idnits 2.17.00 (12 Aug 2021) /tmp/idnits31493/draft-ietf-jose-json-web-key-20.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 20, 2014) is 3042 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ECMAScript' == Outdated reference: draft-ietf-json-rfc4627bis has been published as RFC 7158 -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.X690.1994' == Outdated reference: draft-ietf-jose-json-web-algorithms has been published as RFC 7518 == Outdated reference: draft-ietf-jose-json-web-encryption has been published as RFC 7516 == Outdated reference: draft-ietf-jose-json-web-signature has been published as RFC 7515 ** Downref: Normative reference to an Historic RFC: RFC 1421 ** Downref: Normative reference to an Informational RFC: RFC 2818 ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) -- Possible downref: Non-RFC (?) normative reference: ref. 'USASCII' -- Obsolete informational reference (is this intentional?): RFC 3447 (Obsoleted by RFC 8017) Summary: 4 errors (**), 0 flaws (~~), 5 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 JOSE Working Group M. Jones 3 Internet-Draft Microsoft 4 Intended status: Standards Track January 20, 2014 5 Expires: July 24, 2014 7 JSON Web Key (JWK) 8 draft-ietf-jose-json-web-key-20 10 Abstract 12 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data 13 structure that represents a cryptographic key. This specification 14 also defines a JSON Web Key Set (JWK Set) JSON data structure for 15 representing a set of JWKs. Cryptographic algorithms and identifiers 16 for use with this specification are described in the separate JSON 17 Web Algorithms (JWA) specification and IANA registries defined by 18 that specification. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on July 24, 2014. 37 Copyright Notice 39 Copyright (c) 2014 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 4 56 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 5 58 3.1. "kty" (Key Type) Parameter . . . . . . . . . . . . . . . . 5 59 3.2. "use" (Public Key Use) Parameter . . . . . . . . . . . . . 6 60 3.3. "key_ops" (Key Operations) Parameter . . . . . . . . . . . 6 61 3.4. "alg" (Algorithm) Parameter . . . . . . . . . . . . . . . 7 62 3.5. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 7 63 3.6. "x5u" (X.509 URL) Parameter . . . . . . . . . . . . . . . 8 64 3.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 8 65 3.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 9 66 4. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 9 67 4.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 10 68 5. String Comparison Rules . . . . . . . . . . . . . . . . . . . 10 69 6. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 10 70 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 71 7.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 11 72 7.1.1. Registration Template . . . . . . . . . . . . . . . . 12 73 7.1.2. Initial Registry Contents . . . . . . . . . . . . . . 13 74 7.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 14 75 7.2.1. Registration Template . . . . . . . . . . . . . . . . 14 76 7.2.2. Initial Registry Contents . . . . . . . . . . . . . . 15 77 7.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 15 78 7.3.1. Registration Template . . . . . . . . . . . . . . . . 15 79 7.3.2. Initial Registry Contents . . . . . . . . . . . . . . 16 80 7.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 16 81 7.4.1. Registration Template . . . . . . . . . . . . . . . . 17 82 7.4.2. Initial Registry Contents . . . . . . . . . . . . . . 17 83 7.5. Media Type Registration . . . . . . . . . . . . . . . . . 17 84 7.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 17 85 8. Security Considerations . . . . . . . . . . . . . . . . . . . 18 86 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19 87 9.1. Normative References . . . . . . . . . . . . . . . . . . . 19 88 9.2. Informative References . . . . . . . . . . . . . . . . . . 21 89 Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 21 90 A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 21 91 A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 22 92 A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 24 93 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) 94 Parameter . . . . . . . . . . . . . . . . . . . . . . 24 95 Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 25 96 C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 26 97 C.2. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . 29 98 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 29 99 C.4. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 30 100 C.5. Initialization Vector . . . . . . . . . . . . . . . . . . 30 101 C.6. Additional Authenticated Data . . . . . . . . . . . . . . 30 102 C.7. Content Encryption . . . . . . . . . . . . . . . . . . . . 31 103 C.8. Complete Representation . . . . . . . . . . . . . . . . . 34 104 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 35 105 Appendix E. Document History . . . . . . . . . . . . . . . . . . 36 106 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 40 108 1. Introduction 110 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) 111 [I-D.ietf-json-rfc4627bis] data structure that represents a 112 cryptographic key. This specification also defines a JSON Web Key 113 Set (JWK Set) JSON data structure for representing a set of JWKs. 114 Cryptographic algorithms and identifiers for use with this 115 specification are described in the separate JSON Web Algorithms (JWA) 116 [JWA] specification and IANA registries defined by that 117 specification. 119 Goals for this specification do not include representing certificate 120 chains, representing certified keys, and replacing X.509 121 certificates. 123 JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and 124 JSON Web Encryption (JWE) [JWE] specifications. 126 Names defined by this specification are short because a core goal is 127 for the resulting representations to be compact. 129 1.1. Notational Conventions 131 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 132 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 133 document are to be interpreted as described in Key words for use in 134 RFCs to Indicate Requirement Levels [RFC2119]. If these words are 135 used without being spelled in uppercase then they are to be 136 interpreted with their normal natural language meanings. 138 BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per 139 Section 2. 141 UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation 142 of STRING. 144 ASCII(STRING) denotes the octets of the ASCII [USASCII] 145 representation of STRING. 147 The concatenation of two values A and B is denoted as A || B. 149 2. Terminology 151 These terms defined by the JSON Web Signature (JWS) [JWS] 152 specification are incorporated into this specification: "Base64url 153 Encoding" and "Collision-Resistant Name". 155 These terms are defined for use by this specification: 157 JSON Web Key (JWK) A JSON object that represents a cryptographic 158 key. 160 JSON Web Key Set (JWK Set) A JSON object that contains an array of 161 JWKs as the value of its "keys" member. 163 3. JSON Web Key (JWK) Format 165 A JSON Web Key (JWK) is a JSON object. The members of the object 166 represent properties of the key, including its value. This document 167 defines the key parameters that are not algorithm specific, and thus 168 common to many keys. 170 In addition to the common parameters, each JWK will have members that 171 are specific to the kind of key being represented. These members 172 represent the parameters of the key. Section 6 of the JSON Web 173 Algorithms (JWA) [JWA] specification defines multiple kinds of 174 cryptographic keys and their associated members. 176 The member names within a JWK MUST be unique; recipients MUST either 177 reject JWKs with duplicate member names or use a JSON parser that 178 returns only the lexically last duplicate member name, as specified 179 in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. 181 Additional members can be present in the JWK; if not understood by 182 implementations encountering them, they MUST be ignored. Member 183 names used for representing key parameters for different keys types 184 need not be distinct. Any new member name should either be 185 registered in the IANA JSON Web Key Parameters registry defined in 186 Section 7.1 or be a value that contains a Collision-Resistant Name. 188 3.1. "kty" (Key Type) Parameter 190 The "kty" (key type) member identifies the cryptographic algorithm 191 family used with the key. "kty" values should either be registered in 192 the IANA JSON Web Key Types registry defined in [JWA] or be a value 193 that contains a Collision-Resistant Name. The "kty" value is a case- 194 sensitive string. This member MUST be present in a JWK. 196 A list of defined "kty" values can be found in the IANA JSON Web Key 197 Types registry defined in [JWA]; the initial contents of this 198 registry are the values defined in Section 6.1 of the JSON Web 199 Algorithms (JWA) [JWA] specification. 201 The key type definitions include specification of the members to be 202 used for those key types. Additional members used with "kty" values 203 can also be found in the IANA JSON Web Key Parameters registry 204 defined in Section 7.1. 206 3.2. "use" (Public Key Use) Parameter 208 The "use" (public key use) member identifies the intended use of the 209 public key. The "use" parameter is intended for use cases in which 210 it is useful to distinguish between public signing keys and public 211 encryption keys. It is not intended for use cases in which private 212 or symmetric keys may also be present. 214 Values defined by this specification are: 216 o "sig" (signature) 218 o "enc" (encryption) 220 Other values MAY be used. Public Key Use values can be registered in 221 the IANA JSON Web Key Use registry defined in Section 7.2. The "use" 222 value is a case-sensitive string. Use of the "use" member is 223 OPTIONAL, unless the application requires its presence. 225 When a key is used to wrap another key and a key use designation for 226 the first key is desired, the "enc" (encryption) key use value SHOULD 227 be used, since key wrapping is a kind of encryption. The "enc" value 228 SHOULD also be used for public keys used for key agreement 229 operations. (The "alg" member can be used to specify the particular 230 cryptographic operation to be performed, when desired.) 232 3.3. "key_ops" (Key Operations) Parameter 234 The "key_ops" (key operations) member identifies the operations(s) 235 that the key is intended to be used for. The "key_ops" parameter is 236 intended for use cases in which public, private, or symmetric keys 237 may be present. 239 Its value is an array of key operation values. Values defined by 240 this specification are: 242 o "sign" (compute signature or MAC) 244 o "verify" (verify signature or MAC) 246 o "encrypt" (encrypt content) 248 o "decrypt" (decrypt content and validate decryption, if applicable) 249 o "wrap" (encrypt key) 251 o "unwrap" (decrypt key and validate decryption, if applicable) 253 o "deriveKey" (derive key) 255 o "deriveBits" (derive bits not to be used as a key) 257 (Note that the "key_ops" values intentionally match the "KeyUsage" 258 values defined in the Web Cryptography API [WebCrypto] 259 specification.) 261 Other values MAY be used. Key operation values can be registered in 262 the IANA JSON Web Key Operations registry defined in Section 7.3. 263 The key operation values are case-sensitive strings. Duplicate key 264 operation values MUST NOT be present in the array. 266 Use of the "key_ops" member is OPTIONAL, unless the application 267 requires its presence. 269 Multiple unrelated key operations SHOULD NOT be specified for a key 270 because of the potential vulnerabilities associated with using the 271 same key with multiple algorithms. Thus, the combinations "sign" 272 with "verify", "encrypt" with "decrypt", and "wrap" with "unwrap" are 273 permitted, but other combinations SHOULD NOT be used. 275 The "use" and "key_ops" JWK members SHOULD NOT be used together. 276 Applications should specify which of these members they use, if 277 either are to be used by the application. 279 3.4. "alg" (Algorithm) Parameter 281 The "alg" (algorithm) member identifies the algorithm intended for 282 use with the key. The values used should either be registered in the 283 IANA JSON Web Signature and Encryption Algorithms registry defined in 284 [JWA] or be a value that contains a Collision-Resistant Name. Use of 285 this member is OPTIONAL. 287 3.5. "kid" (Key ID) Parameter 289 The "kid" (key ID) member can be used to match a specific key. This 290 can be used, for instance, to choose among a set of keys within a JWK 291 Set during key rollover. The structure of the "kid" value is 292 unspecified. When "kid" values are used within a JWK Set, different 293 keys within the JWK Set SHOULD use distinct "kid" values. (One 294 example in which different keys might use the same "kid" value is if 295 they have different "kty" (key type) values but are considered to be 296 equivalent alternatives by the application using them.) The "kid" 297 value is a case-sensitive string. Use of this member is OPTIONAL. 299 When used with JWS or JWE, the "kid" value is used to match a JWS or 300 JWE "kid" Header Parameter value. 302 3.6. "x5u" (X.509 URL) Parameter 304 The "x5u" (X.509 URL) member is a URI [RFC3986] that refers to a 305 resource for an X.509 public key certificate or certificate chain 306 [RFC5280]. The identified resource MUST provide a representation of 307 the certificate or certificate chain that conforms to RFC 5280 308 [RFC5280] in PEM encoded form [RFC1421]. The key in the first 309 certificate MUST match the public key represented by other members of 310 the JWK. The protocol used to acquire the resource MUST provide 311 integrity protection; an HTTP GET request to retrieve the certificate 312 MUST use TLS [RFC2818] [RFC5246]; the identity of the server MUST be 313 validated, as per Section 3.1 of HTTP Over TLS [RFC2818]. Use of 314 this member is OPTIONAL. 316 While there is no requirement that members other than those 317 representing the public key be populated when an "x5u" member is 318 present, doing so may improve interoperability for applications that 319 do not handle PKIX certificates. If other members are present, the 320 contents of those members MUST be semantically consistent with the 321 related fields in the first certificate. For instance, if the "use" 322 member is present, then it needs to allow for only a subset of the 323 usages that are permitted by the certificate. Similarly, if the 324 "alg" member is present, it should represent an algorithm that the 325 certificate allows. 327 3.7. "x5c" (X.509 Certificate Chain) Parameter 329 The "x5c" (X.509 Certificate Chain) member contains a chain of one or 330 more PKIX certificates [RFC5280]. The certificate chain is 331 represented as a JSON array of certificate value strings. Each 332 string in the array is a base64 encoded ([RFC4648] Section 4 -- not 333 base64url encoded) DER [ITU.X690.1994] PKIX certificate value. The 334 PKIX certificate containing the key value MUST be the first 335 certificate. This MAY be followed by additional certificates, with 336 each subsequent certificate being the one used to certify the 337 previous one. The key in the first certificate MUST match the public 338 key represented by other members of the JWK. Use of this member is 339 OPTIONAL. 341 As with the "x5u" member, members other than those representing the 342 public key may also be populated when an "x5c" member is present. If 343 other members are present, the contents of those members MUST be 344 semantically consistent with the related fields in the first 345 certificate. See the last paragraph of Section 3.6 for additional 346 guidance on this. 348 3.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter 350 The "x5t" (X.509 Certificate SHA-1 Thumbprint) member is a base64url 351 encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an 352 X.509 certificate [RFC5280]. The key in the certificate MUST match 353 the public key represented by other members of the JWK. Use of this 354 member is OPTIONAL. 356 If, in the future, certificate thumbprints need to be computed using 357 hash functions other than SHA-1, it is suggested that additional 358 related JWK parameters be defined for that purpose. For example, it 359 is suggested that a new "x5t#S256" (X.509 Certificate Thumbprint 360 using SHA-256) JWK parameter could be defined by registering it in 361 the IANA JSON Web Key Parameters registry defined in Section 7.1. 363 As with the "x5u" member, members other than those representing the 364 public key may also be populated when an "x5t" member is present. If 365 other members are present, the contents of those members MUST be 366 semantically consistent with the related fields in the referenced 367 certificate. See the last paragraph of Section 3.6 for additional 368 guidance on this. 370 4. JSON Web Key Set (JWK Set) Format 372 A JSON Web Key Set (JWK Set) is a JSON object representing a set of 373 JWKs. The JSON object MUST have a "keys" member, which is an array 374 of JWK objects. 376 The member names within a JWK Set MUST be unique; recipients MUST 377 either reject JWK Sets with duplicate member names or use a JSON 378 parser that returns only the lexically last duplicate member name, as 379 specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 380 [ECMAScript]. 382 Additional members can be present in the JWK Set; if not understood 383 by implementations encountering them, they MUST be ignored. 384 Parameters for representing additional properties of JWK Sets should 385 either be registered in the IANA JSON Web Key Set Parameters registry 386 defined in Section 7.4 or be a value that contains a Collision- 387 Resistant Name. 389 Implementations SHOULD ignore JWKs within a JWK Set that use "kty" 390 (key type) values that are not understood by them, are missing 391 required members, or for which values are out of the supported 392 ranges. 394 4.1. "keys" Parameter 396 The value of the "keys" member is an array of JWK values. By 397 default, the order of the JWK values within the array does not imply 398 an order of preference among them, although applications of JWK Sets 399 can choose to assign a meaning to the order for their purposes, if 400 desired. This member MUST be present in a JWK Set. 402 5. String Comparison Rules 404 The string comparison rules for this specification are the same as 405 those defined in Section 5.3 of [JWS]. 407 6. Encrypted JWK and Encrypted JWK Set Formats 409 JWKs containing non-public key material will need to be encrypted in 410 some contexts to prevent the disclosure of private or symmetric key 411 values to unintended parties. The use of an Encrypted JWK, which is 412 a JWE with the UTF-8 encoding of a JWK as its plaintext value, is 413 recommended for this purpose. The processing of Encrypted JWKs is 414 identical to the processing of other JWEs. A "cty" (content type) 415 Header Parameter value of "jwk+json" MUST be used to indicate that 416 the content of the JWE is a JWK, unless the application knows that 417 the encrypted content is a JWK by another means or convention. 419 JWK Sets containing non-public key material will similarly need to be 420 encrypted. The use of an Encrypted JWK Set, which is a JWE with the 421 UTF-8 encoding of a JWK Set as its plaintext value, is recommended 422 for this purpose. The processing of Encrypted JWK Sets is identical 423 to the processing of other JWEs. A "cty" (content type) Header 424 Parameter value of "jwk-set+json" MUST be used to indicate that the 425 content of the JWE is a JWK Set, unless the application knows that 426 the encrypted content is a JWK Set by another means or convention. 428 See Appendix C for an example encrypted JWK. 430 7. IANA Considerations 432 The following registration procedure is used for all the registries 433 established by this specification. 435 Values are registered with a Specification Required [RFC5226] after a 436 two-week review period on the [TBD]@ietf.org mailing list, on the 437 advice of one or more Designated Experts. However, to allow for the 438 allocation of values prior to publication, the Designated Expert(s) 439 may approve registration once they are satisfied that such a 440 specification will be published. 442 Registration requests must be sent to the [TBD]@ietf.org mailing list 443 for review and comment, with an appropriate subject (e.g., "Request 444 for access token type: example"). [[ Note to the RFC Editor: The name 445 of the mailing list should be determined in consultation with the 446 IESG and IANA. Suggested name: jose-reg-review. ]] 448 Within the review period, the Designated Expert(s) will either 449 approve or deny the registration request, communicating this decision 450 to the review list and IANA. Denials should include an explanation 451 and, if applicable, suggestions as to how to make the request 452 successful. Registration requests that are undetermined for a period 453 longer than 21 days can be brought to the IESG's attention (using the 454 iesg@iesg.org mailing list) for resolution. 456 Criteria that should be applied by the Designated Expert(s) includes 457 determining whether the proposed registration duplicates existing 458 functionality, determining whether it is likely to be of general 459 applicability or whether it is useful only for a single application, 460 and whether the registration makes sense. 462 IANA must only accept registry updates from the Designated Expert(s) 463 and should direct all requests for registration to the review mailing 464 list. 466 It is suggested that multiple Designated Experts be appointed who are 467 able to represent the perspectives of different applications using 468 this specification, in order to enable broadly-informed review of 469 registration decisions. In cases where a registration decision could 470 be perceived as creating a conflict of interest for a particular 471 Expert, that Expert should defer to the judgment of the other 472 Expert(s). 474 7.1. JSON Web Key Parameters Registry 476 This specification establishes the IANA JSON Web Key Parameters 477 registry for JWK parameter names. The registry records the parameter 478 name, the key type(s) that the parameter is used with, and a 479 reference to the specification that defines it. It also records 480 whether the parameter conveys public or private information. This 481 specification registers the parameter names defined in Section 3. 482 The same JWK parameter name may be registered multiple times, 483 provided that duplicate parameter registrations are only for key type 484 specific JWK parameters; in this case, the meaning of the duplicate 485 parameter name is disambiguated by the "kty" value of the JWK 486 containing it. 488 7.1.1. Registration Template 490 Parameter Name: 491 The name requested (e.g., "example"). Because a core goal of this 492 specification is for the resulting representations to be compact, 493 it is RECOMMENDED that the name be short -- not to exceed 8 494 characters without a compelling reason to do so. This name is 495 case-sensitive. Names may not match other registered names in a 496 case-insensitive manner unless the Designated Expert(s) state that 497 there is a compelling reason to allow an exception in this 498 particular case. However, matching names may be registered, 499 provided that the accompanying sets of "kty" values that the 500 Parameter Name is used with are disjoint; for the purposes of 501 matching "kty" values, "*" matches all values. 503 Parameter Description: 504 Brief description of the parameter (e.g., "Example description"). 506 Used with "kty" Value(s): 507 The key type parameter value(s) that the parameter name is to be 508 used with, or the value "*" if the parameter value is used with 509 all key types. Values may not match other registered "kty" values 510 in a case-insensitive manner when the registered Parameter Name is 511 the same (including when the Parameter Name matches in a case- 512 insensitive manner) unless the Designated Expert(s) state that 513 there is a compelling reason to allow an exception in this 514 particular case. 516 Parameter Information Class: 517 Registers whether the parameter conveys public or private 518 information. Its value must be one the words Public or Private. 520 Change Controller: 521 For Standards Track RFCs, state "IESG". For others, give the name 522 of the responsible party. Other details (e.g., postal address, 523 email address, home page URI) may also be included. 525 Specification Document(s): 526 Reference to the document(s) that specify the parameter, 527 preferably including URI(s) that can be used to retrieve copies of 528 the document(s). An indication of the relevant sections may also 529 be included but is not required. 531 7.1.2. Initial Registry Contents 533 o Parameter Name: "kty" 534 o Parameter Description: Key Type 535 o Used with "kty" Value(s): * 536 o Parameter Information Class: Public 537 o Change Controller: IESG 538 o Specification Document(s): Section 3.1 of [[ this document ]] 540 o Parameter Name: "use" 541 o Parameter Description: Public Key Use 542 o Used with "kty" Value(s): * 543 o Parameter Information Class: Public 544 o Change Controller: IESG 545 o Specification Document(s): Section 3.2 of [[ this document ]] 547 o Parameter Name: "key_ops" 548 o Parameter Description: Key Operations 549 o Used with "kty" Value(s): * 550 o Parameter Information Class: Public 551 o Change Controller: IESG 552 o Specification Document(s): Section 3.3 of [[ this document ]] 554 o Parameter Name: "alg" 555 o Parameter Description: Algorithm 556 o Used with "kty" Value(s): * 557 o Parameter Information Class: Public 558 o Change Controller: IESG 559 o Specification Document(s): Section 3.4 of [[ this document ]] 561 o Parameter Name: "kid" 562 o Parameter Description: Key ID 563 o Used with "kty" Value(s): * 564 o Parameter Information Class: Public 565 o Change Controller: IESG 566 o Specification Document(s): Section 3.5 of [[ this document ]] 568 o Parameter Name: "x5u" 569 o Parameter Description: X.509 URL 570 o Used with "kty" Value(s): * 571 o Parameter Information Class: Public 572 o Change Controller: IESG 573 o Specification Document(s): Section 3.6 of [[ this document ]] 575 o Parameter Name: "x5c" 576 o Parameter Description: X.509 Certificate Chain 577 o Used with "kty" Value(s): * 578 o Parameter Information Class: Public 579 o Change Controller: IESG 580 o Specification Document(s): Section 3.7 of [[ this document ]] 582 o Parameter Name: "x5t" 583 o Parameter Description: X.509 Certificate SHA-1 Thumbprint 584 o Used with "kty" Value(s): * 585 o Parameter Information Class: Public 586 o Change Controller: IESG 587 o Specification Document(s): Section 3.8 of [[ this document ]] 589 7.2. JSON Web Key Use Registry 591 This specification establishes the IANA JSON Web Key Use registry for 592 JWK "use" (public key use) member values. The registry records the 593 public key use value and a reference to the specification that 594 defines it. This specification registers the parameter names defined 595 in Section 3.2. 597 7.2.1. Registration Template 599 Use Member Value: 600 The name requested (e.g., "example"). Because a core goal of this 601 specification is for the resulting representations to be compact, 602 it is RECOMMENDED that the name be short -- not to exceed 8 603 characters without a compelling reason to do so. This name is 604 case-sensitive. Names may not match other registered names in a 605 case-insensitive manner unless the Designated Expert(s) state that 606 there is a compelling reason to allow an exception in this 607 particular case. 609 Use Description: 610 Brief description of the use (e.g., "Example description"). 612 Change Controller: 613 For Standards Track RFCs, state "IESG". For others, give the name 614 of the responsible party. Other details (e.g., postal address, 615 email address, home page URI) may also be included. 617 Specification Document(s): 618 Reference to the document(s) that specify the parameter, 619 preferably including URI(s) that can be used to retrieve copies of 620 the document(s). An indication of the relevant sections may also 621 be included but is not required. 623 7.2.2. Initial Registry Contents 625 o Use Member Value: "sig" 626 o Use Description: Signature or MAC 627 o Change Controller: IESG 628 o Specification Document(s): Section 3.2 of [[ this document ]] 630 o Use Member Value: "enc" 631 o Use Description: Encryption 632 o Change Controller: IESG 633 o Specification Document(s): Section 3.2 of [[ this document ]] 635 7.3. JSON Web Key Operations Registry 637 This specification establishes the IANA JSON Web Key Operations 638 registry for values of JWK "key_ops" array elements. The registry 639 records the key operation value and a reference to the specification 640 that defines it. This specification registers the parameter names 641 defined in Section 3.3. 643 7.3.1. Registration Template 645 Key Operation Value: 646 The name requested (e.g., "example"). Because a core goal of this 647 specification is for the resulting representations to be compact, 648 it is RECOMMENDED that the name be short -- not to exceed 8 649 characters without a compelling reason to do so. This name is 650 case-sensitive. Names may not match other registered names in a 651 case-insensitive manner unless the Designated Expert(s) state that 652 there is a compelling reason to allow an exception in this 653 particular case. 655 Key Operation Description: 656 Brief description of the key operation (e.g., "Example 657 description"). 659 Change Controller: 660 For Standards Track RFCs, state "IESG". For others, give the name 661 of the responsible party. Other details (e.g., postal address, 662 email address, home page URI) may also be included. 664 Specification Document(s): 665 Reference to the document(s) that specify the parameter, 666 preferably including URI(s) that can be used to retrieve copies of 667 the document(s). An indication of the relevant sections may also 668 be included but is not required. 670 7.3.2. Initial Registry Contents 672 o Key Operation Value: "sign" 673 o Key Operation Description: Compute signature or MAC 674 o Change Controller: IESG 675 o Specification Document(s): Section 3.3 of [[ this document ]] 677 o Key Operation Value: "verify" 678 o Key Operation Description: Verify signature or MAC 679 o Change Controller: IESG 680 o Specification Document(s): Section 3.3 of [[ this document ]] 682 o Key Operation Value: "encrypt" 683 o Key Operation Description: Encrypt content 684 o Change Controller: IESG 685 o Specification Document(s): Section 3.3 of [[ this document ]] 687 o Key Operation Value: "decrypt" 688 o Key Operation Description: Decrypt content and validate 689 decryption, if applicable 690 o Change Controller: IESG 691 o Specification Document(s): Section 3.3 of [[ this document ]] 693 o Key Operation Value: "wrap" 694 o Key Operation Description: Encrypt key 695 o Change Controller: IESG 696 o Specification Document(s): Section 3.3 of [[ this document ]] 698 o Key Operation Value: "unwrap" 699 o Key Operation Description: Decrypt key and validate decryption, if 700 applicable 701 o Change Controller: IESG 702 o Specification Document(s): Section 3.3 of [[ this document ]] 704 o Key Operation Value: "deriveKey" 705 o Key Operation Description: Derive key 706 o Change Controller: IESG 707 o Specification Document(s): Section 3.3 of [[ this document ]] 709 o Key Operation Value: "deriveBits" 710 o Key Operation Description: Derive bits not to be used as a key 711 o Change Controller: IESG 712 o Specification Document(s): Section 3.3 of [[ this document ]] 714 7.4. JSON Web Key Set Parameters Registry 716 This specification establishes the IANA JSON Web Key Set Parameters 717 registry for JWK Set parameter names. The registry records the 718 parameter name and a reference to the specification that defines it. 719 This specification registers the parameter names defined in 720 Section 4. 722 7.4.1. Registration Template 724 Parameter Name: 725 The name requested (e.g., "example"). Because a core goal of this 726 specification is for the resulting representations to be compact, 727 it is RECOMMENDED that the name be short -- not to exceed 8 728 characters without a compelling reason to do so. This name is 729 case-sensitive. Names may not match other registered names in a 730 case-insensitive manner unless the Designated Expert(s) state that 731 there is a compelling reason to allow an exception in this 732 particular case. 734 Parameter Description: 735 Brief description of the parameter (e.g., "Example description"). 737 Change Controller: 738 For Standards Track RFCs, state "IESG". For others, give the name 739 of the responsible party. Other details (e.g., postal address, 740 email address, home page URI) may also be included. 742 Specification Document(s): 743 Reference to the document(s) that specify the parameter, 744 preferably including URI(s) that can be used to retrieve copies of 745 the document(s). An indication of the relevant sections may also 746 be included but is not required. 748 7.4.2. Initial Registry Contents 750 o Parameter Name: "keys" 751 o Parameter Description: Array of JWK values 752 o Change Controller: IESG 753 o Specification Document(s): Section 4.1 of [[ this document ]] 755 7.5. Media Type Registration 757 7.5.1. Registry Contents 759 This specification registers the "application/jwk+json" and 760 "application/jwk-set+json" Media Types [RFC2046] in the MIME Media 761 Types registry [IANA.MediaTypes], which can be used to indicate, 762 respectively, that the content is a JWK or a JWK Set. 764 o Type Name: application 765 o Subtype Name: jwk+json 766 o Required Parameters: n/a 767 o Optional Parameters: n/a 768 o Encoding considerations: 8bit; application/jwk+json values are 769 represented as JSON object; UTF-8 encoding SHOULD be employed for 770 the JSON object. 771 o Security Considerations: See the Security Considerations section 772 of [[ this document ]] 773 o Interoperability Considerations: n/a 774 o Published Specification: [[ this document ]] 775 o Applications that use this media type: TBD 776 o Additional Information: Magic number(s): n/a, File extension(s): 777 n/a, Macintosh file type code(s): n/a 778 o Person & email address to contact for further information: Michael 779 B. Jones, mbj@microsoft.com 780 o Intended Usage: COMMON 781 o Restrictions on Usage: none 782 o Author: Michael B. Jones, mbj@microsoft.com 783 o Change Controller: IESG 785 o Type Name: application 786 o Subtype Name: jwk-set+json 787 o Required Parameters: n/a 788 o Optional Parameters: n/a 789 o Encoding considerations: 8bit; application/jwk-set+json values are 790 represented as a JSON Object; UTF-8 encoding SHOULD be employed 791 for the JSON object. 792 o Security Considerations: See the Security Considerations section 793 of [[ this document ]] 794 o Interoperability Considerations: n/a 795 o Published Specification: [[ this document ]] 796 o Applications that use this media type: TBD 797 o Additional Information: Magic number(s): n/a, File extension(s): 798 n/a, Macintosh file type code(s): n/a 799 o Person & email address to contact for further information: Michael 800 B. Jones, mbj@microsoft.com 801 o Intended Usage: COMMON 802 o Restrictions on Usage: none 803 o Author: Michael B. Jones, mbj@microsoft.com 804 o Change Controller: IESG 806 8. Security Considerations 808 All of the security issues faced by any cryptographic application 809 must be faced by a JWS/JWE/JWK agent. Among these issues are 810 protecting the user's private and symmetric keys, preventing various 811 attacks, and helping the user avoid mistakes such as inadvertently 812 encrypting a message for the wrong recipient. The entire list of 813 security considerations is beyond the scope of this document, but 814 some significant considerations are listed here. 816 One should place no more trust in the data associated with a key than 817 in than the method by which it was obtained and in the 818 trustworthiness of the entity asserting an association with the key. 819 Any data associated with a key that is obtained in an untrusted 820 manner should be treated with skepticism. 822 Private and symmetric keys MUST be protected from disclosure to 823 unintended parties. One recommended means of doing so is to encrypt 824 JWKs or JWK Sets containing them by using the JWK or JWK Set value as 825 the plaintext of a JWE. 827 The security considerations in RFC 3447 [RFC3447] and RFC 6030 828 [RFC6030] about protecting private and symmetric keys, key usage, and 829 information leakage also apply to this specification. 831 The security considerations in XML DSIG 2.0 832 [W3C.CR-xmldsig-core2-20120124], about key representations also apply 833 to this specification, other than those that are XML specific. 835 The TLS Requirements in [JWS] also apply to this specification. 837 9. References 839 9.1. Normative References 841 [ECMAScript] 842 Ecma International, "ECMAScript Language Specification, 843 5.1 Edition", ECMA 262, June 2011. 845 [I-D.ietf-json-rfc4627bis] 846 Bray, T., "The JSON Data Interchange Format", 847 draft-ietf-json-rfc4627bis-10 (work in progress), 848 December 2013. 850 [IANA.MediaTypes] 851 Internet Assigned Numbers Authority (IANA), "MIME Media 852 Types", 2005. 854 [ITU.X690.1994] 855 International Telecommunications Union, "Information 856 Technology - ASN.1 encoding rules: Specification of Basic 857 Encoding Rules (BER), Canonical Encoding Rules (CER) and 858 Distinguished Encoding Rules (DER)", ITU-T Recommendation 859 X.690, 1994. 861 [JWA] Jones, M., "JSON Web Algorithms (JWA)", 862 draft-ietf-jose-json-web-algorithms (work in progress), 863 January 2014. 865 [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web 866 Encryption (JWE)", draft-ietf-jose-json-web-encryption 867 (work in progress), January 2014. 869 [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web 870 Signature (JWS)", draft-ietf-jose-json-web-signature (work 871 in progress), January 2014. 873 [RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic 874 Mail: Part I: Message Encryption and Authentication 875 Procedures", RFC 1421, February 1993. 877 [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 878 Extensions (MIME) Part Two: Media Types", RFC 2046, 879 November 1996. 881 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 882 Requirement Levels", BCP 14, RFC 2119, March 1997. 884 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 886 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 887 10646", STD 63, RFC 3629, November 2003. 889 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 890 Resource Identifier (URI): Generic Syntax", STD 66, 891 RFC 3986, January 2005. 893 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 894 Encodings", RFC 4648, October 2006. 896 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 897 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 898 May 2008. 900 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 901 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 903 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 904 Housley, R., and W. Polk, "Internet X.509 Public Key 905 Infrastructure Certificate and Certificate Revocation List 906 (CRL) Profile", RFC 5280, May 2008. 908 [USASCII] American National Standards Institute, "Coded Character 909 Set -- 7-bit American Standard Code for Information 910 Interchange", ANSI X3.4, 1986. 912 [W3C.CR-xmldsig-core2-20120124] 913 Cantor, S., Roessler, T., Eastlake, D., Yiu, K., Reagle, 914 J., Solo, D., Datta, P., and F. Hirsch, "XML Signature 915 Syntax and Processing Version 2.0", World Wide Web 916 Consortium CR CR-xmldsig-core2-20120124, January 2012, 917 . 919 9.2. Informative References 921 [MagicSignatures] 922 Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic 923 Signatures", January 2011. 925 [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography 926 Standards (PKCS) #1: RSA Cryptography Specifications 927 Version 2.1", RFC 3447, February 2003. 929 [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric 930 Key Container (PSKC)", RFC 6030, October 2010. 932 [WebCrypto] 933 Sleevi, R., "Web Cryptography API", World Wide Web 934 Consortium Draft, December 2013, . 937 Appendix A. Example JSON Web Key Sets 939 A.1. Example Public Keys 941 The following example JWK Set contains two public keys represented as 942 JWKs: one using an Elliptic Curve algorithm and a second one using an 943 RSA algorithm. The first specifies that the key is to be used for 944 encryption. The second specifies that the key is to be used with the 945 "RS256" algorithm. Both provide a Key ID for key matching purposes. 946 In both cases, integers are represented using the base64url encoding 947 of their big endian representations. (Long lines are broken are for 948 display purposes only.) 949 {"keys": 950 [ 951 {"kty":"EC", 952 "crv":"P-256", 953 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 954 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 955 "use":"enc", 956 "kid":"1"}, 958 {"kty":"RSA", 959 "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 960 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs 961 tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 962 QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI 963 SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb 964 w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 965 "e":"AQAB", 966 "alg":"RS256", 967 "kid":"2011-04-29"} 968 ] 969 } 971 A.2. Example Private Keys 973 The following example JWK Set contains two keys represented as JWKs 974 containing both public and private key values: one using an Elliptic 975 Curve algorithm and a second one using an RSA algorithm. This 976 example extends the example in the previous section, adding private 977 key values. (Line breaks are for display purposes only.) 978 {"keys": 979 [ 980 {"kty":"EC", 981 "crv":"P-256", 982 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 983 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 984 "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", 985 "use":"enc", 986 "kid":"1"}, 988 {"kty":"RSA", 989 "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4 990 cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMst 991 n64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2Q 992 vzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbIS 993 D08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw 994 0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 995 "e":"AQAB", 996 "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9 997 M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij 998 wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d 999 _cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz 1000 nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz 1001 me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", 1002 "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV 1003 nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV 1004 WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", 1005 "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum 1006 qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx 1007 kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", 1008 "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim 1009 YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu 1010 YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", 1011 "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU 1012 vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9 1013 GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", 1014 "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg 1015 UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx 1016 yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", 1017 "alg":"RS256", 1018 "kid":"2011-04-29"} 1019 ] 1020 } 1022 A.3. Example Symmetric Keys 1024 The following example JWK Set contains two symmetric keys represented 1025 as JWKs: one designated as being for use with the AES Key Wrap 1026 algorithm and a second one that is an HMAC key. (Line breaks are for 1027 display purposes only.) 1029 {"keys": 1030 [ 1031 {"kty":"oct", 1032 "alg":"A128KW", 1033 "k":"GawgguFyGrWKav7AX4VKUg"}, 1035 {"kty":"oct", 1036 "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75 1037 aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", 1038 "kid":"HMAC key used in JWS A.1 example"} 1039 ] 1040 } 1042 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter 1043 The following is an example of a JWK with a RSA signing key 1044 represented both as an RSA public key and as an X.509 certificate 1045 using the "x5c" parameter: 1047 {"kty":"RSA", 1048 "use":"sig", 1049 "kid":"1b94c", 1050 "n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08 1051 PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q 1052 u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a 1053 YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH 1054 MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv 1055 VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ", 1056 "e":"AQAB", 1057 "x5c": 1058 ["MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJB 1059 gNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYD 1060 VQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1 1061 wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBg 1062 NVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDV 1063 QQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1w 1064 YmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnH 1065 YMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66 1066 s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6 1067 SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpn 1068 fajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPq 1069 PvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVk 1070 aZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BA 1071 QUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL 1072 +9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1 1073 zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL 1074 2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo 1075 4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTq 1076 gawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA=="] 1077 } 1079 Appendix C. Example Encrypted RSA Private Key 1081 This example encrypts an RSA private key to the recipient using 1082 "PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for 1083 content encryption. 1085 NOTE: Unless otherwise indicated, all line breaks are included solely 1086 for readability. 1088 C.1. Plaintext RSA Private Key 1090 The following RSA key is the plaintext for the encryption operation, 1091 formatted as a JWK object: 1093 { 1094 "kty":"RSA", 1095 "kid":"juliet@capulet.lit", 1096 "use":"enc", 1097 "n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy 1098 O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP 1099 8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0 1100 Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X 1101 OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1 1102 _I8sLGuSiVdt3C_Fn2PZ3Z8i744FPFGGcG1qs2Wz-Q", 1103 "e":"AQAB", 1104 "d":"GRtbIQmhOZtyszfgKdg4u_N-R_mZGU_9k7JQ_jn1DnfTuMdSNprTeaSTyWfS 1105 NkuaAwnOEbIQVy1IQbWVV25NY3ybc_IhUJtfri7bAXYEReWaCl3hdlPKXy9U 1106 vqPYGR0kIXTQRqns-dVJ7jahlI7LyckrpTmrM8dWBo4_PMaenNnPiQgO0xnu 1107 ToxutRZJfJvG4Ox4ka3GORQd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu 1108 rY15k9qMSpG9OX_IJAXmxzAh_tWiZOwk2K4yxH9tS3Lq1yX8C1EWmeRDkK2a 1109 hecG85-oLKQt5VEpWHKmjOi_gJSdSgqcN96X52esAQ", 1110 "p":"2rnSOV4hKSN8sS4CgcQHFbs08XboFDqKum3sc4h3GRxrTmQdl1ZK9uw-PIHf 1111 QP0FkxXVrx-WE-ZEbrqivH_2iCLUS7wAl6XvARt1KkIaUxPPSYB9yk31s0Q8 1112 UK96E3_OrADAYtAJs-M3JxCLfNgqh56HDnETTQhH3rCT5T3yJws", 1113 "q":"1u_RiFDP7LBYh3N4GXLT9OpSKYP0uQZyiaZwBtOCBNJgQxaj10RWjsZu0c6I 1114 edis4S7B_coSKB0Kj9PaPaBzg-IySRvvcQuPamQu66riMhjVtG6TlV8CLCYK 1115 rYl52ziqK0E_ym2QnkwsUX7eYTB7LbAHRK9GqocDE5B0f808I4s", 1116 "dp":"KkMTWqBUefVwZ2_Dbj1pPQqyHSHjj90L5x_MOzqYAJMcLMZtbUtwKqvVDq3 1117 tbEo3ZIcohbDtt6SbfmWzggabpQxNxuBpoOOf_a_HgMXK_lhqigI4y_kqS1w 1118 Y52IwjUn5rgRrJ-yYo1h41KR-vz2pYhEAeYrhttWtxVqLCRViD6c", 1119 "dq":"AvfS0-gRxvn0bwJoMSnFxYcK1WnuEjQFluMGfwGitQBWtfZ1Er7t1xDkbN9 1120 GQTB9yqpDoYaN06H7CFtrkxhJIBQaj6nkF5KKS3TQtQ5qCzkOkmxIe3KRbBy 1121 mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu_lRFCOJ3xDea-ots", 1122 "qi":"lSQi-w9CpyUReMErP1RsBLk7wNtOvs5EQpPqmuMvqW57NBUczScEoPwmUqq 1123 abu9V0-Py4dQ57_bapoKRu1R90bvuFnU63SHWEFglZQvJDMeAvmj4sm-Fp0o 1124 Yu_neotgQ0hzbI5gry7ajdYy9-2lNx_76aBZoOUu9HCJ-UsfSOI8" 1125 } 1127 The octets representing the Plaintext are: 1129 [ 123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107, 1130 105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112, 1131 117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34, 1132 58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56, 1133 80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78, 1134 89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87, 1135 101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49, 1136 103, 80, 78, 113, 70, 77, 83, 81, 82, 121, 79, 49, 50, 53, 71, 112, 1137 45, 84, 69, 107, 111, 100, 104, 87, 114, 48, 105, 117, 106, 106, 72, 1138 86, 120, 55, 66, 99, 86, 48, 108, 108, 83, 52, 119, 53, 65, 67, 71, 1139 103, 80, 114, 99, 65, 100, 54, 90, 99, 83, 82, 48, 45, 73, 113, 111, 1140 109, 45, 81, 70, 99, 78, 80, 56, 83, 106, 103, 48, 56, 54, 77, 119, 1141 111, 113, 81, 85, 95, 76, 89, 121, 119, 108, 65, 71, 90, 50, 49, 87, 1142 83, 100, 83, 95, 80, 69, 82, 121, 71, 70, 105, 78, 110, 106, 51, 81, 1143 81, 108, 79, 56, 89, 110, 115, 53, 106, 67, 116, 76, 67, 82, 119, 76, 1144 72, 76, 48, 80, 98, 49, 102, 69, 118, 52, 53, 65, 117, 82, 73, 117, 1145 85, 102, 86, 99, 80, 121, 83, 66, 87, 89, 110, 68, 121, 71, 120, 118, 1146 106, 89, 71, 68, 83, 77, 45, 65, 113, 87, 83, 57, 122, 73, 81, 50, 1147 90, 105, 108, 103, 84, 45, 71, 113, 85, 109, 105, 112, 103, 48, 88, 1148 79, 67, 48, 67, 99, 50, 48, 114, 103, 76, 101, 50, 121, 109, 76, 72, 1149 106, 112, 72, 99, 105, 67, 75, 86, 65, 98, 89, 53, 45, 76, 51, 50, 1150 45, 108, 83, 101, 90, 79, 45, 79, 115, 54, 85, 49, 53, 95, 97, 88, 1151 114, 107, 57, 71, 119, 56, 99, 80, 85, 97, 88, 49, 95, 73, 56, 115, 1152 76, 71, 117, 83, 105, 86, 100, 116, 51, 67, 95, 70, 110, 50, 80, 90, 1153 51, 90, 56, 105, 55, 52, 52, 70, 80, 70, 71, 71, 99, 71, 49, 113, 1154 115, 50, 87, 122, 45, 81, 34, 44, 34, 101, 34, 58, 34, 65, 81, 65, 1155 66, 34, 44, 34, 100, 34, 58, 34, 71, 82, 116, 98, 73, 81, 109, 104, 1156 79, 90, 116, 121, 115, 122, 102, 103, 75, 100, 103, 52, 117, 95, 78, 1157 45, 82, 95, 109, 90, 71, 85, 95, 57, 107, 55, 74, 81, 95, 106, 110, 1158 49, 68, 110, 102, 84, 117, 77, 100, 83, 78, 112, 114, 84, 101, 97, 1159 83, 84, 121, 87, 102, 83, 78, 107, 117, 97, 65, 119, 110, 79, 69, 98, 1160 73, 81, 86, 121, 49, 73, 81, 98, 87, 86, 86, 50, 53, 78, 89, 51, 121, 1161 98, 99, 95, 73, 104, 85, 74, 116, 102, 114, 105, 55, 98, 65, 88, 89, 1162 69, 82, 101, 87, 97, 67, 108, 51, 104, 100, 108, 80, 75, 88, 121, 57, 1163 85, 118, 113, 80, 89, 71, 82, 48, 107, 73, 88, 84, 81, 82, 113, 110, 1164 115, 45, 100, 86, 74, 55, 106, 97, 104, 108, 73, 55, 76, 121, 99, 1165 107, 114, 112, 84, 109, 114, 77, 56, 100, 87, 66, 111, 52, 95, 80, 1166 77, 97, 101, 110, 78, 110, 80, 105, 81, 103, 79, 48, 120, 110, 117, 1167 84, 111, 120, 117, 116, 82, 90, 74, 102, 74, 118, 71, 52, 79, 120, 1168 52, 107, 97, 51, 71, 79, 82, 81, 100, 57, 67, 115, 67, 90, 50, 118, 1169 115, 85, 68, 109, 115, 88, 79, 102, 85, 69, 78, 79, 121, 77, 113, 65, 1170 68, 67, 54, 112, 49, 77, 51, 104, 51, 51, 116, 115, 117, 114, 89, 49, 1171 53, 107, 57, 113, 77, 83, 112, 71, 57, 79, 88, 95, 73, 74, 65, 88, 1172 109, 120, 122, 65, 104, 95, 116, 87, 105, 90, 79, 119, 107, 50, 75, 1173 52, 121, 120, 72, 57, 116, 83, 51, 76, 113, 49, 121, 88, 56, 67, 49, 1174 69, 87, 109, 101, 82, 68, 107, 75, 50, 97, 104, 101, 99, 71, 56, 53, 1175 45, 111, 76, 75, 81, 116, 53, 86, 69, 112, 87, 72, 75, 109, 106, 79, 1176 105, 95, 103, 74, 83, 100, 83, 103, 113, 99, 78, 57, 54, 88, 53, 50, 1177 101, 115, 65, 81, 34, 44, 34, 112, 34, 58, 34, 50, 114, 110, 83, 79, 1178 86, 52, 104, 75, 83, 78, 56, 115, 83, 52, 67, 103, 99, 81, 72, 70, 1179 98, 115, 48, 56, 88, 98, 111, 70, 68, 113, 75, 117, 109, 51, 115, 99, 1180 52, 104, 51, 71, 82, 120, 114, 84, 109, 81, 100, 108, 49, 90, 75, 57, 1181 117, 119, 45, 80, 73, 72, 102, 81, 80, 48, 70, 107, 120, 88, 86, 114, 1182 120, 45, 87, 69, 45, 90, 69, 98, 114, 113, 105, 118, 72, 95, 50, 105, 1183 67, 76, 85, 83, 55, 119, 65, 108, 54, 88, 118, 65, 82, 116, 49, 75, 1184 107, 73, 97, 85, 120, 80, 80, 83, 89, 66, 57, 121, 107, 51, 49, 115, 1185 48, 81, 56, 85, 75, 57, 54, 69, 51, 95, 79, 114, 65, 68, 65, 89, 116, 1186 65, 74, 115, 45, 77, 51, 74, 120, 67, 76, 102, 78, 103, 113, 104, 53, 1187 54, 72, 68, 110, 69, 84, 84, 81, 104, 72, 51, 114, 67, 84, 53, 84, 1188 51, 121, 74, 119, 115, 34, 44, 34, 113, 34, 58, 34, 49, 117, 95, 82, 1189 105, 70, 68, 80, 55, 76, 66, 89, 104, 51, 78, 52, 71, 88, 76, 84, 57, 1190 79, 112, 83, 75, 89, 80, 48, 117, 81, 90, 121, 105, 97, 90, 119, 66, 1191 116, 79, 67, 66, 78, 74, 103, 81, 120, 97, 106, 49, 48, 82, 87, 106, 1192 115, 90, 117, 48, 99, 54, 73, 101, 100, 105, 115, 52, 83, 55, 66, 95, 1193 99, 111, 83, 75, 66, 48, 75, 106, 57, 80, 97, 80, 97, 66, 122, 103, 1194 45, 73, 121, 83, 82, 118, 118, 99, 81, 117, 80, 97, 109, 81, 117, 54, 1195 54, 114, 105, 77, 104, 106, 86, 116, 71, 54, 84, 108, 86, 56, 67, 76, 1196 67, 89, 75, 114, 89, 108, 53, 50, 122, 105, 113, 75, 48, 69, 95, 121, 1197 109, 50, 81, 110, 107, 119, 115, 85, 88, 55, 101, 89, 84, 66, 55, 76, 1198 98, 65, 72, 82, 75, 57, 71, 113, 111, 99, 68, 69, 53, 66, 48, 102, 1199 56, 48, 56, 73, 52, 115, 34, 44, 34, 100, 112, 34, 58, 34, 75, 107, 1200 77, 84, 87, 113, 66, 85, 101, 102, 86, 119, 90, 50, 95, 68, 98, 106, 1201 49, 112, 80, 81, 113, 121, 72, 83, 72, 106, 106, 57, 48, 76, 53, 120, 1202 95, 77, 79, 122, 113, 89, 65, 74, 77, 99, 76, 77, 90, 116, 98, 85, 1203 116, 119, 75, 113, 118, 86, 68, 113, 51, 116, 98, 69, 111, 51, 90, 1204 73, 99, 111, 104, 98, 68, 116, 116, 54, 83, 98, 102, 109, 87, 122, 1205 103, 103, 97, 98, 112, 81, 120, 78, 120, 117, 66, 112, 111, 79, 79, 1206 102, 95, 97, 95, 72, 103, 77, 88, 75, 95, 108, 104, 113, 105, 103, 1207 73, 52, 121, 95, 107, 113, 83, 49, 119, 89, 53, 50, 73, 119, 106, 85, 1208 110, 53, 114, 103, 82, 114, 74, 45, 121, 89, 111, 49, 104, 52, 49, 1209 75, 82, 45, 118, 122, 50, 112, 89, 104, 69, 65, 101, 89, 114, 104, 1210 116, 116, 87, 116, 120, 86, 113, 76, 67, 82, 86, 105, 68, 54, 99, 34, 1211 44, 34, 100, 113, 34, 58, 34, 65, 118, 102, 83, 48, 45, 103, 82, 120, 1212 118, 110, 48, 98, 119, 74, 111, 77, 83, 110, 70, 120, 89, 99, 75, 49, 1213 87, 110, 117, 69, 106, 81, 70, 108, 117, 77, 71, 102, 119, 71, 105, 1214 116, 81, 66, 87, 116, 102, 90, 49, 69, 114, 55, 116, 49, 120, 68, 1215 107, 98, 78, 57, 71, 81, 84, 66, 57, 121, 113, 112, 68, 111, 89, 97, 1216 78, 48, 54, 72, 55, 67, 70, 116, 114, 107, 120, 104, 74, 73, 66, 81, 1217 97, 106, 54, 110, 107, 70, 53, 75, 75, 83, 51, 84, 81, 116, 81, 53, 1218 113, 67, 122, 107, 79, 107, 109, 120, 73, 101, 51, 75, 82, 98, 66, 1219 121, 109, 88, 120, 107, 98, 53, 113, 119, 85, 112, 88, 53, 69, 76, 1220 68, 53, 120, 70, 99, 54, 70, 101, 105, 97, 102, 87, 89, 89, 54, 51, 1221 84, 109, 109, 69, 65, 117, 95, 108, 82, 70, 67, 79, 74, 51, 120, 68, 1222 101, 97, 45, 111, 116, 115, 34, 44, 34, 113, 105, 34, 58, 34, 108, 1223 83, 81, 105, 45, 119, 57, 67, 112, 121, 85, 82, 101, 77, 69, 114, 80, 1224 49, 82, 115, 66, 76, 107, 55, 119, 78, 116, 79, 118, 115, 53, 69, 81, 1225 112, 80, 113, 109, 117, 77, 118, 113, 87, 53, 55, 78, 66, 85, 99, 1226 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, 1227 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, 1228 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, 1229 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, 1230 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, 1231 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, 1232 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, 1233 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, 1234 125 ] 1236 C.2. JWE Header 1238 The following example JWE Protected Header declares that: 1240 o the Content Encryption Key is encrypted to the recipient using the 1241 PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, 1243 o the Salt (p2s) is [ 217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 1244 155, 137, 174, 42, 80, 215 ], 1246 o the Iteration Count (p2c) is 4096, 1248 o the Plaintext is encrypted using the AES_128_CBC_HMAC_SHA_256 1249 algorithm to produce the Ciphertext, and 1251 o the content type is application/jwk+json. 1253 { 1254 "alg":"PBES2-HS256+A128KW", 1255 "p2s":"2WCTcJZ1Rvd_CJuJripQ1w", 1256 "p2c":4096, 1257 "enc":"A128CBC-HS256", 1258 "cty":"jwk+json" 1259 } 1261 Encoding this JWE Protected Header as BASE64URL(UTF8(JWE Protected 1262 Header)) gives this value: 1264 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1265 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1266 andrK2pzb24ifQ 1268 C.3. Content Encryption Key (CEK) 1270 Generate a 256 bit random Content Encryption Key (CEK). In this 1271 example, the value is: 1273 [ 111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 1274 112, 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 1275 48, 253, 182 ] 1277 C.4. Key Encryption 1279 Encrypt the CEK with a shared passphrase using the 1280 "PBES2-HS256+A128KW" algorithm and the specified Salt and Iteration 1281 Count values to produce the JWE Encrypted Key. This example uses the 1282 following passphrase: 1284 Thus from my lips, by yours, my sin is purged. 1286 The octets representing the passphrase are: 1288 [ 84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108, 1289 105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, 1290 109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103, 1291 101, 100, 46 ] 1293 The resulting JWE Encrypted Key value is: 1295 [ 201, 236, 143, 112, 12, 234, 200, 211, 33, 241, 255, 65, 112, 63, 1296 172, 146, 105, 107, 122, 0, 30, 21, 44, 21, 14, 61, 200, 57, 30, 253, 1297 228, 83, 218, 82, 138, 80, 121, 254, 193, 121 ] 1299 Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives 1300 this value: 1302 yeyPcAzqyNMh8f9BcD-skmlregAeFSwVDj3IOR795FPaUopQef7BeQ 1304 C.5. Initialization Vector 1306 Generate a random 128 bit JWE Initialization Vector. In this 1307 example, the value is: 1309 [ 97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149, 1310 156 ] 1312 Encoding this JWE Initialization Vector as BASE64URL(JWE 1313 Initialization Vector) gives this value: 1315 Ye9j1qs22DmRSAddIh-VnA 1317 C.6. Additional Authenticated Data 1319 Let the Additional Authenticated Data encryption parameter be 1320 ASCII(BASE64URL(UTF8(JWE Protected Header))). This value is: 1322 [ 123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, 1323 50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, 1324 58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, 1325 117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, 1326 52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, 1327 66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, 1328 106, 119, 107, 43, 106, 115, 111, 110, 34, 125 ] 1330 C.7. Content Encryption 1332 Encrypt the Plaintext with AES_128_CBC_HMAC_SHA_256 using the CEK as 1333 the encryption key, the JWE Initialization Vector, and the Additional 1334 Authenticated Data value above. The resulting Ciphertext is: 1336 [ 3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, 1337 131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, 1338 112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, 1339 157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, 1340 129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60, 1341 60, 47, 233, 132, 121, 13, 35, 188, 53, 19, 172, 77, 59, 54, 211, 1342 158, 172, 25, 60, 111, 0, 80, 201, 158, 160, 210, 68, 55, 12, 67, 1343 136, 130, 87, 216, 197, 95, 62, 20, 155, 205, 5, 140, 27, 168, 221, 1344 65, 114, 78, 157, 254, 46, 206, 182, 52, 135, 87, 239, 3, 34, 186, 1345 126, 220, 151, 17, 33, 237, 57, 96, 172, 183, 58, 45, 248, 103, 241, 1346 142, 136, 7, 53, 16, 173, 181, 7, 93, 92, 252, 1, 53, 212, 242, 8, 1347 255, 11, 239, 181, 24, 148, 136, 111, 24, 161, 244, 23, 106, 69, 157, 1348 215, 243, 189, 240, 166, 169, 249, 72, 38, 201, 99, 223, 173, 229, 9, 1349 222, 82, 79, 157, 176, 248, 85, 239, 121, 163, 1, 31, 48, 98, 206, 1350 61, 249, 104, 216, 201, 227, 105, 48, 194, 193, 10, 36, 160, 159, 1351 241, 166, 84, 54, 188, 211, 243, 242, 40, 46, 45, 193, 193, 160, 169, 1352 101, 201, 1, 73, 47, 105, 142, 88, 28, 42, 132, 26, 61, 58, 63, 142, 1353 243, 77, 26, 179, 153, 166, 46, 203, 208, 49, 55, 229, 34, 178, 4, 1354 109, 180, 204, 204, 115, 1, 103, 193, 5, 91, 215, 214, 195, 1, 110, 1355 208, 53, 144, 36, 105, 12, 54, 25, 129, 101, 15, 183, 150, 250, 147, 1356 115, 227, 58, 250, 5, 128, 232, 63, 15, 14, 19, 141, 124, 253, 142, 1357 137, 189, 135, 26, 44, 240, 27, 88, 132, 105, 127, 6, 71, 37, 41, 1358 124, 187, 165, 140, 34, 200, 123, 80, 228, 24, 231, 176, 132, 171, 1359 138, 145, 152, 116, 224, 50, 141, 51, 147, 91, 186, 7, 246, 106, 217, 1360 148, 244, 227, 244, 45, 220, 121, 165, 224, 148, 181, 17, 181, 128, 1361 197, 101, 237, 11, 169, 229, 149, 199, 78, 56, 15, 14, 190, 91, 216, 1362 222, 247, 213, 74, 40, 8, 96, 20, 168, 119, 96, 26, 24, 52, 37, 82, 1363 127, 57, 176, 147, 118, 59, 7, 224, 33, 117, 72, 155, 29, 82, 26, 1364 215, 189, 140, 119, 28, 152, 118, 93, 222, 194, 192, 148, 115, 83, 1365 253, 216, 212, 108, 88, 83, 175, 172, 220, 97, 79, 110, 42, 223, 170, 1366 161, 34, 164, 144, 193, 76, 122, 92, 160, 41, 178, 175, 6, 35, 96, 1367 113, 96, 158, 90, 129, 101, 26, 45, 70, 180, 189, 230, 15, 5, 247, 1368 150, 209, 94, 171, 26, 13, 142, 212, 129, 1, 176, 5, 0, 112, 203, 1369 174, 185, 119, 76, 233, 189, 54, 172, 189, 245, 223, 253, 205, 12, 1370 88, 9, 126, 157, 225, 90, 40, 229, 191, 63, 30, 160, 224, 69, 3, 140, 1371 109, 70, 89, 37, 213, 245, 194, 210, 180, 188, 63, 210, 139, 221, 2, 1372 144, 200, 20, 177, 216, 29, 227, 242, 106, 12, 135, 142, 139, 144, 1373 82, 225, 162, 171, 176, 108, 99, 6, 43, 193, 161, 116, 234, 216, 1, 1374 242, 21, 124, 162, 98, 205, 124, 193, 38, 12, 242, 90, 101, 76, 204, 1375 184, 124, 58, 180, 16, 240, 26, 76, 195, 250, 212, 191, 185, 191, 97, 1376 198, 186, 73, 225, 75, 14, 90, 123, 121, 172, 101, 50, 160, 221, 141, 1377 253, 205, 126, 77, 9, 87, 198, 110, 104, 182, 141, 120, 51, 25, 232, 1378 3, 32, 80, 6, 156, 8, 18, 4, 135, 221, 142, 25, 135, 2, 129, 132, 1379 115, 227, 74, 141, 28, 119, 11, 141, 117, 134, 198, 62, 150, 254, 97, 1380 75, 197, 251, 99, 89, 204, 224, 226, 67, 83, 175, 89, 0, 81, 29, 38, 1381 207, 89, 140, 255, 197, 177, 164, 128, 62, 116, 224, 180, 109, 169, 1382 28, 2, 59, 176, 130, 252, 44, 178, 81, 24, 181, 176, 75, 44, 61, 91, 1383 12, 37, 21, 255, 83, 130, 197, 16, 231, 60, 217, 56, 131, 118, 168, 1384 202, 58, 52, 84, 124, 162, 185, 174, 162, 226, 242, 112, 68, 246, 1385 202, 16, 208, 52, 154, 58, 129, 80, 102, 33, 171, 6, 186, 177, 14, 1386 195, 88, 136, 6, 0, 155, 28, 100, 162, 207, 162, 222, 117, 248, 170, 1387 208, 114, 87, 31, 57, 176, 33, 57, 83, 253, 12, 168, 110, 194, 59, 1388 22, 86, 48, 227, 196, 22, 176, 218, 122, 149, 21, 249, 195, 178, 174, 1389 250, 20, 34, 120, 60, 139, 201, 99, 40, 18, 177, 17, 54, 54, 6, 3, 1390 222, 128, 160, 88, 11, 27, 0, 81, 192, 36, 41, 169, 146, 8, 47, 64, 1391 136, 28, 64, 209, 67, 135, 202, 20, 234, 182, 91, 204, 146, 195, 187, 1392 0, 72, 77, 11, 111, 152, 204, 252, 177, 212, 89, 33, 50, 132, 184, 1393 44, 183, 186, 19, 250, 69, 176, 201, 102, 140, 14, 143, 212, 212, 1394 160, 123, 208, 185, 27, 155, 68, 77, 133, 198, 2, 126, 155, 215, 22, 1395 91, 30, 217, 176, 172, 244, 156, 174, 143, 75, 90, 21, 102, 1, 160, 1396 59, 253, 188, 88, 57, 185, 197, 83, 24, 22, 180, 174, 47, 207, 52, 1, 1397 141, 146, 119, 233, 68, 228, 224, 228, 193, 248, 155, 202, 90, 7, 1398 213, 88, 33, 108, 107, 14, 86, 8, 120, 250, 58, 142, 35, 164, 238, 1399 221, 219, 35, 123, 88, 199, 192, 143, 104, 83, 17, 166, 243, 247, 11, 1400 166, 67, 68, 204, 132, 23, 110, 103, 228, 14, 55, 122, 88, 57, 180, 1401 178, 237, 52, 130, 214, 245, 102, 123, 67, 73, 175, 1, 127, 112, 148, 1402 94, 132, 164, 197, 153, 217, 87, 25, 89, 93, 63, 22, 66, 166, 90, 1403 251, 101, 10, 145, 66, 17, 124, 36, 255, 165, 226, 97, 16, 86, 112, 1404 154, 88, 105, 253, 56, 209, 229, 122, 103, 51, 24, 228, 190, 3, 236, 1405 48, 182, 121, 176, 140, 128, 117, 87, 251, 224, 37, 23, 248, 21, 218, 1406 85, 251, 136, 84, 147, 143, 144, 46, 155, 183, 251, 89, 86, 23, 26, 1407 237, 100, 167, 32, 130, 173, 237, 89, 55, 110, 70, 142, 127, 65, 230, 1408 208, 109, 69, 19, 253, 84, 130, 130, 193, 92, 58, 108, 150, 42, 136, 1409 249, 234, 86, 241, 182, 19, 117, 246, 26, 181, 92, 101, 155, 44, 103, 1410 235, 173, 30, 140, 90, 29, 183, 190, 77, 53, 206, 127, 5, 87, 8, 187, 1411 184, 92, 4, 157, 22, 18, 105, 251, 39, 88, 182, 181, 103, 148, 233, 1412 6, 63, 70, 188, 7, 101, 216, 127, 77, 31, 12, 233, 7, 147, 106, 30, 1413 150, 77, 145, 13, 205, 48, 56, 245, 220, 89, 252, 127, 51, 180, 36, 1414 31, 55, 18, 214, 230, 254, 217, 197, 65, 247, 27, 215, 117, 247, 108, 1415 157, 121, 11, 63, 150, 195, 83, 6, 134, 242, 41, 24, 105, 204, 5, 63, 1416 192, 14, 159, 113, 72, 140, 128, 51, 215, 80, 215, 39, 149, 94, 79, 1417 128, 34, 5, 129, 82, 83, 121, 187, 37, 146, 27, 32, 177, 167, 71, 9, 1418 195, 30, 199, 196, 205, 252, 207, 69, 8, 120, 27, 190, 51, 43, 75, 1419 249, 234, 167, 116, 206, 203, 199, 43, 108, 87, 48, 155, 140, 228, 1420 210, 85, 25, 161, 96, 67, 8, 205, 64, 39, 75, 88, 44, 238, 227, 16, 1421 0, 100, 93, 129, 18, 4, 149, 50, 68, 72, 99, 35, 111, 254, 27, 102, 1422 175, 108, 233, 87, 181, 44, 169, 18, 139, 79, 208, 14, 202, 192, 5, 1423 162, 222, 231, 149, 24, 211, 49, 120, 101, 39, 206, 87, 147, 204, 1424 200, 251, 104, 115, 5, 127, 117, 195, 79, 151, 18, 224, 52, 0, 245, 1425 4, 85, 255, 103, 217, 0, 116, 198, 80, 91, 167, 192, 154, 199, 197, 1426 149, 237, 51, 2, 131, 30, 226, 95, 105, 48, 68, 135, 208, 144, 120, 1427 176, 145, 157, 8, 171, 80, 94, 61, 92, 92, 220, 157, 13, 138, 51, 23, 1428 185, 124, 31, 77, 1, 87, 241, 43, 239, 55, 122, 86, 210, 48, 208, 1429 204, 112, 144, 80, 147, 106, 219, 47, 253, 31, 134, 176, 16, 135, 1430 219, 95, 17, 129, 83, 236, 125, 136, 112, 86, 228, 252, 71, 129, 218, 1431 174, 156, 236, 12, 27, 159, 11, 138, 252, 253, 207, 31, 115, 214, 1432 118, 239, 203, 16, 211, 205, 99, 22, 51, 163, 107, 162, 246, 199, 67, 1433 127, 34, 108, 197, 53, 117, 58, 199, 3, 190, 74, 70, 190, 65, 235, 1434 175, 97, 157, 215, 252, 189, 245, 100, 229, 248, 46, 90, 126, 237, 4, 1435 159, 128, 58, 7, 156, 236, 69, 191, 85, 240, 179, 224, 249, 152, 49, 1436 195, 223, 60, 78, 186, 157, 155, 217, 58, 105, 116, 164, 217, 111, 1437 215, 150, 218, 252, 84, 86, 248, 140, 240, 226, 61, 106, 208, 95, 60, 1438 163, 6, 0, 235, 253, 162, 96, 62, 234, 251, 249, 35, 21, 7, 211, 233, 1439 86, 50, 33, 203, 67, 248, 60, 190, 123, 48, 167, 226, 90, 191, 71, 1440 56, 183, 165, 17, 85, 76, 238, 140, 211, 168, 53, 223, 194, 4, 97, 1441 149, 156, 120, 137, 76, 33, 229, 243, 194, 208, 198, 202, 139, 28, 1442 114, 46, 224, 92, 254, 83, 100, 134, 158, 92, 70, 78, 61, 62, 138, 1443 24, 173, 216, 66, 198, 70, 254, 47, 59, 193, 53, 6, 139, 19, 153, 1444 253, 28, 199, 122, 160, 27, 67, 234, 209, 227, 139, 4, 50, 7, 178, 1445 183, 89, 252, 32, 128, 137, 55, 52, 29, 89, 12, 111, 42, 181, 51, 1446 170, 132, 132, 207, 170, 228, 254, 178, 213, 0, 136, 175, 8 ] 1448 The resulting Authentication Tag value is: 1450 [ 125, 249, 143, 191, 240, 4, 204, 132, 62, 241, 113, 178, 91, 88, 1451 254, 19 ] 1453 Encoding this JWE Ciphertext as BASE64URL(JWE Ciphertext) gives this 1454 value: 1456 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1457 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1458 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1459 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1460 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1461 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1462 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1463 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1464 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1465 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1466 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1467 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1468 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1469 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1470 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1471 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1472 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1473 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1474 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1475 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1476 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1477 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1478 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1479 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1480 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1481 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1482 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1483 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1484 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1485 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1486 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1487 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1488 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1489 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg 1491 Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication 1492 Tag) gives this value: 1494 ffmPv_AEzIQ-8XGyW1j-Ew 1496 C.8. Complete Representation 1498 Assemble the final representation: The Compact Serialization of this 1499 result is the string BASE64URL(UTF8(JWE Protected Header)) || '.' || 1500 BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization 1501 Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE 1502 Authentication Tag). 1504 The final result in this example is: 1506 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1507 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1508 andrK2pzb24ifQ. 1509 yeyPcAzqyNMh8f9BcD-skmlregAeFSwVDj3IOR795FPaUopQef7BeQ. 1510 Ye9j1qs22DmRSAddIh-VnA. 1511 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1512 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1513 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1514 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1515 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1516 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1517 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1518 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1519 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1520 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1521 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1522 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1523 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1524 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1525 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1526 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1527 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1528 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1529 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1530 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1531 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1532 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1533 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1534 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1535 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1536 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1537 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1538 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1539 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1540 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1541 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1542 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1543 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1544 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg. 1545 ffmPv_AEzIQ-8XGyW1j-Ew 1547 Appendix D. Acknowledgements 1549 A JSON representation for RSA public keys was previously introduced 1550 by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures 1552 [MagicSignatures]. 1554 This specification is the work of the JOSE Working Group, which 1555 includes dozens of active and dedicated participants. In particular, 1556 the following individuals contributed ideas, feedback, and wording 1557 that influenced this specification: 1559 Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de 1560 Medeiros, Joe Hildebrand, Edmund Jay, Ben Laurie, James Manger, Matt 1561 Miller, Tony Nadalin, Axel Nennker, John Panzer, Eric Rescorla, Nat 1562 Sakimura, Jim Schaad, Paul Tarjan, Hannes Tschofenig, and Sean 1563 Turner. 1565 Jim Schaad and Karen O'Donoghue chaired the JOSE working group and 1566 Sean Turner and Stephen Farrell served as Security area directors 1567 during the creation of this specification. 1569 Appendix E. Document History 1571 [[ to be removed by the RFC Editor before publication as an RFC ]] 1573 -20 1575 o Renamed "use_details" to "key_ops" (key operations). 1577 o Clarified that "use" is meant for public key use cases, "key_ops" 1578 is meant for use cases in which public, private, or symmetric keys 1579 may be present, and that "use" and "key_ops" should not be used 1580 together. 1582 o Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis, 1583 addressing issue #90. 1585 -19 1587 o Added optional "use_details" (key use details) JWK member. 1589 o Reordered the key selection parameters. 1591 -18 1593 o Changes to address editorial and minor issues #68, #69, #73, #74, 1594 #76, #77, #78, #79, #82, #85, #89, and #135. 1596 o Added and used Description registry fields. 1598 -17 1599 o Refined the "typ" and "cty" definitions to always be MIME Media 1600 Types, with the omission of "application/" prefixes recommended 1601 for brevity, addressing issue #50. 1603 o Added an example encrypting an RSA private key with 1604 "PBES2-HS256+A128KW" and "A128CBC-HS256". Thanks to Matt Miller 1605 for producing this! 1607 o Processing rules occurring in both JWS and JWK are now referenced 1608 in JWS by JWK, rather than duplicated, addressing issue #57. 1610 o Terms used in multiple documents are now defined in one place and 1611 incorporated by reference. Some lightly used or obvious terms 1612 were also removed. This addresses issue #58. 1614 -16 1616 o Changes to address editorial and minor issues #41, #42, #43, #47, 1617 #51, #67, #71, #76, #80, #83, #84, #85, #86, #87, and #88. 1619 -15 1621 o Changes to address editorial issues #48, #64, #65, #66, and #91. 1623 -14 1625 o Relaxed language introducing key parameters since some parameters 1626 are applicable to multiple, but not all, key types. 1628 -13 1630 o Applied spelling and grammar corrections. 1632 -12 1634 o Stated that recipients MUST either reject JWKs and JWK Sets with 1635 duplicate member names or use a JSON parser that returns only the 1636 lexically last duplicate member name. 1638 -11 1640 o Stated that when "kid" values are used within a JWK Set, different 1641 keys within the JWK Set SHOULD use distinct "kid" values. 1643 o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate 1644 Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters. 1646 o Added section on Encrypted JWK and Encrypted JWK Set Formats. 1648 o Added a Parameter Information Class value to the JSON Web Key 1649 Parameters registry, which registers whether the parameter conveys 1650 public or private information. 1652 o Registered "application/jwk+json" and "application/jwk-set+json" 1653 MIME types and "JWK" and "JWK-SET" typ header parameter values, 1654 addressing issue #21. 1656 -10 1658 o No changes were made, other than to the version number and date. 1660 -09 1662 o Expanded the scope of the JWK specification to include private and 1663 symmetric key representations, as specified by 1664 draft-jones-jose-json-private-and-symmetric-key-00. 1666 o Defined that members that are not understood must be ignored. 1668 -08 1670 o Changed the name of the JWK key type parameter from "alg" to "kty" 1671 to enable use of "alg" to indicate the particular algorithm that 1672 the key is intended to be used with. 1674 o Clarified statements of the form "This member is OPTIONAL" to "Use 1675 of this member is OPTIONAL". 1677 o Referenced String Comparison Rules in JWS. 1679 o Added seriesInfo information to Internet Draft references. 1681 -07 1683 o Changed the name of the JWK RSA modulus parameter from "mod" to 1684 "n" and the name of the JWK RSA exponent parameter from "xpo" to 1685 "e", so that the identifiers are the same as those used in RFC 1686 3447. 1688 -06 1690 o Changed the name of the JWK RSA exponent parameter from "exp" to 1691 "xpo" so as to allow the potential use of the name "exp" for a 1692 future extension that might define an expiration parameter for 1693 keys. (The "exp" name is already used for this purpose in the JWT 1694 specification.) 1696 o Clarify that the "alg" (algorithm family) member is REQUIRED. 1698 o Correct an instance of "JWK" that should have been "JWK Set". 1700 o Applied changes made by the RFC Editor to RFC 6749's registry 1701 language to this specification. 1703 -05 1705 o Indented artwork elements to better distinguish them from the body 1706 text. 1708 -04 1710 o Refer to the registries as the primary sources of defined values 1711 and then secondarily reference the sections defining the initial 1712 contents of the registries. 1714 o Normatively reference XML DSIG 2.0 [W3C.CR-xmldsig-core2-20120124] 1715 for its security considerations. 1717 o Added this language to Registration Templates: "This name is case 1718 sensitive. Names that match other registered names in a case 1719 insensitive manner SHOULD NOT be accepted." 1721 o Described additional open issues. 1723 o Applied editorial suggestions. 1725 -03 1727 o Clarified that "kid" values need not be unique within a JWK Set. 1729 o Moved JSON Web Key Parameters registry to the JWK specification. 1731 o Added "Collision Resistant Namespace" to the terminology section. 1733 o Changed registration requirements from RFC Required to 1734 Specification Required with Expert Review. 1736 o Added Registration Template sections for defined registries. 1738 o Added Registry Contents sections to populate registry values. 1740 o Numerous editorial improvements. 1742 -02 1744 o Simplified JWK terminology to get replace the "JWK Key Object" and 1745 "JWK Container Object" terms with simply "JSON Web Key (JWK)" and 1746 "JSON Web Key Set (JWK Set)" and to eliminate potential confusion 1747 between single keys and sets of keys. As part of this change, the 1748 top-level member name for a set of keys was changed from "jwk" to 1749 "keys". 1751 o Clarified that values with duplicate member names MUST be 1752 rejected. 1754 o Established JSON Web Key Set Parameters registry. 1756 o Explicitly listed non-goals in the introduction. 1758 o Moved algorithm-specific definitions from JWK to JWA. 1760 o Reformatted to give each member definition its own section 1761 heading. 1763 -01 1765 o Corrected the Magic Signatures reference. 1767 -00 1769 o Created the initial IETF draft based upon 1770 draft-jones-json-web-key-03 with no normative changes. 1772 Author's Address 1774 Michael B. Jones 1775 Microsoft 1777 Email: mbj@microsoft.com 1778 URI: http://self-issued.info/