 1227 for readability. 1229 C.1. Plaintext RSA Private Key 1231 The following RSA key is the plaintext for the authenticated 1232 encryption operation, formatted as a JWK (with line breaks within 1233 values for display purposes only): 1235 { 1236 "kty":"RSA", 1237 "kid":"juliet@capulet.lit", 1238 "use":"enc", 1239 "n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy 1240 O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP 1241 8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0 1242 Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X 1243 OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1 1244 _I8sLGuSiVdt3C_Fn2PZ3Z8i744FPFGGcG1qs2Wz-Q", 1245 "e":"AQAB", 1246 "d":"GRtbIQmhOZtyszfgKdg4u_N-R_mZGU_9k7JQ_jn1DnfTuMdSNprTeaSTyWfS 1247 NkuaAwnOEbIQVy1IQbWVV25NY3ybc_IhUJtfri7bAXYEReWaCl3hdlPKXy9U 1248 vqPYGR0kIXTQRqns-dVJ7jahlI7LyckrpTmrM8dWBo4_PMaenNnPiQgO0xnu 1249 ToxutRZJfJvG4Ox4ka3GORQd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu 1250 rY15k9qMSpG9OX_IJAXmxzAh_tWiZOwk2K4yxH9tS3Lq1yX8C1EWmeRDkK2a 1251 hecG85-oLKQt5VEpWHKmjOi_gJSdSgqcN96X52esAQ", 1252 "p":"2rnSOV4hKSN8sS4CgcQHFbs08XboFDqKum3sc4h3GRxrTmQdl1ZK9uw-PIHf 1253 QP0FkxXVrx-WE-ZEbrqivH_2iCLUS7wAl6XvARt1KkIaUxPPSYB9yk31s0Q8 1254 UK96E3_OrADAYtAJs-M3JxCLfNgqh56HDnETTQhH3rCT5T3yJws", 1255 "q":"1u_RiFDP7LBYh3N4GXLT9OpSKYP0uQZyiaZwBtOCBNJgQxaj10RWjsZu0c6I 1256 edis4S7B_coSKB0Kj9PaPaBzg-IySRvvcQuPamQu66riMhjVtG6TlV8CLCYK 1257 rYl52ziqK0E_ym2QnkwsUX7eYTB7LbAHRK9GqocDE5B0f808I4s", 1258 "dp":"KkMTWqBUefVwZ2_Dbj1pPQqyHSHjj90L5x_MOzqYAJMcLMZtbUtwKqvVDq3 1259 tbEo3ZIcohbDtt6SbfmWzggabpQxNxuBpoOOf_a_HgMXK_lhqigI4y_kqS1w 1260 Y52IwjUn5rgRrJ-yYo1h41KR-vz2pYhEAeYrhttWtxVqLCRViD6c", 1261 "dq":"AvfS0-gRxvn0bwJoMSnFxYcK1WnuEjQFluMGfwGitQBWtfZ1Er7t1xDkbN9 1262 GQTB9yqpDoYaN06H7CFtrkxhJIBQaj6nkF5KKS3TQtQ5qCzkOkmxIe3KRbBy 1263 mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu_lRFCOJ3xDea-ots", 1264 "qi":"lSQi-w9CpyUReMErP1RsBLk7wNtOvs5EQpPqmuMvqW57NBUczScEoPwmUqq 1265 abu9V0-Py4dQ57_bapoKRu1R90bvuFnU63SHWEFglZQvJDMeAvmj4sm-Fp0o 1266 Yu_neotgQ0hzbI5gry7ajdYy9-2lNx_76aBZoOUu9HCJ-UsfSOI8" 1267 } 1269 The octets representing the Plaintext used in this example (using 1270 JSON array notation) are: 1272 [123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107, 1273 105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112, 1274 117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34, 1275 58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56, 1276 80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78, 1277 89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87, 1278 101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49, 1279 103, 80, 78, 113, 70, 77, 83, 81, 82, 121, 79, 49, 50, 53, 71, 112, 1280 45, 84, 69, 107, 111, 100, 104, 87, 114, 48, 105, 117, 106, 106, 72, 1281 86, 120, 55, 66, 99, 86, 48, 108, 108, 83, 52, 119, 53, 65, 67, 71, 1282 103, 80, 114, 99, 65, 100, 54, 90, 99, 83, 82, 48, 45, 73, 113, 111, 1283 109, 45, 81, 70, 99, 78, 80, 56, 83, 106, 103, 48, 56, 54, 77, 119, 1284 111, 113, 81, 85, 95, 76, 89, 121, 119, 108, 65, 71, 90, 50, 49, 87, 1285 83, 100, 83, 95, 80, 69, 82, 121, 71, 70, 105, 78, 110, 106, 51, 81, 1286 81, 108, 79, 56, 89, 110, 115, 53, 106, 67, 116, 76, 67, 82, 119, 76, 1287 72, 76, 48, 80, 98, 49, 102, 69, 118, 52, 53, 65, 117, 82, 73, 117, 1288 85, 102, 86, 99, 80, 121, 83, 66, 87, 89, 110, 68, 121, 71, 120, 118, 1289 106, 89, 71, 68, 83, 77, 45, 65, 113, 87, 83, 57, 122, 73, 81, 50, 1290 90, 105, 108, 103, 84, 45, 71, 113, 85, 109, 105, 112, 103, 48, 88, 1291 79, 67, 48, 67, 99, 50, 48, 114, 103, 76, 101, 50, 121, 109, 76, 72, 1292 106, 112, 72, 99, 105, 67, 75, 86, 65, 98, 89, 53, 45, 76, 51, 50, 1293 45, 108, 83, 101, 90, 79, 45, 79, 115, 54, 85, 49, 53, 95, 97, 88, 1294 114, 107, 57, 71, 119, 56, 99, 80, 85, 97, 88, 49, 95, 73, 56, 115, 1295 76, 71, 117, 83, 105, 86, 100, 116, 51, 67, 95, 70, 110, 50, 80, 90, 1296 51, 90, 56, 105, 55, 52, 52, 70, 80, 70, 71, 71, 99, 71, 49, 113, 1297 115, 50, 87, 122, 45, 81, 34, 44, 34, 101, 34, 58, 34, 65, 81, 65, 1298 66, 34, 44, 34, 100, 34, 58, 34, 71, 82, 116, 98, 73, 81, 109, 104, 1299 79, 90, 116, 121, 115, 122, 102, 103, 75, 100, 103, 52, 117, 95, 78, 1300 45, 82, 95, 109, 90, 71, 85, 95, 57, 107, 55, 74, 81, 95, 106, 110, 1301 49, 68, 110, 102, 84, 117, 77, 100, 83, 78, 112, 114, 84, 101, 97, 1302 83, 84, 121, 87, 102, 83, 78, 107, 117, 97, 65, 119, 110, 79, 69, 98, 1303 73, 81, 86, 121, 49, 73, 81, 98, 87, 86, 86, 50, 53, 78, 89, 51, 121, 1304 98, 99, 95, 73, 104, 85, 74, 116, 102, 114, 105, 55, 98, 65, 88, 89, 1305 69, 82, 101, 87, 97, 67, 108, 51, 104, 100, 108, 80, 75, 88, 121, 57, 1306 85, 118, 113, 80, 89, 71, 82, 48, 107, 73, 88, 84, 81, 82, 113, 110, 1307 115, 45, 100, 86, 74, 55, 106, 97, 104, 108, 73, 55, 76, 121, 99, 1308 107, 114, 112, 84, 109, 114, 77, 56, 100, 87, 66, 111, 52, 95, 80, 1309 77, 97, 101, 110, 78, 110, 80, 105, 81, 103, 79, 48, 120, 110, 117, 1310 84, 111, 120, 117, 116, 82, 90, 74, 102, 74, 118, 71, 52, 79, 120, 1311 52, 107, 97, 51, 71, 79, 82, 81, 100, 57, 67, 115, 67, 90, 50, 118, 1312 115, 85, 68, 109, 115, 88, 79, 102, 85, 69, 78, 79, 121, 77, 113, 65, 1313 68, 67, 54, 112, 49, 77, 51, 104, 51, 51, 116, 115, 117, 114, 89, 49, 1314 53, 107, 57, 113, 77, 83, 112, 71, 57, 79, 88, 95, 73, 74, 65, 88, 1315 109, 120, 122, 65, 104, 95, 116, 87, 105, 90, 79, 119, 107, 50, 75, 1316 52, 121, 120, 72, 57, 116, 83, 51, 76, 113, 49, 121, 88, 56, 67, 49, 1317 69, 87, 109, 101, 82, 68, 107, 75, 50, 97, 104, 101, 99, 71, 56, 53, 1318 45, 111, 76, 75, 81, 116, 53, 86, 69, 112, 87, 72, 75, 109, 106, 79, 1319 105, 95, 103, 74, 83, 100, 83, 103, 113, 99, 78, 57, 54, 88, 53, 50, 1320 101, 115, 65, 81, 34, 44, 34, 112, 34, 58, 34, 50, 114, 110, 83, 79, 1321 86, 52, 104, 75, 83, 78, 56, 115, 83, 52, 67, 103, 99, 81, 72, 70, 1322 98, 115, 48, 56, 88, 98, 111, 70, 68, 113, 75, 117, 109, 51, 115, 99, 1323 52, 104, 51, 71, 82, 120, 114, 84, 109, 81, 100, 108, 49, 90, 75, 57, 1324 117, 119, 45, 80, 73, 72, 102, 81, 80, 48, 70, 107, 120, 88, 86, 114, 1325 120, 45, 87, 69, 45, 90, 69, 98, 114, 113, 105, 118, 72, 95, 50, 105, 1326 67, 76, 85, 83, 55, 119, 65, 108, 54, 88, 118, 65, 82, 116, 49, 75, 1327 107, 73, 97, 85, 120, 80, 80, 83, 89, 66, 57, 121, 107, 51, 49, 115, 1328 48, 81, 56, 85, 75, 57, 54, 69, 51, 95, 79, 114, 65, 68, 65, 89, 116, 1329 65, 74, 115, 45, 77, 51, 74, 120, 67, 76, 102, 78, 103, 113, 104, 53, 1330 54, 72, 68, 110, 69, 84, 84, 81, 104, 72, 51, 114, 67, 84, 53, 84, 1331 51, 121, 74, 119, 115, 34, 44, 34, 113, 34, 58, 34, 49, 117, 95, 82, 1332 105, 70, 68, 80, 55, 76, 66, 89, 104, 51, 78, 52, 71, 88, 76, 84, 57, 1333 79, 112, 83, 75, 89, 80, 48, 117, 81, 90, 121, 105, 97, 90, 119, 66, 1334 116, 79, 67, 66, 78, 74, 103, 81, 120, 97, 106, 49, 48, 82, 87, 106, 1335 115, 90, 117, 48, 99, 54, 73, 101, 100, 105, 115, 52, 83, 55, 66, 95, 1336 99, 111, 83, 75, 66, 48, 75, 106, 57, 80, 97, 80, 97, 66, 122, 103, 1337 45, 73, 121, 83, 82, 118, 118, 99, 81, 117, 80, 97, 109, 81, 117, 54, 1338 54, 114, 105, 77, 104, 106, 86, 116, 71, 54, 84, 108, 86, 56, 67, 76, 1339 67, 89, 75, 114, 89, 108, 53, 50, 122, 105, 113, 75, 48, 69, 95, 121, 1340 109, 50, 81, 110, 107, 119, 115, 85, 88, 55, 101, 89, 84, 66, 55, 76, 1341 98, 65, 72, 82, 75, 57, 71, 113, 111, 99, 68, 69, 53, 66, 48, 102, 1342 56, 48, 56, 73, 52, 115, 34, 44, 34, 100, 112, 34, 58, 34, 75, 107, 1343 77, 84, 87, 113, 66, 85, 101, 102, 86, 119, 90, 50, 95, 68, 98, 106, 1344 49, 112, 80, 81, 113, 121, 72, 83, 72, 106, 106, 57, 48, 76, 53, 120, 1345 95, 77, 79, 122, 113, 89, 65, 74, 77, 99, 76, 77, 90, 116, 98, 85, 1346 116, 119, 75, 113, 118, 86, 68, 113, 51, 116, 98, 69, 111, 51, 90, 1347 73, 99, 111, 104, 98, 68, 116, 116, 54, 83, 98, 102, 109, 87, 122, 1348 103, 103, 97, 98, 112, 81, 120, 78, 120, 117, 66, 112, 111, 79, 79, 1349 102, 95, 97, 95, 72, 103, 77, 88, 75, 95, 108, 104, 113, 105, 103, 1350 73, 52, 121, 95, 107, 113, 83, 49, 119, 89, 53, 50, 73, 119, 106, 85, 1351 110, 53, 114, 103, 82, 114, 74, 45, 121, 89, 111, 49, 104, 52, 49, 1352 75, 82, 45, 118, 122, 50, 112, 89, 104, 69, 65, 101, 89, 114, 104, 1353 116, 116, 87, 116, 120, 86, 113, 76, 67, 82, 86, 105, 68, 54, 99, 34, 1354 44, 34, 100, 113, 34, 58, 34, 65, 118, 102, 83, 48, 45, 103, 82, 120, 1355 118, 110, 48, 98, 119, 74, 111, 77, 83, 110, 70, 120, 89, 99, 75, 49, 1356 87, 110, 117, 69, 106, 81, 70, 108, 117, 77, 71, 102, 119, 71, 105, 1357 116, 81, 66, 87, 116, 102, 90, 49, 69, 114, 55, 116, 49, 120, 68, 1358 107, 98, 78, 57, 71, 81, 84, 66, 57, 121, 113, 112, 68, 111, 89, 97, 1359 78, 48, 54, 72, 55, 67, 70, 116, 114, 107, 120, 104, 74, 73, 66, 81, 1360 97, 106, 54, 110, 107, 70, 53, 75, 75, 83, 51, 84, 81, 116, 81, 53, 1361 113, 67, 122, 107, 79, 107, 109, 120, 73, 101, 51, 75, 82, 98, 66, 1362 121, 109, 88, 120, 107, 98, 53, 113, 119, 85, 112, 88, 53, 69, 76, 1363 68, 53, 120, 70, 99, 54, 70, 101, 105, 97, 102, 87, 89, 89, 54, 51, 1364 84, 109, 109, 69, 65, 117, 95, 108, 82, 70, 67, 79, 74, 51, 120, 68, 1365 101, 97, 45, 111, 116, 115, 34, 44, 34, 113, 105, 34, 58, 34, 108, 1366 83, 81, 105, 45, 119, 57, 67, 112, 121, 85, 82, 101, 77, 69, 114, 80, 1367 49, 82, 115, 66, 76, 107, 55, 119, 78, 116, 79, 118, 115, 53, 69, 81, 1368 112, 80, 113, 109, 117, 77, 118, 113, 87, 53, 55, 78, 66, 85, 99, 1369 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, 1370 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, 1371 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, 1372 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, 1373 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, 1374 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, 1375 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, 1376 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, 1377 125] 1379 C.2. JOSE Header 1381 The following example JWE Protected Header declares that: 1383 o the Content Encryption Key is encrypted to the recipient using the 1384 PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, 1386 o the Salt Input ("p2s") value is [217, 96, 147, 112, 150, 117, 70, 1387 247, 127, 8, 155, 137, 174, 42, 80, 215], 1389 o the Iteration Count ("p2c") value is 4096, 1391 o authenticated encryption is performed on the Plaintext using the 1392 AES_128_CBC_HMAC_SHA_256 algorithm to produce the Ciphertext and 1393 the Authentication Tag, and 1395 o the content type is application/jwk+json. 1397 { 1398 "alg":"PBES2-HS256+A128KW", 1399 "p2s":"2WCTcJZ1Rvd_CJuJripQ1w", 1400 "p2c":4096, 1401 "enc":"A128CBC-HS256", 1402 "cty":"jwk+json" 1403 } 1405 Encoding this JWE Protected Header as BASE64URL(UTF8(JWE Protected 1406 Header)) gives this value (with line breaks for display purposes 1407 only): 1409 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1410 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1411 andrK2pzb24ifQ 1413 C.3. Content Encryption Key (CEK) 1415 Generate a 256 bit random Content Encryption Key (CEK). In this 1416 example, the value (using JSON array notation) is: 1418 [111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 112, 1419 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 48, 1420 253, 182] 1422 C.4. Key Derivation 1424 Derive a key from a shared passphrase using the PBKDF2 algorithm with 1425 HMAC SHA-256 and the specified Salt and Iteration Count values and a 1426 128 bit requested output key size to produce the PBKDF2 Derived Key. 1427 This example uses the following passphrase: 1429 Thus from my lips, by yours, my sin is purged. 1431 The octets representing the passphrase are: 1433 [84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108, 1434 105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, 1435 109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103, 1436 101, 100, 46] 1438 The Salt value (UTF8(Alg) || 0x00 || Salt Input) is: 1440 [80, 66, 69, 83, 50, 45, 72, 83, 50, 53, 54, 43, 65, 49, 50, 56, 75, 1441 87, 0, 217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 155, 137, 174, 1442 42, 80, 215]. 1444 The resulting PBKDF2 Derived Key value is: 1446 [110, 171, 169, 92, 129, 92, 109, 117, 233, 242, 116, 233, 170, 14, 1447 24, 75] 1449 C.5. Key Encryption 1451 Encrypt the CEK with the "A128KW" algorithm using the PBKDF2 Derived 1452 Key. The resulting JWE Encrypted Key value is: 1454 [78, 186, 151, 59, 11, 141, 81, 240, 213, 245, 83, 211, 53, 188, 134, 1455 188, 66, 125, 36, 200, 222, 124, 5, 103, 249, 52, 117, 184, 140, 81, 1456 246, 158, 161, 177, 20, 33, 245, 57, 59, 4] 1458 Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives 1459 this value: 1461 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA 1463 C.6. Initialization Vector 1465 Generate a random 128 bit JWE Initialization Vector. In this 1466 example, the value is: 1468 [97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149, 1469 156] 1471 Encoding this JWE Initialization Vector as BASE64URL(JWE 1472 Initialization Vector) gives this value: 1474 Ye9j1qs22DmRSAddIh-VnA 1476 C.7. Additional Authenticated Data 1478 Let the Additional Authenticated Data encryption parameter be 1479 ASCII(BASE64URL(UTF8(JWE Protected Header))). This value is: 1481 [123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, 1482 50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, 1483 58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, 1484 117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, 1485 52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, 1486 66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, 1487 106, 119, 107, 43, 106, 115, 111, 110, 34, 125] 1489 C.8. Content Encryption 1491 Perform authenticated encryption on the Plaintext with the 1492 AES_128_CBC_HMAC_SHA_256 algorithm using the CEK as the encryption 1493 key, the JWE Initialization Vector, and the Additional Authenticated 1494 Data value above. The resulting Ciphertext is: 1496 [3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, 1497 131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, 1498 112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, 1499 157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, 1500 129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60, 1501 60, 47, 233, 132, 121, 13, 35, 188, 53, 19, 172, 77, 59, 54, 211, 1502 158, 172, 25, 60, 111, 0, 80, 201, 158, 160, 210, 68, 55, 12, 67, 1503 136, 130, 87, 216, 197, 95, 62, 20, 155, 205, 5, 140, 27, 168, 221, 1504 65, 114, 78, 157, 254, 46, 206, 182, 52, 135, 87, 239, 3, 34, 186, 1505 126, 220, 151, 17, 33, 237, 57, 96, 172, 183, 58, 45, 248, 103, 241, 1506 142, 136, 7, 53, 16, 173, 181, 7, 93, 92, 252, 1, 53, 212, 242, 8, 1507 255, 11, 239, 181, 24, 148, 136, 111, 24, 161, 244, 23, 106, 69, 157, 1508 215, 243, 189, 240, 166, 169, 249, 72, 38, 201, 99, 223, 173, 229, 9, 1509 222, 82, 79, 157, 176, 248, 85, 239, 121, 163, 1, 31, 48, 98, 206, 1510 61, 249, 104, 216, 201, 227, 105, 48, 194, 193, 10, 36, 160, 159, 1511 241, 166, 84, 54, 188, 211, 243, 242, 40, 46, 45, 193, 193, 160, 169, 1512 101, 201, 1, 73, 47, 105, 142, 88, 28, 42, 132, 26, 61, 58, 63, 142, 1513 243, 77, 26, 179, 153, 166, 46, 203, 208, 49, 55, 229, 34, 178, 4, 1514 109, 180, 204, 204, 115, 1, 103, 193, 5, 91, 215, 214, 195, 1, 110, 1515 208, 53, 144, 36, 105, 12, 54, 25, 129, 101, 15, 183, 150, 250, 147, 1516 115, 227, 58, 250, 5, 128, 232, 63, 15, 14, 19, 141, 124, 253, 142, 1517 137, 189, 135, 26, 44, 240, 27, 88, 132, 105, 127, 6, 71, 37, 41, 1518 124, 187, 165, 140, 34, 200, 123, 80, 228, 24, 231, 176, 132, 171, 1519 138, 145, 152, 116, 224, 50, 141, 51, 147, 91, 186, 7, 246, 106, 217, 1520 148, 244, 227, 244, 45, 220, 121, 165, 224, 148, 181, 17, 181, 128, 1521 197, 101, 237, 11, 169, 229, 149, 199, 78, 56, 15, 14, 190, 91, 216, 1522 222, 247, 213, 74, 40, 8, 96, 20, 168, 119, 96, 26, 24, 52, 37, 82, 1523 127, 57, 176, 147, 118, 59, 7, 224, 33, 117, 72, 155, 29, 82, 26, 1524 215, 189, 140, 119, 28, 152, 118, 93, 222, 194, 192, 148, 115, 83, 1525 253, 216, 212, 108, 88, 83, 175, 172, 220, 97, 79, 110, 42, 223, 170, 1526 161, 34, 164, 144, 193, 76, 122, 92, 160, 41, 178, 175, 6, 35, 96, 1527 113, 96, 158, 90, 129, 101, 26, 45, 70, 180, 189, 230, 15, 5, 247, 1528 150, 209, 94, 171, 26, 13, 142, 212, 129, 1, 176, 5, 0, 112, 203, 1529 174, 185, 119, 76, 233, 189, 54, 172, 189, 245, 223, 253, 205, 12, 1530 88, 9, 126, 157, 225, 90, 40, 229, 191, 63, 30, 160, 224, 69, 3, 140, 1531 109, 70, 89, 37, 213, 245, 194, 210, 180, 188, 63, 210, 139, 221, 2, 1532 144, 200, 20, 177, 216, 29, 227, 242, 106, 12, 135, 142, 139, 144, 1533 82, 225, 162, 171, 176, 108, 99, 6, 43, 193, 161, 116, 234, 216, 1, 1534 242, 21, 124, 162, 98, 205, 124, 193, 38, 12, 242, 90, 101, 76, 204, 1535 184, 124, 58, 180, 16, 240, 26, 76, 195, 250, 212, 191, 185, 191, 97, 1536 198, 186, 73, 225, 75, 14, 90, 123, 121, 172, 101, 50, 160, 221, 141, 1537 253, 205, 126, 77, 9, 87, 198, 110, 104, 182, 141, 120, 51, 25, 232, 1538 3, 32, 80, 6, 156, 8, 18, 4, 135, 221, 142, 25, 135, 2, 129, 132, 1539 115, 227, 74, 141, 28, 119, 11, 141, 117, 134, 198, 62, 150, 254, 97, 1540 75, 197, 251, 99, 89, 204, 224, 226, 67, 83, 175, 89, 0, 81, 29, 38, 1541 207, 89, 140, 255, 197, 177, 164, 128, 62, 116, 224, 180, 109, 169, 1542 28, 2, 59, 176, 130, 252, 44, 178, 81, 24, 181, 176, 75, 44, 61, 91, 1543 12, 37, 21, 255, 83, 130, 197, 16, 231, 60, 217, 56, 131, 118, 168, 1544 202, 58, 52, 84, 124, 162, 185, 174, 162, 226, 242, 112, 68, 246, 1545 202, 16, 208, 52, 154, 58, 129, 80, 102, 33, 171, 6, 186, 177, 14, 1546 195, 88, 136, 6, 0, 155, 28, 100, 162, 207, 162, 222, 117, 248, 170, 1547 208, 114, 87, 31, 57, 176, 33, 57, 83, 253, 12, 168, 110, 194, 59, 1548 22, 86, 48, 227, 196, 22, 176, 218, 122, 149, 21, 249, 195, 178, 174, 1549 250, 20, 34, 120, 60, 139, 201, 99, 40, 18, 177, 17, 54, 54, 6, 3, 1550 222, 128, 160, 88, 11, 27, 0, 81, 192, 36, 41, 169, 146, 8, 47, 64, 1551 136, 28, 64, 209, 67, 135, 202, 20, 234, 182, 91, 204, 146, 195, 187, 1552 0, 72, 77, 11, 111, 152, 204, 252, 177, 212, 89, 33, 50, 132, 184, 1553 44, 183, 186, 19, 250, 69, 176, 201, 102, 140, 14, 143, 212, 212, 1554 160, 123, 208, 185, 27, 155, 68, 77, 133, 198, 2, 126, 155, 215, 22, 1555 91, 30, 217, 176, 172, 244, 156, 174, 143, 75, 90, 21, 102, 1, 160, 1556 59, 253, 188, 88, 57, 185, 197, 83, 24, 22, 180, 174, 47, 207, 52, 1, 1557 141, 146, 119, 233, 68, 228, 224, 228, 193, 248, 155, 202, 90, 7, 1558 213, 88, 33, 108, 107, 14, 86, 8, 120, 250, 58, 142, 35, 164, 238, 1559 221, 219, 35, 123, 88, 199, 192, 143, 104, 83, 17, 166, 243, 247, 11, 1560 166, 67, 68, 204, 132, 23, 110, 103, 228, 14, 55, 122, 88, 57, 180, 1561 178, 237, 52, 130, 214, 245, 102, 123, 67, 73, 175, 1, 127, 112, 148, 1562 94, 132, 164, 197, 153, 217, 87, 25, 89, 93, 63, 22, 66, 166, 90, 1563 251, 101, 10, 145, 66, 17, 124, 36, 255, 165, 226, 97, 16, 86, 112, 1564 154, 88, 105, 253, 56, 209, 229, 122, 103, 51, 24, 228, 190, 3, 236, 1565 48, 182, 121, 176, 140, 128, 117, 87, 251, 224, 37, 23, 248, 21, 218, 1566 85, 251, 136, 84, 147, 143, 144, 46, 155, 183, 251, 89, 86, 23, 26, 1567 237, 100, 167, 32, 130, 173, 237, 89, 55, 110, 70, 142, 127, 65, 230, 1568 208, 109, 69, 19, 253, 84, 130, 130, 193, 92, 58, 108, 150, 42, 136, 1569 249, 234, 86, 241, 182, 19, 117, 246, 26, 181, 92, 101, 155, 44, 103, 1570 235, 173, 30, 140, 90, 29, 183, 190, 77, 53, 206, 127, 5, 87, 8, 187, 1571 184, 92, 4, 157, 22, 18, 105, 251, 39, 88, 182, 181, 103, 148, 233, 1572 6, 63, 70, 188, 7, 101, 216, 127, 77, 31, 12, 233, 7, 147, 106, 30, 1573 150, 77, 145, 13, 205, 48, 56, 245, 220, 89, 252, 127, 51, 180, 36, 1574 31, 55, 18, 214, 230, 254, 217, 197, 65, 247, 27, 215, 117, 247, 108, 1575 157, 121, 11, 63, 150, 195, 83, 6, 134, 242, 41, 24, 105, 204, 5, 63, 1576 192, 14, 159, 113, 72, 140, 128, 51, 215, 80, 215, 39, 149, 94, 79, 1577 128, 34, 5, 129, 82, 83, 121, 187, 37, 146, 27, 32, 177, 167, 71, 9, 1578 195, 30, 199, 196, 205, 252, 207, 69, 8, 120, 27, 190, 51, 43, 75, 1579 249, 234, 167, 116, 206, 203, 199, 43, 108, 87, 48, 155, 140, 228, 1580 210, 85, 25, 161, 96, 67, 8, 205, 64, 39, 75, 88, 44, 238, 227, 16, 1581 0, 100, 93, 129, 18, 4, 149, 50, 68, 72, 99, 35, 111, 254, 27, 102, 1582 175, 108, 233, 87, 181, 44, 169, 18, 139, 79, 208, 14, 202, 192, 5, 1583 162, 222, 231, 149, 24, 211, 49, 120, 101, 39, 206, 87, 147, 204, 1584 200, 251, 104, 115, 5, 127, 117, 195, 79, 151, 18, 224, 52, 0, 245, 1585 4, 85, 255, 103, 217, 0, 116, 198, 80, 91, 167, 192, 154, 199, 197, 1586 149, 237, 51, 2, 131, 30, 226, 95, 105, 48, 68, 135, 208, 144, 120, 1587 176, 145, 157, 8, 171, 80, 94, 61, 92, 92, 220, 157, 13, 138, 51, 23, 1588 185, 124, 31, 77, 1, 87, 241, 43, 239, 55, 122, 86, 210, 48, 208, 1589 204, 112, 144, 80, 147, 106, 219, 47, 253, 31, 134, 176, 16, 135, 1590 219, 95, 17, 129, 83, 236, 125, 136, 112, 86, 228, 252, 71, 129, 218, 1591 174, 156, 236, 12, 27, 159, 11, 138, 252, 253, 207, 31, 115, 214, 1592 118, 239, 203, 16, 211, 205, 99, 22, 51, 163, 107, 162, 246, 199, 67, 1593 127, 34, 108, 197, 53, 117, 58, 199, 3, 190, 74, 70, 190, 65, 235, 1594 175, 97, 157, 215, 252, 189, 245, 100, 229, 248, 46, 90, 126, 237, 4, 1595 159, 128, 58, 7, 156, 236, 69, 191, 85, 240, 179, 224, 249, 152, 49, 1596 195, 223, 60, 78, 186, 157, 155, 217, 58, 105, 116, 164, 217, 111, 1597 215, 150, 218, 252, 84, 86, 248, 140, 240, 226, 61, 106, 208, 95, 60, 1598 163, 6, 0, 235, 253, 162, 96, 62, 234, 251, 249, 35, 21, 7, 211, 233, 1599 86, 50, 33, 203, 67, 248, 60, 190, 123, 48, 167, 226, 90, 191, 71, 1600 56, 183, 165, 17, 85, 76, 238, 140, 211, 168, 53, 223, 194, 4, 97, 1601 149, 156, 120, 137, 76, 33, 229, 243, 194, 208, 198, 202, 139, 28, 1602 114, 46, 224, 92, 254, 83, 100, 134, 158, 92, 70, 78, 61, 62, 138, 1603 24, 173, 216, 66, 198, 70, 254, 47, 59, 193, 53, 6, 139, 19, 153, 1604 253, 28, 199, 122, 160, 27, 67, 234, 209, 227, 139, 4, 50, 7, 178, 1605 183, 89, 252, 32, 128, 137, 55, 52, 29, 89, 12, 111, 42, 181, 51, 1606 170, 132, 132, 207, 170, 228, 254, 178, 213, 0, 136, 175, 8] 1608 The resulting Authentication Tag value is: 1610 [208, 113, 102, 132, 236, 236, 67, 223, 39, 53, 98, 99, 32, 121, 17, 1611 236] 1612 Encoding this JWE Ciphertext as BASE64URL(JWE Ciphertext) gives this 1613 value (with line breaks for display purposes only): 1615 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1616 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1617 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1618 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1619 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1620 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1621 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1622 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1623 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1624 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1625 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1626 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1627 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1628 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1629 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1630 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1631 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1632 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1633 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1634 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1635 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1636 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1637 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1638 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1639 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1640 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1641 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1642 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1643 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1644 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1645 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1646 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1647 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1648 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg 1650 Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication 1651 Tag) gives this value: 1653 0HFmhOzsQ98nNWJjIHkR7A 1655 C.9. Complete Representation 1657 Assemble the final representation: The JWE Compact Serialization of 1658 this result, as defined in Section 7.1 of [JWE], is the string 1659 BASE64URL(UTF8(JWE Protected Header)) || '.' || BASE64URL(JWE 1660 Encrypted Key) || '.' || BASE64URL(JWE Initialization Vector) || '.' 1661 || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE Authentication 1662 Tag). 1664 The final result in this example (with line breaks for display 1665 purposes only) is: 1667 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1668 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1669 andrK2pzb24ifQ. 1670 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA. 1671 Ye9j1qs22DmRSAddIh-VnA. 1672 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1673 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1674 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1675 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1676 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1677 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1678 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1679 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1680 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1681 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1682 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1683 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1684 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1685 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1686 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1687 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1688 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1689 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1690 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1691 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1692 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1693 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1694 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1695 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1696 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1697 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1698 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1699 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1700 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1701 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1702 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1703 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1704 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1705 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg. 1706 0HFmhOzsQ98nNWJjIHkR7A 1708 Appendix D. Acknowledgements 1710 A JSON representation for RSA public keys was previously introduced 1711 by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures 1712 [MagicSignatures]. 1714 Thanks to Matt Miller for creating the encrypted key example and to 1715 Edmund Jay and Brian Campbell for validating the example. 1717 This specification is the work of the JOSE Working Group, which 1718 includes dozens of active and dedicated participants. In particular, 1719 the following individuals contributed ideas, feedback, and wording 1720 that influenced this specification: 1722 Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de 1723 Medeiros, Stephen Farrell, Joe Hildebrand, Edmund Jay, Stephen Kent, 1724 Ben Laurie, James Manger, Matt Miller, Kathleen Moriarty, Chuck 1725 Mortimore, Tony Nadalin, Axel Nennker, John Panzer, Eric Rescorla, 1726 Pete Resnick, Nat Sakimura, Jim Schaad, Ryan Sleevi, Paul Tarjan, 1727 Hannes Tschofenig, and Sean Turner. 1729 Jim Schaad and Karen O'Donoghue chaired the JOSE working group and 1730 Sean Turner, Stephen Farrell, and Kathleen Moriarty served as 1731 Security area directors during the creation of this specification. 1733 Appendix E. Document History 1735 [[ to be removed by the RFC Editor before publication as an RFC ]] 1737 -40 1739 o Clarified the definitions of UTF8(STRING) and ASCII(STRING). 1741 o Stated that line breaks are for display purposes only in places 1742 where this disclaimer was needed and missing. 1744 o Updated the WebCrypto reference to refer to the W3C Candidate 1745 Recommendation. 1747 -39 1749 o No changes were made, other than to the version number and date. 1751 -38 1753 o Replaced uses of the phrase "JWK object" with "JWK". 1755 -37 1757 o Updated the TLS requirements language to only require 1758 implementations to support TLS when they support features using 1759 TLS. 1761 o Restricted algorithm names to using only ASCII characters. 1763 o Updated the example IANA registration request subject line. 1765 -36 1767 o Stated that if both "use" and "key_ops" are used, the information 1768 they convey MUST be consistent. 1770 o Clarified where white space and line breaks may occur in JSON 1771 objects by referencing Section 2 of RFC 7159. 1773 o Specified that registration reviews occur on the 1774 jose-reg-review@ietf.org mailing list. 1776 -35 1778 o Used real values for examples in the IANA Registration Templates. 1780 -34 1782 o Addressed IESG review comments by Pete Resnick, Stephen Farrell, 1783 and Richard Barnes. 1785 o Referenced RFC 4945 for PEM certificate delimiter syntax. 1787 -33 1789 o Addressed secdir review comments by Stephen Kent for which 1790 resolutions had mistakenly been omitted in the previous draft. 1792 o Acknowledged additional contributors. 1794 -32 1796 o Addressed Gen-ART review comments by Russ Housley. 1798 o Addressed secdir review comments by Stephen Kent. 1800 -31 1801 o No changes were made, other than to the version number and date. 1803 -30 1805 o Added references and cleaned up the reference syntax in a few 1806 places. 1808 o Applied minor wording changes to the Security Considerations 1809 section. 1811 -29 1813 o Replaced the terms JWS Header, JWE Header, and JWT Header with a 1814 single JOSE Header term defined in the JWS specification. This 1815 also enabled a single Header Parameter definition to be used and 1816 reduced other areas of duplication between specifications. 1818 -28 1820 o Revised the introduction to the Security Considerations section. 1822 o Refined the text about when applications using encrypted JWKs and 1823 JWK Sets would not need to use the "cty" header parameter. 1825 -27 1827 o Added an example JWK early in the draft. 1829 o Described additional security considerations. 1831 o Added the "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) JWK 1832 member. 1834 o Addressed a few editorial issues. 1836 -26 1838 o Referenced Section 6 of RFC 6125 for TLS server certificate 1839 identity validation. 1841 o Deleted misleading non-normative phrase from the "use" 1842 description. 1844 o Noted that octet sequences are depicted using JSON array notation. 1846 o Updated references, including to W3C specifications. 1848 -25 1849 o Updated WebCrypto reference to refer to W3C Last Call draft. 1851 -24 1853 o Corrected the authentication tag value in the encrypted key 1854 example. 1856 o Updated the JSON reference to RFC 7159. 1858 -23 1860 o No changes were made, other than to the version number and date. 1862 -22 1864 o Corrected RFC 2119 terminology usage. 1866 o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158. 1868 -21 1870 o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey" 1871 and "unwrapKey" to match the "KeyUsage" values defined in the 1872 current Web Cryptography API editor's draft. 1874 o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt 1875 Input), where the "p2s" Header Parameter encodes the Salt Input 1876 value and Alg is the "alg" Header Parameter value. 1878 o Changed some references from being normative to informative, 1879 addressing issue #90. 1881 -20 1883 o Renamed "use_details" to "key_ops" (key operations). 1885 o Clarified that "use" is meant for public key use cases, "key_ops" 1886 is meant for use cases in which public, private, or symmetric keys 1887 may be present, and that "use" and "key_ops" should not be used 1888 together. 1890 o Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis, 1891 addressing issue #90. 1893 -19 1895 o Added optional "use_details" (key use details) JWK member. 1897 o Reordered the key selection parameters. 1899 -18 1901 o Changes to address editorial and minor issues #68, #69, #73, #74, 1902 #76, #77, #78, #79, #82, #85, #89, and #135. 1904 o Added and used Description registry fields. 1906 -17 1908 o Refined the "typ" and "cty" definitions to always be MIME Media 1909 Types, with the omission of "application/" prefixes recommended 1910 for brevity, addressing issue #50. 1912 o Added an example encrypting an RSA private key with 1913 "PBES2-HS256+A128KW" and "A128CBC-HS256". Thanks to Matt Miller 1914 for producing this! 1916 o Processing rules occurring in both JWS and JWK are now referenced 1917 in JWS by JWK, rather than duplicated, addressing issue #57. 1919 o Terms used in multiple documents are now defined in one place and 1920 incorporated by reference. Some lightly used or obvious terms 1921 were also removed. This addresses issue #58. 1923 -16 1925 o Changes to address editorial and minor issues #41, #42, #43, #47, 1926 #51, #67, #71, #76, #80, #83, #84, #85, #86, #87, and #88. 1928 -15 1930 o Changes to address editorial issues #48, #64, #65, #66, and #91. 1932 -14 1934 o Relaxed language introducing key parameters since some parameters 1935 are applicable to multiple, but not all, key types. 1937 -13 1939 o Applied spelling and grammar corrections. 1941 -12 1943 o Stated that recipients MUST either reject JWKs and JWK Sets with 1944 duplicate member names or use a JSON parser that returns only the 1945 lexically last duplicate member name. 1947 -11 1949 o Stated that when "kid" values are used within a JWK Set, different 1950 keys within the JWK Set SHOULD use distinct "kid" values. 1952 o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate 1953 Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters. 1955 o Added section on Encrypted JWK and Encrypted JWK Set Formats. 1957 o Added a Parameter Information Class value to the JSON Web Key 1958 Parameters registry, which registers whether the parameter conveys 1959 public or private information. 1961 o Registered "application/jwk+json" and "application/jwk-set+json" 1962 MIME types and "JWK" and "JWK-SET" typ header parameter values, 1963 addressing issue #21. 1965 -10 1967 o No changes were made, other than to the version number and date. 1969 -09 1971 o Expanded the scope of the JWK specification to include private and 1972 symmetric key representations, as specified by 1973 draft-jones-jose-json-private-and-symmetric-key-00. 1975 o Defined that members that are not understood must be ignored. 1977 -08 1979 o Changed the name of the JWK key type parameter from "alg" to "kty" 1980 to enable use of "alg" to indicate the particular algorithm that 1981 the key is intended to be used with. 1983 o Clarified statements of the form "This member is OPTIONAL" to "Use 1984 of this member is OPTIONAL". 1986 o Referenced String Comparison Rules in JWS. 1988 o Added seriesInfo information to Internet Draft references. 1990 -07 1991 o Changed the name of the JWK RSA modulus parameter from "mod" to 1992 "n" and the name of the JWK RSA exponent parameter from "xpo" to 1993 "e", so that the identifiers are the same as those used in RFC 1994 3447. 1996 -06 1998 o Changed the name of the JWK RSA exponent parameter from "exp" to 1999 "xpo" so as to allow the potential use of the name "exp" for a 2000 future extension that might define an expiration parameter for 2001 keys. (The "exp" name is already used for this purpose in the JWT 2002 specification.) 2004 o Clarify that the "alg" (algorithm family) member is REQUIRED. 2006 o Correct an instance of "JWK" that should have been "JWK Set". 2008 o Applied changes made by the RFC Editor to RFC 6749's registry 2009 language to this specification. 2011 -05 2013 o Indented artwork elements to better distinguish them from the body 2014 text. 2016 -04 2018 o Refer to the registries as the primary sources of defined values 2019 and then secondarily reference the sections defining the initial 2020 contents of the registries. 2022 o Normatively reference XML DSIG 2.0 for its security 2023 considerations. 2025 o Added this language to Registration Templates: "This name is case 2026 sensitive. Names that match other registered names in a case 2027 insensitive manner SHOULD NOT be accepted." 2029 o Described additional open issues. 2031 o Applied editorial suggestions. 2033 -03 2035 o Clarified that "kid" values need not be unique within a JWK Set. 2037 o Moved JSON Web Key Parameters registry to the JWK specification. 2039 o Added "Collision Resistant Namespace" to the terminology section. 2041 o Changed registration requirements from RFC Required to 2042 Specification Required with Expert Review. 2044 o Added Registration Template sections for defined registries. 2046 o Added Registry Contents sections to populate registry values. 2048 o Numerous editorial improvements. 2050 -02 2052 o Simplified JWK terminology to get replace the "JWK Key Object" and 2053 "JWK Container Object" terms with simply "JSON Web Key (JWK)" and 2054 "JSON Web Key Set (JWK Set)" and to eliminate potential confusion 2055 between single keys and sets of keys. As part of this change, the 2056 top-level member name for a set of keys was changed from "jwk" to 2057 "keys". 2059 o Clarified that values with duplicate member names MUST be 2060 rejected. 2062 o Established JSON Web Key Set Parameters registry. 2064 o Explicitly listed non-goals in the introduction. 2066 o Moved algorithm-specific definitions from JWK to JWA. 2068 o Reformatted to give each member definition its own section 2069 heading. 2071 -01 2073 o Corrected the Magic Signatures reference. 2075 -00 2077 o Created the initial IETF draft based upon 2078 draft-jones-json-web-key-03 with no normative changes. 2080 Author's Address 2082 Michael B. Jones 2083 Microsoft 2085 Email: mbj@microsoft.com 2086 URI: http://self-issued.info/