idnits 2.17.00 (12 Aug 2021) /tmp/idnits4886/draft-ietf-jose-json-web-key-28.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 20, 2014) is 2891 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ECMAScript' -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.X690.1994' == Outdated reference: draft-ietf-jose-json-web-algorithms has been published as RFC 7518 == Outdated reference: draft-ietf-jose-json-web-encryption has been published as RFC 7516 == Outdated reference: draft-ietf-jose-json-web-signature has been published as RFC 7515 ** Downref: Normative reference to an Historic RFC: RFC 1421 ** Downref: Normative reference to an Informational RFC: RFC 2818 ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 7159 (Obsoleted by RFC 8259) -- Possible downref: Non-RFC (?) normative reference: ref. 'USASCII' -- Obsolete informational reference (is this intentional?): RFC 3447 (Obsoleted by RFC 8017) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 4 errors (**), 0 flaws (~~), 4 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 JOSE Working Group M. Jones 3 Internet-Draft Microsoft 4 Intended status: Standards Track June 20, 2014 5 Expires: December 22, 2014 7 JSON Web Key (JWK) 8 draft-ietf-jose-json-web-key-28 10 Abstract 12 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data 13 structure that represents a cryptographic key. This specification 14 also defines a JSON Web Key Set (JWK Set) JSON data structure that 15 represents a set of JWKs. Cryptographic algorithms and identifiers 16 for use with this specification are described in the separate JSON 17 Web Algorithms (JWA) specification and IANA registries defined by 18 that specification. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on December 22, 2014. 37 Copyright Notice 39 Copyright (c) 2014 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 4 56 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. Example JWK . . . . . . . . . . . . . . . . . . . . . . . . . 5 58 4. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 5 59 4.1. "kty" (Key Type) Parameter . . . . . . . . . . . . . . . . 6 60 4.2. "use" (Public Key Use) Parameter . . . . . . . . . . . . . 6 61 4.3. "key_ops" (Key Operations) Parameter . . . . . . . . . . . 7 62 4.4. "alg" (Algorithm) Parameter . . . . . . . . . . . . . . . 7 63 4.5. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 8 64 4.6. "x5u" (X.509 URL) Parameter . . . . . . . . . . . . . . . 8 65 4.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 8 66 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 9 67 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) 68 Parameter . . . . . . . . . . . . . . . . . . . . . . . . 9 69 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 9 70 5.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 10 71 6. String Comparison Rules . . . . . . . . . . . . . . . . . . . 10 72 7. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 10 73 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 74 8.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 12 75 8.1.1. Registration Template . . . . . . . . . . . . . . . . 12 76 8.1.2. Initial Registry Contents . . . . . . . . . . . . . . 13 77 8.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 14 78 8.2.1. Registration Template . . . . . . . . . . . . . . . . 15 79 8.2.2. Initial Registry Contents . . . . . . . . . . . . . . 15 80 8.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 15 81 8.3.1. Registration Template . . . . . . . . . . . . . . . . 16 82 8.3.2. Initial Registry Contents . . . . . . . . . . . . . . 16 83 8.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 17 84 8.4.1. Registration Template . . . . . . . . . . . . . . . . 17 85 8.4.2. Initial Registry Contents . . . . . . . . . . . . . . 18 86 8.5. Media Type Registration . . . . . . . . . . . . . . . . . 18 87 8.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 18 88 9. Security Considerations . . . . . . . . . . . . . . . . . . . 19 89 9.1. Key Provenance and Trust . . . . . . . . . . . . . . . . . 19 90 9.2. Preventing Disclosure of Non-Public Key Information . . . 20 91 9.3. RSA Private Key Representations and Blinding . . . . . . . 20 92 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 93 10.1. Normative References . . . . . . . . . . . . . . . . . . . 20 94 10.2. Informative References . . . . . . . . . . . . . . . . . . 22 95 Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 23 96 A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 23 97 A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 23 98 A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 25 99 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) 100 Parameter . . . . . . . . . . . . . . . . . . . . . . 25 101 Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 26 102 C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 27 103 C.2. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . 30 104 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 30 105 C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 31 106 C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 31 107 C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 31 108 C.7. Additional Authenticated Data . . . . . . . . . . . . . . 32 109 C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 32 110 C.9. Complete Representation . . . . . . . . . . . . . . . . . 35 111 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 36 112 Appendix E. Document History . . . . . . . . . . . . . . . . . . 37 113 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 43 115 1. Introduction 117 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7159] 118 data structure that represents a cryptographic key. This 119 specification also defines a JSON Web Key Set (JWK Set) JSON data 120 structure that represents a set of JWKs. Cryptographic algorithms 121 and identifiers for use with this specification are described in the 122 separate JSON Web Algorithms (JWA) [JWA] specification and IANA 123 registries defined by that specification. 125 Goals for this specification do not include representing new kinds of 126 certificate chains, representing new kinds of certified keys, or 127 replacing X.509 certificates. 129 JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and 130 JSON Web Encryption (JWE) [JWE] specifications. 132 Names defined by this specification are short because a core goal is 133 for the resulting representations to be compact. 135 1.1. Notational Conventions 137 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 138 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 139 "OPTIONAL" in this document are to be interpreted as described in Key 140 words for use in RFCs to Indicate Requirement Levels [RFC2119]. If 141 these words are used without being spelled in uppercase then they are 142 to be interpreted with their normal natural language meanings. 144 BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per 145 Section 2. 147 UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation 148 of STRING. 150 ASCII(STRING) denotes the octets of the ASCII [USASCII] 151 representation of STRING. 153 The concatenation of two values A and B is denoted as A || B. 155 2. Terminology 157 These terms defined by the JSON Web Signature (JWS) [JWS] 158 specification are incorporated into this specification: "Base64url 159 Encoding" and "Collision-Resistant Name". 161 These terms are defined for use by this specification: 163 JSON Web Key (JWK) 164 A JSON object that represents a cryptographic key. The members of 165 the object represent properties of the key, including its value. 167 JSON Web Key Set (JWK Set) 168 A JSON object that represents a set of JWKs. The JSON object MUST 169 have a "keys" member, which is an array of JWK objects. 171 3. Example JWK 173 This section provides an example of a JWK. The following example JWK 174 declares that the key is an elliptic curve key, it is used with the 175 P-256 elliptic curve, and its x and y coordinates are the base64url 176 encoded values shown. A key identifier is also provided for the key. 178 {"kty":"EC", 179 "crv":"P-256", 180 "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", 181 "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", 182 "kid":"Public key used in JWS A.3 example" 183 } 185 Additional example JWK values can be found in Appendix A. 187 4. JSON Web Key (JWK) Format 189 A JSON Web Key (JWK) is a JSON object that represents a cryptographic 190 key. The members of the object represent properties of the key, 191 including its value. This document defines the key parameters that 192 are not algorithm specific, and thus common to many keys. 194 In addition to the common parameters, each JWK will have members that 195 are specific to the kind of key being represented. These members 196 represent the parameters of the key. Section 6 of the JSON Web 197 Algorithms (JWA) [JWA] specification defines multiple kinds of 198 cryptographic keys and their associated members. 200 The member names within a JWK MUST be unique; recipients MUST either 201 reject JWKs with duplicate member names or use a JSON parser that 202 returns only the lexically last duplicate member name, as specified 203 in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. 205 Additional members can be present in the JWK; if not understood by 206 implementations encountering them, they MUST be ignored. Member 207 names used for representing key parameters for different keys types 208 need not be distinct. Any new member name should either be 209 registered in the IANA JSON Web Key Parameters registry defined in 210 Section 8.1 or be a value that contains a Collision-Resistant Name. 212 4.1. "kty" (Key Type) Parameter 214 The "kty" (key type) member identifies the cryptographic algorithm 215 family used with the key. "kty" values should either be registered in 216 the IANA JSON Web Key Types registry defined in [JWA] or be a value 217 that contains a Collision-Resistant Name. The "kty" value is a case- 218 sensitive string. This member MUST be present in a JWK. 220 A list of defined "kty" values can be found in the IANA JSON Web Key 221 Types registry defined in [JWA]; the initial contents of this 222 registry are the values defined in Section 6.1 of the JSON Web 223 Algorithms (JWA) [JWA] specification. 225 The key type definitions include specification of the members to be 226 used for those key types. Additional members used with "kty" values 227 can also be found in the IANA JSON Web Key Parameters registry 228 defined in Section 8.1. 230 4.2. "use" (Public Key Use) Parameter 232 The "use" (public key use) member identifies the intended use of the 233 public key. The "use" parameter is intended for use cases in which 234 it is useful to distinguish between public signing keys and public 235 encryption keys. 237 Values defined by this specification are: 239 o "sig" (signature) 240 o "enc" (encryption) 242 Other values MAY be used. Public Key Use values can be registered in 243 the IANA JSON Web Key Use registry defined in Section 8.2. The "use" 244 value is a case-sensitive string. Use of the "use" member is 245 OPTIONAL, unless the application requires its presence. 247 When a key is used to wrap another key and a key use designation for 248 the first key is desired, the "enc" (encryption) key use value SHOULD 249 be used, since key wrapping is a kind of encryption. The "enc" value 250 SHOULD also be used for public keys used for key agreement 251 operations. (The "alg" member can be used to specify the particular 252 cryptographic operation to be performed, when desired.) 254 4.3. "key_ops" (Key Operations) Parameter 256 The "key_ops" (key operations) member identifies the operation(s) 257 that the key is intended to be used for. The "key_ops" parameter is 258 intended for use cases in which public, private, or symmetric keys 259 may be present. 261 Its value is an array of key operation values. Values defined by 262 this specification are: 264 o "sign" (compute signature or MAC) 265 o "verify" (verify signature or MAC) 266 o "encrypt" (encrypt content) 267 o "decrypt" (decrypt content and validate decryption, if applicable) 268 o "wrapKey" (encrypt key) 269 o "unwrapKey" (decrypt key and validate decryption, if applicable) 270 o "deriveKey" (derive key) 271 o "deriveBits" (derive bits not to be used as a key) 273 (Note that the "key_ops" values intentionally match the "KeyUsage" 274 values defined in the Web Cryptography API [WebCrypto] 275 specification.) 277 Other values MAY be used. Key operation values can be registered in 278 the IANA JSON Web Key Operations registry defined in Section 8.3. 279 The key operation values are case-sensitive strings. Duplicate key 280 operation values MUST NOT be present in the array. 282 Use of the "key_ops" member is OPTIONAL, unless the application 283 requires its presence. 285 Multiple unrelated key operations SHOULD NOT be specified for a key 286 because of the potential vulnerabilities associated with using the 287 same key with multiple algorithms. Thus, the combinations "sign" 288 with "verify", "encrypt" with "decrypt", and "wrapKey" with 289 "unwrapKey" are permitted, but other combinations SHOULD NOT be used. 291 The "use" and "key_ops" JWK members SHOULD NOT be used together. 292 Applications should specify which of these members they use, if 293 either is to be used by the application. 295 4.4. "alg" (Algorithm) Parameter 297 The "alg" (algorithm) member identifies the algorithm intended for 298 use with the key. The values used should either be registered in the 299 IANA JSON Web Signature and Encryption Algorithms registry defined in 300 [JWA] or be a value that contains a Collision-Resistant Name. Use of 301 this member is OPTIONAL. 303 4.5. "kid" (Key ID) Parameter 305 The "kid" (key ID) member can be used to match a specific key. This 306 can be used, for instance, to choose among a set of keys within a JWK 307 Set during key rollover. The structure of the "kid" value is 308 unspecified. When "kid" values are used within a JWK Set, different 309 keys within the JWK Set SHOULD use distinct "kid" values. (One 310 example in which different keys might use the same "kid" value is if 311 they have different "kty" (key type) values but are considered to be 312 equivalent alternatives by the application using them.) The "kid" 313 value is a case-sensitive string. Use of this member is OPTIONAL. 315 When used with JWS or JWE, the "kid" value is used to match a JWS or 316 JWE "kid" Header Parameter value. 318 4.6. "x5u" (X.509 URL) Parameter 320 The "x5u" (X.509 URL) member is a URI [RFC3986] that refers to a 321 resource for an X.509 public key certificate or certificate chain 322 [RFC5280]. The identified resource MUST provide a representation of 323 the certificate or certificate chain that conforms to RFC 5280 324 [RFC5280] in PEM encoded form [RFC1421]. The key in the first 325 certificate MUST match the public key represented by other members of 326 the JWK. The protocol used to acquire the resource MUST provide 327 integrity protection; an HTTP GET request to retrieve the certificate 328 MUST use TLS [RFC2818] [RFC5246]; the identity of the server MUST be 329 validated, as per Section 6 of RFC 6125 [RFC6125]. Use of this 330 member is OPTIONAL. 332 While there is no requirement that members other than those 333 representing the public key be populated when an "x5u" member is 334 present, doing so may improve interoperability for applications that 335 do not handle PKIX certificates. If other members are present, the 336 contents of those members MUST be semantically consistent with the 337 related fields in the first certificate. For instance, if the "use" 338 member is present, then it needs to allow for only a subset of the 339 usages that are permitted by the certificate. Similarly, if the 340 "alg" member is present, it should represent an algorithm that the 341 certificate allows. 343 4.7. "x5c" (X.509 Certificate Chain) Parameter 345 The "x5c" (X.509 Certificate Chain) member contains a chain of one or 346 more PKIX certificates [RFC5280]. The certificate chain is 347 represented as a JSON array of certificate value strings. Each 348 string in the array is a base64 encoded ([RFC4648] Section 4 -- not 349 base64url encoded) DER [ITU.X690.1994] PKIX certificate value. The 350 PKIX certificate containing the key value MUST be the first 351 certificate. This MAY be followed by additional certificates, with 352 each subsequent certificate being the one used to certify the 353 previous one. The key in the first certificate MUST match the public 354 key represented by other members of the JWK. Use of this member is 355 OPTIONAL. 357 As with the "x5u" member, members other than those representing the 358 public key may also be populated when an "x5c" member is present. If 359 other members are present, the contents of those members MUST be 360 semantically consistent with the related fields in the first 361 certificate. See the last paragraph of Section 4.6 for additional 362 guidance on this. 364 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter 366 The "x5t" (X.509 Certificate SHA-1 Thumbprint) member is a base64url 367 encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an 368 X.509 certificate [RFC5280]. The key in the certificate MUST match 369 the public key represented by other members of the JWK. Use of this 370 member is OPTIONAL. 372 As with the "x5u" member, members other than those representing the 373 public key may also be populated when an "x5t" member is present. If 374 other members are present, the contents of those members MUST be 375 semantically consistent with the related fields in the referenced 376 certificate. See the last paragraph of Section 4.6 for additional 377 guidance on this. 379 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter 381 The "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) member is a 382 base64url encoded SHA-256 thumbprint (a.k.a. digest) of the DER 383 encoding of an X.509 certificate [RFC5280]. The key in the 384 certificate MUST match the public key represented by other members of 385 the JWK. Use of this member is OPTIONAL. 387 As with the "x5u" member, members other than those representing the 388 public key may also be populated when an "x5t#S256" member is 389 present. If other members are present, the contents of those members 390 MUST be semantically consistent with the related fields in the 391 referenced certificate. See the last paragraph of Section 4.6 for 392 additional guidance on this. 394 5. JSON Web Key Set (JWK Set) Format 396 A JSON Web Key Set (JWK Set) is a JSON object that represents a set 397 of JWKs. The JSON object MUST have a "keys" member, which is an 398 array of JWK objects. 400 The member names within a JWK Set MUST be unique; recipients MUST 401 either reject JWK Sets with duplicate member names or use a JSON 402 parser that returns only the lexically last duplicate member name, as 403 specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 404 [ECMAScript]. 406 Additional members can be present in the JWK Set; if not understood 407 by implementations encountering them, they MUST be ignored. 408 Parameters for representing additional properties of JWK Sets should 409 either be registered in the IANA JSON Web Key Set Parameters registry 410 defined in Section 8.4 or be a value that contains a Collision- 411 Resistant Name. 413 Implementations SHOULD ignore JWKs within a JWK Set that use "kty" 414 (key type) values that are not understood by them, are missing 415 required members, or for which values are out of the supported 416 ranges. 418 5.1. "keys" Parameter 420 The value of the "keys" member is an array of JWK values. By 421 default, the order of the JWK values within the array does not imply 422 an order of preference among them, although applications of JWK Sets 423 can choose to assign a meaning to the order for their purposes, if 424 desired. This member MUST be present in a JWK Set. 426 6. String Comparison Rules 428 The string comparison rules for this specification are the same as 429 those defined in Section 5.3 of [JWS]. 431 7. Encrypted JWK and Encrypted JWK Set Formats 433 Access to JWKs containing non-public key material by parties without 434 legitimate access to the non-public information MUST be prevented. 435 This can be accomplished by encrypting the JWK when potentially 436 observable by such parties to prevent the disclosure of private or 437 symmetric key values. The use of an Encrypted JWK, which is a JWE 438 with the UTF-8 encoding of a JWK as its plaintext value, is 439 recommended for this purpose. The processing of Encrypted JWKs is 440 identical to the processing of other JWEs. A "cty" (content type) 441 Header Parameter value of "jwk+json" MUST be used to indicate that 442 the content of the JWE is a JWK, unless the application knows that 443 the encrypted content is a JWK by another means or convention, in 444 which case the "cty" value would typically be omitted. 446 JWK Sets containing non-public key material will also need to be 447 encrypted under these circumstances. The use of an Encrypted JWK 448 Set, which is a JWE with the UTF-8 encoding of a JWK Set as its 449 plaintext value, is recommended for this purpose. The processing of 450 Encrypted JWK Sets is identical to the processing of other JWEs. A 451 "cty" (content type) Header Parameter value of "jwk-set+json" MUST be 452 used to indicate that the content of the JWE is a JWK Set, unless the 453 application knows that the encrypted content is a JWK Set by another 454 means or convention, in which case the "cty" value would typically be 455 omitted. 457 See Appendix C for an example encrypted JWK. 459 8. IANA Considerations 461 The following registration procedure is used for all the registries 462 established by this specification. 464 Values are registered with a Specification Required [RFC5226] after a 465 two-week review period on the [TBD]@ietf.org mailing list, on the 466 advice of one or more Designated Experts. However, to allow for the 467 allocation of values prior to publication, the Designated Expert(s) 468 may approve registration once they are satisfied that such a 469 specification will be published. 471 Registration requests must be sent to the [TBD]@ietf.org mailing list 472 for review and comment, with an appropriate subject (e.g., "Request 473 for access token type: example"). [[ Note to the RFC Editor: The name 474 of the mailing list should be determined in consultation with the 475 IESG and IANA. Suggested name: jose-reg-review. ]] 477 Within the review period, the Designated Expert(s) will either 478 approve or deny the registration request, communicating this decision 479 to the review list and IANA. Denials should include an explanation 480 and, if applicable, suggestions as to how to make the request 481 successful. Registration requests that are undetermined for a period 482 longer than 21 days can be brought to the IESG's attention (using the 483 iesg@iesg.org mailing list) for resolution. 485 Criteria that should be applied by the Designated Expert(s) includes 486 determining whether the proposed registration duplicates existing 487 functionality, determining whether it is likely to be of general 488 applicability or whether it is useful only for a single application, 489 and whether the registration makes sense. 491 IANA must only accept registry updates from the Designated Expert(s) 492 and should direct all requests for registration to the review mailing 493 list. 495 It is suggested that multiple Designated Experts be appointed who are 496 able to represent the perspectives of different applications using 497 this specification, in order to enable broadly-informed review of 498 registration decisions. In cases where a registration decision could 499 be perceived as creating a conflict of interest for a particular 500 Expert, that Expert should defer to the judgment of the other 501 Expert(s). 503 8.1. JSON Web Key Parameters Registry 505 This specification establishes the IANA JSON Web Key Parameters 506 registry for JWK parameter names. The registry records the parameter 507 name, the key type(s) that the parameter is used with, and a 508 reference to the specification that defines it. It also records 509 whether the parameter conveys public or private information. This 510 specification registers the parameter names defined in Section 4. 511 The same JWK parameter name may be registered multiple times, 512 provided that duplicate parameter registrations are only for key type 513 specific JWK parameters; in this case, the meaning of the duplicate 514 parameter name is disambiguated by the "kty" value of the JWK 515 containing it. 517 8.1.1. Registration Template 519 Parameter Name: 520 The name requested (e.g., "example"). Because a core goal of this 521 specification is for the resulting representations to be compact, 522 it is RECOMMENDED that the name be short -- not to exceed 8 523 characters without a compelling reason to do so. This name is 524 case-sensitive. Names may not match other registered names in a 525 case-insensitive manner unless the Designated Expert(s) state that 526 there is a compelling reason to allow an exception in this 527 particular case. However, matching names may be registered, 528 provided that the accompanying sets of "kty" values that the 529 Parameter Name is used with are disjoint; for the purposes of 530 matching "kty" values, "*" matches all values. 532 Parameter Description: 533 Brief description of the parameter (e.g., "Example description"). 535 Used with "kty" Value(s): 536 The key type parameter value(s) that the parameter name is to be 537 used with, or the value "*" if the parameter value is used with 538 all key types. Values may not match other registered "kty" values 539 in a case-insensitive manner when the registered Parameter Name is 540 the same (including when the Parameter Name matches in a case- 541 insensitive manner) unless the Designated Expert(s) state that 542 there is a compelling reason to allow an exception in this 543 particular case. 545 Parameter Information Class: 546 Registers whether the parameter conveys public or private 547 information. Its value must be one the words Public or Private. 549 Change Controller: 550 For Standards Track RFCs, state "IESG". For others, give the name 551 of the responsible party. Other details (e.g., postal address, 552 email address, home page URI) may also be included. 554 Specification Document(s): 555 Reference to the document(s) that specify the parameter, 556 preferably including URI(s) that can be used to retrieve copies of 557 the document(s). An indication of the relevant sections may also 558 be included but is not required. 560 8.1.2. Initial Registry Contents 562 o Parameter Name: "kty" 563 o Parameter Description: Key Type 564 o Used with "kty" Value(s): * 565 o Parameter Information Class: Public 566 o Change Controller: IESG 567 o Specification Document(s): Section 4.1 of [[ this document ]] 569 o Parameter Name: "use" 570 o Parameter Description: Public Key Use 571 o Used with "kty" Value(s): * 572 o Parameter Information Class: Public 573 o Change Controller: IESG 574 o Specification Document(s): Section 4.2 of [[ this document ]] 576 o Parameter Name: "key_ops" 577 o Parameter Description: Key Operations 578 o Used with "kty" Value(s): * 579 o Parameter Information Class: Public 580 o Change Controller: IESG 581 o Specification Document(s): Section 4.3 of [[ this document ]] 583 o Parameter Name: "alg" 584 o Parameter Description: Algorithm 585 o Used with "kty" Value(s): * 586 o Parameter Information Class: Public 587 o Change Controller: IESG 588 o Specification Document(s): Section 4.4 of [[ this document ]] 590 o Parameter Name: "kid" 591 o Parameter Description: Key ID 592 o Used with "kty" Value(s): * 593 o Parameter Information Class: Public 594 o Change Controller: IESG 595 o Specification Document(s): Section 4.5 of [[ this document ]] 597 o Parameter Name: "x5u" 598 o Parameter Description: X.509 URL 599 o Used with "kty" Value(s): * 600 o Parameter Information Class: Public 601 o Change Controller: IESG 602 o Specification Document(s): Section 4.6 of [[ this document ]] 604 o Parameter Name: "x5c" 605 o Parameter Description: X.509 Certificate Chain 606 o Used with "kty" Value(s): * 607 o Parameter Information Class: Public 608 o Change Controller: IESG 609 o Specification Document(s): Section 4.7 of [[ this document ]] 611 o Parameter Name: "x5t" 612 o Parameter Description: X.509 Certificate SHA-1 Thumbprint 613 o Used with "kty" Value(s): * 614 o Parameter Information Class: Public 615 o Change Controller: IESG 616 o Specification Document(s): Section 4.8 of [[ this document ]] 618 o Parameter Name: "x5t#S256" 619 o Parameter Description: X.509 Certificate SHA-256 Thumbprint 620 o Used with "kty" Value(s): * 621 o Parameter Information Class: Public 622 o Change Controller: IESG 623 o Specification Document(s): Section 4.9 of [[ this document ]] 625 8.2. JSON Web Key Use Registry 627 This specification establishes the IANA JSON Web Key Use registry for 628 JWK "use" (public key use) member values. The registry records the 629 public key use value and a reference to the specification that 630 defines it. This specification registers the parameter names defined 631 in Section 4.2. 633 8.2.1. Registration Template 635 Use Member Value: 636 The name requested (e.g., "example"). Because a core goal of this 637 specification is for the resulting representations to be compact, 638 it is RECOMMENDED that the name be short -- not to exceed 8 639 characters without a compelling reason to do so. This name is 640 case-sensitive. Names may not match other registered names in a 641 case-insensitive manner unless the Designated Expert(s) state that 642 there is a compelling reason to allow an exception in this 643 particular case. 645 Use Description: 646 Brief description of the use (e.g., "Example description"). 648 Change Controller: 649 For Standards Track RFCs, state "IESG". For others, give the name 650 of the responsible party. Other details (e.g., postal address, 651 email address, home page URI) may also be included. 653 Specification Document(s): 654 Reference to the document(s) that specify the parameter, 655 preferably including URI(s) that can be used to retrieve copies of 656 the document(s). An indication of the relevant sections may also 657 be included but is not required. 659 8.2.2. Initial Registry Contents 661 o Use Member Value: "sig" 662 o Use Description: Signature or MAC 663 o Change Controller: IESG 664 o Specification Document(s): Section 4.2 of [[ this document ]] 666 o Use Member Value: "enc" 667 o Use Description: Encryption 668 o Change Controller: IESG 669 o Specification Document(s): Section 4.2 of [[ this document ]] 671 8.3. JSON Web Key Operations Registry 673 This specification establishes the IANA JSON Web Key Operations 674 registry for values of JWK "key_ops" array elements. The registry 675 records the key operation value and a reference to the specification 676 that defines it. This specification registers the parameter names 677 defined in Section 4.3. 679 8.3.1. Registration Template 681 Key Operation Value: 682 The name requested (e.g., "example"). Because a core goal of this 683 specification is for the resulting representations to be compact, 684 it is RECOMMENDED that the name be short -- not to exceed 8 685 characters without a compelling reason to do so. This name is 686 case-sensitive. Names may not match other registered names in a 687 case-insensitive manner unless the Designated Expert(s) state that 688 there is a compelling reason to allow an exception in this 689 particular case. 691 Key Operation Description: 692 Brief description of the key operation (e.g., "Example 693 description"). 695 Change Controller: 696 For Standards Track RFCs, state "IESG". For others, give the name 697 of the responsible party. Other details (e.g., postal address, 698 email address, home page URI) may also be included. 700 Specification Document(s): 701 Reference to the document(s) that specify the parameter, 702 preferably including URI(s) that can be used to retrieve copies of 703 the document(s). An indication of the relevant sections may also 704 be included but is not required. 706 8.3.2. Initial Registry Contents 708 o Key Operation Value: "sign" 709 o Key Operation Description: Compute signature or MAC 710 o Change Controller: IESG 711 o Specification Document(s): Section 4.3 of [[ this document ]] 713 o Key Operation Value: "verify" 714 o Key Operation Description: Verify signature or MAC 715 o Change Controller: IESG 716 o Specification Document(s): Section 4.3 of [[ this document ]] 718 o Key Operation Value: "encrypt" 719 o Key Operation Description: Encrypt content 720 o Change Controller: IESG 721 o Specification Document(s): Section 4.3 of [[ this document ]] 723 o Key Operation Value: "decrypt" 724 o Key Operation Description: Decrypt content and validate 725 decryption, if applicable 727 o Change Controller: IESG 728 o Specification Document(s): Section 4.3 of [[ this document ]] 730 o Key Operation Value: "wrapKey" 731 o Key Operation Description: Encrypt key 732 o Change Controller: IESG 733 o Specification Document(s): Section 4.3 of [[ this document ]] 735 o Key Operation Value: "unwrapKey" 736 o Key Operation Description: Decrypt key and validate decryption, if 737 applicable 738 o Change Controller: IESG 739 o Specification Document(s): Section 4.3 of [[ this document ]] 741 o Key Operation Value: "deriveKey" 742 o Key Operation Description: Derive key 743 o Change Controller: IESG 744 o Specification Document(s): Section 4.3 of [[ this document ]] 746 o Key Operation Value: "deriveBits" 747 o Key Operation Description: Derive bits not to be used as a key 748 o Change Controller: IESG 749 o Specification Document(s): Section 4.3 of [[ this document ]] 751 8.4. JSON Web Key Set Parameters Registry 753 This specification establishes the IANA JSON Web Key Set Parameters 754 registry for JWK Set parameter names. The registry records the 755 parameter name and a reference to the specification that defines it. 756 This specification registers the parameter names defined in 757 Section 5. 759 8.4.1. Registration Template 761 Parameter Name: 762 The name requested (e.g., "example"). Because a core goal of this 763 specification is for the resulting representations to be compact, 764 it is RECOMMENDED that the name be short -- not to exceed 8 765 characters without a compelling reason to do so. This name is 766 case-sensitive. Names may not match other registered names in a 767 case-insensitive manner unless the Designated Expert(s) state that 768 there is a compelling reason to allow an exception in this 769 particular case. 771 Parameter Description: 772 Brief description of the parameter (e.g., "Example description"). 774 Change Controller: 775 For Standards Track RFCs, state "IESG". For others, give the name 776 of the responsible party. Other details (e.g., postal address, 777 email address, home page URI) may also be included. 779 Specification Document(s): 780 Reference to the document(s) that specify the parameter, 781 preferably including URI(s) that can be used to retrieve copies of 782 the document(s). An indication of the relevant sections may also 783 be included but is not required. 785 8.4.2. Initial Registry Contents 787 o Parameter Name: "keys" 788 o Parameter Description: Array of JWK values 789 o Change Controller: IESG 790 o Specification Document(s): Section 5.1 of [[ this document ]] 792 8.5. Media Type Registration 794 8.5.1. Registry Contents 796 This specification registers the "application/jwk+json" and 797 "application/jwk-set+json" Media Types [RFC2046] in the MIME Media 798 Types registry [IANA.MediaTypes], which can be used to indicate, 799 respectively, that the content is a JWK or a JWK Set. 801 o Type Name: application 802 o Subtype Name: jwk+json 803 o Required Parameters: n/a 804 o Optional Parameters: n/a 805 o Encoding considerations: 8bit; application/jwk+json values are 806 represented as JSON object; UTF-8 encoding SHOULD be employed for 807 the JSON object. 808 o Security Considerations: See the Security Considerations section 809 of [[ this document ]] 810 o Interoperability Considerations: n/a 811 o Published Specification: [[ this document ]] 812 o Applications that use this media type: TBD 813 o Additional Information: Magic number(s): n/a, File extension(s): 814 n/a, Macintosh file type code(s): n/a 815 o Person & email address to contact for further information: Michael 816 B. Jones, mbj@microsoft.com 817 o Intended Usage: COMMON 818 o Restrictions on Usage: none 819 o Author: Michael B. Jones, mbj@microsoft.com 820 o Change Controller: IESG 822 o Type Name: application 823 o Subtype Name: jwk-set+json 824 o Required Parameters: n/a 825 o Optional Parameters: n/a 826 o Encoding considerations: 8bit; application/jwk-set+json values are 827 represented as a JSON Object; UTF-8 encoding SHOULD be employed 828 for the JSON object. 829 o Security Considerations: See the Security Considerations section 830 of [[ this document ]] 831 o Interoperability Considerations: n/a 832 o Published Specification: [[ this document ]] 833 o Applications that use this media type: TBD 834 o Additional Information: Magic number(s): n/a, File extension(s): 835 n/a, Macintosh file type code(s): n/a 836 o Person & email address to contact for further information: Michael 837 B. Jones, mbj@microsoft.com 838 o Intended Usage: COMMON 839 o Restrictions on Usage: none 840 o Author: Michael B. Jones, mbj@microsoft.com 841 o Change Controller: IESG 843 9. Security Considerations 845 All of the security issues faced by any cryptographic application 846 must be faced by a JWS/JWE/JWK agent. Among these issues are 847 protecting the user's asymmetric private and symmetric secret keys, 848 preventing various attacks, and helping avoid mistakes such as 849 inadvertently encrypting a message to the wrong recipient. The 850 entire list of security considerations is beyond the scope of this 851 document, but some significant considerations are listed here. 853 9.1. Key Provenance and Trust 855 One should place no more trust in the data associated with a key than 856 in than the method by which it was obtained and in the 857 trustworthiness of the entity asserting an association with the key. 858 Any data associated with a key that is obtained in an untrusted 859 manner should be treated with skepticism. 861 The security considerations in Section 12.3 of XML DSIG 2.0 862 [W3C.NOTE-xmldsig-core2-20130411] about the strength of a signature 863 depending upon all the links in the security chain also apply to this 864 specification. 866 The TLS Requirements in [JWS] also apply to this specification. 868 9.2. Preventing Disclosure of Non-Public Key Information 870 Private and symmetric keys MUST be protected from disclosure to 871 unintended parties. One recommended means of doing so is to encrypt 872 JWKs or JWK Sets containing them by using the JWK or JWK Set value as 873 the plaintext of a JWE. 875 The security considerations in RFC 3447 [RFC3447] and RFC 6030 876 [RFC6030] about protecting private and symmetric keys, key usage, and 877 information leakage also apply to this specification. 879 9.3. RSA Private Key Representations and Blinding 881 The RSA Key blinding operation [Kocher], which is a defense against 882 some timing attacks, requires all of the RSA key values "n", "e", and 883 "d". However, some RSA private key representations do not include 884 the public exponent "e", but only include the modulus "n" and the 885 private exponent "d". This is true, for instance, of the Java 886 RSAPrivateKeySpec API, which does not include the public exponent "e" 887 as a parameter. So as to enable RSA key blinding, such 888 representations should be avoided. For Java, the 889 RSAPrivateCrtKeySpec API can be used instead. Section 8.2.2(i) of 890 the Handbook of Applied Cryptography [HAC] discusses how to compute 891 the remaining RSA private key parameters, if needed, using only "n", 892 "e", and "d". 894 10. References 896 10.1. Normative References 898 [ECMAScript] 899 Ecma International, "ECMAScript Language Specification, 900 5.1 Edition", ECMA 262, June 2011. 902 [IANA.MediaTypes] 903 Internet Assigned Numbers Authority (IANA), "MIME Media 904 Types", 2005. 906 [ITU.X690.1994] 907 International Telecommunications Union, "Information 908 Technology - ASN.1 encoding rules: Specification of Basic 909 Encoding Rules (BER), Canonical Encoding Rules (CER) and 910 Distinguished Encoding Rules (DER)", ITU-T Recommendation 911 X.690, 1994. 913 [JWA] Jones, M., "JSON Web Algorithms (JWA)", 914 draft-ietf-jose-json-web-algorithms (work in progress), 915 June 2014. 917 [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", 918 draft-ietf-jose-json-web-encryption (work in progress), 919 June 2014. 921 [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web 922 Signature (JWS)", draft-ietf-jose-json-web-signature (work 923 in progress), June 2014. 925 [RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic 926 Mail: Part I: Message Encryption and Authentication 927 Procedures", RFC 1421, February 1993. 929 [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 930 Extensions (MIME) Part Two: Media Types", RFC 2046, 931 November 1996. 933 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 934 Requirement Levels", BCP 14, RFC 2119, March 1997. 936 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 938 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 939 10646", STD 63, RFC 3629, November 2003. 941 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 942 Resource Identifier (URI): Generic Syntax", STD 66, 943 RFC 3986, January 2005. 945 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 946 Encodings", RFC 4648, October 2006. 948 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 949 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 951 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 952 Housley, R., and W. Polk, "Internet X.509 Public Key 953 Infrastructure Certificate and Certificate Revocation List 954 (CRL) Profile", RFC 5280, May 2008. 956 [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and 957 Verification of Domain-Based Application Service Identity 958 within Internet Public Key Infrastructure Using X.509 959 (PKIX) Certificates in the Context of Transport Layer 960 Security (TLS)", RFC 6125, March 2011. 962 [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data 963 Interchange Format", RFC 7159, March 2014. 965 [USASCII] American National Standards Institute, "Coded Character 966 Set -- 7-bit American Standard Code for Information 967 Interchange", ANSI X3.4, 1986. 969 10.2. Informative References 971 [HAC] Menezes, A., van Oorschot, P., and S. Vanstone, "Handbook 972 of Applied Cryptography", CRC Press, 1996, 973 . 975 [Kocher] Kocher, P., "Timing Attacks on Implementations of Diffe- 976 Hellman, RSA, DSS, and Other Systems", In Proceedings of 977 the 16th Annual International Cryptology Conference 978 Advances in Cryptology, Springer-Verlag, pp. 104-113, 979 1996. 981 [MagicSignatures] 982 Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic 983 Signatures", January 2011. 985 [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography 986 Standards (PKCS) #1: RSA Cryptography Specifications 987 Version 2.1", RFC 3447, February 2003. 989 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 990 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 991 May 2008. 993 [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric 994 Key Container (PSKC)", RFC 6030, October 2010. 996 [W3C.NOTE-xmldsig-core2-20130411] 997 Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Roessler, 998 T., Yiu, K., Datta, P., and S. Cantor, "XML Signature 999 Syntax and Processing Version 2.0", World Wide Web 1000 Consortium Note NOTE-xmldsig-core2-20130411, April 2013, 1001 . 1003 [WebCrypto] 1004 Sleevi, R. and M. Watson, "Web Cryptography API", World 1005 Wide Web Consortium Draft, March 2014, 1006 . 1008 Appendix A. Example JSON Web Key Sets 1010 A.1. Example Public Keys 1012 The following example JWK Set contains two public keys represented as 1013 JWKs: one using an Elliptic Curve algorithm and a second one using an 1014 RSA algorithm. The first specifies that the key is to be used for 1015 encryption. The second specifies that the key is to be used with the 1016 "RS256" algorithm. Both provide a Key ID for key matching purposes. 1017 In both cases, integers are represented using the base64url encoding 1018 of their big endian representations. (Long lines are broken are for 1019 display purposes only.) 1021 {"keys": 1022 [ 1023 {"kty":"EC", 1024 "crv":"P-256", 1025 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1026 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1027 "use":"enc", 1028 "kid":"1"}, 1030 {"kty":"RSA", 1031 "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 1032 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs 1033 tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 1034 QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI 1035 SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb 1036 w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1037 "e":"AQAB", 1038 "alg":"RS256", 1039 "kid":"2011-04-29"} 1040 ] 1041 } 1043 A.2. Example Private Keys 1045 The following example JWK Set contains two keys represented as JWKs 1046 containing both public and private key values: one using an Elliptic 1047 Curve algorithm and a second one using an RSA algorithm. This 1048 example extends the example in the previous section, adding private 1049 key values. (Line breaks are for display purposes only.) 1050 {"keys": 1051 [ 1052 {"kty":"EC", 1053 "crv":"P-256", 1054 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1055 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1056 "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", 1057 "use":"enc", 1058 "kid":"1"}, 1060 {"kty":"RSA", 1061 "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4 1062 cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMst 1063 n64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2Q 1064 vzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbIS 1065 D08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw 1066 0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1067 "e":"AQAB", 1068 "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9 1069 M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij 1070 wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d 1071 _cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz 1072 nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz 1073 me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", 1074 "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV 1075 nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV 1076 WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", 1077 "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum 1078 qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx 1079 kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", 1080 "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim 1081 YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu 1082 YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", 1083 "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU 1084 vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9 1085 GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", 1086 "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg 1087 UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx 1088 yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", 1089 "alg":"RS256", 1090 "kid":"2011-04-29"} 1091 ] 1092 } 1094 A.3. Example Symmetric Keys 1096 The following example JWK Set contains two symmetric keys represented 1097 as JWKs: one designated as being for use with the AES Key Wrap 1098 algorithm and a second one that is an HMAC key. (Line breaks are for 1099 display purposes only.) 1101 {"keys": 1102 [ 1103 {"kty":"oct", 1104 "alg":"A128KW", 1105 "k":"GawgguFyGrWKav7AX4VKUg"}, 1107 {"kty":"oct", 1108 "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75 1109 aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", 1110 "kid":"HMAC key used in JWS A.1 example"} 1111 ] 1112 } 1114 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter 1115 The following is an example of a JWK with a RSA signing key 1116 represented both as an RSA public key and as an X.509 certificate 1117 using the "x5c" parameter: 1119 {"kty":"RSA", 1120 "use":"sig", 1121 "kid":"1b94c", 1122 "n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08 1123 PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q 1124 u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a 1125 YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH 1126 MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv 1127 VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ", 1128 "e":"AQAB", 1129 "x5c": 1130 ["MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJB 1131 gNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYD 1132 VQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1 1133 wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBg 1134 NVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDV 1135 QQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1w 1136 YmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnH 1137 YMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66 1138 s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6 1139 SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpn 1140 fajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPq 1141 PvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVk 1142 aZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BA 1143 QUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL 1144 +9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1 1145 zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL 1146 2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo 1147 4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTq 1148 gawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA=="] 1149 } 1151 Appendix C. Example Encrypted RSA Private Key 1153 This example encrypts an RSA private key to the recipient using 1154 "PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for 1155 content encryption. 1157 NOTE: Unless otherwise indicated, all line breaks are included solely 1158 for readability. 1160 C.1. Plaintext RSA Private Key 1162 The following RSA key is the plaintext for the encryption operation, 1163 formatted as a JWK object: 1165 { 1166 "kty":"RSA", 1167 "kid":"juliet@capulet.lit", 1168 "use":"enc", 1169 "n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy 1170 O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP 1171 8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0 1172 Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X 1173 OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1 1174 _I8sLGuSiVdt3C_Fn2PZ3Z8i744FPFGGcG1qs2Wz-Q", 1175 "e":"AQAB", 1176 "d":"GRtbIQmhOZtyszfgKdg4u_N-R_mZGU_9k7JQ_jn1DnfTuMdSNprTeaSTyWfS 1177 NkuaAwnOEbIQVy1IQbWVV25NY3ybc_IhUJtfri7bAXYEReWaCl3hdlPKXy9U 1178 vqPYGR0kIXTQRqns-dVJ7jahlI7LyckrpTmrM8dWBo4_PMaenNnPiQgO0xnu 1179 ToxutRZJfJvG4Ox4ka3GORQd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu 1180 rY15k9qMSpG9OX_IJAXmxzAh_tWiZOwk2K4yxH9tS3Lq1yX8C1EWmeRDkK2a 1181 hecG85-oLKQt5VEpWHKmjOi_gJSdSgqcN96X52esAQ", 1182 "p":"2rnSOV4hKSN8sS4CgcQHFbs08XboFDqKum3sc4h3GRxrTmQdl1ZK9uw-PIHf 1183 QP0FkxXVrx-WE-ZEbrqivH_2iCLUS7wAl6XvARt1KkIaUxPPSYB9yk31s0Q8 1184 UK96E3_OrADAYtAJs-M3JxCLfNgqh56HDnETTQhH3rCT5T3yJws", 1185 "q":"1u_RiFDP7LBYh3N4GXLT9OpSKYP0uQZyiaZwBtOCBNJgQxaj10RWjsZu0c6I 1186 edis4S7B_coSKB0Kj9PaPaBzg-IySRvvcQuPamQu66riMhjVtG6TlV8CLCYK 1187 rYl52ziqK0E_ym2QnkwsUX7eYTB7LbAHRK9GqocDE5B0f808I4s", 1188 "dp":"KkMTWqBUefVwZ2_Dbj1pPQqyHSHjj90L5x_MOzqYAJMcLMZtbUtwKqvVDq3 1189 tbEo3ZIcohbDtt6SbfmWzggabpQxNxuBpoOOf_a_HgMXK_lhqigI4y_kqS1w 1190 Y52IwjUn5rgRrJ-yYo1h41KR-vz2pYhEAeYrhttWtxVqLCRViD6c", 1191 "dq":"AvfS0-gRxvn0bwJoMSnFxYcK1WnuEjQFluMGfwGitQBWtfZ1Er7t1xDkbN9 1192 GQTB9yqpDoYaN06H7CFtrkxhJIBQaj6nkF5KKS3TQtQ5qCzkOkmxIe3KRbBy 1193 mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu_lRFCOJ3xDea-ots", 1194 "qi":"lSQi-w9CpyUReMErP1RsBLk7wNtOvs5EQpPqmuMvqW57NBUczScEoPwmUqq 1195 abu9V0-Py4dQ57_bapoKRu1R90bvuFnU63SHWEFglZQvJDMeAvmj4sm-Fp0o 1196 Yu_neotgQ0hzbI5gry7ajdYy9-2lNx_76aBZoOUu9HCJ-UsfSOI8" 1197 } 1199 The octets representing the Plaintext used in this example (using 1200 JSON array notation) are: 1202 [123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107, 1203 105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112, 1204 117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34, 1205 58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56, 1206 80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78, 1207 89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87, 1208 101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49, 1209 103, 80, 78, 113, 70, 77, 83, 81, 82, 121, 79, 49, 50, 53, 71, 112, 1210 45, 84, 69, 107, 111, 100, 104, 87, 114, 48, 105, 117, 106, 106, 72, 1211 86, 120, 55, 66, 99, 86, 48, 108, 108, 83, 52, 119, 53, 65, 67, 71, 1212 103, 80, 114, 99, 65, 100, 54, 90, 99, 83, 82, 48, 45, 73, 113, 111, 1213 109, 45, 81, 70, 99, 78, 80, 56, 83, 106, 103, 48, 56, 54, 77, 119, 1214 111, 113, 81, 85, 95, 76, 89, 121, 119, 108, 65, 71, 90, 50, 49, 87, 1215 83, 100, 83, 95, 80, 69, 82, 121, 71, 70, 105, 78, 110, 106, 51, 81, 1216 81, 108, 79, 56, 89, 110, 115, 53, 106, 67, 116, 76, 67, 82, 119, 76, 1217 72, 76, 48, 80, 98, 49, 102, 69, 118, 52, 53, 65, 117, 82, 73, 117, 1218 85, 102, 86, 99, 80, 121, 83, 66, 87, 89, 110, 68, 121, 71, 120, 118, 1219 106, 89, 71, 68, 83, 77, 45, 65, 113, 87, 83, 57, 122, 73, 81, 50, 1220 90, 105, 108, 103, 84, 45, 71, 113, 85, 109, 105, 112, 103, 48, 88, 1221 79, 67, 48, 67, 99, 50, 48, 114, 103, 76, 101, 50, 121, 109, 76, 72, 1222 106, 112, 72, 99, 105, 67, 75, 86, 65, 98, 89, 53, 45, 76, 51, 50, 1223 45, 108, 83, 101, 90, 79, 45, 79, 115, 54, 85, 49, 53, 95, 97, 88, 1224 114, 107, 57, 71, 119, 56, 99, 80, 85, 97, 88, 49, 95, 73, 56, 115, 1225 76, 71, 117, 83, 105, 86, 100, 116, 51, 67, 95, 70, 110, 50, 80, 90, 1226 51, 90, 56, 105, 55, 52, 52, 70, 80, 70, 71, 71, 99, 71, 49, 113, 1227 115, 50, 87, 122, 45, 81, 34, 44, 34, 101, 34, 58, 34, 65, 81, 65, 1228 66, 34, 44, 34, 100, 34, 58, 34, 71, 82, 116, 98, 73, 81, 109, 104, 1229 79, 90, 116, 121, 115, 122, 102, 103, 75, 100, 103, 52, 117, 95, 78, 1230 45, 82, 95, 109, 90, 71, 85, 95, 57, 107, 55, 74, 81, 95, 106, 110, 1231 49, 68, 110, 102, 84, 117, 77, 100, 83, 78, 112, 114, 84, 101, 97, 1232 83, 84, 121, 87, 102, 83, 78, 107, 117, 97, 65, 119, 110, 79, 69, 98, 1233 73, 81, 86, 121, 49, 73, 81, 98, 87, 86, 86, 50, 53, 78, 89, 51, 121, 1234 98, 99, 95, 73, 104, 85, 74, 116, 102, 114, 105, 55, 98, 65, 88, 89, 1235 69, 82, 101, 87, 97, 67, 108, 51, 104, 100, 108, 80, 75, 88, 121, 57, 1236 85, 118, 113, 80, 89, 71, 82, 48, 107, 73, 88, 84, 81, 82, 113, 110, 1237 115, 45, 100, 86, 74, 55, 106, 97, 104, 108, 73, 55, 76, 121, 99, 1238 107, 114, 112, 84, 109, 114, 77, 56, 100, 87, 66, 111, 52, 95, 80, 1239 77, 97, 101, 110, 78, 110, 80, 105, 81, 103, 79, 48, 120, 110, 117, 1240 84, 111, 120, 117, 116, 82, 90, 74, 102, 74, 118, 71, 52, 79, 120, 1241 52, 107, 97, 51, 71, 79, 82, 81, 100, 57, 67, 115, 67, 90, 50, 118, 1242 115, 85, 68, 109, 115, 88, 79, 102, 85, 69, 78, 79, 121, 77, 113, 65, 1243 68, 67, 54, 112, 49, 77, 51, 104, 51, 51, 116, 115, 117, 114, 89, 49, 1244 53, 107, 57, 113, 77, 83, 112, 71, 57, 79, 88, 95, 73, 74, 65, 88, 1245 109, 120, 122, 65, 104, 95, 116, 87, 105, 90, 79, 119, 107, 50, 75, 1246 52, 121, 120, 72, 57, 116, 83, 51, 76, 113, 49, 121, 88, 56, 67, 49, 1247 69, 87, 109, 101, 82, 68, 107, 75, 50, 97, 104, 101, 99, 71, 56, 53, 1248 45, 111, 76, 75, 81, 116, 53, 86, 69, 112, 87, 72, 75, 109, 106, 79, 1249 105, 95, 103, 74, 83, 100, 83, 103, 113, 99, 78, 57, 54, 88, 53, 50, 1250 101, 115, 65, 81, 34, 44, 34, 112, 34, 58, 34, 50, 114, 110, 83, 79, 1251 86, 52, 104, 75, 83, 78, 56, 115, 83, 52, 67, 103, 99, 81, 72, 70, 1252 98, 115, 48, 56, 88, 98, 111, 70, 68, 113, 75, 117, 109, 51, 115, 99, 1253 52, 104, 51, 71, 82, 120, 114, 84, 109, 81, 100, 108, 49, 90, 75, 57, 1254 117, 119, 45, 80, 73, 72, 102, 81, 80, 48, 70, 107, 120, 88, 86, 114, 1255 120, 45, 87, 69, 45, 90, 69, 98, 114, 113, 105, 118, 72, 95, 50, 105, 1256 67, 76, 85, 83, 55, 119, 65, 108, 54, 88, 118, 65, 82, 116, 49, 75, 1257 107, 73, 97, 85, 120, 80, 80, 83, 89, 66, 57, 121, 107, 51, 49, 115, 1258 48, 81, 56, 85, 75, 57, 54, 69, 51, 95, 79, 114, 65, 68, 65, 89, 116, 1259 65, 74, 115, 45, 77, 51, 74, 120, 67, 76, 102, 78, 103, 113, 104, 53, 1260 54, 72, 68, 110, 69, 84, 84, 81, 104, 72, 51, 114, 67, 84, 53, 84, 1261 51, 121, 74, 119, 115, 34, 44, 34, 113, 34, 58, 34, 49, 117, 95, 82, 1262 105, 70, 68, 80, 55, 76, 66, 89, 104, 51, 78, 52, 71, 88, 76, 84, 57, 1263 79, 112, 83, 75, 89, 80, 48, 117, 81, 90, 121, 105, 97, 90, 119, 66, 1264 116, 79, 67, 66, 78, 74, 103, 81, 120, 97, 106, 49, 48, 82, 87, 106, 1265 115, 90, 117, 48, 99, 54, 73, 101, 100, 105, 115, 52, 83, 55, 66, 95, 1266 99, 111, 83, 75, 66, 48, 75, 106, 57, 80, 97, 80, 97, 66, 122, 103, 1267 45, 73, 121, 83, 82, 118, 118, 99, 81, 117, 80, 97, 109, 81, 117, 54, 1268 54, 114, 105, 77, 104, 106, 86, 116, 71, 54, 84, 108, 86, 56, 67, 76, 1269 67, 89, 75, 114, 89, 108, 53, 50, 122, 105, 113, 75, 48, 69, 95, 121, 1270 109, 50, 81, 110, 107, 119, 115, 85, 88, 55, 101, 89, 84, 66, 55, 76, 1271 98, 65, 72, 82, 75, 57, 71, 113, 111, 99, 68, 69, 53, 66, 48, 102, 1272 56, 48, 56, 73, 52, 115, 34, 44, 34, 100, 112, 34, 58, 34, 75, 107, 1273 77, 84, 87, 113, 66, 85, 101, 102, 86, 119, 90, 50, 95, 68, 98, 106, 1274 49, 112, 80, 81, 113, 121, 72, 83, 72, 106, 106, 57, 48, 76, 53, 120, 1275 95, 77, 79, 122, 113, 89, 65, 74, 77, 99, 76, 77, 90, 116, 98, 85, 1276 116, 119, 75, 113, 118, 86, 68, 113, 51, 116, 98, 69, 111, 51, 90, 1277 73, 99, 111, 104, 98, 68, 116, 116, 54, 83, 98, 102, 109, 87, 122, 1278 103, 103, 97, 98, 112, 81, 120, 78, 120, 117, 66, 112, 111, 79, 79, 1279 102, 95, 97, 95, 72, 103, 77, 88, 75, 95, 108, 104, 113, 105, 103, 1280 73, 52, 121, 95, 107, 113, 83, 49, 119, 89, 53, 50, 73, 119, 106, 85, 1281 110, 53, 114, 103, 82, 114, 74, 45, 121, 89, 111, 49, 104, 52, 49, 1282 75, 82, 45, 118, 122, 50, 112, 89, 104, 69, 65, 101, 89, 114, 104, 1283 116, 116, 87, 116, 120, 86, 113, 76, 67, 82, 86, 105, 68, 54, 99, 34, 1284 44, 34, 100, 113, 34, 58, 34, 65, 118, 102, 83, 48, 45, 103, 82, 120, 1285 118, 110, 48, 98, 119, 74, 111, 77, 83, 110, 70, 120, 89, 99, 75, 49, 1286 87, 110, 117, 69, 106, 81, 70, 108, 117, 77, 71, 102, 119, 71, 105, 1287 116, 81, 66, 87, 116, 102, 90, 49, 69, 114, 55, 116, 49, 120, 68, 1288 107, 98, 78, 57, 71, 81, 84, 66, 57, 121, 113, 112, 68, 111, 89, 97, 1289 78, 48, 54, 72, 55, 67, 70, 116, 114, 107, 120, 104, 74, 73, 66, 81, 1290 97, 106, 54, 110, 107, 70, 53, 75, 75, 83, 51, 84, 81, 116, 81, 53, 1291 113, 67, 122, 107, 79, 107, 109, 120, 73, 101, 51, 75, 82, 98, 66, 1292 121, 109, 88, 120, 107, 98, 53, 113, 119, 85, 112, 88, 53, 69, 76, 1293 68, 53, 120, 70, 99, 54, 70, 101, 105, 97, 102, 87, 89, 89, 54, 51, 1294 84, 109, 109, 69, 65, 117, 95, 108, 82, 70, 67, 79, 74, 51, 120, 68, 1295 101, 97, 45, 111, 116, 115, 34, 44, 34, 113, 105, 34, 58, 34, 108, 1296 83, 81, 105, 45, 119, 57, 67, 112, 121, 85, 82, 101, 77, 69, 114, 80, 1297 49, 82, 115, 66, 76, 107, 55, 119, 78, 116, 79, 118, 115, 53, 69, 81, 1298 112, 80, 113, 109, 117, 77, 118, 113, 87, 53, 55, 78, 66, 85, 99, 1299 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, 1300 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, 1301 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, 1302 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, 1303 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, 1304 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, 1305 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, 1306 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, 1307 125] 1309 C.2. JWE Header 1311 The following example JWE Protected Header declares that: 1313 o the Content Encryption Key is encrypted to the recipient using the 1314 PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, 1316 o the Salt Input ("p2s") value is [217, 96, 147, 112, 150, 117, 70, 1317 247, 127, 8, 155, 137, 174, 42, 80, 215], 1319 o the Iteration Count ("p2c") value is 4096, 1321 o the Plaintext is encrypted using the AES_128_CBC_HMAC_SHA_256 1322 algorithm to produce the Ciphertext, and 1324 o the content type is application/jwk+json. 1326 { 1327 "alg":"PBES2-HS256+A128KW", 1328 "p2s":"2WCTcJZ1Rvd_CJuJripQ1w", 1329 "p2c":4096, 1330 "enc":"A128CBC-HS256", 1331 "cty":"jwk+json" 1332 } 1334 Encoding this JWE Protected Header as BASE64URL(UTF8(JWE Protected 1335 Header)) gives this value (with line breaks for display purposes 1336 only): 1338 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1339 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1340 andrK2pzb24ifQ 1342 C.3. Content Encryption Key (CEK) 1344 Generate a 256 bit random Content Encryption Key (CEK). In this 1345 example, the value (using JSON array notation) is: 1347 [111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 112, 1348 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 48, 1349 253, 182] 1351 C.4. Key Derivation 1353 Derive a key from a shared passphrase using the PBKDF2 algorithm with 1354 HMAC SHA-256 and the specified Salt and Iteration Count values and a 1355 128 bit requested output key size to produce the PBKDF2 Derived Key. 1356 This example uses the following passphrase: 1358 Thus from my lips, by yours, my sin is purged. 1360 The octets representing the passphrase are: 1362 [84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108, 1363 105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, 1364 109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103, 1365 101, 100, 46] 1367 The Salt value (UTF8(Alg) || 0x00 || Salt Input) is: 1369 [80, 66, 69, 83, 50, 45, 72, 83, 50, 53, 54, 43, 65, 49, 50, 56, 75, 1370 87, 0, 217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 155, 137, 174, 1371 42, 80, 215]. 1373 The resulting PBKDF2 Derived Key value is: 1375 [110, 171, 169, 92, 129, 92, 109, 117, 233, 242, 116, 233, 170, 14, 1376 24, 75] 1378 C.5. Key Encryption 1380 Encrypt the CEK with the "A128KW" algorithm using the PBKDF2 Derived 1381 Key. The resulting JWE Encrypted Key value is: 1383 [78, 186, 151, 59, 11, 141, 81, 240, 213, 245, 83, 211, 53, 188, 134, 1384 188, 66, 125, 36, 200, 222, 124, 5, 103, 249, 52, 117, 184, 140, 81, 1385 246, 158, 161, 177, 20, 33, 245, 57, 59, 4] 1387 Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives 1388 this value: 1390 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA 1392 C.6. Initialization Vector 1394 Generate a random 128 bit JWE Initialization Vector. In this 1395 example, the value is: 1397 [97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149, 1398 156] 1399 Encoding this JWE Initialization Vector as BASE64URL(JWE 1400 Initialization Vector) gives this value: 1402 Ye9j1qs22DmRSAddIh-VnA 1404 C.7. Additional Authenticated Data 1406 Let the Additional Authenticated Data encryption parameter be 1407 ASCII(BASE64URL(UTF8(JWE Protected Header))). This value is: 1409 [123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, 1410 50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, 1411 58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, 1412 117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, 1413 52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, 1414 66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, 1415 106, 119, 107, 43, 106, 115, 111, 110, 34, 125] 1417 C.8. Content Encryption 1419 Encrypt the Plaintext with AES_128_CBC_HMAC_SHA_256 using the CEK as 1420 the encryption key, the JWE Initialization Vector, and the Additional 1421 Authenticated Data value above. The resulting Ciphertext is: 1423 [3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, 1424 131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, 1425 112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, 1426 157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, 1427 129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60, 1428 60, 47, 233, 132, 121, 13, 35, 188, 53, 19, 172, 77, 59, 54, 211, 1429 158, 172, 25, 60, 111, 0, 80, 201, 158, 160, 210, 68, 55, 12, 67, 1430 136, 130, 87, 216, 197, 95, 62, 20, 155, 205, 5, 140, 27, 168, 221, 1431 65, 114, 78, 157, 254, 46, 206, 182, 52, 135, 87, 239, 3, 34, 186, 1432 126, 220, 151, 17, 33, 237, 57, 96, 172, 183, 58, 45, 248, 103, 241, 1433 142, 136, 7, 53, 16, 173, 181, 7, 93, 92, 252, 1, 53, 212, 242, 8, 1434 255, 11, 239, 181, 24, 148, 136, 111, 24, 161, 244, 23, 106, 69, 157, 1435 215, 243, 189, 240, 166, 169, 249, 72, 38, 201, 99, 223, 173, 229, 9, 1436 222, 82, 79, 157, 176, 248, 85, 239, 121, 163, 1, 31, 48, 98, 206, 1437 61, 249, 104, 216, 201, 227, 105, 48, 194, 193, 10, 36, 160, 159, 1438 241, 166, 84, 54, 188, 211, 243, 242, 40, 46, 45, 193, 193, 160, 169, 1439 101, 201, 1, 73, 47, 105, 142, 88, 28, 42, 132, 26, 61, 58, 63, 142, 1440 243, 77, 26, 179, 153, 166, 46, 203, 208, 49, 55, 229, 34, 178, 4, 1441 109, 180, 204, 204, 115, 1, 103, 193, 5, 91, 215, 214, 195, 1, 110, 1442 208, 53, 144, 36, 105, 12, 54, 25, 129, 101, 15, 183, 150, 250, 147, 1443 115, 227, 58, 250, 5, 128, 232, 63, 15, 14, 19, 141, 124, 253, 142, 1444 137, 189, 135, 26, 44, 240, 27, 88, 132, 105, 127, 6, 71, 37, 41, 1445 124, 187, 165, 140, 34, 200, 123, 80, 228, 24, 231, 176, 132, 171, 1446 138, 145, 152, 116, 224, 50, 141, 51, 147, 91, 186, 7, 246, 106, 217, 1447 148, 244, 227, 244, 45, 220, 121, 165, 224, 148, 181, 17, 181, 128, 1448 197, 101, 237, 11, 169, 229, 149, 199, 78, 56, 15, 14, 190, 91, 216, 1449 222, 247, 213, 74, 40, 8, 96, 20, 168, 119, 96, 26, 24, 52, 37, 82, 1450 127, 57, 176, 147, 118, 59, 7, 224, 33, 117, 72, 155, 29, 82, 26, 1451 215, 189, 140, 119, 28, 152, 118, 93, 222, 194, 192, 148, 115, 83, 1452 253, 216, 212, 108, 88, 83, 175, 172, 220, 97, 79, 110, 42, 223, 170, 1453 161, 34, 164, 144, 193, 76, 122, 92, 160, 41, 178, 175, 6, 35, 96, 1454 113, 96, 158, 90, 129, 101, 26, 45, 70, 180, 189, 230, 15, 5, 247, 1455 150, 209, 94, 171, 26, 13, 142, 212, 129, 1, 176, 5, 0, 112, 203, 1456 174, 185, 119, 76, 233, 189, 54, 172, 189, 245, 223, 253, 205, 12, 1457 88, 9, 126, 157, 225, 90, 40, 229, 191, 63, 30, 160, 224, 69, 3, 140, 1458 109, 70, 89, 37, 213, 245, 194, 210, 180, 188, 63, 210, 139, 221, 2, 1459 144, 200, 20, 177, 216, 29, 227, 242, 106, 12, 135, 142, 139, 144, 1460 82, 225, 162, 171, 176, 108, 99, 6, 43, 193, 161, 116, 234, 216, 1, 1461 242, 21, 124, 162, 98, 205, 124, 193, 38, 12, 242, 90, 101, 76, 204, 1462 184, 124, 58, 180, 16, 240, 26, 76, 195, 250, 212, 191, 185, 191, 97, 1463 198, 186, 73, 225, 75, 14, 90, 123, 121, 172, 101, 50, 160, 221, 141, 1464 253, 205, 126, 77, 9, 87, 198, 110, 104, 182, 141, 120, 51, 25, 232, 1465 3, 32, 80, 6, 156, 8, 18, 4, 135, 221, 142, 25, 135, 2, 129, 132, 1466 115, 227, 74, 141, 28, 119, 11, 141, 117, 134, 198, 62, 150, 254, 97, 1467 75, 197, 251, 99, 89, 204, 224, 226, 67, 83, 175, 89, 0, 81, 29, 38, 1468 207, 89, 140, 255, 197, 177, 164, 128, 62, 116, 224, 180, 109, 169, 1469 28, 2, 59, 176, 130, 252, 44, 178, 81, 24, 181, 176, 75, 44, 61, 91, 1470 12, 37, 21, 255, 83, 130, 197, 16, 231, 60, 217, 56, 131, 118, 168, 1471 202, 58, 52, 84, 124, 162, 185, 174, 162, 226, 242, 112, 68, 246, 1472 202, 16, 208, 52, 154, 58, 129, 80, 102, 33, 171, 6, 186, 177, 14, 1473 195, 88, 136, 6, 0, 155, 28, 100, 162, 207, 162, 222, 117, 248, 170, 1474 208, 114, 87, 31, 57, 176, 33, 57, 83, 253, 12, 168, 110, 194, 59, 1475 22, 86, 48, 227, 196, 22, 176, 218, 122, 149, 21, 249, 195, 178, 174, 1476 250, 20, 34, 120, 60, 139, 201, 99, 40, 18, 177, 17, 54, 54, 6, 3, 1477 222, 128, 160, 88, 11, 27, 0, 81, 192, 36, 41, 169, 146, 8, 47, 64, 1478 136, 28, 64, 209, 67, 135, 202, 20, 234, 182, 91, 204, 146, 195, 187, 1479 0, 72, 77, 11, 111, 152, 204, 252, 177, 212, 89, 33, 50, 132, 184, 1480 44, 183, 186, 19, 250, 69, 176, 201, 102, 140, 14, 143, 212, 212, 1481 160, 123, 208, 185, 27, 155, 68, 77, 133, 198, 2, 126, 155, 215, 22, 1482 91, 30, 217, 176, 172, 244, 156, 174, 143, 75, 90, 21, 102, 1, 160, 1483 59, 253, 188, 88, 57, 185, 197, 83, 24, 22, 180, 174, 47, 207, 52, 1, 1484 141, 146, 119, 233, 68, 228, 224, 228, 193, 248, 155, 202, 90, 7, 1485 213, 88, 33, 108, 107, 14, 86, 8, 120, 250, 58, 142, 35, 164, 238, 1486 221, 219, 35, 123, 88, 199, 192, 143, 104, 83, 17, 166, 243, 247, 11, 1487 166, 67, 68, 204, 132, 23, 110, 103, 228, 14, 55, 122, 88, 57, 180, 1488 178, 237, 52, 130, 214, 245, 102, 123, 67, 73, 175, 1, 127, 112, 148, 1489 94, 132, 164, 197, 153, 217, 87, 25, 89, 93, 63, 22, 66, 166, 90, 1490 251, 101, 10, 145, 66, 17, 124, 36, 255, 165, 226, 97, 16, 86, 112, 1491 154, 88, 105, 253, 56, 209, 229, 122, 103, 51, 24, 228, 190, 3, 236, 1492 48, 182, 121, 176, 140, 128, 117, 87, 251, 224, 37, 23, 248, 21, 218, 1493 85, 251, 136, 84, 147, 143, 144, 46, 155, 183, 251, 89, 86, 23, 26, 1494 237, 100, 167, 32, 130, 173, 237, 89, 55, 110, 70, 142, 127, 65, 230, 1495 208, 109, 69, 19, 253, 84, 130, 130, 193, 92, 58, 108, 150, 42, 136, 1496 249, 234, 86, 241, 182, 19, 117, 246, 26, 181, 92, 101, 155, 44, 103, 1497 235, 173, 30, 140, 90, 29, 183, 190, 77, 53, 206, 127, 5, 87, 8, 187, 1498 184, 92, 4, 157, 22, 18, 105, 251, 39, 88, 182, 181, 103, 148, 233, 1499 6, 63, 70, 188, 7, 101, 216, 127, 77, 31, 12, 233, 7, 147, 106, 30, 1500 150, 77, 145, 13, 205, 48, 56, 245, 220, 89, 252, 127, 51, 180, 36, 1501 31, 55, 18, 214, 230, 254, 217, 197, 65, 247, 27, 215, 117, 247, 108, 1502 157, 121, 11, 63, 150, 195, 83, 6, 134, 242, 41, 24, 105, 204, 5, 63, 1503 192, 14, 159, 113, 72, 140, 128, 51, 215, 80, 215, 39, 149, 94, 79, 1504 128, 34, 5, 129, 82, 83, 121, 187, 37, 146, 27, 32, 177, 167, 71, 9, 1505 195, 30, 199, 196, 205, 252, 207, 69, 8, 120, 27, 190, 51, 43, 75, 1506 249, 234, 167, 116, 206, 203, 199, 43, 108, 87, 48, 155, 140, 228, 1507 210, 85, 25, 161, 96, 67, 8, 205, 64, 39, 75, 88, 44, 238, 227, 16, 1508 0, 100, 93, 129, 18, 4, 149, 50, 68, 72, 99, 35, 111, 254, 27, 102, 1509 175, 108, 233, 87, 181, 44, 169, 18, 139, 79, 208, 14, 202, 192, 5, 1510 162, 222, 231, 149, 24, 211, 49, 120, 101, 39, 206, 87, 147, 204, 1511 200, 251, 104, 115, 5, 127, 117, 195, 79, 151, 18, 224, 52, 0, 245, 1512 4, 85, 255, 103, 217, 0, 116, 198, 80, 91, 167, 192, 154, 199, 197, 1513 149, 237, 51, 2, 131, 30, 226, 95, 105, 48, 68, 135, 208, 144, 120, 1514 176, 145, 157, 8, 171, 80, 94, 61, 92, 92, 220, 157, 13, 138, 51, 23, 1515 185, 124, 31, 77, 1, 87, 241, 43, 239, 55, 122, 86, 210, 48, 208, 1516 204, 112, 144, 80, 147, 106, 219, 47, 253, 31, 134, 176, 16, 135, 1517 219, 95, 17, 129, 83, 236, 125, 136, 112, 86, 228, 252, 71, 129, 218, 1518 174, 156, 236, 12, 27, 159, 11, 138, 252, 253, 207, 31, 115, 214, 1519 118, 239, 203, 16, 211, 205, 99, 22, 51, 163, 107, 162, 246, 199, 67, 1520 127, 34, 108, 197, 53, 117, 58, 199, 3, 190, 74, 70, 190, 65, 235, 1521 175, 97, 157, 215, 252, 189, 245, 100, 229, 248, 46, 90, 126, 237, 4, 1522 159, 128, 58, 7, 156, 236, 69, 191, 85, 240, 179, 224, 249, 152, 49, 1523 195, 223, 60, 78, 186, 157, 155, 217, 58, 105, 116, 164, 217, 111, 1524 215, 150, 218, 252, 84, 86, 248, 140, 240, 226, 61, 106, 208, 95, 60, 1525 163, 6, 0, 235, 253, 162, 96, 62, 234, 251, 249, 35, 21, 7, 211, 233, 1526 86, 50, 33, 203, 67, 248, 60, 190, 123, 48, 167, 226, 90, 191, 71, 1527 56, 183, 165, 17, 85, 76, 238, 140, 211, 168, 53, 223, 194, 4, 97, 1528 149, 156, 120, 137, 76, 33, 229, 243, 194, 208, 198, 202, 139, 28, 1529 114, 46, 224, 92, 254, 83, 100, 134, 158, 92, 70, 78, 61, 62, 138, 1530 24, 173, 216, 66, 198, 70, 254, 47, 59, 193, 53, 6, 139, 19, 153, 1531 253, 28, 199, 122, 160, 27, 67, 234, 209, 227, 139, 4, 50, 7, 178, 1532 183, 89, 252, 32, 128, 137, 55, 52, 29, 89, 12, 111, 42, 181, 51, 1533 170, 132, 132, 207, 170, 228, 254, 178, 213, 0, 136, 175, 8] 1535 The resulting Authentication Tag value is: 1537 [208, 113, 102, 132, 236, 236, 67, 223, 39, 53, 98, 99, 32, 121, 17, 1538 236] 1540 Encoding this JWE Ciphertext as BASE64URL(JWE Ciphertext) gives this 1541 value (with line breaks for display purposes only): 1543 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1544 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1545 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1546 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1547 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1548 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1549 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1550 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1551 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1552 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1553 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1554 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1555 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1556 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1557 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1558 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1559 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1560 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1561 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1562 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1563 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1564 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1565 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1566 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1567 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1568 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1569 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1570 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1571 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1572 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1573 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1574 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1575 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1576 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg 1578 Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication 1579 Tag) gives this value: 1581 0HFmhOzsQ98nNWJjIHkR7A 1583 C.9. Complete Representation 1585 Assemble the final representation: The Compact Serialization of this 1586 result is the string BASE64URL(UTF8(JWE Protected Header)) || '.' || 1587 BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization 1588 Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE 1589 Authentication Tag). 1591 The final result in this example is: 1593 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1594 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1595 andrK2pzb24ifQ. 1596 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA. 1597 Ye9j1qs22DmRSAddIh-VnA. 1598 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1599 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1600 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1601 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1602 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1603 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1604 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1605 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1606 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1607 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1608 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1609 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1610 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1611 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1612 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1613 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1614 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1615 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1616 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1617 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1618 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1619 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1620 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1621 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1622 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1623 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1624 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1625 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1626 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1627 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1628 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1629 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1630 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1631 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg. 1632 0HFmhOzsQ98nNWJjIHkR7A 1634 Appendix D. Acknowledgements 1636 A JSON representation for RSA public keys was previously introduced 1637 by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures 1639 [MagicSignatures]. 1641 Thanks to Matt Miller for creating the encrypted key example and to 1642 Edmund Jay and Brian Campbell for validating the example. 1644 This specification is the work of the JOSE Working Group, which 1645 includes dozens of active and dedicated participants. In particular, 1646 the following individuals contributed ideas, feedback, and wording 1647 that influenced this specification: 1649 Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de 1650 Medeiros, Joe Hildebrand, Edmund Jay, Ben Laurie, James Manger, Matt 1651 Miller, Tony Nadalin, Axel Nennker, John Panzer, Eric Rescorla, Nat 1652 Sakimura, Jim Schaad, Ryan Sleevi, Paul Tarjan, Hannes Tschofenig, 1653 and Sean Turner. 1655 Jim Schaad and Karen O'Donoghue chaired the JOSE working group and 1656 Sean Turner, Stephen Farrell, and Kathleen Moriarty served as 1657 Security area directors during the creation of this specification. 1659 Appendix E. Document History 1661 [[ to be removed by the RFC Editor before publication as an RFC ]] 1663 -28 1665 o Revised the introduction to the Security Considerations section. 1667 o Refined the text about when applications using encrypted JWKs and 1668 JWK Sets would not need to use the "cty" header parameter. 1670 -27 1672 o Added an example JWK early in the draft. 1674 o Described additional security considerations. 1676 o Added the "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) JWK 1677 member. 1679 o Addressed a few editorial issues. 1681 -26 1683 o Referenced Section 6 of RFC 6125 for TLS server certificate 1684 identity validation. 1686 o Deleted misleading non-normative phrase from the "use" 1687 description. 1689 o Noted that octet sequences are depicted using JSON array notation. 1691 o Updated references, including to W3C specifications. 1693 -25 1695 o Updated WebCrypto reference to refer to W3C Last Call draft. 1697 -24 1699 o Corrected the authentication tag value in the encrypted key 1700 example. 1702 o Updated the JSON reference to RFC 7159. 1704 -23 1706 o No changes were made, other than to the version number and date. 1708 -22 1710 o Corrected RFC 2119 terminology usage. 1712 o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158. 1714 -21 1716 o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey" 1717 and "unwrapKey" to match the "KeyUsage" values defined in the 1718 current Web Cryptography API [WebCrypto] editor's draft. 1720 o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt 1721 Input), where the "p2s" Header Parameter encodes the Salt Input 1722 value and Alg is the "alg" Header Parameter value. 1724 o Changed some references from being normative to informative, 1725 addressing issue #90. 1727 -20 1729 o Renamed "use_details" to "key_ops" (key operations). 1731 o Clarified that "use" is meant for public key use cases, "key_ops" 1732 is meant for use cases in which public, private, or symmetric keys 1733 may be present, and that "use" and "key_ops" should not be used 1734 together. 1736 o Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis, 1737 addressing issue #90. 1739 -19 1741 o Added optional "use_details" (key use details) JWK member. 1743 o Reordered the key selection parameters. 1745 -18 1747 o Changes to address editorial and minor issues #68, #69, #73, #74, 1748 #76, #77, #78, #79, #82, #85, #89, and #135. 1750 o Added and used Description registry fields. 1752 -17 1754 o Refined the "typ" and "cty" definitions to always be MIME Media 1755 Types, with the omission of "application/" prefixes recommended 1756 for brevity, addressing issue #50. 1758 o Added an example encrypting an RSA private key with 1759 "PBES2-HS256+A128KW" and "A128CBC-HS256". Thanks to Matt Miller 1760 for producing this! 1762 o Processing rules occurring in both JWS and JWK are now referenced 1763 in JWS by JWK, rather than duplicated, addressing issue #57. 1765 o Terms used in multiple documents are now defined in one place and 1766 incorporated by reference. Some lightly used or obvious terms 1767 were also removed. This addresses issue #58. 1769 -16 1771 o Changes to address editorial and minor issues #41, #42, #43, #47, 1772 #51, #67, #71, #76, #80, #83, #84, #85, #86, #87, and #88. 1774 -15 1776 o Changes to address editorial issues #48, #64, #65, #66, and #91. 1778 -14 1780 o Relaxed language introducing key parameters since some parameters 1781 are applicable to multiple, but not all, key types. 1783 -13 1785 o Applied spelling and grammar corrections. 1787 -12 1789 o Stated that recipients MUST either reject JWKs and JWK Sets with 1790 duplicate member names or use a JSON parser that returns only the 1791 lexically last duplicate member name. 1793 -11 1795 o Stated that when "kid" values are used within a JWK Set, different 1796 keys within the JWK Set SHOULD use distinct "kid" values. 1798 o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate 1799 Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters. 1801 o Added section on Encrypted JWK and Encrypted JWK Set Formats. 1803 o Added a Parameter Information Class value to the JSON Web Key 1804 Parameters registry, which registers whether the parameter conveys 1805 public or private information. 1807 o Registered "application/jwk+json" and "application/jwk-set+json" 1808 MIME types and "JWK" and "JWK-SET" typ header parameter values, 1809 addressing issue #21. 1811 -10 1813 o No changes were made, other than to the version number and date. 1815 -09 1817 o Expanded the scope of the JWK specification to include private and 1818 symmetric key representations, as specified by 1819 draft-jones-jose-json-private-and-symmetric-key-00. 1821 o Defined that members that are not understood must be ignored. 1823 -08 1825 o Changed the name of the JWK key type parameter from "alg" to "kty" 1826 to enable use of "alg" to indicate the particular algorithm that 1827 the key is intended to be used with. 1829 o Clarified statements of the form "This member is OPTIONAL" to "Use 1830 of this member is OPTIONAL". 1832 o Referenced String Comparison Rules in JWS. 1834 o Added seriesInfo information to Internet Draft references. 1836 -07 1838 o Changed the name of the JWK RSA modulus parameter from "mod" to 1839 "n" and the name of the JWK RSA exponent parameter from "xpo" to 1840 "e", so that the identifiers are the same as those used in RFC 1841 3447. 1843 -06 1845 o Changed the name of the JWK RSA exponent parameter from "exp" to 1846 "xpo" so as to allow the potential use of the name "exp" for a 1847 future extension that might define an expiration parameter for 1848 keys. (The "exp" name is already used for this purpose in the JWT 1849 specification.) 1851 o Clarify that the "alg" (algorithm family) member is REQUIRED. 1853 o Correct an instance of "JWK" that should have been "JWK Set". 1855 o Applied changes made by the RFC Editor to RFC 6749's registry 1856 language to this specification. 1858 -05 1860 o Indented artwork elements to better distinguish them from the body 1861 text. 1863 -04 1865 o Refer to the registries as the primary sources of defined values 1866 and then secondarily reference the sections defining the initial 1867 contents of the registries. 1869 o Normatively reference XML DSIG 2.0 for its security 1870 considerations. 1872 o Added this language to Registration Templates: "This name is case 1873 sensitive. Names that match other registered names in a case 1874 insensitive manner SHOULD NOT be accepted." 1876 o Described additional open issues. 1878 o Applied editorial suggestions. 1880 -03 1882 o Clarified that "kid" values need not be unique within a JWK Set. 1884 o Moved JSON Web Key Parameters registry to the JWK specification. 1886 o Added "Collision Resistant Namespace" to the terminology section. 1888 o Changed registration requirements from RFC Required to 1889 Specification Required with Expert Review. 1891 o Added Registration Template sections for defined registries. 1893 o Added Registry Contents sections to populate registry values. 1895 o Numerous editorial improvements. 1897 -02 1899 o Simplified JWK terminology to get replace the "JWK Key Object" and 1900 "JWK Container Object" terms with simply "JSON Web Key (JWK)" and 1901 "JSON Web Key Set (JWK Set)" and to eliminate potential confusion 1902 between single keys and sets of keys. As part of this change, the 1903 top-level member name for a set of keys was changed from "jwk" to 1904 "keys". 1906 o Clarified that values with duplicate member names MUST be 1907 rejected. 1909 o Established JSON Web Key Set Parameters registry. 1911 o Explicitly listed non-goals in the introduction. 1913 o Moved algorithm-specific definitions from JWK to JWA. 1915 o Reformatted to give each member definition its own section 1916 heading. 1918 -01 1920 o Corrected the Magic Signatures reference. 1922 -00 1924 o Created the initial IETF draft based upon 1925 draft-jones-json-web-key-03 with no normative changes. 1927 Author's Address 1929 Michael B. Jones 1930 Microsoft 1932 Email: mbj@microsoft.com 1933 URI: http://self-issued.info/