idnits 2.17.00 (12 Aug 2021) /tmp/idnits2628/draft-ietf-jose-json-web-key-17.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 7, 2013) is 3147 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ECMAScript' -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.X690.1994' == Outdated reference: draft-ietf-jose-json-web-algorithms has been published as RFC 7518 == Outdated reference: draft-ietf-jose-json-web-encryption has been published as RFC 7516 == Outdated reference: draft-ietf-jose-json-web-signature has been published as RFC 7515 ** Downref: Normative reference to an Historic RFC: RFC 1421 ** Downref: Normative reference to an Informational RFC: RFC 2818 ** Obsolete normative reference: RFC 4627 (Obsoleted by RFC 7158, RFC 7159) ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) -- Possible downref: Non-RFC (?) normative reference: ref. 'USASCII' -- Obsolete informational reference (is this intentional?): RFC 3447 (Obsoleted by RFC 8017) Summary: 5 errors (**), 0 flaws (~~), 4 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 JOSE Working Group M. Jones 3 Internet-Draft Microsoft 4 Intended status: Standards Track October 7, 2013 5 Expires: April 10, 2014 7 JSON Web Key (JWK) 8 draft-ietf-jose-json-web-key-17 10 Abstract 12 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data 13 structure that represents a cryptographic key. This specification 14 also defines a JSON Web Key Set (JWK Set) JSON data structure for 15 representing a set of JWKs. Cryptographic algorithms and identifiers 16 for use with this specification are described in the separate JSON 17 Web Algorithms (JWA) specification and IANA registries defined by 18 that specification. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on April 10, 2014. 37 Copyright Notice 39 Copyright (c) 2013 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 4 56 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 5 58 3.1. "kty" (Key Type) Parameter . . . . . . . . . . . . . . . . 5 59 3.2. "use" (Key Use) Parameter . . . . . . . . . . . . . . . . 6 60 3.3. "alg" (Algorithm) Parameter . . . . . . . . . . . . . . . 6 61 3.4. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 6 62 3.5. "x5u" (X.509 URL) Parameter . . . . . . . . . . . . . . . 6 63 3.6. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 7 64 3.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 7 65 4. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 7 66 4.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 8 67 5. String Comparison Rules . . . . . . . . . . . . . . . . . . . 8 68 6. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 8 69 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 70 7.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 9 71 7.1.1. Registration Template . . . . . . . . . . . . . . . . 10 72 7.1.2. Initial Registry Contents . . . . . . . . . . . . . . 10 73 7.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 11 74 7.2.1. Registration Template . . . . . . . . . . . . . . . . 12 75 7.2.2. Initial Registry Contents . . . . . . . . . . . . . . 12 76 7.3. JSON Web Key Set Parameters Registry . . . . . . . . . . . 12 77 7.3.1. Registration Template . . . . . . . . . . . . . . . . 12 78 7.3.2. Initial Registry Contents . . . . . . . . . . . . . . 13 79 7.4. Media Type Registration . . . . . . . . . . . . . . . . . 13 80 7.4.1. Registry Contents . . . . . . . . . . . . . . . . . . 13 81 8. Security Considerations . . . . . . . . . . . . . . . . . . . 14 82 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15 83 9.1. Normative References . . . . . . . . . . . . . . . . . . . 15 84 9.2. Informative References . . . . . . . . . . . . . . . . . . 16 85 Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 17 86 A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 17 87 A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 17 88 A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 19 89 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) 90 Parameter . . . . . . . . . . . . . . . . . . . . . . 19 91 Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 20 92 C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 21 93 C.2. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . 24 94 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 24 95 C.4. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 25 96 C.5. Initialization Vector . . . . . . . . . . . . . . . . . . 25 97 C.6. Additional Authenticated Data . . . . . . . . . . . . . . 25 98 C.7. Content Encryption . . . . . . . . . . . . . . . . . . . . 26 99 C.8. Complete Representation . . . . . . . . . . . . . . . . . 29 100 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 30 101 Appendix E. Document History . . . . . . . . . . . . . . . . . . 31 102 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 35 104 1. Introduction 106 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC4627] 107 data structure that represents a cryptographic key. This 108 specification also defines a JSON Web Key Set (JWK Set) JSON data 109 structure for representing a set of JWKs. Cryptographic algorithms 110 and identifiers for use with this specification are described in the 111 separate JSON Web Algorithms (JWA) [JWA] specification and IANA 112 registries defined by that specification. 114 Goals for this specification do not include representing certificate 115 chains, representing certified keys, and replacing X.509 116 certificates. 118 JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and 119 JSON Web Encryption (JWE) [JWE] specifications. 121 Names defined by this specification are short because a core goal is 122 for the resulting representations to be compact. 124 1.1. Notational Conventions 126 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 127 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 128 document are to be interpreted as described in Key words for use in 129 RFCs to Indicate Requirement Levels [RFC2119]. If these words are 130 used without being spelled in uppercase then they are to be 131 interpreted with their normal natural language meanings. 133 BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per 134 Section 2. 136 UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation 137 of STRING. 139 ASCII(STRING) denotes the octets of the ASCII [USASCII] 140 representation of STRING. 142 The concatenation of two values A and B is denoted as A || B. 144 2. Terminology 146 These terms defined by the JSON Web Signature (JWS) [JWS] 147 specification are incorporated into this specification: "Base64url 148 Encoding" and "Collision Resistant Name". 150 These terms are defined for use by this specification: 152 JSON Web Key (JWK) A JSON object that represents a cryptographic 153 key. 155 JSON Web Key Set (JWK Set) A JSON object that contains an array of 156 JWKs as the value of its "keys" member. 158 3. JSON Web Key (JWK) Format 160 A JSON Web Key (JWK) is a JSON object containing specific members, as 161 specified below. Those members that are common to multiple key types 162 are defined below. 164 In addition to the common parameters, each JWK will have members that 165 are specific to the kind of key being represented. These members 166 represent the parameters of the key. Section 5 of the JSON Web 167 Algorithms (JWA) [JWA] specification defines multiple kinds of 168 cryptographic keys and their associated members. 170 The member names within a JWK MUST be unique; recipients MUST either 171 reject JWKs with duplicate member names or use a JSON parser that 172 returns only the lexically last duplicate member name, as specified 173 in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. 175 Additional members MAY be present in the JWK. If not understood by 176 implementations encountering them, they MUST be ignored. Member 177 names used for representing key parameters for different kinds of 178 keys need not be distinct. Any new member name SHOULD either be 179 registered in the IANA JSON Web Key Parameters registry defined in 180 Section 7.1 or be a value that contains a Collision Resistant Name. 182 3.1. "kty" (Key Type) Parameter 184 The "kty" (key type) member identifies the cryptographic algorithm 185 family used with the key. "kty" values SHOULD either be registered in 186 the IANA JSON Web Key Types registry defined in [JWA] or be a value 187 that contains a Collision Resistant Name. The "kty" value is a case 188 sensitive string. Use of this member is REQUIRED. 190 A list of defined "kty" values can be found in the IANA JSON Web Key 191 Types registry defined in [JWA]; the initial contents of this 192 registry are the values defined in Section 5.1 of the JSON Web 193 Algorithms (JWA) [JWA] specification. 195 Additional members used with these "kty" values can be found in the 196 IANA JSON Web Key Parameters registry defined in Section 7.1; the 197 initial contents of this registry are the values defined in Sections 198 5.2 and 5.3 of the JSON Web Algorithms (JWA) [JWA] specification. 200 3.2. "use" (Key Use) Parameter 202 The "use" (key use) member identifies the intended use of the key. 203 Values defined by this specification are: 205 o "sig" (signature or MAC operation) 207 o "enc" (encryption) 209 Other values MAY be used. Key Use values can be registered in the 210 IANA JSON Web Key Use registry defined in Section 7.2. The "use" 211 value is a case sensitive string. A "use" member SHOULD be present, 212 unless the application uses another means or convention to determine 213 the intended key usage. 215 When a key is used to wrap another key and a key use designation for 216 the first key is desired, the "enc" (encryption) key use value SHOULD 217 be used, since key wrapping is a kind of encryption. (The "alg" 218 member can be used to specify the particular kind of encryption to be 219 performed, when desired.) 221 3.3. "alg" (Algorithm) Parameter 223 The "alg" (algorithm) member identifies the algorithm intended for 224 use with the key. The values used SHOULD either be registered in the 225 IANA JSON Web Signature and Encryption Algorithms registry defined in 226 [JWA] or be a value that contains a Collision Resistant Name. Use of 227 this member is OPTIONAL. 229 3.4. "kid" (Key ID) Parameter 231 The "kid" (key ID) member can be used to match a specific key. This 232 can be used, for instance, to choose among a set of keys within a JWK 233 Set during key rollover. The interpretation of the "kid" value is 234 unspecified. When "kid" values are used within a JWK Set, different 235 keys within the JWK Set SHOULD use distinct "kid" values. The "kid" 236 value is a case sensitive string. Use of this member is OPTIONAL. 238 When used with JWS or JWE, the "kid" value can be used to match a JWS 239 or JWE "kid" Header Parameter value. 241 3.5. "x5u" (X.509 URL) Parameter 243 The "x5u" (X.509 URL) member is a URI [RFC3986] that refers to a 244 resource for an X.509 public key certificate or certificate chain 245 [RFC5280]. The identified resource MUST provide a representation of 246 the certificate or certificate chain that conforms to RFC 5280 247 [RFC5280] in PEM encoded form [RFC1421]. The key in the first 248 certificate MUST match the bare public key represented by other 249 members of the JWK. The protocol used to acquire the resource MUST 250 provide integrity protection; an HTTP GET request to retrieve the 251 certificate MUST use TLS [RFC2818] [RFC5246]; the identity of the 252 server MUST be validated, as per Section 3.1 of HTTP Over TLS 253 [RFC2818]. Use of this member is OPTIONAL. 255 3.6. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter 257 The "x5t" (X.509 Certificate SHA-1 Thumbprint) member is a base64url 258 encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an 259 X.509 certificate [RFC5280]. The key in the certificate MUST match 260 the bare public key represented by other members of the JWK. Use of 261 this member is OPTIONAL. 263 If, in the future, certificate thumbprints need to be computed using 264 hash functions other than SHA-1, it is suggested that additional 265 related JWK parameters be defined for that purpose. For example, it 266 is suggested that a new "x5t#S256" (X.509 Certificate Thumbprint 267 using SHA-256) JWK parameter could be defined by registering it in 268 the IANA JSON Web Key Parameters registry defined in Section 7.1. 270 3.7. "x5c" (X.509 Certificate Chain) Parameter 272 The "x5c" (X.509 Certificate Chain) member contains a chain of one or 273 more PKIX certificates [RFC5280]. The certificate chain is 274 represented as a JSON array of certificate value strings. Each 275 string in the array is a base64 encoded ([RFC4648] Section 4 -- not 276 base64url encoded) DER [ITU.X690.1994] PKIX certificate value. The 277 PKIX certificate containing the key value MUST be the first 278 certificate. This MAY be followed by additional certificates, with 279 each subsequent certificate being the one used to certify the 280 previous one. The key in the first certificate MUST match the bare 281 public key represented by other members of the JWK. Use of this 282 member is OPTIONAL. 284 4. JSON Web Key Set (JWK Set) Format 286 A JSON Web Key Set (JWK Set) is a JSON object that contains an array 287 of JWK values as the value of its "keys" member. 289 The member names within a JWK Set MUST be unique; recipients MUST 290 either reject JWK Sets with duplicate member names or use a JSON 291 parser that returns only the lexically last duplicate member name, as 292 specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 293 [ECMAScript]. 295 Additional members MAY be present in the JWK Set. If not understood 296 by implementations encountering them, they MUST be ignored. 297 Parameters for representing additional properties of JWK Sets SHOULD 298 either be registered in the IANA JSON Web Key Set Parameters registry 299 defined in Section 7.3 or be a value that contains a Collision 300 Resistant Name. 302 Implementations SHOULD ignore JWKs within a JWK Set that use "kty" 303 (key type) values that are not understood by them. 305 4.1. "keys" Parameter 307 The value of the "keys" member is an array of JWK values. By 308 default, the order of the JWK values within the array does not imply 309 an order of preference among them, although applications of JWK Sets 310 can choose to assign a meaning to the order for their purposes, if 311 desired. Use of this member is REQUIRED. 313 5. String Comparison Rules 315 The string comparison rules for this specification are the same as 316 those defined in Section 5.3 of [JWS]. 318 6. Encrypted JWK and Encrypted JWK Set Formats 320 JWKs containing non-public key material will need to be encrypted in 321 some contexts to prevent the disclosure of private or symmetric key 322 values to unintended parties. The use of an Encrypted JWK, which is 323 a JWE with a JWK as its plaintext value, is RECOMMENED for this 324 purpose. The processing of Encrypted JWKs is identical to the 325 processing of other JWEs. A "cty" (content type) Header Parameter 326 value of "jwk+json" MUST be used to indicate that the content of the 327 JWE is a JWK, unless the application knows that the encrypted content 328 is a JWK by another means or convention. 330 JWK Sets containing non-public key material will similarly need to be 331 encrypted. The use of an Encrypted JWK Set, which is a JWE with a 332 JWK Set as its plaintext value, is RECOMMENED for this purpose. The 333 processing of Encrypted JWK Sets is identical to the processing of 334 other JWEs. A "cty" (content type) Header Parameter value of 335 "jwk-set+json" MUST be used to indicate that the content of the JWE 336 is a JWK Set, unless the application knows that the encrypted content 337 is a JWK Set by another means or convention. 339 See Appendix C for an example encrypted JWK. 341 7. IANA Considerations 343 The following registration procedure is used for all the registries 344 established by this specification. 346 Values are registered with a Specification Required [RFC5226] after a 347 two-week review period on the [TBD]@ietf.org mailing list, on the 348 advice of one or more Designated Experts. However, to allow for the 349 allocation of values prior to publication, the Designated Expert(s) 350 may approve registration once they are satisfied that such a 351 specification will be published. 353 Registration requests must be sent to the [TBD]@ietf.org mailing list 354 for review and comment, with an appropriate subject (e.g., "Request 355 for access token type: example"). [[ Note to the RFC Editor: The name 356 of the mailing list should be determined in consultation with the 357 IESG and IANA. Suggested name: jose-reg-review. ]] 359 Within the review period, the Designated Expert(s) will either 360 approve or deny the registration request, communicating this decision 361 to the review list and IANA. Denials should include an explanation 362 and, if applicable, suggestions as to how to make the request 363 successful. Registration requests that are undetermined for a period 364 longer than 21 days can be brought to the IESG's attention (using the 365 iesg@iesg.org mailing list) for resolution. 367 Criteria that should be applied by the Designated Expert(s) includes 368 determining whether the proposed registration duplicates existing 369 functionality, determining whether it is likely to be of general 370 applicability or whether it is useful only for a single application, 371 and whether the registration makes sense. 373 IANA must only accept registry updates from the Designated Expert(s) 374 and should direct all requests for registration to the review mailing 375 list. 377 It is suggested that multiple Designated Experts be appointed who are 378 able to represent the perspectives of different applications using 379 this specification, in order to enable broadly-informed review of 380 registration decisions. In cases where a registration decision could 381 be perceived as creating a conflict of interest for a particular 382 Expert, that Expert should defer to the judgment of the other 383 Expert(s). 385 7.1. JSON Web Key Parameters Registry 387 This specification establishes the IANA JSON Web Key Parameters 388 registry for JWK parameter names. The registry records the parameter 389 name, the key type(s) that the parameter is used with, and a 390 reference to the specification that defines it. It also records 391 whether the parameter conveys public or private information. This 392 specification registers the parameter names defined in Section 3. 393 The same JWK parameter name may be registered multiple times, 394 provided that duplicate parameter registrations are only for key type 395 specific JWK parameters; in this case, the meaning of the duplicate 396 parameter name is disambiguated by the "kty" value of the JWK 397 containing it. 399 7.1.1. Registration Template 401 Parameter Name: 402 The name requested (e.g., "example"). Because a core goal of this 403 specification is for the resulting representations to be compact, 404 it is RECOMMENDED that the name be short -- not to exceed 8 405 characters without a compelling reason to do so. This name is 406 case sensitive. Names may not match other registered names in a 407 case insensitive manner unless the Designated Expert(s) state that 408 there is a compelling reason to allow an exception in this 409 particular case. 411 Used with "kty" Value(s): 412 The key type parameter value(s) that the parameter name is to be 413 used with, or the value "*" if the parameter value is used with 414 all key types. 416 Parameter Information Class: 417 Registers whether the parameter conveys public or private 418 information. Its value must be one the words Public or Private. 420 Change Controller: 421 For Standards Track RFCs, state "IESG". For others, give the name 422 of the responsible party. Other details (e.g., postal address, 423 email address, home page URI) may also be included. 425 Specification Document(s): 426 Reference to the document(s) that specify the parameter, 427 preferably including URI(s) that can be used to retrieve copies of 428 the document(s). An indication of the relevant sections may also 429 be included but is not required. 431 7.1.2. Initial Registry Contents 433 o Parameter Name: "kty" 434 o Used with "kty" Value(s): * 435 o Parameter Information Class: Public 436 o Change Controller: IESG 437 o Specification Document(s): Section 3.1 of [[ this document ]] 439 o Parameter Name: "use" 440 o Used with "kty" Value(s): * 441 o Parameter Information Class: Public 442 o Change Controller: IESG 443 o Specification Document(s): Section 3.2 of [[ this document ]] 445 o Parameter Name: "alg" 446 o Used with "kty" Value(s): * 447 o Parameter Information Class: Public 448 o Change Controller: IESG 449 o Specification Document(s): Section 3.3 of [[ this document ]] 451 o Parameter Name: "kid" 452 o Used with "kty" Value(s): * 453 o Parameter Information Class: Public 454 o Change Controller: IESG 455 o Specification Document(s): Section 3.4 of [[ this document ]] 457 o Parameter Name: "x5u" 458 o Used with "kty" Value(s): * 459 o Parameter Information Class: Public 460 o Change Controller: IESG 461 o Specification Document(s): Section 3.5 of [[ this document ]] 463 o Parameter Name: "x5t" 464 o Used with "kty" Value(s): * 465 o Parameter Information Class: Public 466 o Change Controller: IESG 467 o Specification Document(s): Section 3.6 of [[ this document ]] 469 o Parameter Name: "x5c" 470 o Used with "kty" Value(s): * 471 o Parameter Information Class: Public 472 o Change Controller: IESG 473 o Specification Document(s): Section 3.7 of [[ this document ]] 475 7.2. JSON Web Key Use Registry 477 This specification establishes the IANA JSON Web Key Use registry for 478 JWK "use" member values. The registry records the key use value and 479 a reference to the specification that defines it. This specification 480 registers the parameter names defined in Section 3.2. 482 7.2.1. Registration Template 484 Use Member Value: 485 The name requested (e.g., "example"). Because a core goal of this 486 specification is for the resulting representations to be compact, 487 it is RECOMMENDED that the name be short -- not to exceed 8 488 characters without a compelling reason to do so. This name is 489 case sensitive. Names may not match other registered names in a 490 case insensitive manner unless the Designated Expert(s) state that 491 there is a compelling reason to allow an exception in this 492 particular case. 494 Change Controller: 495 For Standards Track RFCs, state "IESG". For others, give the name 496 of the responsible party. Other details (e.g., postal address, 497 email address, home page URI) may also be included. 499 Specification Document(s): 500 Reference to the document(s) that specify the parameter, 501 preferably including URI(s) that can be used to retrieve copies of 502 the document(s). An indication of the relevant sections may also 503 be included but is not required. 505 7.2.2. Initial Registry Contents 507 o Use Member Value: "sig" 508 o Change Controller: IESG 509 o Specification Document(s): Section 3.2 of [[ this document ]] 511 o Use Member Value: "enc" 512 o Change Controller: IESG 513 o Specification Document(s): Section 3.2 of [[ this document ]] 515 7.3. JSON Web Key Set Parameters Registry 517 This specification establishes the IANA JSON Web Key Set Parameters 518 registry for JWK Set parameter names. The registry records the 519 parameter name and a reference to the specification that defines it. 520 This specification registers the parameter names defined in 521 Section 4. 523 7.3.1. Registration Template 525 Parameter Name: 526 The name requested (e.g., "example"). Because a core goal of this 527 specification is for the resulting representations to be compact, 528 it is RECOMMENDED that the name be short -- not to exceed 8 529 characters without a compelling reason to do so. This name is 530 case sensitive. Names may not match other registered names in a 531 case insensitive manner unless the Designated Expert(s) state that 532 there is a compelling reason to allow an exception in this 533 particular case. 535 Change Controller: 536 For Standards Track RFCs, state "IESG". For others, give the name 537 of the responsible party. Other details (e.g., postal address, 538 email address, home page URI) may also be included. 540 Specification Document(s): 541 Reference to the document(s) that specify the parameter, 542 preferably including URI(s) that can be used to retrieve copies of 543 the document(s). An indication of the relevant sections may also 544 be included but is not required. 546 7.3.2. Initial Registry Contents 548 o Parameter Name: "keys" 549 o Change Controller: IESG 550 o Specification Document(s): Section 4.1 of [[ this document ]] 552 7.4. Media Type Registration 554 7.4.1. Registry Contents 556 This specification registers the "application/jwk+json" and 557 "application/jwk-set+json" Media Types [RFC2046] in the MIME Media 558 Types registry [IANA.MediaTypes], which can be used to indicate, 559 respectively, that the content is a JWK or a JWK Set. 561 o Type Name: application 562 o Subtype Name: jwk+json 563 o Required Parameters: n/a 564 o Optional Parameters: n/a 565 o Encoding considerations: 8bit; application/jwk+json values are 566 represented as JSON object; UTF-8 encoding SHOULD be employed for 567 the JSON object. 568 o Security Considerations: See the Security Considerations section 569 of [[ this document ]] 570 o Interoperability Considerations: n/a 571 o Published Specification: [[ this document ]] 572 o Applications that use this media type: TBD 573 o Additional Information: Magic number(s): n/a, File extension(s): 574 n/a, Macintosh file type code(s): n/a 575 o Person & email address to contact for further information: Michael 576 B. Jones, mbj@microsoft.com 578 o Intended Usage: COMMON 579 o Restrictions on Usage: none 580 o Author: Michael B. Jones, mbj@microsoft.com 581 o Change Controller: IESG 583 o Type Name: application 584 o Subtype Name: jwk-set+json 585 o Required Parameters: n/a 586 o Optional Parameters: n/a 587 o Encoding considerations: 8bit; application/jwk-set+json values are 588 represented as a JSON Object; UTF-8 encoding SHOULD be employed 589 for the JSON object. 590 o Security Considerations: See the Security Considerations section 591 of [[ this document ]] 592 o Interoperability Considerations: n/a 593 o Published Specification: [[ this document ]] 594 o Applications that use this media type: TBD 595 o Additional Information: Magic number(s): n/a, File extension(s): 596 n/a, Macintosh file type code(s): n/a 597 o Person & email address to contact for further information: Michael 598 B. Jones, mbj@microsoft.com 599 o Intended Usage: COMMON 600 o Restrictions on Usage: none 601 o Author: Michael B. Jones, mbj@microsoft.com 602 o Change Controller: IESG 604 8. Security Considerations 606 All of the security issues faced by any cryptographic application 607 must be faced by a JWS/JWE/JWK agent. Among these issues are 608 protecting the user's private and symmetric keys, preventing various 609 attacks, and helping the user avoid mistakes such as inadvertently 610 encrypting a message for the wrong recipient. The entire list of 611 security considerations is beyond the scope of this document, but 612 some significant considerations are listed here. 614 A key is no more trustworthy than the method by which it was 615 received. 617 Private and symmetric keys MUST be protected from disclosure to 618 unintended parties. One recommended means of doing so is to encrypt 619 JWKs or JWK Sets containing them by using the JWK or JWK Set value as 620 the plaintext of a JWE. 622 The security considerations in RFC 3447 [RFC3447] and RFC 6030 623 [RFC6030] about protecting private and symmetric keys also apply to 624 this specification. 626 The security considerations in XML DSIG 2.0 627 [W3C.CR-xmldsig-core2-20120124], about key representations also apply 628 to this specification, other than those that are XML specific. 630 The TLS Requirements in [JWS] also apply to this specification. 632 9. References 634 9.1. Normative References 636 [ECMAScript] 637 Ecma International, "ECMAScript Language Specification, 638 5.1 Edition", ECMA 262, June 2011. 640 [IANA.MediaTypes] 641 Internet Assigned Numbers Authority (IANA), "MIME Media 642 Types", 2005. 644 [ITU.X690.1994] 645 International Telecommunications Union, "Information 646 Technology - ASN.1 encoding rules: Specification of Basic 647 Encoding Rules (BER), Canonical Encoding Rules (CER) and 648 Distinguished Encoding Rules (DER)", ITU-T Recommendation 649 X.690, 1994. 651 [JWA] Jones, M., "JSON Web Algorithms (JWA)", 652 draft-ietf-jose-json-web-algorithms (work in progress), 653 October 2013. 655 [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web 656 Encryption (JWE)", draft-ietf-jose-json-web-encryption 657 (work in progress), October 2013. 659 [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web 660 Signature (JWS)", draft-ietf-jose-json-web-signature (work 661 in progress), October 2013. 663 [RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic 664 Mail: Part I: Message Encryption and Authentication 665 Procedures", RFC 1421, February 1993. 667 [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 668 Extensions (MIME) Part Two: Media Types", RFC 2046, 669 November 1996. 671 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 672 Requirement Levels", BCP 14, RFC 2119, March 1997. 674 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 676 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 677 10646", STD 63, RFC 3629, November 2003. 679 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 680 Resource Identifier (URI): Generic Syntax", STD 66, 681 RFC 3986, January 2005. 683 [RFC4627] Crockford, D., "The application/json Media Type for 684 JavaScript Object Notation (JSON)", RFC 4627, July 2006. 686 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 687 Encodings", RFC 4648, October 2006. 689 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 690 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 691 May 2008. 693 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 694 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 696 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 697 Housley, R., and W. Polk, "Internet X.509 Public Key 698 Infrastructure Certificate and Certificate Revocation List 699 (CRL) Profile", RFC 5280, May 2008. 701 [USASCII] American National Standards Institute, "Coded Character 702 Set -- 7-bit American Standard Code for Information 703 Interchange", ANSI X3.4, 1986. 705 [W3C.CR-xmldsig-core2-20120124] 706 Eastlake, D., Reagle, J., Yiu, K., Solo, D., Datta, P., 707 Hirsch, F., Cantor, S., and T. Roessler, "XML Signature 708 Syntax and Processing Version 2.0", World Wide Web 709 Consortium CR CR-xmldsig-core2-20120124, January 2012, 710 . 712 9.2. Informative References 714 [MagicSignatures] 715 Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic 716 Signatures", January 2011. 718 [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography 719 Standards (PKCS) #1: RSA Cryptography Specifications 720 Version 2.1", RFC 3447, February 2003. 722 [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric 723 Key Container (PSKC)", RFC 6030, October 2010. 725 Appendix A. Example JSON Web Key Sets 727 A.1. Example Public Keys 729 The following example JWK Set contains two public keys represented as 730 JWKs: one using an Elliptic Curve algorithm and a second one using an 731 RSA algorithm. The first specifies that the key is to be used for 732 encryption. The second specifies that the key is to be used with the 733 "RS256" algorithm. Both provide a Key ID for key matching purposes. 734 In both cases, integers are represented using the base64url encoding 735 of their big endian representations. (Long lines are broken are for 736 display purposes only.) 738 {"keys": 739 [ 740 {"kty":"EC", 741 "crv":"P-256", 742 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 743 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 744 "use":"enc", 745 "kid":"1"}, 747 {"kty":"RSA", 748 "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 749 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs 750 tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 751 QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI 752 SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb 753 w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 754 "e":"AQAB", 755 "alg":"RS256", 756 "kid":"2011-04-29"} 757 ] 758 } 760 A.2. Example Private Keys 762 The following example JWK Set contains two keys represented as JWKs 763 containing both public and private key values: one using an Elliptic 764 Curve algorithm and a second one using an RSA algorithm. This 765 example extends the example in the previous section, adding private 766 key values. (Line breaks are for display purposes only.) 767 {"keys": 768 [ 769 {"kty":"EC", 770 "crv":"P-256", 771 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 772 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 773 "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", 774 "use":"enc", 775 "kid":"1"}, 777 {"kty":"RSA", 778 "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4 779 cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMst 780 n64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2Q 781 vzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbIS 782 D08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw 783 0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 784 "e":"AQAB", 785 "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9 786 M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij 787 wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d 788 _cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz 789 nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz 790 me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", 791 "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV 792 nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV 793 WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", 794 "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum 795 qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx 796 kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", 797 "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim 798 YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu 799 YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", 800 "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU 801 vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9 802 GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", 803 "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg 804 UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx 805 yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", 806 "alg":"RS256", 807 "kid":"2011-04-29"} 808 ] 809 } 811 A.3. Example Symmetric Keys 813 The following example JWK Set contains two symmetric keys represented 814 as JWKs: one designated as being for use with the AES Key Wrap 815 algorithm and a second one that is an HMAC key. (Line breaks are for 816 display purposes only.) 818 {"keys": 819 [ 820 {"kty":"oct", 821 "alg":"A128KW", 822 "k":"GawgguFyGrWKav7AX4VKUg"}, 824 {"kty":"oct", 825 "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75 826 aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", 827 "kid":"HMAC key used in JWS A.1 example"} 828 ] 829 } 831 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter 832 The following is an example of a JWK with a RSA signing key 833 represented both as a bare public key and as an X.509 certificate 834 using the "x5c" parameter: 836 {"kty":"RSA", 837 "use":"sig", 838 "kid":"1b94c", 839 "n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08 840 PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q 841 u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a 842 YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH 843 MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv 844 VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ", 845 "e":"AQAB", 846 "x5c": 847 ["MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJB 848 gNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYD 849 VQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1 850 wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBg 851 NVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDV 852 QQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1w 853 YmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnH 854 YMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66 855 s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6 856 SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpn 857 fajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPq 858 PvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVk 859 aZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BA 860 QUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL 861 +9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1 862 zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL 863 2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo 864 4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTq 865 gawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA=="] 866 } 868 Appendix C. Example Encrypted RSA Private Key 870 This example encrypts an RSA private key to the recipient using 871 "PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for 872 content encryption. 874 NOTE: Unless otherwise indicated, all line breaks are included solely 875 for readability. 877 C.1. Plaintext RSA Private Key 879 The following RSA key is the plaintext for the encryption operation, 880 formatted as a JWK object: 882 { 883 "kty":"RSA", 884 "kid":"juliet@capulet.lit", 885 "use":"enc", 886 "n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy 887 O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP 888 8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0 889 Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X 890 OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1 891 _I8sLGuSiVdt3C_Fn2PZ3Z8i744FPFGGcG1qs2Wz-Q", 892 "e":"AQAB", 893 "d":"GRtbIQmhOZtyszfgKdg4u_N-R_mZGU_9k7JQ_jn1DnfTuMdSNprTeaSTyWfS 894 NkuaAwnOEbIQVy1IQbWVV25NY3ybc_IhUJtfri7bAXYEReWaCl3hdlPKXy9U 895 vqPYGR0kIXTQRqns-dVJ7jahlI7LyckrpTmrM8dWBo4_PMaenNnPiQgO0xnu 896 ToxutRZJfJvG4Ox4ka3GORQd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu 897 rY15k9qMSpG9OX_IJAXmxzAh_tWiZOwk2K4yxH9tS3Lq1yX8C1EWmeRDkK2a 898 hecG85-oLKQt5VEpWHKmjOi_gJSdSgqcN96X52esAQ", 899 "p":"2rnSOV4hKSN8sS4CgcQHFbs08XboFDqKum3sc4h3GRxrTmQdl1ZK9uw-PIHf 900 QP0FkxXVrx-WE-ZEbrqivH_2iCLUS7wAl6XvARt1KkIaUxPPSYB9yk31s0Q8 901 UK96E3_OrADAYtAJs-M3JxCLfNgqh56HDnETTQhH3rCT5T3yJws", 902 "q":"1u_RiFDP7LBYh3N4GXLT9OpSKYP0uQZyiaZwBtOCBNJgQxaj10RWjsZu0c6I 903 edis4S7B_coSKB0Kj9PaPaBzg-IySRvvcQuPamQu66riMhjVtG6TlV8CLCYK 904 rYl52ziqK0E_ym2QnkwsUX7eYTB7LbAHRK9GqocDE5B0f808I4s", 905 "dp":"KkMTWqBUefVwZ2_Dbj1pPQqyHSHjj90L5x_MOzqYAJMcLMZtbUtwKqvVDq3 906 tbEo3ZIcohbDtt6SbfmWzggabpQxNxuBpoOOf_a_HgMXK_lhqigI4y_kqS1w 907 Y52IwjUn5rgRrJ-yYo1h41KR-vz2pYhEAeYrhttWtxVqLCRViD6c", 908 "dq":"AvfS0-gRxvn0bwJoMSnFxYcK1WnuEjQFluMGfwGitQBWtfZ1Er7t1xDkbN9 909 GQTB9yqpDoYaN06H7CFtrkxhJIBQaj6nkF5KKS3TQtQ5qCzkOkmxIe3KRbBy 910 mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu_lRFCOJ3xDea-ots", 911 "qi":"lSQi-w9CpyUReMErP1RsBLk7wNtOvs5EQpPqmuMvqW57NBUczScEoPwmUqq 912 abu9V0-Py4dQ57_bapoKRu1R90bvuFnU63SHWEFglZQvJDMeAvmj4sm-Fp0o 913 Yu_neotgQ0hzbI5gry7ajdYy9-2lNx_76aBZoOUu9HCJ-UsfSOI8" 914 } 916 The octets representing the Plaintext are: 918 [ 123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107, 919 105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112, 920 117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34, 921 58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56, 922 80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78, 923 89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87, 924 101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49, 925 103, 80, 78, 113, 70, 77, 83, 81, 82, 121, 79, 49, 50, 53, 71, 112, 926 45, 84, 69, 107, 111, 100, 104, 87, 114, 48, 105, 117, 106, 106, 72, 927 86, 120, 55, 66, 99, 86, 48, 108, 108, 83, 52, 119, 53, 65, 67, 71, 928 103, 80, 114, 99, 65, 100, 54, 90, 99, 83, 82, 48, 45, 73, 113, 111, 929 109, 45, 81, 70, 99, 78, 80, 56, 83, 106, 103, 48, 56, 54, 77, 119, 930 111, 113, 81, 85, 95, 76, 89, 121, 119, 108, 65, 71, 90, 50, 49, 87, 931 83, 100, 83, 95, 80, 69, 82, 121, 71, 70, 105, 78, 110, 106, 51, 81, 932 81, 108, 79, 56, 89, 110, 115, 53, 106, 67, 116, 76, 67, 82, 119, 76, 933 72, 76, 48, 80, 98, 49, 102, 69, 118, 52, 53, 65, 117, 82, 73, 117, 934 85, 102, 86, 99, 80, 121, 83, 66, 87, 89, 110, 68, 121, 71, 120, 118, 935 106, 89, 71, 68, 83, 77, 45, 65, 113, 87, 83, 57, 122, 73, 81, 50, 936 90, 105, 108, 103, 84, 45, 71, 113, 85, 109, 105, 112, 103, 48, 88, 937 79, 67, 48, 67, 99, 50, 48, 114, 103, 76, 101, 50, 121, 109, 76, 72, 938 106, 112, 72, 99, 105, 67, 75, 86, 65, 98, 89, 53, 45, 76, 51, 50, 939 45, 108, 83, 101, 90, 79, 45, 79, 115, 54, 85, 49, 53, 95, 97, 88, 940 114, 107, 57, 71, 119, 56, 99, 80, 85, 97, 88, 49, 95, 73, 56, 115, 941 76, 71, 117, 83, 105, 86, 100, 116, 51, 67, 95, 70, 110, 50, 80, 90, 942 51, 90, 56, 105, 55, 52, 52, 70, 80, 70, 71, 71, 99, 71, 49, 113, 943 115, 50, 87, 122, 45, 81, 34, 44, 34, 101, 34, 58, 34, 65, 81, 65, 944 66, 34, 44, 34, 100, 34, 58, 34, 71, 82, 116, 98, 73, 81, 109, 104, 945 79, 90, 116, 121, 115, 122, 102, 103, 75, 100, 103, 52, 117, 95, 78, 946 45, 82, 95, 109, 90, 71, 85, 95, 57, 107, 55, 74, 81, 95, 106, 110, 947 49, 68, 110, 102, 84, 117, 77, 100, 83, 78, 112, 114, 84, 101, 97, 948 83, 84, 121, 87, 102, 83, 78, 107, 117, 97, 65, 119, 110, 79, 69, 98, 949 73, 81, 86, 121, 49, 73, 81, 98, 87, 86, 86, 50, 53, 78, 89, 51, 121, 950 98, 99, 95, 73, 104, 85, 74, 116, 102, 114, 105, 55, 98, 65, 88, 89, 951 69, 82, 101, 87, 97, 67, 108, 51, 104, 100, 108, 80, 75, 88, 121, 57, 952 85, 118, 113, 80, 89, 71, 82, 48, 107, 73, 88, 84, 81, 82, 113, 110, 953 115, 45, 100, 86, 74, 55, 106, 97, 104, 108, 73, 55, 76, 121, 99, 954 107, 114, 112, 84, 109, 114, 77, 56, 100, 87, 66, 111, 52, 95, 80, 955 77, 97, 101, 110, 78, 110, 80, 105, 81, 103, 79, 48, 120, 110, 117, 956 84, 111, 120, 117, 116, 82, 90, 74, 102, 74, 118, 71, 52, 79, 120, 957 52, 107, 97, 51, 71, 79, 82, 81, 100, 57, 67, 115, 67, 90, 50, 118, 958 115, 85, 68, 109, 115, 88, 79, 102, 85, 69, 78, 79, 121, 77, 113, 65, 959 68, 67, 54, 112, 49, 77, 51, 104, 51, 51, 116, 115, 117, 114, 89, 49, 960 53, 107, 57, 113, 77, 83, 112, 71, 57, 79, 88, 95, 73, 74, 65, 88, 961 109, 120, 122, 65, 104, 95, 116, 87, 105, 90, 79, 119, 107, 50, 75, 962 52, 121, 120, 72, 57, 116, 83, 51, 76, 113, 49, 121, 88, 56, 67, 49, 963 69, 87, 109, 101, 82, 68, 107, 75, 50, 97, 104, 101, 99, 71, 56, 53, 964 45, 111, 76, 75, 81, 116, 53, 86, 69, 112, 87, 72, 75, 109, 106, 79, 965 105, 95, 103, 74, 83, 100, 83, 103, 113, 99, 78, 57, 54, 88, 53, 50, 966 101, 115, 65, 81, 34, 44, 34, 112, 34, 58, 34, 50, 114, 110, 83, 79, 967 86, 52, 104, 75, 83, 78, 56, 115, 83, 52, 67, 103, 99, 81, 72, 70, 968 98, 115, 48, 56, 88, 98, 111, 70, 68, 113, 75, 117, 109, 51, 115, 99, 969 52, 104, 51, 71, 82, 120, 114, 84, 109, 81, 100, 108, 49, 90, 75, 57, 970 117, 119, 45, 80, 73, 72, 102, 81, 80, 48, 70, 107, 120, 88, 86, 114, 971 120, 45, 87, 69, 45, 90, 69, 98, 114, 113, 105, 118, 72, 95, 50, 105, 972 67, 76, 85, 83, 55, 119, 65, 108, 54, 88, 118, 65, 82, 116, 49, 75, 973 107, 73, 97, 85, 120, 80, 80, 83, 89, 66, 57, 121, 107, 51, 49, 115, 974 48, 81, 56, 85, 75, 57, 54, 69, 51, 95, 79, 114, 65, 68, 65, 89, 116, 975 65, 74, 115, 45, 77, 51, 74, 120, 67, 76, 102, 78, 103, 113, 104, 53, 976 54, 72, 68, 110, 69, 84, 84, 81, 104, 72, 51, 114, 67, 84, 53, 84, 977 51, 121, 74, 119, 115, 34, 44, 34, 113, 34, 58, 34, 49, 117, 95, 82, 978 105, 70, 68, 80, 55, 76, 66, 89, 104, 51, 78, 52, 71, 88, 76, 84, 57, 979 79, 112, 83, 75, 89, 80, 48, 117, 81, 90, 121, 105, 97, 90, 119, 66, 980 116, 79, 67, 66, 78, 74, 103, 81, 120, 97, 106, 49, 48, 82, 87, 106, 981 115, 90, 117, 48, 99, 54, 73, 101, 100, 105, 115, 52, 83, 55, 66, 95, 982 99, 111, 83, 75, 66, 48, 75, 106, 57, 80, 97, 80, 97, 66, 122, 103, 983 45, 73, 121, 83, 82, 118, 118, 99, 81, 117, 80, 97, 109, 81, 117, 54, 984 54, 114, 105, 77, 104, 106, 86, 116, 71, 54, 84, 108, 86, 56, 67, 76, 985 67, 89, 75, 114, 89, 108, 53, 50, 122, 105, 113, 75, 48, 69, 95, 121, 986 109, 50, 81, 110, 107, 119, 115, 85, 88, 55, 101, 89, 84, 66, 55, 76, 987 98, 65, 72, 82, 75, 57, 71, 113, 111, 99, 68, 69, 53, 66, 48, 102, 988 56, 48, 56, 73, 52, 115, 34, 44, 34, 100, 112, 34, 58, 34, 75, 107, 989 77, 84, 87, 113, 66, 85, 101, 102, 86, 119, 90, 50, 95, 68, 98, 106, 990 49, 112, 80, 81, 113, 121, 72, 83, 72, 106, 106, 57, 48, 76, 53, 120, 991 95, 77, 79, 122, 113, 89, 65, 74, 77, 99, 76, 77, 90, 116, 98, 85, 992 116, 119, 75, 113, 118, 86, 68, 113, 51, 116, 98, 69, 111, 51, 90, 993 73, 99, 111, 104, 98, 68, 116, 116, 54, 83, 98, 102, 109, 87, 122, 994 103, 103, 97, 98, 112, 81, 120, 78, 120, 117, 66, 112, 111, 79, 79, 995 102, 95, 97, 95, 72, 103, 77, 88, 75, 95, 108, 104, 113, 105, 103, 996 73, 52, 121, 95, 107, 113, 83, 49, 119, 89, 53, 50, 73, 119, 106, 85, 997 110, 53, 114, 103, 82, 114, 74, 45, 121, 89, 111, 49, 104, 52, 49, 998 75, 82, 45, 118, 122, 50, 112, 89, 104, 69, 65, 101, 89, 114, 104, 999 116, 116, 87, 116, 120, 86, 113, 76, 67, 82, 86, 105, 68, 54, 99, 34, 1000 44, 34, 100, 113, 34, 58, 34, 65, 118, 102, 83, 48, 45, 103, 82, 120, 1001 118, 110, 48, 98, 119, 74, 111, 77, 83, 110, 70, 120, 89, 99, 75, 49, 1002 87, 110, 117, 69, 106, 81, 70, 108, 117, 77, 71, 102, 119, 71, 105, 1003 116, 81, 66, 87, 116, 102, 90, 49, 69, 114, 55, 116, 49, 120, 68, 1004 107, 98, 78, 57, 71, 81, 84, 66, 57, 121, 113, 112, 68, 111, 89, 97, 1005 78, 48, 54, 72, 55, 67, 70, 116, 114, 107, 120, 104, 74, 73, 66, 81, 1006 97, 106, 54, 110, 107, 70, 53, 75, 75, 83, 51, 84, 81, 116, 81, 53, 1007 113, 67, 122, 107, 79, 107, 109, 120, 73, 101, 51, 75, 82, 98, 66, 1008 121, 109, 88, 120, 107, 98, 53, 113, 119, 85, 112, 88, 53, 69, 76, 1009 68, 53, 120, 70, 99, 54, 70, 101, 105, 97, 102, 87, 89, 89, 54, 51, 1010 84, 109, 109, 69, 65, 117, 95, 108, 82, 70, 67, 79, 74, 51, 120, 68, 1011 101, 97, 45, 111, 116, 115, 34, 44, 34, 113, 105, 34, 58, 34, 108, 1012 83, 81, 105, 45, 119, 57, 67, 112, 121, 85, 82, 101, 77, 69, 114, 80, 1013 49, 82, 115, 66, 76, 107, 55, 119, 78, 116, 79, 118, 115, 53, 69, 81, 1014 112, 80, 113, 109, 117, 77, 118, 113, 87, 53, 55, 78, 66, 85, 99, 1015 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, 1016 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, 1017 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, 1018 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, 1019 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, 1020 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, 1021 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, 1022 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, 1023 125 ] 1025 C.2. JWE Header 1027 The following example JWE Protected Header declares that: 1029 o the Content Encryption Key is encrypted to the recipient using the 1030 PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, 1032 o the Salt (p2s) is [ 217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 1033 155, 137, 174, 42, 80, 215 ], 1035 o the Iteration Count (p2c) is 4096, 1037 o the Plaintext is encrypted using the AES_128_CBC_HMAC_SHA_256 1038 algorithm to produce the Ciphertext, and 1040 o the content type is application/jwk+json. 1042 { 1043 "alg":"PBES2-HS256+A128KW", 1044 "p2s":"2WCTcJZ1Rvd_CJuJripQ1w", 1045 "p2c":4096, 1046 "enc":"A128CBC-HS256", 1047 "cty":"jwk+json" 1048 } 1050 Encoding this JWE Protected Header as BASE64URL(UTF8(JWE Protected 1051 Header)) gives this value: 1053 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1054 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1055 andrK2pzb24ifQ 1057 C.3. Content Encryption Key (CEK) 1059 Generate a 256 bit random Content Encryption Key (CEK). In this 1060 example, the value is: 1062 [ 111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 1063 112, 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 1064 48, 253, 182 ] 1066 C.4. Key Encryption 1068 Encrypt the CEK with a shared passphrase using the 1069 "PBES2-HS256+A128KW" algorithm and the specified Salt and Iteration 1070 Count values to produce the JWE Encrypted Key. This example uses the 1071 following passphrase: 1073 Thus from my lips, by yours, my sin is purged. 1075 The octets representing the passphrase are: 1077 [ 84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108, 1078 105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, 1079 109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103, 1080 101, 100, 46 ] 1082 The resulting JWE Encrypted Key value is: 1084 [ 201, 236, 143, 112, 12, 234, 200, 211, 33, 241, 255, 65, 112, 63, 1085 172, 146, 105, 107, 122, 0, 30, 21, 44, 21, 14, 61, 200, 57, 30, 253, 1086 228, 83, 218, 82, 138, 80, 121, 254, 193, 121 ] 1088 Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives 1089 this value: 1091 yeyPcAzqyNMh8f9BcD-skmlregAeFSwVDj3IOR795FPaUopQef7BeQ 1093 C.5. Initialization Vector 1095 Generate a random 128 bit JWE Initialization Vector. In this 1096 example, the value is: 1098 [ 97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149, 1099 156 ] 1101 Encoding this JWE Initialization Vector as BASE64URL(JWE 1102 Initialization Vector) gives this value: 1104 Ye9j1qs22DmRSAddIh-VnA 1106 C.6. Additional Authenticated Data 1108 Let the Additional Authenticated Data encryption parameter be 1109 ASCII(BASE64URL(UTF8(JWE Protected Header))). This value is: 1111 [ 123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, 1112 50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, 1113 58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, 1114 117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, 1115 52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, 1116 66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, 1117 106, 119, 107, 43, 106, 115, 111, 110, 34, 125 ] 1119 C.7. Content Encryption 1121 Encrypt the Plaintext with AES_128_CBC_HMAC_SHA_256 using the CEK as 1122 the encryption key, the JWE Initialization Vector, and the Additional 1123 Authenticated Data value above. The resulting Ciphertext is: 1125 [ 3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, 1126 131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, 1127 112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, 1128 157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, 1129 129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60, 1130 60, 47, 233, 132, 121, 13, 35, 188, 53, 19, 172, 77, 59, 54, 211, 1131 158, 172, 25, 60, 111, 0, 80, 201, 158, 160, 210, 68, 55, 12, 67, 1132 136, 130, 87, 216, 197, 95, 62, 20, 155, 205, 5, 140, 27, 168, 221, 1133 65, 114, 78, 157, 254, 46, 206, 182, 52, 135, 87, 239, 3, 34, 186, 1134 126, 220, 151, 17, 33, 237, 57, 96, 172, 183, 58, 45, 248, 103, 241, 1135 142, 136, 7, 53, 16, 173, 181, 7, 93, 92, 252, 1, 53, 212, 242, 8, 1136 255, 11, 239, 181, 24, 148, 136, 111, 24, 161, 244, 23, 106, 69, 157, 1137 215, 243, 189, 240, 166, 169, 249, 72, 38, 201, 99, 223, 173, 229, 9, 1138 222, 82, 79, 157, 176, 248, 85, 239, 121, 163, 1, 31, 48, 98, 206, 1139 61, 249, 104, 216, 201, 227, 105, 48, 194, 193, 10, 36, 160, 159, 1140 241, 166, 84, 54, 188, 211, 243, 242, 40, 46, 45, 193, 193, 160, 169, 1141 101, 201, 1, 73, 47, 105, 142, 88, 28, 42, 132, 26, 61, 58, 63, 142, 1142 243, 77, 26, 179, 153, 166, 46, 203, 208, 49, 55, 229, 34, 178, 4, 1143 109, 180, 204, 204, 115, 1, 103, 193, 5, 91, 215, 214, 195, 1, 110, 1144 208, 53, 144, 36, 105, 12, 54, 25, 129, 101, 15, 183, 150, 250, 147, 1145 115, 227, 58, 250, 5, 128, 232, 63, 15, 14, 19, 141, 124, 253, 142, 1146 137, 189, 135, 26, 44, 240, 27, 88, 132, 105, 127, 6, 71, 37, 41, 1147 124, 187, 165, 140, 34, 200, 123, 80, 228, 24, 231, 176, 132, 171, 1148 138, 145, 152, 116, 224, 50, 141, 51, 147, 91, 186, 7, 246, 106, 217, 1149 148, 244, 227, 244, 45, 220, 121, 165, 224, 148, 181, 17, 181, 128, 1150 197, 101, 237, 11, 169, 229, 149, 199, 78, 56, 15, 14, 190, 91, 216, 1151 222, 247, 213, 74, 40, 8, 96, 20, 168, 119, 96, 26, 24, 52, 37, 82, 1152 127, 57, 176, 147, 118, 59, 7, 224, 33, 117, 72, 155, 29, 82, 26, 1153 215, 189, 140, 119, 28, 152, 118, 93, 222, 194, 192, 148, 115, 83, 1154 253, 216, 212, 108, 88, 83, 175, 172, 220, 97, 79, 110, 42, 223, 170, 1155 161, 34, 164, 144, 193, 76, 122, 92, 160, 41, 178, 175, 6, 35, 96, 1156 113, 96, 158, 90, 129, 101, 26, 45, 70, 180, 189, 230, 15, 5, 247, 1157 150, 209, 94, 171, 26, 13, 142, 212, 129, 1, 176, 5, 0, 112, 203, 1158 174, 185, 119, 76, 233, 189, 54, 172, 189, 245, 223, 253, 205, 12, 1159 88, 9, 126, 157, 225, 90, 40, 229, 191, 63, 30, 160, 224, 69, 3, 140, 1160 109, 70, 89, 37, 213, 245, 194, 210, 180, 188, 63, 210, 139, 221, 2, 1161 144, 200, 20, 177, 216, 29, 227, 242, 106, 12, 135, 142, 139, 144, 1162 82, 225, 162, 171, 176, 108, 99, 6, 43, 193, 161, 116, 234, 216, 1, 1163 242, 21, 124, 162, 98, 205, 124, 193, 38, 12, 242, 90, 101, 76, 204, 1164 184, 124, 58, 180, 16, 240, 26, 76, 195, 250, 212, 191, 185, 191, 97, 1165 198, 186, 73, 225, 75, 14, 90, 123, 121, 172, 101, 50, 160, 221, 141, 1166 253, 205, 126, 77, 9, 87, 198, 110, 104, 182, 141, 120, 51, 25, 232, 1167 3, 32, 80, 6, 156, 8, 18, 4, 135, 221, 142, 25, 135, 2, 129, 132, 1168 115, 227, 74, 141, 28, 119, 11, 141, 117, 134, 198, 62, 150, 254, 97, 1169 75, 197, 251, 99, 89, 204, 224, 226, 67, 83, 175, 89, 0, 81, 29, 38, 1170 207, 89, 140, 255, 197, 177, 164, 128, 62, 116, 224, 180, 109, 169, 1171 28, 2, 59, 176, 130, 252, 44, 178, 81, 24, 181, 176, 75, 44, 61, 91, 1172 12, 37, 21, 255, 83, 130, 197, 16, 231, 60, 217, 56, 131, 118, 168, 1173 202, 58, 52, 84, 124, 162, 185, 174, 162, 226, 242, 112, 68, 246, 1174 202, 16, 208, 52, 154, 58, 129, 80, 102, 33, 171, 6, 186, 177, 14, 1175 195, 88, 136, 6, 0, 155, 28, 100, 162, 207, 162, 222, 117, 248, 170, 1176 208, 114, 87, 31, 57, 176, 33, 57, 83, 253, 12, 168, 110, 194, 59, 1177 22, 86, 48, 227, 196, 22, 176, 218, 122, 149, 21, 249, 195, 178, 174, 1178 250, 20, 34, 120, 60, 139, 201, 99, 40, 18, 177, 17, 54, 54, 6, 3, 1179 222, 128, 160, 88, 11, 27, 0, 81, 192, 36, 41, 169, 146, 8, 47, 64, 1180 136, 28, 64, 209, 67, 135, 202, 20, 234, 182, 91, 204, 146, 195, 187, 1181 0, 72, 77, 11, 111, 152, 204, 252, 177, 212, 89, 33, 50, 132, 184, 1182 44, 183, 186, 19, 250, 69, 176, 201, 102, 140, 14, 143, 212, 212, 1183 160, 123, 208, 185, 27, 155, 68, 77, 133, 198, 2, 126, 155, 215, 22, 1184 91, 30, 217, 176, 172, 244, 156, 174, 143, 75, 90, 21, 102, 1, 160, 1185 59, 253, 188, 88, 57, 185, 197, 83, 24, 22, 180, 174, 47, 207, 52, 1, 1186 141, 146, 119, 233, 68, 228, 224, 228, 193, 248, 155, 202, 90, 7, 1187 213, 88, 33, 108, 107, 14, 86, 8, 120, 250, 58, 142, 35, 164, 238, 1188 221, 219, 35, 123, 88, 199, 192, 143, 104, 83, 17, 166, 243, 247, 11, 1189 166, 67, 68, 204, 132, 23, 110, 103, 228, 14, 55, 122, 88, 57, 180, 1190 178, 237, 52, 130, 214, 245, 102, 123, 67, 73, 175, 1, 127, 112, 148, 1191 94, 132, 164, 197, 153, 217, 87, 25, 89, 93, 63, 22, 66, 166, 90, 1192 251, 101, 10, 145, 66, 17, 124, 36, 255, 165, 226, 97, 16, 86, 112, 1193 154, 88, 105, 253, 56, 209, 229, 122, 103, 51, 24, 228, 190, 3, 236, 1194 48, 182, 121, 176, 140, 128, 117, 87, 251, 224, 37, 23, 248, 21, 218, 1195 85, 251, 136, 84, 147, 143, 144, 46, 155, 183, 251, 89, 86, 23, 26, 1196 237, 100, 167, 32, 130, 173, 237, 89, 55, 110, 70, 142, 127, 65, 230, 1197 208, 109, 69, 19, 253, 84, 130, 130, 193, 92, 58, 108, 150, 42, 136, 1198 249, 234, 86, 241, 182, 19, 117, 246, 26, 181, 92, 101, 155, 44, 103, 1199 235, 173, 30, 140, 90, 29, 183, 190, 77, 53, 206, 127, 5, 87, 8, 187, 1200 184, 92, 4, 157, 22, 18, 105, 251, 39, 88, 182, 181, 103, 148, 233, 1201 6, 63, 70, 188, 7, 101, 216, 127, 77, 31, 12, 233, 7, 147, 106, 30, 1202 150, 77, 145, 13, 205, 48, 56, 245, 220, 89, 252, 127, 51, 180, 36, 1203 31, 55, 18, 214, 230, 254, 217, 197, 65, 247, 27, 215, 117, 247, 108, 1204 157, 121, 11, 63, 150, 195, 83, 6, 134, 242, 41, 24, 105, 204, 5, 63, 1205 192, 14, 159, 113, 72, 140, 128, 51, 215, 80, 215, 39, 149, 94, 79, 1206 128, 34, 5, 129, 82, 83, 121, 187, 37, 146, 27, 32, 177, 167, 71, 9, 1207 195, 30, 199, 196, 205, 252, 207, 69, 8, 120, 27, 190, 51, 43, 75, 1208 249, 234, 167, 116, 206, 203, 199, 43, 108, 87, 48, 155, 140, 228, 1209 210, 85, 25, 161, 96, 67, 8, 205, 64, 39, 75, 88, 44, 238, 227, 16, 1210 0, 100, 93, 129, 18, 4, 149, 50, 68, 72, 99, 35, 111, 254, 27, 102, 1211 175, 108, 233, 87, 181, 44, 169, 18, 139, 79, 208, 14, 202, 192, 5, 1212 162, 222, 231, 149, 24, 211, 49, 120, 101, 39, 206, 87, 147, 204, 1213 200, 251, 104, 115, 5, 127, 117, 195, 79, 151, 18, 224, 52, 0, 245, 1214 4, 85, 255, 103, 217, 0, 116, 198, 80, 91, 167, 192, 154, 199, 197, 1215 149, 237, 51, 2, 131, 30, 226, 95, 105, 48, 68, 135, 208, 144, 120, 1216 176, 145, 157, 8, 171, 80, 94, 61, 92, 92, 220, 157, 13, 138, 51, 23, 1217 185, 124, 31, 77, 1, 87, 241, 43, 239, 55, 122, 86, 210, 48, 208, 1218 204, 112, 144, 80, 147, 106, 219, 47, 253, 31, 134, 176, 16, 135, 1219 219, 95, 17, 129, 83, 236, 125, 136, 112, 86, 228, 252, 71, 129, 218, 1220 174, 156, 236, 12, 27, 159, 11, 138, 252, 253, 207, 31, 115, 214, 1221 118, 239, 203, 16, 211, 205, 99, 22, 51, 163, 107, 162, 246, 199, 67, 1222 127, 34, 108, 197, 53, 117, 58, 199, 3, 190, 74, 70, 190, 65, 235, 1223 175, 97, 157, 215, 252, 189, 245, 100, 229, 248, 46, 90, 126, 237, 4, 1224 159, 128, 58, 7, 156, 236, 69, 191, 85, 240, 179, 224, 249, 152, 49, 1225 195, 223, 60, 78, 186, 157, 155, 217, 58, 105, 116, 164, 217, 111, 1226 215, 150, 218, 252, 84, 86, 248, 140, 240, 226, 61, 106, 208, 95, 60, 1227 163, 6, 0, 235, 253, 162, 96, 62, 234, 251, 249, 35, 21, 7, 211, 233, 1228 86, 50, 33, 203, 67, 248, 60, 190, 123, 48, 167, 226, 90, 191, 71, 1229 56, 183, 165, 17, 85, 76, 238, 140, 211, 168, 53, 223, 194, 4, 97, 1230 149, 156, 120, 137, 76, 33, 229, 243, 194, 208, 198, 202, 139, 28, 1231 114, 46, 224, 92, 254, 83, 100, 134, 158, 92, 70, 78, 61, 62, 138, 1232 24, 173, 216, 66, 198, 70, 254, 47, 59, 193, 53, 6, 139, 19, 153, 1233 253, 28, 199, 122, 160, 27, 67, 234, 209, 227, 139, 4, 50, 7, 178, 1234 183, 89, 252, 32, 128, 137, 55, 52, 29, 89, 12, 111, 42, 181, 51, 1235 170, 132, 132, 207, 170, 228, 254, 178, 213, 0, 136, 175, 8 ] 1237 The resulting Authentication Tag value is: 1239 [ 125, 249, 143, 191, 240, 4, 204, 132, 62, 241, 113, 178, 91, 88, 1240 254, 19 ] 1242 Encoding this JWE Ciphertext as BASE64URL(JWE Ciphertext) gives this 1243 value: 1245 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1246 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1247 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1248 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1249 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1250 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1251 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1252 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1253 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1254 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1255 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1256 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1257 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1258 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1259 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1260 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1261 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1262 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1263 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1264 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1265 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1266 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1267 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1268 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1269 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1270 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1271 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1272 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1273 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1274 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1275 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1276 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1277 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1278 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg 1280 Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication 1281 Tag) gives this value: 1283 ffmPv_AEzIQ-8XGyW1j-Ew 1285 C.8. Complete Representation 1287 Assemble the final representation: The Compact Serialization of this 1288 result is the string BASE64URL(UTF8(JWE Protected Header)) || '.' || 1289 BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization 1290 Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE 1291 Authentication Tag). 1293 The final result in this example is: 1295 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1296 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1297 andrK2pzb24ifQ. 1298 yeyPcAzqyNMh8f9BcD-skmlregAeFSwVDj3IOR795FPaUopQef7BeQ. 1299 Ye9j1qs22DmRSAddIh-VnA. 1300 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1301 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1302 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1303 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1304 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1305 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1306 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1307 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1308 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1309 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1310 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1311 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1312 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1313 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1314 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1315 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1316 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1317 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1318 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1319 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1320 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1321 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1322 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1323 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1324 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1325 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1326 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1327 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1328 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1329 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1330 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1331 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1332 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1333 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg. 1334 ffmPv_AEzIQ-8XGyW1j-Ew 1336 Appendix D. Acknowledgements 1338 A JSON representation for RSA public keys was previously introduced 1339 by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures 1341 [MagicSignatures]. 1343 This specification is the work of the JOSE Working Group, which 1344 includes dozens of active and dedicated participants. In particular, 1345 the following individuals contributed ideas, feedback, and wording 1346 that influenced this specification: 1348 Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de 1349 Medeiros, Joe Hildebrand, Edmund Jay, Ben Laurie, James Manger, Matt 1350 Miller, Tony Nadalin, Axel Nennker, John Panzer, Eric Rescorla, Nat 1351 Sakimura, Jim Schaad, Paul Tarjan, Hannes Tschofenig, and Sean 1352 Turner. 1354 Jim Schaad and Karen O'Donoghue chaired the JOSE working group and 1355 Sean Turner and Stephen Farrell served as Security area directors 1356 during the creation of this specification. 1358 Appendix E. Document History 1360 [[ to be removed by the RFC Editor before publication as an RFC ]] 1362 -17 1364 o Refined the "typ" and "cty" definitions to always be MIME Media 1365 Types, with the omission of "application/" prefixes recommended 1366 for brevity, addressing issue #50. 1368 o Added an example encrypting an RSA private key with 1369 "PBES2-HS256+A128KW" and "A128CBC-HS256". Thanks to Matt Miller 1370 for producing this! 1372 o Processing rules occurring in both JWS and JWK are now referenced 1373 in JWS by JWK, rather than duplicated, addressing issue #57. 1375 o Terms used in multiple documents are now defined in one place and 1376 incorporated by reference. Some lightly used or obvious terms 1377 were also removed. This addresses issue #58. 1379 -16 1381 o Changes to address editorial and minor issues #41, #42, #43, #47, 1382 #51, #67, #71, #76, #80, #83, #84, #85, #86, #87, and #88. 1384 -15 1386 o Changes to address editorial issues #48, #64, #65, #66, and #91. 1388 -14 1390 o Relaxed language introducing key parameters since some parameters 1391 are applicable to multiple, but not all, key types. 1393 -13 1395 o Applied spelling and grammar corrections. 1397 -12 1399 o Stated that recipients MUST either reject JWKs and JWK Sets with 1400 duplicate member names or use a JSON parser that returns only the 1401 lexically last duplicate member name. 1403 -11 1405 o Stated that when "kid" values are used within a JWK Set, different 1406 keys within the JWK Set SHOULD use distinct "kid" values. 1408 o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate 1409 Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters. 1411 o Added section on Encrypted JWK and Encrypted JWK Set Formats. 1413 o Added a Parameter Information Class value to the JSON Web Key 1414 Parameters registry, which registers whether the parameter conveys 1415 public or private information. 1417 o Registered "application/jwk+json" and "application/jwk-set+json" 1418 MIME types and "JWK" and "JWK-SET" typ header parameter values, 1419 addressing issue #21. 1421 -10 1423 o No changes were made, other than to the version number and date. 1425 -09 1427 o Expanded the scope of the JWK specification to include private and 1428 symmetric key representations, as specified by 1429 draft-jones-jose-json-private-and-symmetric-key-00. 1431 o Defined that members that are not understood must be ignored. 1433 -08 1434 o Changed the name of the JWK key type parameter from "alg" to "kty" 1435 to enable use of "alg" to indicate the particular algorithm that 1436 the key is intended to be used with. 1438 o Clarified statements of the form "This member is OPTIONAL" to "Use 1439 of this member is OPTIONAL". 1441 o Referenced String Comparison Rules in JWS. 1443 o Added seriesInfo information to Internet Draft references. 1445 -07 1447 o Changed the name of the JWK RSA modulus parameter from "mod" to 1448 "n" and the name of the JWK RSA exponent parameter from "xpo" to 1449 "e", so that the identifiers are the same as those used in RFC 1450 3447. 1452 -06 1454 o Changed the name of the JWK RSA exponent parameter from "exp" to 1455 "xpo" so as to allow the potential use of the name "exp" for a 1456 future extension that might define an expiration parameter for 1457 keys. (The "exp" name is already used for this purpose in the JWT 1458 specification.) 1460 o Clarify that the "alg" (algorithm family) member is REQUIRED. 1462 o Correct an instance of "JWK" that should have been "JWK Set". 1464 o Applied changes made by the RFC Editor to RFC 6749's registry 1465 language to this specification. 1467 -05 1469 o Indented artwork elements to better distinguish them from the body 1470 text. 1472 -04 1474 o Refer to the registries as the primary sources of defined values 1475 and then secondarily reference the sections defining the initial 1476 contents of the registries. 1478 o Normatively reference XML DSIG 2.0 [W3C.CR-xmldsig-core2-20120124] 1479 for its security considerations. 1481 o Added this language to Registration Templates: "This name is case 1482 sensitive. Names that match other registered names in a case 1483 insensitive manner SHOULD NOT be accepted." 1485 o Described additional open issues. 1487 o Applied editorial suggestions. 1489 -03 1491 o Clarified that "kid" values need not be unique within a JWK Set. 1493 o Moved JSON Web Key Parameters registry to the JWK specification. 1495 o Added "Collision Resistant Namespace" to the terminology section. 1497 o Changed registration requirements from RFC Required to 1498 Specification Required with Expert Review. 1500 o Added Registration Template sections for defined registries. 1502 o Added Registry Contents sections to populate registry values. 1504 o Numerous editorial improvements. 1506 -02 1508 o Simplified JWK terminology to get replace the "JWK Key Object" and 1509 "JWK Container Object" terms with simply "JSON Web Key (JWK)" and 1510 "JSON Web Key Set (JWK Set)" and to eliminate potential confusion 1511 between single keys and sets of keys. As part of this change, the 1512 top-level member name for a set of keys was changed from "jwk" to 1513 "keys". 1515 o Clarified that values with duplicate member names MUST be 1516 rejected. 1518 o Established JSON Web Key Set Parameters registry. 1520 o Explicitly listed non-goals in the introduction. 1522 o Moved algorithm-specific definitions from JWK to JWA. 1524 o Reformatted to give each member definition its own section 1525 heading. 1527 -01 1528 o Corrected the Magic Signatures reference. 1530 -00 1532 o Created the initial IETF draft based upon 1533 draft-jones-json-web-key-03 with no normative changes. 1535 Author's Address 1537 Michael B. Jones 1538 Microsoft 1540 Email: mbj@microsoft.com 1541 URI: http://self-issued.info/