idnits 2.17.1 draft-jones-jose-key-managed-json-web-signature-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 3, 2015) is 3342 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 7159 (Obsoleted by RFC 8259) -- Possible downref: Non-RFC (?) normative reference: ref. 'UNICODE' -- Obsolete informational reference (is this intentional?): RFC 3447 (Obsoleted by RFC 8017) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 JOSE Working Group M. Jones 3 Internet-Draft Microsoft 4 Intended status: Standards Track March 3, 2015 5 Expires: September 4, 2015 7 Key Managed JSON Web Signature (KMJWS) 8 draft-jones-jose-key-managed-json-web-signature-00 10 Abstract 12 Key Managed JSON Web Signature (KMJWS) represents content that is 13 integrity protected with a Message Authentication Code (MAC) in which 14 key management is employed for the MAC key. This representation 15 reuses key management functionality already present in the JSON Web 16 Encryption (JWE) specification and MAC functionality already present 17 in the JSON Web Signature (JWS) specification. 19 Status of this Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on September 4, 2015. 36 Copyright Notice 38 Copyright (c) 2015 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 54 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 3 55 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 3. Example KMJWS . . . . . . . . . . . . . . . . . . . . . . . . 4 57 4. KMJWS Contents . . . . . . . . . . . . . . . . . . . . . . . . 5 58 5. Header Parameters . . . . . . . . . . . . . . . . . . . . . . 6 59 6. Serializations . . . . . . . . . . . . . . . . . . . . . . . . 6 60 6.1. JWS Compact Serialization . . . . . . . . . . . . . . . . 6 61 6.2. JWS JSON Serialization . . . . . . . . . . . . . . . . . . 7 62 6.2.1. General KMJWS JSON Serialization Syntax . . . . . . . 7 63 6.2.2. Flattened KMJWS JSON Serialization Syntax . . . . . . 8 64 7. Distinguishing between KMJWS, JWS, and JWE Objects . . . . . . 9 65 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 66 8.1. JWS and JWE Header Parameter Registration . . . . . . . . 9 67 8.1.1. Registry Contents . . . . . . . . . . . . . . . . . . 9 68 9. Security Considerations . . . . . . . . . . . . . . . . . . . 10 69 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 70 10.1. Normative References . . . . . . . . . . . . . . . . . . . 10 71 10.2. Informative References . . . . . . . . . . . . . . . . . . 11 72 Appendix A. Example KMJWS using RSAES OAEP and HMAC SHA-256 . . . 11 73 A.1. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . 11 74 A.2. Payload . . . . . . . . . . . . . . . . . . . . . . . . . 11 75 A.3. JWS Signing Input . . . . . . . . . . . . . . . . . . . . 12 76 A.4. Integrity Protection . . . . . . . . . . . . . . . . . . . 12 77 A.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 13 78 A.6. Complete Representation . . . . . . . . . . . . . . . . . 14 79 Appendix B. Document History . . . . . . . . . . . . . . . . . . 15 80 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 15 82 1. Introduction 84 Key Managed JSON Web Signature (KMJWS) represents content that is 85 integrity protected with a Message Authentication Code (MAC) in which 86 key management is employed for the MAC key. This representation 87 reuses key management functionality already present in the JSON Web 88 Encryption (JWE) [JWE] specification and MAC functionality already 89 present in the JSON Web Signature (JWS) [JWS] specification. 91 A KMJWS is neither a JWS nor a JWE, but incorporates elements of 92 both. Specifically, the Key Management algorithms registered in the 93 JSON Web Signature and Encryption Algorithms Registry 94 [IANA.JOSE.Algs] are used to provide MAC keys in the same way that 95 they are used to provide content encryption keys in JSON Web 96 Encryption (JWE) [JWE]. Likewise, the MAC algorithms registered in 97 this registry are used to integrity protect the JWS Payload and JWS 98 Protected Header in the same way that they are used to integrity 99 protect the JWS Payload and JWS Protected Header in JSON Web 100 Signature (JWS) [JWS]. 102 1.1. Notational Conventions 104 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 105 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 106 "OPTIONAL" in this document are to be interpreted as described in Key 107 words for use in RFCs to Indicate Requirement Levels [RFC2119]. 109 UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation 110 of STRING, where STRING is a sequence of zero or more Unicode 111 [UNICODE] characters. 113 ASCII(STRING) denotes the octets of the ASCII [RFC20] representation 114 of STRING, where STRING is a sequence of zero or more ASCII 115 characters. 117 The concatenation of two values A and B is denoted as A || B. 119 2. Terminology 121 This specification uses the same terminology as the JSON Web 122 Signature (JWS) [JWS], JSON Web Encryption (JWE) [JWE], and JSON Web 123 Algorithms (JWA) [JWA] specifications. 125 These terms are defined by this specification: 127 Key Managed JSON Web Signature (KMJWS) 128 A data structure employing key management representing a MACed 129 message. 131 MAC Key 132 A symmetric key for the MAC algorithm used to integrity protect 133 the JWS Payload and the JWS Protected Header. 135 KMJWS Encrypted Key 136 Encrypted MAC Key. Note that for some algorithms, the KMJWS 137 Encrypted Key value is specified as being the empty octet 138 sequence. 140 3. Example KMJWS 142 This section provides an example of a KMJWS. Its computation is 143 described in more detail in Appendix A, including specifying the key 144 values used. 146 The following example JWS Protected Header declares that: 148 o The MAC Key is encrypted using the RSAES OAEP [RFC3447] algorithm 149 to produce the KMJWS Encrypted Key. 151 o The JWS Protected Header and the JWS Payload are integrity 152 protected using the HMAC SHA-256 [RFC2104, SHS] algorithm. 154 {"alg":"RSA-OAEP","mac":"HS256"} 156 Encoding this JWS Protected Header as BASE64URL(UTF8(JWS Protected 157 Header)) gives this value: 159 eyJhbGciOiJSU0EtT0FFUCIsIm1hYyI6IkhTMjU2In0 161 The payload in this example is the ASCII representation of the text 162 "What I have written, I have written." The value BASE64URL(JWS 163 Payload) is: 165 V2hhdCBJIGhhdmUgd3JpdHRlbiwgSSBoYXZlIHdyaXR0ZW4u 167 Computing the HMAC of the JWS Signing Input ASCII(BASE64URL(UTF8(JWS 168 Protected Header)) || '.' || BASE64URL(JWS Payload)) with the HMAC 169 SHA-256 algorithm using the MAC Key specified in Appendix A.4 and 170 base64url encoding the result yields this BASE64URL(JWS Signature) 171 value: 173 NjTOnXAAXtr7dA6RSxYkZcD6F-n5BOrLHRTxiTLptKM 175 The MAC Key is encrypted using the RSAES OAEP algorithm and the RSA 176 key specified in Appendix A.5. The resulting BASE64URL(KMJWS 177 Encrypted Key) value (with line breaks for display purposes only) is: 179 OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe 180 ipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDb 181 Sv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaV 182 mqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je8 183 1860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi 184 6UklfCpIMfIjf7iGdXKHzg 186 Concatenating these values in the order 187 Header.Payload.Signature.Encrypted_Key with period ('.') characters 188 between the parts yields this complete KMJWS representation using the 189 KMJWS Compact Serialization (with line breaks for display purposes 190 only): 192 eyJhbGciOiJSU0EtT0FFUCIsIm1hYyI6IkhTMjU2In0 193 . 194 V2hhdCBJIGhhdmUgd3JpdHRlbiwgSSBoYXZlIHdyaXR0ZW4u 195 . 196 NjTOnXAAXtr7dA6RSxYkZcD6F-n5BOrLHRTxiTLptKM 197 . 198 OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe 199 ipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDb 200 Sv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaV 201 mqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je8 202 1860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi 203 6UklfCpIMfIjf7iGdXKHzg 205 4. KMJWS Contents 207 A Key Managed JSON Web Signature (KMJWS) represents these logical 208 values: 210 o JOSE Header 211 o JWS Payload 212 o JWS Signature 213 o KMJWS Encrypted Key 215 For a KMJWS, just as it is for a JWS, the JOSE Header members are the 216 union of the members of these values: 218 o JWS Protected Header 219 o JWS Unprotected Header 221 The JWS Payload and JWS Signature are likewise the same for a KMJWS 222 are they are for a JWS. 224 The KMJWS Encrypted Key is the one value present in a KMJWS that is 225 not present in a JWS. It enables key management for the MAC Key. 227 5. Header Parameters 229 A KMJWS uses these Header Parameter fields to convey the key 230 management and MAC algorithms used: 232 alg 233 The key management algorithm employed. This parameter has the 234 same meaning, syntax, and processing rules as the "alg" Header 235 Parameter defined in Section 4.1.1 of [JWE], except that the key 236 being encrypted or determined is the MAC key, rather than the 237 Content Encryption Key. 239 mac 240 This parameter has the same meaning, syntax, and processing rules 241 as the "alg" Header Parameter defined in Section 4.1.1 of [JWS], 242 except that the algorithm MUST be a MAC algorithm and the MAC key 243 is determined by the key management procedure employed. 245 The "jku", "jwk", "kid", "x5u", "x5c", "x5t", "x5t#S256", "typ", and 246 "crit" Header Parameters defined in Section 4.1 of [JWE] are used 247 identically, except that the key being encrypted or determined is the 248 MAC key, rather than the Content Encryption Key. The "cty" Header 249 Parameter defined in Section 4.1.10 of [JWS] is used identically, 250 except that the JWS Payload is that of a KMJWS, rather than a JWS. 251 The "enc" and "zip" Header Parameters defined in Section 4.1 of [JWE] 252 MUST NOT be used. 254 6. Serializations 256 Like JWSs, KMJWSs can utilize one of two different serializations: 257 the KMJWS Compact Serialization or the KMJWS JSON Serialization. 259 6.1. JWS Compact Serialization 261 Like the JWS Compact Serialization, the KMJWS Compact Serialization 262 represents MACed content as a compact, URL-safe string. This string 263 is: 265 BASE64URL(UTF8(JWS Protected Header)) || '.' || 266 BASE64URL(JWS Payload) || '.' || 267 BASE64URL(JWS Signature) || '.' || 268 BASE64URL(KMJWS Encrypted Key) 270 Only one MAC is supported by the KMJWS Compact Serialization and it 271 provides no syntax to represent a JWS Unprotected Header value. 273 6.2. JWS JSON Serialization 275 Like the JWS JSON Serialization, the KMJWS JSON Serialization 276 represents MACed content as a JSON object RFC 7159 [RFC7159]. This 277 representation is neither optimized for compactness nor URL-safe. 279 Also like the JWS JSON Serialization, two closely related syntaxes 280 are defined for the KMJWS JSON Serialization: a fully general syntax, 281 with which content can be secured with more than one MAC operation, 282 and a flattened syntax, which is optimized for the single MAC case. 284 6.2.1. General KMJWS JSON Serialization Syntax 286 The following members are defined for use in top-level JSON objects 287 used for the fully general KMJWS JSON Serialization syntax: 289 payload 290 This is the same as the JWS "payload" member. 292 signatures 293 This is the same as the JWS "signatures" member. 295 The following members are defined for use in the JSON objects that 296 are elements of the "signatures" array: 298 protected 299 This is the same as the JWS the "protected" member. 301 header 302 This is the same as the JWS "header" member. 304 signature 305 This is the same as the JWS "signature" member. 307 encrypted_key 308 The "encrypted_key" member MUST be present and contain the value 309 BASE64URL(KMJWS Encrypted Key). 311 At least one of the "protected" and "header" members MUST be present 312 for each MAC computation so that "alg" and "mac" Header Parameter 313 values are conveyed. 315 Additional members can be present in both the JSON objects defined 316 above; if not understood by implementations encountering them, they 317 MUST be ignored. 319 The Header Parameter values used when creating or validating 320 individual MAC values are the union of the two sets of Header 321 Parameter values that may be present: (1) the JWS Protected Header 322 represented in the "protected" member of the MAC's array element, and 323 (2) the JWS Unprotected Header in the "header" member of the MAC's 324 array element. The union of these sets of Header Parameters 325 comprises the JOSE Header. The Header Parameter names in the two 326 locations MUST be disjoint. 328 Each JWS Signature value is computed using the parameters of the 329 corresponding JOSE Header value in the same manner as for the JWS 330 Compact Serialization. This has the desirable property that each JWS 331 Signature value represented in the "signatures" array is identical to 332 the value that would have been computed for the same parameter in the 333 KMJWS Compact Serialization, provided that the JWS Protected Header 334 value for that MAC computation (which represents the integrity 335 protected Header Parameter values) matches that used in the KMJWS 336 Compact Serialization. 338 In summary, the syntax of a KMJWS using the general KMJWS JSON 339 Serialization is as follows: 341 { 342 "payload":"", 343 "signatures":[ 344 {"protected":"", 345 "header":, 346 "signature":"", 347 "encrypted_key":""}, 348 ... 349 {"protected":"", 350 "header":, 351 "signature":"", 352 "encrypted_key":""}] 353 } 355 6.2.2. Flattened KMJWS JSON Serialization Syntax 357 The flattened KMJWS JSON Serialization syntax is based upon the 358 general syntax, but flattens it in the same way that the flattened 359 JWS JSON Serialization syntax flattens its general syntax. 361 In summary, the syntax of a KMJWS using the flattened KMJWS JSON 362 Serialization is as follows: 364 { 365 "payload":"", 366 "protected":"", 367 "header":, 368 "signature":"", 369 "encrypted_key":"" 370 } 372 7. Distinguishing between KMJWS, JWS, and JWE Objects 374 While KMJWSs have characteristics of both JWSs and JWEs, these 375 methods can be used to distinguish KMJWSs from either of them. This 376 section augments the information in Section 9 of [JWE]. 378 o If the object is using a compact serialization, the number of 379 base64url encoded segments separated by period ('.') characters 380 will differ. KMJWSs have four segments separated by three period 381 ('.') characters and the others do not. 383 o If the object is using a JSON serialization, the members used will 384 be different. KMJWSs have both a "payload" and an "encrypted_key" 385 member and the others do not. 387 o The JOSE Header for a KMJWS can also be distinguished from the 388 JOSE Header for a JWS or JWE by determining whether a "mac" (MAC 389 Algorithm) member exists. If the "mac" member exists, it is a 390 KMJWS; otherwise, it is not. 392 8. IANA Considerations 394 8.1. JWS and JWE Header Parameter Registration 396 This specification registers the "mac" (MAC Algorithm) Header 397 Parameter defined in Section 5 in the IANA JSON Web Signature and 398 Encryption Header Parameters registry defined in [JWS]. 400 8.1.1. Registry Contents 402 o Header Parameter Name: "mac" 403 o Header Parameter Description: MAC Algorithm 404 o Header Parameter Usage Location(s): KMJWS 405 o Change Controller: IETF 406 o Specification Document(s): Section 5 of [[ this document ]] 408 9. Security Considerations 410 The key management security considerations from [JWE] apply. The 411 integrity protection security considerations from [JWS] apply. The 412 algorithm security considerations from [JWA] apply. 414 10. References 416 10.1. Normative References 418 [IANA.JOSE.Algs] 419 Internet Assigned Numbers Authority (IANA), "JSON Web 420 Signature and Encryption Algorithms Registry", 2015, . 424 [JWA] Jones, M., "JSON Web Algorithms (JWA)", 425 draft-ietf-jose-json-web-algorithms (work in progress), 426 January 2015. 428 [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", 429 draft-ietf-jose-json-web-encryption (work in progress), 430 January 2015. 432 [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web 433 Signature (JWS)", draft-ietf-jose-json-web-signature (work 434 in progress), January 2015. 436 [RFC20] Cerf, V., "ASCII format for Network Interchange", RFC 20, 437 October 1969. 439 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 440 Requirement Levels", BCP 14, RFC 2119, March 1997. 442 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 443 10646", STD 63, RFC 3629, November 2003. 445 [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data 446 Interchange Format", RFC 7159, March 2014. 448 [UNICODE] The Unicode Consortium, "The Unicode Standard", 1991-, 449 . 451 10.2. Informative References 453 [JWK] Jones, M., "JSON Web Key (JWK)", 454 draft-ietf-jose-json-web-key (work in progress), 455 January 2015. 457 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 458 Hashing for Message Authentication", RFC 2104, 459 February 1997. 461 [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography 462 Standards (PKCS) #1: RSA Cryptography Specifications 463 Version 2.1", RFC 3447, February 2003. 465 [SHS] National Institute of Standards and Technology, "Secure 466 Hash Standard (SHS)", FIPS PUB 180-4, March 2012. 468 Appendix A. Example KMJWS using RSAES OAEP and HMAC SHA-256 470 This example secures the payload using RSAES OAEP for key encryption 471 and HMAC SHA-256 for integrity protection. 473 A.1. JOSE Header 475 The following example JWS Protected Header declares that: 477 o The MAC Key is encrypted using the RSAES OAEP [RFC3447] algorithm 478 to produce the KMJWS Encrypted Key. 480 o The JWS Protected Header and the JWS Payload are integrity 481 protected using the HMAC SHA-256 [RFC2104, SHS] algorithm. 483 {"alg":"RSA-OAEP","mac":"HS256"} 485 Encoding this JWS Protected Header as BASE64URL(UTF8(JWS Protected 486 Header)) gives this value: 488 eyJhbGciOiJSU0EtT0FFUCIsIm1hYyI6IkhTMjU2In0 490 A.2. Payload 492 The payload in this example is the ASCII representation of the text 493 "What I have written, I have written." The representation of this 494 payload (using JSON array notation) is: 496 [87, 104, 97, 116, 32, 73, 32, 104, 97, 118, 101, 32, 119, 114, 105, 497 116, 116, 101, 110, 44, 32, 73, 32, 104, 97, 118, 101, 32, 119, 114, 498 105, 116, 116, 101, 110, 46] 500 The value BASE64URL(JWS Payload) is: 502 V2hhdCBJIGhhdmUgd3JpdHRlbiwgSSBoYXZlIHdyaXR0ZW4u 504 A.3. JWS Signing Input 506 Combining these as BASE64URL(UTF8(JWS Protected Header)) || '.' || 507 BASE64URL(JWS Payload) gives this string (with line breaks for 508 display purposes only): 510 eyJhbGciOiJSU0EtT0FFUCIsIm1hYyI6IkhTMjU2In0 511 . 512 V2hhdCBJIGhhdmUgd3JpdHRlbiwgSSBoYXZlIHdyaXR0ZW4u 514 The resulting JWS Signing Input value, which is the ASCII 515 representation of above string, is the following octet sequence 516 (using JSON array notation): 518 [101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 83, 85, 48, 69, 519 116, 84, 48, 70, 70, 85, 67, 73, 115, 73, 109, 49, 104, 89, 121, 73, 520 54, 73, 107, 104, 84, 77, 106, 85, 50, 73, 110, 48, 46, 86, 50, 104, 521 104, 100, 67, 66, 74, 73, 71, 104, 104, 100, 109, 85, 103, 100, 51, 522 74, 112, 100, 72, 82, 108, 98, 105, 119, 103, 83, 83, 66, 111, 89, 523 88, 90, 108, 73, 72, 100, 121, 97, 88, 82, 48, 90, 87, 52, 117] 525 A.4. Integrity Protection 527 Compute the HMAC of the JWS Signing Input with the HMAC SHA-256 528 algorithm. This example uses the MAC Key below: 530 [177, 161, 244, 128, 84, 143, 225, 115, 63, 180, 3, 255, 107, 154, 531 212, 246, 138, 7, 110, 91, 112, 46, 34, 105, 47, 130, 203, 46, 122, 532 234, 64, 252] 534 The resulting JWS Signature value is: 536 [54, 52, 206, 157, 112, 0, 94, 218, 251, 116, 14, 145, 75, 22, 36, 537 101, 192, 250, 23, 233, 249, 4, 234, 203, 29, 20, 241, 137, 50, 233, 538 180, 163] 540 Base64url encoding the result yields this BASE64URL(JWS Signature) 541 value: 543 NjTOnXAAXtr7dA6RSxYkZcD6F-n5BOrLHRTxiTLptKM 545 A.5. Key Encryption 547 Encrypt the MAC Key with the recipient's public key using the RSAES 548 OAEP algorithm to produce the KMJWS Encrypted Key. This example uses 549 the RSA key represented in JSON Web Key [JWK] format below (with line 550 breaks within values for display purposes only): 552 {"kty":"RSA", 553 "n":"oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW 554 cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S 555 psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a 556 sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS 557 tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj 558 YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw", 559 "e":"AQAB", 560 "d":"kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N 561 WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9 562 3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk 563 qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl 564 t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd 565 VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ", 566 "p":"1r52Xk46c-LsfB5P442p7atdPUrxQSy4mti_tZI3Mgf2EuFVbUoDBvaRQ- 567 SWxkbkmoEzL7JXroSBjSrK3YIQgYdMgyAEPTPjXv_hI2_1eTSPVZfzL0lf 568 fNn03IXqWF5MDFuoUYE0hzb2vhrlN_rKrbfDIwUbTrjjgieRbwC6Cl0", 569 "q":"wLb35x7hmQWZsWJmB_vle87ihgZ19S8lBEROLIsZG4ayZVe9Hi9gDVCOBm 570 UDdaDYVTSNx_8Fyw1YYa9XGrGnDew00J28cRUoeBB_jKI1oma0Orv1T9aX 571 IWxKwd4gvxFImOWr3QRL9KEBRzk2RatUBnmDZJTIAfwTs0g68UZHvtc", 572 "dp":"ZK-YwE7diUh0qR1tR7w8WHtolDx3MZ_OTowiFvgfeQ3SiresXjm9gZ5KL 573 hMXvo-uz-KUJWDxS5pFQ_M0evdo1dKiRTjVw_x4NyqyXPM5nULPkcpU827 574 rnpZzAJKpdhWAgqrXGKAECQH0Xt4taznjnd_zVpAmZZq60WPMBMfKcuE", 575 "dq":"Dq0gfgJ1DdFGXiLvQEZnuKEN0UUmsJBxkjydc3j4ZYdBiMRAy86x0vHCj 576 ywcMlYYg4yoC4YZa9hNVcsjqA3FeiL19rk8g6Qn29Tt0cj8qqyFpz9vNDB 577 UfCAiJVeESOjJDZPYHdHY8v1b-o-Z2X5tvLx-TCekf7oxyeKDUqKWjis", 578 "qi":"VIMpMYbPf47dT1w_zDUXfPimsSegnMOA1zTaX7aGk_8urY6R8-ZW1FxU7 579 AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3 580 eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY" 581 } 583 The resulting KMJWS Encrypted Key value is: 585 [56, 163, 154, 192, 58, 53, 222, 4, 105, 218, 136, 218, 29, 94, 203, 586 22, 150, 92, 129, 94, 211, 232, 53, 89, 41, 60, 138, 56, 196, 216, 587 82, 98, 168, 76, 37, 73, 70, 7, 36, 8, 191, 100, 136, 196, 244, 220, 588 145, 158, 138, 155, 4, 117, 141, 230, 199, 247, 173, 45, 182, 214, 589 74, 177, 107, 211, 153, 11, 205, 196, 171, 226, 162, 128, 171, 182, 590 13, 237, 239, 99, 193, 4, 91, 219, 121, 223, 107, 167, 61, 119, 228, 591 173, 156, 137, 134, 200, 80, 219, 74, 253, 56, 185, 91, 177, 34, 158, 592 89, 154, 205, 96, 55, 18, 138, 43, 96, 218, 215, 128, 124, 75, 138, 593 243, 85, 25, 109, 117, 140, 26, 155, 249, 67, 167, 149, 231, 100, 6, 594 41, 65, 214, 251, 232, 87, 72, 40, 182, 149, 154, 168, 31, 193, 126, 595 215, 89, 28, 111, 219, 125, 182, 139, 235, 195, 197, 23, 234, 55, 58, 596 63, 180, 68, 202, 206, 149, 75, 205, 248, 176, 67, 39, 178, 60, 98, 597 193, 32, 238, 122, 96, 158, 222, 57, 183, 111, 210, 55, 188, 215, 598 206, 180, 166, 150, 166, 106, 250, 55, 229, 72, 40, 69, 214, 216, 599 104, 23, 40, 135, 212, 28, 127, 41, 80, 175, 174, 168, 115, 171, 197, 600 89, 116, 92, 103, 246, 83, 216, 182, 176, 84, 37, 147, 35, 45, 219, 601 172, 99, 226, 233, 73, 37, 124, 42, 72, 49, 242, 35, 127, 184, 134, 602 117, 114, 135, 206] 604 Encoding this KMJWS Encrypted Key as BASE64URL(KMJWS Encrypted Key) 605 gives this value (with line breaks for display purposes only): 607 OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe 608 ipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDb 609 Sv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaV 610 mqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je8 611 1860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi 612 6UklfCpIMfIjf7iGdXKHzg 614 A.6. Complete Representation 616 Assemble the final representation: The Compact Serialization of this 617 result is the string BASE64URL(UTF8(JWS Protected Header)) || '.' || 618 BASE64URL(JWS Payload) || '.' || BASE64URL(JWS Signature) || '.' || 619 BASE64URL(KMJWS Encrypted Key). 621 The final result in this example (with line breaks for display 622 purposes only) is: 624 eyJhbGciOiJSU0EtT0FFUCIsIm1hYyI6IkhTMjU2In0 625 . 626 V2hhdCBJIGhhdmUgd3JpdHRlbiwgSSBoYXZlIHdyaXR0ZW4u 627 . 628 NjTOnXAAXtr7dA6RSxYkZcD6F-n5BOrLHRTxiTLptKM 629 . 630 OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe 631 ipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDb 632 Sv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaV 633 mqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je8 634 1860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi 635 6UklfCpIMfIjf7iGdXKHzg 637 Appendix B. Document History 639 [[ to be removed by the RFC editor before publication as an RFC ]] 641 -00 643 o Created draft-jones-jose-key-managed-json-web-signature. 645 Author's Address 647 Michael B. Jones 648 Microsoft 650 Email: mbj@microsoft.com 651 URI: http://self-issued.info/