idnits 2.17.00 (12 Aug 2021) /tmp/idnits36464/draft-ietf-jose-json-web-key-32.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 23, 2014) is 2796 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ECMAScript' -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.X690.1994' == Outdated reference: draft-ietf-jose-json-web-algorithms has been published as RFC 7518 == Outdated reference: draft-ietf-jose-json-web-encryption has been published as RFC 7516 == Outdated reference: draft-ietf-jose-json-web-signature has been published as RFC 7515 ** Downref: Normative reference to an Historic RFC: RFC 1421 ** Downref: Normative reference to an Informational RFC: RFC 2818 ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 7159 (Obsoleted by RFC 8259) -- Possible downref: Non-RFC (?) normative reference: ref. 'USASCII' -- Obsolete informational reference (is this intentional?): RFC 3447 (Obsoleted by RFC 8017) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 4 errors (**), 0 flaws (~~), 4 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 JOSE Working Group M. Jones 3 Internet-Draft Microsoft 4 Intended status: Standards Track September 23, 2014 5 Expires: March 27, 2015 7 JSON Web Key (JWK) 8 draft-ietf-jose-json-web-key-32 10 Abstract 12 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data 13 structure that represents a cryptographic key. This specification 14 also defines a JSON Web Key Set (JWK Set) JSON data structure that 15 represents a set of JWKs. Cryptographic algorithms and identifiers 16 for use with this specification are described in the separate JSON 17 Web Algorithms (JWA) specification and IANA registries defined by 18 that specification. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on March 27, 2015. 37 Copyright Notice 39 Copyright (c) 2014 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 4 56 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. Example JWK . . . . . . . . . . . . . . . . . . . . . . . . . 5 58 4. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 5 59 4.1. "kty" (Key Type) Parameter . . . . . . . . . . . . . . . . 6 60 4.2. "use" (Public Key Use) Parameter . . . . . . . . . . . . . 6 61 4.3. "key_ops" (Key Operations) Parameter . . . . . . . . . . . 7 62 4.4. "alg" (Algorithm) Parameter . . . . . . . . . . . . . . . 7 63 4.5. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 8 64 4.6. "x5u" (X.509 URL) Parameter . . . . . . . . . . . . . . . 8 65 4.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 8 66 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 9 67 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) 68 Parameter . . . . . . . . . . . . . . . . . . . . . . . . 9 69 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 9 70 5.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 10 71 6. String Comparison Rules . . . . . . . . . . . . . . . . . . . 10 72 7. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 10 73 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 74 8.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 12 75 8.1.1. Registration Template . . . . . . . . . . . . . . . . 12 76 8.1.2. Initial Registry Contents . . . . . . . . . . . . . . 13 77 8.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 14 78 8.2.1. Registration Template . . . . . . . . . . . . . . . . 15 79 8.2.2. Initial Registry Contents . . . . . . . . . . . . . . 15 80 8.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 15 81 8.3.1. Registration Template . . . . . . . . . . . . . . . . 16 82 8.3.2. Initial Registry Contents . . . . . . . . . . . . . . 16 83 8.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 17 84 8.4.1. Registration Template . . . . . . . . . . . . . . . . 17 85 8.4.2. Initial Registry Contents . . . . . . . . . . . . . . 18 86 8.5. Media Type Registration . . . . . . . . . . . . . . . . . 18 87 8.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 18 88 9. Security Considerations . . . . . . . . . . . . . . . . . . . 19 89 9.1. Key Provenance and Trust . . . . . . . . . . . . . . . . . 19 90 9.2. Preventing Disclosure of Non-Public Key Information . . . 20 91 9.3. RSA Private Key Representations and Blinding . . . . . . . 20 92 9.4. Key Entropy and Random Values . . . . . . . . . . . . . . 20 93 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 94 10.1. Normative References . . . . . . . . . . . . . . . . . . . 20 95 10.2. Informative References . . . . . . . . . . . . . . . . . . 22 97 Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 23 98 A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 23 99 A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 23 100 A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 25 101 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) 102 Parameter . . . . . . . . . . . . . . . . . . . . . . 25 103 Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 26 104 C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 27 105 C.2. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . 30 106 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 30 107 C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 31 108 C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 31 109 C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 31 110 C.7. Additional Authenticated Data . . . . . . . . . . . . . . 32 111 C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 32 112 C.9. Complete Representation . . . . . . . . . . . . . . . . . 35 113 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 36 114 Appendix E. Document History . . . . . . . . . . . . . . . . . . 37 115 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 43 117 1. Introduction 119 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7159] 120 data structure that represents a cryptographic key. This 121 specification also defines a JSON Web Key Set (JWK Set) JSON data 122 structure that represents a set of JWKs. Cryptographic algorithms 123 and identifiers for use with this specification are described in the 124 separate JSON Web Algorithms (JWA) [JWA] specification and IANA 125 registries defined by that specification. 127 Goals for this specification do not include representing new kinds of 128 certificate chains, representing new kinds of certified keys, or 129 replacing X.509 certificates. 131 JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and 132 JSON Web Encryption (JWE) [JWE] specifications. 134 Names defined by this specification are short because a core goal is 135 for the resulting representations to be compact. 137 1.1. Notational Conventions 139 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 140 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 141 "OPTIONAL" in this document are to be interpreted as described in Key 142 words for use in RFCs to Indicate Requirement Levels [RFC2119]. If 143 these words are used without being spelled in uppercase then they are 144 to be interpreted with their normal natural language meanings. 146 BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per 147 Section 2. 149 UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation 150 of STRING. 152 ASCII(STRING) denotes the octets of the ASCII [USASCII] 153 representation of STRING. 155 The concatenation of two values A and B is denoted as A || B. 157 2. Terminology 159 These terms defined by the JSON Web Signature (JWS) [JWS] 160 specification are incorporated into this specification: "Base64url 161 Encoding", "Collision-Resistant Name", "Header Parameter", and "JOSE 162 Header". 164 These terms are defined by this specification: 166 JSON Web Key (JWK) 167 A JSON object that represents a cryptographic key. The members of 168 the object represent properties of the key, including its value. 170 JSON Web Key Set (JWK Set) 171 A JSON object that represents a set of JWKs. The JSON object MUST 172 have a "keys" member, which is an array of JWK objects. 174 3. Example JWK 176 This section provides an example of a JWK. The following example JWK 177 declares that the key is an Elliptic Curve [DSS] key, it is used with 178 the P-256 Elliptic Curve, and its x and y coordinates are the 179 base64url encoded values shown. A key identifier is also provided 180 for the key. 182 {"kty":"EC", 183 "crv":"P-256", 184 "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", 185 "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", 186 "kid":"Public key used in JWS A.3 example" 187 } 189 Additional example JWK values can be found in Appendix A. 191 4. JSON Web Key (JWK) Format 193 A JSON Web Key (JWK) is a JSON object that represents a cryptographic 194 key. The members of the object represent properties of the key, 195 including its value. This JSON object MAY contain white space and/or 196 line breaks. This document defines the key parameters that are not 197 algorithm specific, and thus common to many keys. 199 In addition to the common parameters, each JWK will have members that 200 are specific to the kind of key being represented. These members 201 represent the parameters of the key. Section 6 of the JSON Web 202 Algorithms (JWA) [JWA] specification defines multiple kinds of 203 cryptographic keys and their associated members. 205 The member names within a JWK MUST be unique; recipients MUST either 206 reject JWKs with duplicate member names or use a JSON parser that 207 returns only the lexically last duplicate member name, as specified 208 in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. 210 Additional members can be present in the JWK; if not understood by 211 implementations encountering them, they MUST be ignored. Member 212 names used for representing key parameters for different keys types 213 need not be distinct. Any new member name should either be 214 registered in the IANA JSON Web Key Parameters registry defined in 215 Section 8.1 or be a value that contains a Collision-Resistant Name. 217 4.1. "kty" (Key Type) Parameter 219 The "kty" (key type) member identifies the cryptographic algorithm 220 family used with the key. "kty" values should either be registered in 221 the IANA JSON Web Key Types registry defined in [JWA] or be a value 222 that contains a Collision-Resistant Name. The "kty" value is a case- 223 sensitive string. This member MUST be present in a JWK. 225 A list of defined "kty" values can be found in the IANA JSON Web Key 226 Types registry defined in [JWA]; the initial contents of this 227 registry are the values defined in Section 6.1 of the JSON Web 228 Algorithms (JWA) [JWA] specification. 230 The key type definitions include specification of the members to be 231 used for those key types. Additional members used with "kty" values 232 can also be found in the IANA JSON Web Key Parameters registry 233 defined in Section 8.1. 235 4.2. "use" (Public Key Use) Parameter 237 The "use" (public key use) member identifies the intended use of the 238 public key. The "use" parameter is intended for use cases in which 239 it is useful to distinguish between public signing keys and public 240 encryption keys. 242 Values defined by this specification are: 244 o "sig" (signature) 245 o "enc" (encryption) 247 Other values MAY be used. Public Key Use values can be registered in 248 the IANA JSON Web Key Use registry defined in Section 8.2. The "use" 249 value is a case-sensitive string. Use of the "use" member is 250 OPTIONAL, unless the application requires its presence. 252 When a key is used to wrap another key and a key use designation for 253 the first key is desired, the "enc" (encryption) key use value SHOULD 254 be used, since key wrapping is a kind of encryption. The "enc" value 255 SHOULD also be used for public keys used for key agreement 256 operations. (The "alg" member can be used to specify the particular 257 cryptographic operation to be performed, when desired.) 259 4.3. "key_ops" (Key Operations) Parameter 261 The "key_ops" (key operations) member identifies the operation(s) 262 that the key is intended to be used for. The "key_ops" parameter is 263 intended for use cases in which public, private, or symmetric keys 264 may be present. 266 Its value is an array of key operation values. Values defined by 267 this specification are: 269 o "sign" (compute signature or MAC) 270 o "verify" (verify signature or MAC) 271 o "encrypt" (encrypt content) 272 o "decrypt" (decrypt content and validate decryption, if applicable) 273 o "wrapKey" (encrypt key) 274 o "unwrapKey" (decrypt key and validate decryption, if applicable) 275 o "deriveKey" (derive key) 276 o "deriveBits" (derive bits not to be used as a key) 278 (Note that the "key_ops" values intentionally match the "KeyUsage" 279 values defined in the Web Cryptography API [WebCrypto] 280 specification.) 282 Other values MAY be used. Key operation values can be registered in 283 the IANA JSON Web Key Operations registry defined in Section 8.3. 284 The key operation values are case-sensitive strings. Duplicate key 285 operation values MUST NOT be present in the array. 287 Use of the "key_ops" member is OPTIONAL, unless the application 288 requires its presence. 290 Multiple unrelated key operations SHOULD NOT be specified for a key 291 because of the potential vulnerabilities associated with using the 292 same key with multiple algorithms. Thus, the combinations "sign" 293 with "verify", "encrypt" with "decrypt", and "wrapKey" with 294 "unwrapKey" are permitted, but other combinations SHOULD NOT be used. 296 The "use" and "key_ops" JWK members SHOULD NOT be used together. 297 Applications should specify which of these members they use, if 298 either is to be used by the application. 300 4.4. "alg" (Algorithm) Parameter 302 The "alg" (algorithm) member identifies the algorithm intended for 303 use with the key. The values used should either be registered in the 304 IANA JSON Web Signature and Encryption Algorithms registry defined in 305 [JWA] or be a value that contains a Collision-Resistant Name. Use of 306 this member is OPTIONAL. 308 4.5. "kid" (Key ID) Parameter 310 The "kid" (key ID) member can be used to match a specific key. This 311 can be used, for instance, to choose among a set of keys within a JWK 312 Set during key rollover. The structure of the "kid" value is 313 unspecified. When "kid" values are used within a JWK Set, different 314 keys within the JWK Set SHOULD use distinct "kid" values. (One 315 example in which different keys might use the same "kid" value is if 316 they have different "kty" (key type) values but are considered to be 317 equivalent alternatives by the application using them.) The "kid" 318 value is a case-sensitive string. Use of this member is OPTIONAL. 320 When used with JWS or JWE, the "kid" value is used to match a JWS or 321 JWE "kid" Header Parameter value. 323 4.6. "x5u" (X.509 URL) Parameter 325 The "x5u" (X.509 URL) member is a URI [RFC3986] that refers to a 326 resource for an X.509 public key certificate or certificate chain 327 [RFC5280]. The identified resource MUST provide a representation of 328 the certificate or certificate chain that conforms to RFC 5280 329 [RFC5280] in PEM encoded form [RFC1421]. The key in the first 330 certificate MUST match the public key represented by other members of 331 the JWK. The protocol used to acquire the resource MUST provide 332 integrity protection; an HTTP GET request to retrieve the certificate 333 MUST use TLS [RFC2818, RFC5246]; the identity of the server MUST be 334 validated, as per Section 6 of RFC 6125 [RFC6125]. Use of this 335 member is OPTIONAL. 337 While there is no requirement that members other than those 338 representing the public key be populated when an "x5u" member is 339 present, doing so may improve interoperability for applications that 340 do not handle PKIX certificates. If other members are present, the 341 contents of those members MUST be semantically consistent with the 342 related fields in the first certificate. For instance, if the "use" 343 member is present, then it needs to allow for only a subset of the 344 usages that are permitted by the certificate. Similarly, if the 345 "alg" member is present, it should represent an algorithm that the 346 certificate allows. 348 4.7. "x5c" (X.509 Certificate Chain) Parameter 350 The "x5c" (X.509 Certificate Chain) member contains a chain of one or 351 more PKIX certificates [RFC5280]. The certificate chain is 352 represented as a JSON array of certificate value strings. Each 353 string in the array is a base64 encoded ([RFC4648] Section 4 -- not 354 base64url encoded) DER [ITU.X690.1994] PKIX certificate value. The 355 PKIX certificate containing the key value MUST be the first 356 certificate. This MAY be followed by additional certificates, with 357 each subsequent certificate being the one used to certify the 358 previous one. The key in the first certificate MUST match the public 359 key represented by other members of the JWK. Use of this member is 360 OPTIONAL. 362 As with the "x5u" member, members other than those representing the 363 public key may also be populated when an "x5c" member is present. If 364 other members are present, the contents of those members MUST be 365 semantically consistent with the related fields in the first 366 certificate. See the last paragraph of Section 4.6 for additional 367 guidance on this. 369 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter 371 The "x5t" (X.509 Certificate SHA-1 Thumbprint) member is a base64url 372 encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an 373 X.509 certificate [RFC5280]. The key in the certificate MUST match 374 the public key represented by other members of the JWK. Use of this 375 member is OPTIONAL. 377 As with the "x5u" member, members other than those representing the 378 public key may also be populated when an "x5t" member is present. If 379 other members are present, the contents of those members MUST be 380 semantically consistent with the related fields in the referenced 381 certificate. See the last paragraph of Section 4.6 for additional 382 guidance on this. 384 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter 386 The "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) member is a 387 base64url encoded SHA-256 thumbprint (a.k.a. digest) of the DER 388 encoding of an X.509 certificate [RFC5280]. The key in the 389 certificate MUST match the public key represented by other members of 390 the JWK. Use of this member is OPTIONAL. 392 As with the "x5u" member, members other than those representing the 393 public key may also be populated when an "x5t#S256" member is 394 present. If other members are present, the contents of those members 395 MUST be semantically consistent with the related fields in the 396 referenced certificate. See the last paragraph of Section 4.6 for 397 additional guidance on this. 399 5. JSON Web Key Set (JWK Set) Format 401 A JSON Web Key Set (JWK Set) is a JSON object that represents a set 402 of JWKs. The JSON object MUST have a "keys" member, which is an 403 array of JWK objects. This JSON object MAY contain white space 404 and/or line breaks. 406 The member names within a JWK Set MUST be unique; recipients MUST 407 either reject JWK Sets with duplicate member names or use a JSON 408 parser that returns only the lexically last duplicate member name, as 409 specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 410 [ECMAScript]. 412 Additional members can be present in the JWK Set; if not understood 413 by implementations encountering them, they MUST be ignored. 414 Parameters for representing additional properties of JWK Sets should 415 either be registered in the IANA JSON Web Key Set Parameters registry 416 defined in Section 8.4 or be a value that contains a Collision- 417 Resistant Name. 419 Implementations SHOULD ignore JWKs within a JWK Set that use "kty" 420 (key type) values that are not understood by them, are missing 421 required members, or for which values are out of the supported 422 ranges. 424 5.1. "keys" Parameter 426 The value of the "keys" member is an array of JWK values. By 427 default, the order of the JWK values within the array does not imply 428 an order of preference among them, although applications of JWK Sets 429 can choose to assign a meaning to the order for their purposes, if 430 desired. This member MUST be present in a JWK Set. 432 6. String Comparison Rules 434 The string comparison rules for this specification are the same as 435 those defined in Section 5.3 of [JWS]. 437 7. Encrypted JWK and Encrypted JWK Set Formats 439 Access to JWKs containing non-public key material by parties without 440 legitimate access to the non-public information MUST be prevented. 441 This can be accomplished by encrypting the JWK when potentially 442 observable by such parties to prevent the disclosure of private or 443 symmetric key values. The use of an Encrypted JWK, which is a JWE 444 with the UTF-8 encoding of a JWK as its plaintext value, is 445 recommended for this purpose. The processing of Encrypted JWKs is 446 identical to the processing of other JWEs. A "cty" (content type) 447 Header Parameter value of "jwk+json" MUST be used to indicate that 448 the content of the JWE is a JWK, unless the application knows that 449 the encrypted content is a JWK by another means or convention, in 450 which case the "cty" value would typically be omitted. 452 JWK Sets containing non-public key material will also need to be 453 encrypted under these circumstances. The use of an Encrypted JWK 454 Set, which is a JWE with the UTF-8 encoding of a JWK Set as its 455 plaintext value, is recommended for this purpose. The processing of 456 Encrypted JWK Sets is identical to the processing of other JWEs. A 457 "cty" (content type) Header Parameter value of "jwk-set+json" MUST be 458 used to indicate that the content of the JWE is a JWK Set, unless the 459 application knows that the encrypted content is a JWK Set by another 460 means or convention, in which case the "cty" value would typically be 461 omitted. 463 See Appendix C for an example encrypted JWK. 465 8. IANA Considerations 467 The following registration procedure is used for all the registries 468 established by this specification. 470 Values are registered on a Specification Required [RFC5226] basis 471 after a two-week review period on the [TBD]@ietf.org mailing list, on 472 the advice of one or more Designated Experts. However, to allow for 473 the allocation of values prior to publication, the Designated 474 Expert(s) may approve registration once they are satisfied that such 475 a specification will be published. 477 Registration requests must be sent to the [TBD]@ietf.org mailing list 478 for review and comment, with an appropriate subject (e.g., "Request 479 for access token type: example"). [[ Note to the RFC Editor: The name 480 of the mailing list should be determined in consultation with the 481 IESG and IANA. Suggested name: jose-reg-review. ]] 483 Within the review period, the Designated Expert(s) will either 484 approve or deny the registration request, communicating this decision 485 to the review list and IANA. Denials should include an explanation 486 and, if applicable, suggestions as to how to make the request 487 successful. Registration requests that are undetermined for a period 488 longer than 21 days can be brought to the IESG's attention (using the 489 iesg@iesg.org mailing list) for resolution. 491 Criteria that should be applied by the Designated Expert(s) includes 492 determining whether the proposed registration duplicates existing 493 functionality, determining whether it is likely to be of general 494 applicability or whether it is useful only for a single application, 495 and whether the registration makes sense. 497 IANA must only accept registry updates from the Designated Expert(s) 498 and should direct all requests for registration to the review mailing 499 list. 501 It is suggested that multiple Designated Experts be appointed who are 502 able to represent the perspectives of different applications using 503 this specification, in order to enable broadly-informed review of 504 registration decisions. In cases where a registration decision could 505 be perceived as creating a conflict of interest for a particular 506 Expert, that Expert should defer to the judgment of the other 507 Expert(s). 509 8.1. JSON Web Key Parameters Registry 511 This specification establishes the IANA JSON Web Key Parameters 512 registry for JWK parameter names. The registry records the parameter 513 name, the key type(s) that the parameter is used with, and a 514 reference to the specification that defines it. It also records 515 whether the parameter conveys public or private information. This 516 specification registers the parameter names defined in Section 4. 517 The same JWK parameter name may be registered multiple times, 518 provided that duplicate parameter registrations are only for key type 519 specific JWK parameters; in this case, the meaning of the duplicate 520 parameter name is disambiguated by the "kty" value of the JWK 521 containing it. 523 8.1.1. Registration Template 525 Parameter Name: 526 The name requested (e.g., "example"). Because a core goal of this 527 specification is for the resulting representations to be compact, 528 it is RECOMMENDED that the name be short -- not to exceed 8 529 characters without a compelling reason to do so. This name is 530 case-sensitive. Names may not match other registered names in a 531 case-insensitive manner unless the Designated Expert(s) state that 532 there is a compelling reason to allow an exception in this 533 particular case. However, matching names may be registered, 534 provided that the accompanying sets of "kty" values that the 535 Parameter Name is used with are disjoint; for the purposes of 536 matching "kty" values, "*" matches all values. 538 Parameter Description: 539 Brief description of the parameter (e.g., "Example description"). 541 Used with "kty" Value(s): 542 The key type parameter value(s) that the parameter name is to be 543 used with, or the value "*" if the parameter value is used with 544 all key types. Values may not match other registered "kty" values 545 in a case-insensitive manner when the registered Parameter Name is 546 the same (including when the Parameter Name matches in a case- 547 insensitive manner) unless the Designated Expert(s) state that 548 there is a compelling reason to allow an exception in this 549 particular case. 551 Parameter Information Class: 552 Registers whether the parameter conveys public or private 553 information. Its value must be one the words Public or Private. 555 Change Controller: 556 For Standards Track RFCs, state "IESG". For others, give the name 557 of the responsible party. Other details (e.g., postal address, 558 email address, home page URI) may also be included. 560 Specification Document(s): 561 Reference to the document(s) that specify the parameter, 562 preferably including URI(s) that can be used to retrieve copies of 563 the document(s). An indication of the relevant sections may also 564 be included but is not required. 566 8.1.2. Initial Registry Contents 568 o Parameter Name: "kty" 569 o Parameter Description: Key Type 570 o Used with "kty" Value(s): * 571 o Parameter Information Class: Public 572 o Change Controller: IESG 573 o Specification Document(s): Section 4.1 of [[ this document ]] 575 o Parameter Name: "use" 576 o Parameter Description: Public Key Use 577 o Used with "kty" Value(s): * 578 o Parameter Information Class: Public 579 o Change Controller: IESG 580 o Specification Document(s): Section 4.2 of [[ this document ]] 582 o Parameter Name: "key_ops" 583 o Parameter Description: Key Operations 584 o Used with "kty" Value(s): * 585 o Parameter Information Class: Public 586 o Change Controller: IESG 587 o Specification Document(s): Section 4.3 of [[ this document ]] 589 o Parameter Name: "alg" 590 o Parameter Description: Algorithm 591 o Used with "kty" Value(s): * 592 o Parameter Information Class: Public 593 o Change Controller: IESG 594 o Specification Document(s): Section 4.4 of [[ this document ]] 596 o Parameter Name: "kid" 597 o Parameter Description: Key ID 598 o Used with "kty" Value(s): * 599 o Parameter Information Class: Public 600 o Change Controller: IESG 601 o Specification Document(s): Section 4.5 of [[ this document ]] 603 o Parameter Name: "x5u" 604 o Parameter Description: X.509 URL 605 o Used with "kty" Value(s): * 606 o Parameter Information Class: Public 607 o Change Controller: IESG 608 o Specification Document(s): Section 4.6 of [[ this document ]] 610 o Parameter Name: "x5c" 611 o Parameter Description: X.509 Certificate Chain 612 o Used with "kty" Value(s): * 613 o Parameter Information Class: Public 614 o Change Controller: IESG 615 o Specification Document(s): Section 4.7 of [[ this document ]] 617 o Parameter Name: "x5t" 618 o Parameter Description: X.509 Certificate SHA-1 Thumbprint 619 o Used with "kty" Value(s): * 620 o Parameter Information Class: Public 621 o Change Controller: IESG 622 o Specification Document(s): Section 4.8 of [[ this document ]] 624 o Parameter Name: "x5t#S256" 625 o Parameter Description: X.509 Certificate SHA-256 Thumbprint 626 o Used with "kty" Value(s): * 627 o Parameter Information Class: Public 628 o Change Controller: IESG 629 o Specification Document(s): Section 4.9 of [[ this document ]] 631 8.2. JSON Web Key Use Registry 633 This specification establishes the IANA JSON Web Key Use registry for 634 JWK "use" (public key use) member values. The registry records the 635 public key use value and a reference to the specification that 636 defines it. This specification registers the parameter names defined 637 in Section 4.2. 639 8.2.1. Registration Template 641 Use Member Value: 642 The name requested (e.g., "example"). Because a core goal of this 643 specification is for the resulting representations to be compact, 644 it is RECOMMENDED that the name be short -- not to exceed 8 645 characters without a compelling reason to do so. This name is 646 case-sensitive. Names may not match other registered names in a 647 case-insensitive manner unless the Designated Expert(s) state that 648 there is a compelling reason to allow an exception in this 649 particular case. 651 Use Description: 652 Brief description of the use (e.g., "Example description"). 654 Change Controller: 655 For Standards Track RFCs, state "IESG". For others, give the name 656 of the responsible party. Other details (e.g., postal address, 657 email address, home page URI) may also be included. 659 Specification Document(s): 660 Reference to the document(s) that specify the parameter, 661 preferably including URI(s) that can be used to retrieve copies of 662 the document(s). An indication of the relevant sections may also 663 be included but is not required. 665 8.2.2. Initial Registry Contents 667 o Use Member Value: "sig" 668 o Use Description: Signature or MAC 669 o Change Controller: IESG 670 o Specification Document(s): Section 4.2 of [[ this document ]] 672 o Use Member Value: "enc" 673 o Use Description: Encryption 674 o Change Controller: IESG 675 o Specification Document(s): Section 4.2 of [[ this document ]] 677 8.3. JSON Web Key Operations Registry 679 This specification establishes the IANA JSON Web Key Operations 680 registry for values of JWK "key_ops" array elements. The registry 681 records the key operation value and a reference to the specification 682 that defines it. This specification registers the parameter names 683 defined in Section 4.3. 685 8.3.1. Registration Template 687 Key Operation Value: 688 The name requested (e.g., "example"). Because a core goal of this 689 specification is for the resulting representations to be compact, 690 it is RECOMMENDED that the name be short -- not to exceed 8 691 characters without a compelling reason to do so. This name is 692 case-sensitive. Names may not match other registered names in a 693 case-insensitive manner unless the Designated Expert(s) state that 694 there is a compelling reason to allow an exception in this 695 particular case. 697 Key Operation Description: 698 Brief description of the key operation (e.g., "Example 699 description"). 701 Change Controller: 702 For Standards Track RFCs, state "IESG". For others, give the name 703 of the responsible party. Other details (e.g., postal address, 704 email address, home page URI) may also be included. 706 Specification Document(s): 707 Reference to the document(s) that specify the parameter, 708 preferably including URI(s) that can be used to retrieve copies of 709 the document(s). An indication of the relevant sections may also 710 be included but is not required. 712 8.3.2. Initial Registry Contents 714 o Key Operation Value: "sign" 715 o Key Operation Description: Compute signature or MAC 716 o Change Controller: IESG 717 o Specification Document(s): Section 4.3 of [[ this document ]] 719 o Key Operation Value: "verify" 720 o Key Operation Description: Verify signature or MAC 721 o Change Controller: IESG 722 o Specification Document(s): Section 4.3 of [[ this document ]] 724 o Key Operation Value: "encrypt" 725 o Key Operation Description: Encrypt content 726 o Change Controller: IESG 727 o Specification Document(s): Section 4.3 of [[ this document ]] 729 o Key Operation Value: "decrypt" 730 o Key Operation Description: Decrypt content and validate 731 decryption, if applicable 733 o Change Controller: IESG 734 o Specification Document(s): Section 4.3 of [[ this document ]] 736 o Key Operation Value: "wrapKey" 737 o Key Operation Description: Encrypt key 738 o Change Controller: IESG 739 o Specification Document(s): Section 4.3 of [[ this document ]] 741 o Key Operation Value: "unwrapKey" 742 o Key Operation Description: Decrypt key and validate decryption, if 743 applicable 744 o Change Controller: IESG 745 o Specification Document(s): Section 4.3 of [[ this document ]] 747 o Key Operation Value: "deriveKey" 748 o Key Operation Description: Derive key 749 o Change Controller: IESG 750 o Specification Document(s): Section 4.3 of [[ this document ]] 752 o Key Operation Value: "deriveBits" 753 o Key Operation Description: Derive bits not to be used as a key 754 o Change Controller: IESG 755 o Specification Document(s): Section 4.3 of [[ this document ]] 757 8.4. JSON Web Key Set Parameters Registry 759 This specification establishes the IANA JSON Web Key Set Parameters 760 registry for JWK Set parameter names. The registry records the 761 parameter name and a reference to the specification that defines it. 762 This specification registers the parameter names defined in 763 Section 5. 765 8.4.1. Registration Template 767 Parameter Name: 768 The name requested (e.g., "example"). Because a core goal of this 769 specification is for the resulting representations to be compact, 770 it is RECOMMENDED that the name be short -- not to exceed 8 771 characters without a compelling reason to do so. This name is 772 case-sensitive. Names may not match other registered names in a 773 case-insensitive manner unless the Designated Expert(s) state that 774 there is a compelling reason to allow an exception in this 775 particular case. 777 Parameter Description: 778 Brief description of the parameter (e.g., "Example description"). 780 Change Controller: 781 For Standards Track RFCs, state "IESG". For others, give the name 782 of the responsible party. Other details (e.g., postal address, 783 email address, home page URI) may also be included. 785 Specification Document(s): 786 Reference to the document(s) that specify the parameter, 787 preferably including URI(s) that can be used to retrieve copies of 788 the document(s). An indication of the relevant sections may also 789 be included but is not required. 791 8.4.2. Initial Registry Contents 793 o Parameter Name: "keys" 794 o Parameter Description: Array of JWK values 795 o Change Controller: IESG 796 o Specification Document(s): Section 5.1 of [[ this document ]] 798 8.5. Media Type Registration 800 8.5.1. Registry Contents 802 This specification registers the "application/jwk+json" and 803 "application/jwk-set+json" Media Types [RFC2046] in the MIME Media 804 Types registry [IANA.MediaTypes], which can be used to indicate, 805 respectively, that the content is a JWK or a JWK Set. 807 o Type Name: application 808 o Subtype Name: jwk+json 809 o Required Parameters: n/a 810 o Optional Parameters: n/a 811 o Encoding considerations: 8bit; application/jwk+json values are 812 represented as JSON object; UTF-8 encoding SHOULD be employed for 813 the JSON object. 814 o Security Considerations: See the Security Considerations section 815 of [[ this document ]] 816 o Interoperability Considerations: n/a 817 o Published Specification: [[ this document ]] 818 o Applications that use this media type: TBD 819 o Additional Information: Magic number(s): n/a, File extension(s): 820 n/a, Macintosh file type code(s): n/a 821 o Person & email address to contact for further information: Michael 822 B. Jones, mbj@microsoft.com 823 o Intended Usage: COMMON 824 o Restrictions on Usage: none 825 o Author: Michael B. Jones, mbj@microsoft.com 826 o Change Controller: IESG 828 o Type Name: application 829 o Subtype Name: jwk-set+json 830 o Required Parameters: n/a 831 o Optional Parameters: n/a 832 o Encoding considerations: 8bit; application/jwk-set+json values are 833 represented as a JSON Object; UTF-8 encoding SHOULD be employed 834 for the JSON object. 835 o Security Considerations: See the Security Considerations section 836 of [[ this document ]] 837 o Interoperability Considerations: n/a 838 o Published Specification: [[ this document ]] 839 o Applications that use this media type: TBD 840 o Additional Information: Magic number(s): n/a, File extension(s): 841 n/a, Macintosh file type code(s): n/a 842 o Person & email address to contact for further information: Michael 843 B. Jones, mbj@microsoft.com 844 o Intended Usage: COMMON 845 o Restrictions on Usage: none 846 o Author: Michael B. Jones, mbj@microsoft.com 847 o Change Controller: IESG 849 9. Security Considerations 851 All of the security issues that are pertinent to any cryptographic 852 application must be addressed by JWS/JWE/JWK agents. Among these 853 issues are protecting the user's asymmetric private and symmetric 854 secret keys and employing countermeasures to various attacks. 856 9.1. Key Provenance and Trust 858 One should place no more trust in the data associated with a key than 859 in than the method by which it was obtained and in the 860 trustworthiness of the entity asserting an association with the key. 861 Any data associated with a key that is obtained in an untrusted 862 manner should be treated with skepticism. See Section 10.3 of [JWS] 863 for security considerations on key origin authentication. 865 The security considerations in Section 12.3 of XML DSIG 2.0 866 [W3C.NOTE-xmldsig-core2-20130411] about the strength of a signature 867 depending upon all the links in the security chain also apply to this 868 specification. 870 The TLS Requirements in Section 8 of [JWS] also apply to this 871 specification. 873 9.2. Preventing Disclosure of Non-Public Key Information 875 Private and symmetric keys MUST be protected from disclosure to 876 unintended parties. One recommended means of doing so is to encrypt 877 JWKs or JWK Sets containing them by using the JWK or JWK Set value as 878 the plaintext of a JWE. 880 The security considerations in RFC 3447 [RFC3447] and RFC 6030 881 [RFC6030] about protecting private and symmetric keys, key usage, and 882 information leakage also apply to this specification. 884 9.3. RSA Private Key Representations and Blinding 886 The RSA Key blinding operation [Kocher], which is a defense against 887 some timing attacks, requires all of the RSA key values "n", "e", and 888 "d". However, some RSA private key representations do not include 889 the public exponent "e", but only include the modulus "n" and the 890 private exponent "d". This is true, for instance, of the Java 891 RSAPrivateKeySpec API, which does not include the public exponent "e" 892 as a parameter. So as to enable RSA key blinding, such 893 representations should be avoided. For Java, the 894 RSAPrivateCrtKeySpec API can be used instead. Section 8.2.2(i) of 895 the Handbook of Applied Cryptography [HAC] discusses how to compute 896 the remaining RSA private key parameters, if needed, using only "n", 897 "e", and "d". 899 9.4. Key Entropy and Random Values 901 See Section 10.1 of [JWS] for security considerations on key entropy 902 and random values. 904 10. References 906 10.1. Normative References 908 [ECMAScript] 909 Ecma International, "ECMAScript Language Specification, 910 5.1 Edition", ECMA 262, June 2011. 912 [IANA.MediaTypes] 913 Internet Assigned Numbers Authority (IANA), "MIME Media 914 Types", 2005. 916 [ITU.X690.1994] 917 International Telecommunications Union, "Information 918 Technology - ASN.1 encoding rules: Specification of Basic 919 Encoding Rules (BER), Canonical Encoding Rules (CER) and 920 Distinguished Encoding Rules (DER)", ITU-T Recommendation 921 X.690, 1994. 923 [JWA] Jones, M., "JSON Web Algorithms (JWA)", 924 draft-ietf-jose-json-web-algorithms (work in progress), 925 September 2014. 927 [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", 928 draft-ietf-jose-json-web-encryption (work in progress), 929 September 2014. 931 [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web 932 Signature (JWS)", draft-ietf-jose-json-web-signature (work 933 in progress), September 2014. 935 [RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic 936 Mail: Part I: Message Encryption and Authentication 937 Procedures", RFC 1421, February 1993. 939 [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 940 Extensions (MIME) Part Two: Media Types", RFC 2046, 941 November 1996. 943 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 944 Requirement Levels", BCP 14, RFC 2119, March 1997. 946 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 948 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 949 10646", STD 63, RFC 3629, November 2003. 951 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 952 Resource Identifier (URI): Generic Syntax", STD 66, 953 RFC 3986, January 2005. 955 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 956 Encodings", RFC 4648, October 2006. 958 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 959 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 961 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 962 Housley, R., and W. Polk, "Internet X.509 Public Key 963 Infrastructure Certificate and Certificate Revocation List 964 (CRL) Profile", RFC 5280, May 2008. 966 [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and 967 Verification of Domain-Based Application Service Identity 968 within Internet Public Key Infrastructure Using X.509 969 (PKIX) Certificates in the Context of Transport Layer 970 Security (TLS)", RFC 6125, March 2011. 972 [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data 973 Interchange Format", RFC 7159, March 2014. 975 [USASCII] American National Standards Institute, "Coded Character 976 Set -- 7-bit American Standard Code for Information 977 Interchange", ANSI X3.4, 1986. 979 10.2. Informative References 981 [DSS] National Institute of Standards and Technology, "Digital 982 Signature Standard (DSS)", FIPS PUB 186-4, July 2013. 984 [HAC] Menezes, A., van Oorschot, P., and S. Vanstone, "Handbook 985 of Applied Cryptography", CRC Press, 1996, 986 . 988 [Kocher] Kocher, P., "Timing Attacks on Implementations of Diffe- 989 Hellman, RSA, DSS, and Other Systems", In Proceedings of 990 the 16th Annual International Cryptology Conference 991 Advances in Cryptology, Springer-Verlag, pp. 104-113, 992 1996. 994 [MagicSignatures] 995 Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic 996 Signatures", January 2011. 998 [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography 999 Standards (PKCS) #1: RSA Cryptography Specifications 1000 Version 2.1", RFC 3447, February 2003. 1002 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1003 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 1004 May 2008. 1006 [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric 1007 Key Container (PSKC)", RFC 6030, October 2010. 1009 [W3C.NOTE-xmldsig-core2-20130411] 1010 Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Roessler, 1011 T., Yiu, K., Datta, P., and S. Cantor, "XML Signature 1012 Syntax and Processing Version 2.0", World Wide Web 1013 Consortium Note NOTE-xmldsig-core2-20130411, April 2013, 1014 . 1016 [WebCrypto] 1017 Sleevi, R. and M. Watson, "Web Cryptography API", World 1018 Wide Web Consortium Draft, March 2014, 1019 . 1021 Appendix A. Example JSON Web Key Sets 1023 A.1. Example Public Keys 1025 The following example JWK Set contains two public keys represented as 1026 JWKs: one using an Elliptic Curve algorithm and a second one using an 1027 RSA algorithm. The first specifies that the key is to be used for 1028 encryption. The second specifies that the key is to be used with the 1029 "RS256" algorithm. Both provide a Key ID for key matching purposes. 1030 In both cases, integers are represented using the base64url encoding 1031 of their big endian representations. (Long lines are broken are for 1032 display purposes only.) 1034 {"keys": 1035 [ 1036 {"kty":"EC", 1037 "crv":"P-256", 1038 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1039 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1040 "use":"enc", 1041 "kid":"1"}, 1043 {"kty":"RSA", 1044 "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 1045 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs 1046 tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 1047 QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI 1048 SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb 1049 w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1050 "e":"AQAB", 1051 "alg":"RS256", 1052 "kid":"2011-04-29"} 1053 ] 1054 } 1056 A.2. Example Private Keys 1058 The following example JWK Set contains two keys represented as JWKs 1059 containing both public and private key values: one using an Elliptic 1060 Curve algorithm and a second one using an RSA algorithm. This 1061 example extends the example in the previous section, adding private 1062 key values. (Line breaks are for display purposes only.) 1063 {"keys": 1064 [ 1065 {"kty":"EC", 1066 "crv":"P-256", 1067 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1068 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1069 "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", 1070 "use":"enc", 1071 "kid":"1"}, 1073 {"kty":"RSA", 1074 "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4 1075 cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMst 1076 n64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2Q 1077 vzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbIS 1078 D08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw 1079 0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1080 "e":"AQAB", 1081 "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9 1082 M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij 1083 wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d 1084 _cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz 1085 nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz 1086 me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", 1087 "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV 1088 nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV 1089 WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", 1090 "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum 1091 qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx 1092 kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", 1093 "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim 1094 YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu 1095 YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", 1096 "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU 1097 vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9 1098 GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", 1099 "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg 1100 UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx 1101 yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", 1102 "alg":"RS256", 1103 "kid":"2011-04-29"} 1104 ] 1105 } 1107 A.3. Example Symmetric Keys 1109 The following example JWK Set contains two symmetric keys represented 1110 as JWKs: one designated as being for use with the AES Key Wrap 1111 algorithm and a second one that is an HMAC key. (Line breaks are for 1112 display purposes only.) 1114 {"keys": 1115 [ 1116 {"kty":"oct", 1117 "alg":"A128KW", 1118 "k":"GawgguFyGrWKav7AX4VKUg"}, 1120 {"kty":"oct", 1121 "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75 1122 aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", 1123 "kid":"HMAC key used in JWS A.1 example"} 1124 ] 1125 } 1127 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter 1128 The following is an example of a JWK with a RSA signing key 1129 represented both as an RSA public key and as an X.509 certificate 1130 using the "x5c" parameter: 1132 {"kty":"RSA", 1133 "use":"sig", 1134 "kid":"1b94c", 1135 "n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08 1136 PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q 1137 u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a 1138 YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH 1139 MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv 1140 VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ", 1141 "e":"AQAB", 1142 "x5c": 1143 ["MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJB 1144 gNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYD 1145 VQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1 1146 wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBg 1147 NVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDV 1148 QQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1w 1149 YmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnH 1150 YMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66 1151 s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6 1152 SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpn 1153 fajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPq 1154 PvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVk 1155 aZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BA 1156 QUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL 1157 +9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1 1158 zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL 1159 2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo 1160 4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTq 1161 gawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA=="] 1162 } 1164 Appendix C. Example Encrypted RSA Private Key 1166 This example encrypts an RSA private key to the recipient using 1167 "PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for 1168 content encryption. 1170 NOTE: Unless otherwise indicated, all line breaks are included solely 1171 for readability. 1173 C.1. Plaintext RSA Private Key 1175 The following RSA key is the plaintext for the encryption operation, 1176 formatted as a JWK object: 1178 { 1179 "kty":"RSA", 1180 "kid":"juliet@capulet.lit", 1181 "use":"enc", 1182 "n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy 1183 O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP 1184 8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0 1185 Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X 1186 OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1 1187 _I8sLGuSiVdt3C_Fn2PZ3Z8i744FPFGGcG1qs2Wz-Q", 1188 "e":"AQAB", 1189 "d":"GRtbIQmhOZtyszfgKdg4u_N-R_mZGU_9k7JQ_jn1DnfTuMdSNprTeaSTyWfS 1190 NkuaAwnOEbIQVy1IQbWVV25NY3ybc_IhUJtfri7bAXYEReWaCl3hdlPKXy9U 1191 vqPYGR0kIXTQRqns-dVJ7jahlI7LyckrpTmrM8dWBo4_PMaenNnPiQgO0xnu 1192 ToxutRZJfJvG4Ox4ka3GORQd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu 1193 rY15k9qMSpG9OX_IJAXmxzAh_tWiZOwk2K4yxH9tS3Lq1yX8C1EWmeRDkK2a 1194 hecG85-oLKQt5VEpWHKmjOi_gJSdSgqcN96X52esAQ", 1195 "p":"2rnSOV4hKSN8sS4CgcQHFbs08XboFDqKum3sc4h3GRxrTmQdl1ZK9uw-PIHf 1196 QP0FkxXVrx-WE-ZEbrqivH_2iCLUS7wAl6XvARt1KkIaUxPPSYB9yk31s0Q8 1197 UK96E3_OrADAYtAJs-M3JxCLfNgqh56HDnETTQhH3rCT5T3yJws", 1198 "q":"1u_RiFDP7LBYh3N4GXLT9OpSKYP0uQZyiaZwBtOCBNJgQxaj10RWjsZu0c6I 1199 edis4S7B_coSKB0Kj9PaPaBzg-IySRvvcQuPamQu66riMhjVtG6TlV8CLCYK 1200 rYl52ziqK0E_ym2QnkwsUX7eYTB7LbAHRK9GqocDE5B0f808I4s", 1201 "dp":"KkMTWqBUefVwZ2_Dbj1pPQqyHSHjj90L5x_MOzqYAJMcLMZtbUtwKqvVDq3 1202 tbEo3ZIcohbDtt6SbfmWzggabpQxNxuBpoOOf_a_HgMXK_lhqigI4y_kqS1w 1203 Y52IwjUn5rgRrJ-yYo1h41KR-vz2pYhEAeYrhttWtxVqLCRViD6c", 1204 "dq":"AvfS0-gRxvn0bwJoMSnFxYcK1WnuEjQFluMGfwGitQBWtfZ1Er7t1xDkbN9 1205 GQTB9yqpDoYaN06H7CFtrkxhJIBQaj6nkF5KKS3TQtQ5qCzkOkmxIe3KRbBy 1206 mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu_lRFCOJ3xDea-ots", 1207 "qi":"lSQi-w9CpyUReMErP1RsBLk7wNtOvs5EQpPqmuMvqW57NBUczScEoPwmUqq 1208 abu9V0-Py4dQ57_bapoKRu1R90bvuFnU63SHWEFglZQvJDMeAvmj4sm-Fp0o 1209 Yu_neotgQ0hzbI5gry7ajdYy9-2lNx_76aBZoOUu9HCJ-UsfSOI8" 1210 } 1212 The octets representing the Plaintext used in this example (using 1213 JSON array notation) are: 1215 [123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107, 1216 105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112, 1217 117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34, 1218 58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56, 1219 80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78, 1220 89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87, 1221 101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49, 1222 103, 80, 78, 113, 70, 77, 83, 81, 82, 121, 79, 49, 50, 53, 71, 112, 1223 45, 84, 69, 107, 111, 100, 104, 87, 114, 48, 105, 117, 106, 106, 72, 1224 86, 120, 55, 66, 99, 86, 48, 108, 108, 83, 52, 119, 53, 65, 67, 71, 1225 103, 80, 114, 99, 65, 100, 54, 90, 99, 83, 82, 48, 45, 73, 113, 111, 1226 109, 45, 81, 70, 99, 78, 80, 56, 83, 106, 103, 48, 56, 54, 77, 119, 1227 111, 113, 81, 85, 95, 76, 89, 121, 119, 108, 65, 71, 90, 50, 49, 87, 1228 83, 100, 83, 95, 80, 69, 82, 121, 71, 70, 105, 78, 110, 106, 51, 81, 1229 81, 108, 79, 56, 89, 110, 115, 53, 106, 67, 116, 76, 67, 82, 119, 76, 1230 72, 76, 48, 80, 98, 49, 102, 69, 118, 52, 53, 65, 117, 82, 73, 117, 1231 85, 102, 86, 99, 80, 121, 83, 66, 87, 89, 110, 68, 121, 71, 120, 118, 1232 106, 89, 71, 68, 83, 77, 45, 65, 113, 87, 83, 57, 122, 73, 81, 50, 1233 90, 105, 108, 103, 84, 45, 71, 113, 85, 109, 105, 112, 103, 48, 88, 1234 79, 67, 48, 67, 99, 50, 48, 114, 103, 76, 101, 50, 121, 109, 76, 72, 1235 106, 112, 72, 99, 105, 67, 75, 86, 65, 98, 89, 53, 45, 76, 51, 50, 1236 45, 108, 83, 101, 90, 79, 45, 79, 115, 54, 85, 49, 53, 95, 97, 88, 1237 114, 107, 57, 71, 119, 56, 99, 80, 85, 97, 88, 49, 95, 73, 56, 115, 1238 76, 71, 117, 83, 105, 86, 100, 116, 51, 67, 95, 70, 110, 50, 80, 90, 1239 51, 90, 56, 105, 55, 52, 52, 70, 80, 70, 71, 71, 99, 71, 49, 113, 1240 115, 50, 87, 122, 45, 81, 34, 44, 34, 101, 34, 58, 34, 65, 81, 65, 1241 66, 34, 44, 34, 100, 34, 58, 34, 71, 82, 116, 98, 73, 81, 109, 104, 1242 79, 90, 116, 121, 115, 122, 102, 103, 75, 100, 103, 52, 117, 95, 78, 1243 45, 82, 95, 109, 90, 71, 85, 95, 57, 107, 55, 74, 81, 95, 106, 110, 1244 49, 68, 110, 102, 84, 117, 77, 100, 83, 78, 112, 114, 84, 101, 97, 1245 83, 84, 121, 87, 102, 83, 78, 107, 117, 97, 65, 119, 110, 79, 69, 98, 1246 73, 81, 86, 121, 49, 73, 81, 98, 87, 86, 86, 50, 53, 78, 89, 51, 121, 1247 98, 99, 95, 73, 104, 85, 74, 116, 102, 114, 105, 55, 98, 65, 88, 89, 1248 69, 82, 101, 87, 97, 67, 108, 51, 104, 100, 108, 80, 75, 88, 121, 57, 1249 85, 118, 113, 80, 89, 71, 82, 48, 107, 73, 88, 84, 81, 82, 113, 110, 1250 115, 45, 100, 86, 74, 55, 106, 97, 104, 108, 73, 55, 76, 121, 99, 1251 107, 114, 112, 84, 109, 114, 77, 56, 100, 87, 66, 111, 52, 95, 80, 1252 77, 97, 101, 110, 78, 110, 80, 105, 81, 103, 79, 48, 120, 110, 117, 1253 84, 111, 120, 117, 116, 82, 90, 74, 102, 74, 118, 71, 52, 79, 120, 1254 52, 107, 97, 51, 71, 79, 82, 81, 100, 57, 67, 115, 67, 90, 50, 118, 1255 115, 85, 68, 109, 115, 88, 79, 102, 85, 69, 78, 79, 121, 77, 113, 65, 1256 68, 67, 54, 112, 49, 77, 51, 104, 51, 51, 116, 115, 117, 114, 89, 49, 1257 53, 107, 57, 113, 77, 83, 112, 71, 57, 79, 88, 95, 73, 74, 65, 88, 1258 109, 120, 122, 65, 104, 95, 116, 87, 105, 90, 79, 119, 107, 50, 75, 1259 52, 121, 120, 72, 57, 116, 83, 51, 76, 113, 49, 121, 88, 56, 67, 49, 1260 69, 87, 109, 101, 82, 68, 107, 75, 50, 97, 104, 101, 99, 71, 56, 53, 1261 45, 111, 76, 75, 81, 116, 53, 86, 69, 112, 87, 72, 75, 109, 106, 79, 1262 105, 95, 103, 74, 83, 100, 83, 103, 113, 99, 78, 57, 54, 88, 53, 50, 1263 101, 115, 65, 81, 34, 44, 34, 112, 34, 58, 34, 50, 114, 110, 83, 79, 1264 86, 52, 104, 75, 83, 78, 56, 115, 83, 52, 67, 103, 99, 81, 72, 70, 1265 98, 115, 48, 56, 88, 98, 111, 70, 68, 113, 75, 117, 109, 51, 115, 99, 1266 52, 104, 51, 71, 82, 120, 114, 84, 109, 81, 100, 108, 49, 90, 75, 57, 1267 117, 119, 45, 80, 73, 72, 102, 81, 80, 48, 70, 107, 120, 88, 86, 114, 1268 120, 45, 87, 69, 45, 90, 69, 98, 114, 113, 105, 118, 72, 95, 50, 105, 1269 67, 76, 85, 83, 55, 119, 65, 108, 54, 88, 118, 65, 82, 116, 49, 75, 1270 107, 73, 97, 85, 120, 80, 80, 83, 89, 66, 57, 121, 107, 51, 49, 115, 1271 48, 81, 56, 85, 75, 57, 54, 69, 51, 95, 79, 114, 65, 68, 65, 89, 116, 1272 65, 74, 115, 45, 77, 51, 74, 120, 67, 76, 102, 78, 103, 113, 104, 53, 1273 54, 72, 68, 110, 69, 84, 84, 81, 104, 72, 51, 114, 67, 84, 53, 84, 1274 51, 121, 74, 119, 115, 34, 44, 34, 113, 34, 58, 34, 49, 117, 95, 82, 1275 105, 70, 68, 80, 55, 76, 66, 89, 104, 51, 78, 52, 71, 88, 76, 84, 57, 1276 79, 112, 83, 75, 89, 80, 48, 117, 81, 90, 121, 105, 97, 90, 119, 66, 1277 116, 79, 67, 66, 78, 74, 103, 81, 120, 97, 106, 49, 48, 82, 87, 106, 1278 115, 90, 117, 48, 99, 54, 73, 101, 100, 105, 115, 52, 83, 55, 66, 95, 1279 99, 111, 83, 75, 66, 48, 75, 106, 57, 80, 97, 80, 97, 66, 122, 103, 1280 45, 73, 121, 83, 82, 118, 118, 99, 81, 117, 80, 97, 109, 81, 117, 54, 1281 54, 114, 105, 77, 104, 106, 86, 116, 71, 54, 84, 108, 86, 56, 67, 76, 1282 67, 89, 75, 114, 89, 108, 53, 50, 122, 105, 113, 75, 48, 69, 95, 121, 1283 109, 50, 81, 110, 107, 119, 115, 85, 88, 55, 101, 89, 84, 66, 55, 76, 1284 98, 65, 72, 82, 75, 57, 71, 113, 111, 99, 68, 69, 53, 66, 48, 102, 1285 56, 48, 56, 73, 52, 115, 34, 44, 34, 100, 112, 34, 58, 34, 75, 107, 1286 77, 84, 87, 113, 66, 85, 101, 102, 86, 119, 90, 50, 95, 68, 98, 106, 1287 49, 112, 80, 81, 113, 121, 72, 83, 72, 106, 106, 57, 48, 76, 53, 120, 1288 95, 77, 79, 122, 113, 89, 65, 74, 77, 99, 76, 77, 90, 116, 98, 85, 1289 116, 119, 75, 113, 118, 86, 68, 113, 51, 116, 98, 69, 111, 51, 90, 1290 73, 99, 111, 104, 98, 68, 116, 116, 54, 83, 98, 102, 109, 87, 122, 1291 103, 103, 97, 98, 112, 81, 120, 78, 120, 117, 66, 112, 111, 79, 79, 1292 102, 95, 97, 95, 72, 103, 77, 88, 75, 95, 108, 104, 113, 105, 103, 1293 73, 52, 121, 95, 107, 113, 83, 49, 119, 89, 53, 50, 73, 119, 106, 85, 1294 110, 53, 114, 103, 82, 114, 74, 45, 121, 89, 111, 49, 104, 52, 49, 1295 75, 82, 45, 118, 122, 50, 112, 89, 104, 69, 65, 101, 89, 114, 104, 1296 116, 116, 87, 116, 120, 86, 113, 76, 67, 82, 86, 105, 68, 54, 99, 34, 1297 44, 34, 100, 113, 34, 58, 34, 65, 118, 102, 83, 48, 45, 103, 82, 120, 1298 118, 110, 48, 98, 119, 74, 111, 77, 83, 110, 70, 120, 89, 99, 75, 49, 1299 87, 110, 117, 69, 106, 81, 70, 108, 117, 77, 71, 102, 119, 71, 105, 1300 116, 81, 66, 87, 116, 102, 90, 49, 69, 114, 55, 116, 49, 120, 68, 1301 107, 98, 78, 57, 71, 81, 84, 66, 57, 121, 113, 112, 68, 111, 89, 97, 1302 78, 48, 54, 72, 55, 67, 70, 116, 114, 107, 120, 104, 74, 73, 66, 81, 1303 97, 106, 54, 110, 107, 70, 53, 75, 75, 83, 51, 84, 81, 116, 81, 53, 1304 113, 67, 122, 107, 79, 107, 109, 120, 73, 101, 51, 75, 82, 98, 66, 1305 121, 109, 88, 120, 107, 98, 53, 113, 119, 85, 112, 88, 53, 69, 76, 1306 68, 53, 120, 70, 99, 54, 70, 101, 105, 97, 102, 87, 89, 89, 54, 51, 1307 84, 109, 109, 69, 65, 117, 95, 108, 82, 70, 67, 79, 74, 51, 120, 68, 1308 101, 97, 45, 111, 116, 115, 34, 44, 34, 113, 105, 34, 58, 34, 108, 1309 83, 81, 105, 45, 119, 57, 67, 112, 121, 85, 82, 101, 77, 69, 114, 80, 1310 49, 82, 115, 66, 76, 107, 55, 119, 78, 116, 79, 118, 115, 53, 69, 81, 1311 112, 80, 113, 109, 117, 77, 118, 113, 87, 53, 55, 78, 66, 85, 99, 1312 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, 1313 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, 1314 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, 1315 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, 1316 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, 1317 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, 1318 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, 1319 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, 1320 125] 1322 C.2. JOSE Header 1324 The following example JWE Protected Header declares that: 1326 o the Content Encryption Key is encrypted to the recipient using the 1327 PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, 1329 o the Salt Input ("p2s") value is [217, 96, 147, 112, 150, 117, 70, 1330 247, 127, 8, 155, 137, 174, 42, 80, 215], 1332 o the Iteration Count ("p2c") value is 4096, 1334 o the Plaintext is encrypted using the AES_128_CBC_HMAC_SHA_256 1335 algorithm to produce the Ciphertext, and 1337 o the content type is application/jwk+json. 1339 { 1340 "alg":"PBES2-HS256+A128KW", 1341 "p2s":"2WCTcJZ1Rvd_CJuJripQ1w", 1342 "p2c":4096, 1343 "enc":"A128CBC-HS256", 1344 "cty":"jwk+json" 1345 } 1347 Encoding this JWE Protected Header as BASE64URL(UTF8(JWE Protected 1348 Header)) gives this value (with line breaks for display purposes 1349 only): 1351 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1352 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1353 andrK2pzb24ifQ 1355 C.3. Content Encryption Key (CEK) 1357 Generate a 256 bit random Content Encryption Key (CEK). In this 1358 example, the value (using JSON array notation) is: 1360 [111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 112, 1361 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 48, 1362 253, 182] 1364 C.4. Key Derivation 1366 Derive a key from a shared passphrase using the PBKDF2 algorithm with 1367 HMAC SHA-256 and the specified Salt and Iteration Count values and a 1368 128 bit requested output key size to produce the PBKDF2 Derived Key. 1369 This example uses the following passphrase: 1371 Thus from my lips, by yours, my sin is purged. 1373 The octets representing the passphrase are: 1375 [84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108, 1376 105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, 1377 109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103, 1378 101, 100, 46] 1380 The Salt value (UTF8(Alg) || 0x00 || Salt Input) is: 1382 [80, 66, 69, 83, 50, 45, 72, 83, 50, 53, 54, 43, 65, 49, 50, 56, 75, 1383 87, 0, 217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 155, 137, 174, 1384 42, 80, 215]. 1386 The resulting PBKDF2 Derived Key value is: 1388 [110, 171, 169, 92, 129, 92, 109, 117, 233, 242, 116, 233, 170, 14, 1389 24, 75] 1391 C.5. Key Encryption 1393 Encrypt the CEK with the "A128KW" algorithm using the PBKDF2 Derived 1394 Key. The resulting JWE Encrypted Key value is: 1396 [78, 186, 151, 59, 11, 141, 81, 240, 213, 245, 83, 211, 53, 188, 134, 1397 188, 66, 125, 36, 200, 222, 124, 5, 103, 249, 52, 117, 184, 140, 81, 1398 246, 158, 161, 177, 20, 33, 245, 57, 59, 4] 1400 Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives 1401 this value: 1403 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA 1405 C.6. Initialization Vector 1407 Generate a random 128 bit JWE Initialization Vector. In this 1408 example, the value is: 1410 [97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149, 1411 156] 1412 Encoding this JWE Initialization Vector as BASE64URL(JWE 1413 Initialization Vector) gives this value: 1415 Ye9j1qs22DmRSAddIh-VnA 1417 C.7. Additional Authenticated Data 1419 Let the Additional Authenticated Data encryption parameter be 1420 ASCII(BASE64URL(UTF8(JWE Protected Header))). This value is: 1422 [123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, 1423 50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, 1424 58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, 1425 117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, 1426 52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, 1427 66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, 1428 106, 119, 107, 43, 106, 115, 111, 110, 34, 125] 1430 C.8. Content Encryption 1432 Encrypt the Plaintext with AES_128_CBC_HMAC_SHA_256 using the CEK as 1433 the encryption key, the JWE Initialization Vector, and the Additional 1434 Authenticated Data value above. The resulting Ciphertext is: 1436 [3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, 1437 131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, 1438 112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, 1439 157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, 1440 129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60, 1441 60, 47, 233, 132, 121, 13, 35, 188, 53, 19, 172, 77, 59, 54, 211, 1442 158, 172, 25, 60, 111, 0, 80, 201, 158, 160, 210, 68, 55, 12, 67, 1443 136, 130, 87, 216, 197, 95, 62, 20, 155, 205, 5, 140, 27, 168, 221, 1444 65, 114, 78, 157, 254, 46, 206, 182, 52, 135, 87, 239, 3, 34, 186, 1445 126, 220, 151, 17, 33, 237, 57, 96, 172, 183, 58, 45, 248, 103, 241, 1446 142, 136, 7, 53, 16, 173, 181, 7, 93, 92, 252, 1, 53, 212, 242, 8, 1447 255, 11, 239, 181, 24, 148, 136, 111, 24, 161, 244, 23, 106, 69, 157, 1448 215, 243, 189, 240, 166, 169, 249, 72, 38, 201, 99, 223, 173, 229, 9, 1449 222, 82, 79, 157, 176, 248, 85, 239, 121, 163, 1, 31, 48, 98, 206, 1450 61, 249, 104, 216, 201, 227, 105, 48, 194, 193, 10, 36, 160, 159, 1451 241, 166, 84, 54, 188, 211, 243, 242, 40, 46, 45, 193, 193, 160, 169, 1452 101, 201, 1, 73, 47, 105, 142, 88, 28, 42, 132, 26, 61, 58, 63, 142, 1453 243, 77, 26, 179, 153, 166, 46, 203, 208, 49, 55, 229, 34, 178, 4, 1454 109, 180, 204, 204, 115, 1, 103, 193, 5, 91, 215, 214, 195, 1, 110, 1455 208, 53, 144, 36, 105, 12, 54, 25, 129, 101, 15, 183, 150, 250, 147, 1456 115, 227, 58, 250, 5, 128, 232, 63, 15, 14, 19, 141, 124, 253, 142, 1457 137, 189, 135, 26, 44, 240, 27, 88, 132, 105, 127, 6, 71, 37, 41, 1458 124, 187, 165, 140, 34, 200, 123, 80, 228, 24, 231, 176, 132, 171, 1459 138, 145, 152, 116, 224, 50, 141, 51, 147, 91, 186, 7, 246, 106, 217, 1460 148, 244, 227, 244, 45, 220, 121, 165, 224, 148, 181, 17, 181, 128, 1461 197, 101, 237, 11, 169, 229, 149, 199, 78, 56, 15, 14, 190, 91, 216, 1462 222, 247, 213, 74, 40, 8, 96, 20, 168, 119, 96, 26, 24, 52, 37, 82, 1463 127, 57, 176, 147, 118, 59, 7, 224, 33, 117, 72, 155, 29, 82, 26, 1464 215, 189, 140, 119, 28, 152, 118, 93, 222, 194, 192, 148, 115, 83, 1465 253, 216, 212, 108, 88, 83, 175, 172, 220, 97, 79, 110, 42, 223, 170, 1466 161, 34, 164, 144, 193, 76, 122, 92, 160, 41, 178, 175, 6, 35, 96, 1467 113, 96, 158, 90, 129, 101, 26, 45, 70, 180, 189, 230, 15, 5, 247, 1468 150, 209, 94, 171, 26, 13, 142, 212, 129, 1, 176, 5, 0, 112, 203, 1469 174, 185, 119, 76, 233, 189, 54, 172, 189, 245, 223, 253, 205, 12, 1470 88, 9, 126, 157, 225, 90, 40, 229, 191, 63, 30, 160, 224, 69, 3, 140, 1471 109, 70, 89, 37, 213, 245, 194, 210, 180, 188, 63, 210, 139, 221, 2, 1472 144, 200, 20, 177, 216, 29, 227, 242, 106, 12, 135, 142, 139, 144, 1473 82, 225, 162, 171, 176, 108, 99, 6, 43, 193, 161, 116, 234, 216, 1, 1474 242, 21, 124, 162, 98, 205, 124, 193, 38, 12, 242, 90, 101, 76, 204, 1475 184, 124, 58, 180, 16, 240, 26, 76, 195, 250, 212, 191, 185, 191, 97, 1476 198, 186, 73, 225, 75, 14, 90, 123, 121, 172, 101, 50, 160, 221, 141, 1477 253, 205, 126, 77, 9, 87, 198, 110, 104, 182, 141, 120, 51, 25, 232, 1478 3, 32, 80, 6, 156, 8, 18, 4, 135, 221, 142, 25, 135, 2, 129, 132, 1479 115, 227, 74, 141, 28, 119, 11, 141, 117, 134, 198, 62, 150, 254, 97, 1480 75, 197, 251, 99, 89, 204, 224, 226, 67, 83, 175, 89, 0, 81, 29, 38, 1481 207, 89, 140, 255, 197, 177, 164, 128, 62, 116, 224, 180, 109, 169, 1482 28, 2, 59, 176, 130, 252, 44, 178, 81, 24, 181, 176, 75, 44, 61, 91, 1483 12, 37, 21, 255, 83, 130, 197, 16, 231, 60, 217, 56, 131, 118, 168, 1484 202, 58, 52, 84, 124, 162, 185, 174, 162, 226, 242, 112, 68, 246, 1485 202, 16, 208, 52, 154, 58, 129, 80, 102, 33, 171, 6, 186, 177, 14, 1486 195, 88, 136, 6, 0, 155, 28, 100, 162, 207, 162, 222, 117, 248, 170, 1487 208, 114, 87, 31, 57, 176, 33, 57, 83, 253, 12, 168, 110, 194, 59, 1488 22, 86, 48, 227, 196, 22, 176, 218, 122, 149, 21, 249, 195, 178, 174, 1489 250, 20, 34, 120, 60, 139, 201, 99, 40, 18, 177, 17, 54, 54, 6, 3, 1490 222, 128, 160, 88, 11, 27, 0, 81, 192, 36, 41, 169, 146, 8, 47, 64, 1491 136, 28, 64, 209, 67, 135, 202, 20, 234, 182, 91, 204, 146, 195, 187, 1492 0, 72, 77, 11, 111, 152, 204, 252, 177, 212, 89, 33, 50, 132, 184, 1493 44, 183, 186, 19, 250, 69, 176, 201, 102, 140, 14, 143, 212, 212, 1494 160, 123, 208, 185, 27, 155, 68, 77, 133, 198, 2, 126, 155, 215, 22, 1495 91, 30, 217, 176, 172, 244, 156, 174, 143, 75, 90, 21, 102, 1, 160, 1496 59, 253, 188, 88, 57, 185, 197, 83, 24, 22, 180, 174, 47, 207, 52, 1, 1497 141, 146, 119, 233, 68, 228, 224, 228, 193, 248, 155, 202, 90, 7, 1498 213, 88, 33, 108, 107, 14, 86, 8, 120, 250, 58, 142, 35, 164, 238, 1499 221, 219, 35, 123, 88, 199, 192, 143, 104, 83, 17, 166, 243, 247, 11, 1500 166, 67, 68, 204, 132, 23, 110, 103, 228, 14, 55, 122, 88, 57, 180, 1501 178, 237, 52, 130, 214, 245, 102, 123, 67, 73, 175, 1, 127, 112, 148, 1502 94, 132, 164, 197, 153, 217, 87, 25, 89, 93, 63, 22, 66, 166, 90, 1503 251, 101, 10, 145, 66, 17, 124, 36, 255, 165, 226, 97, 16, 86, 112, 1504 154, 88, 105, 253, 56, 209, 229, 122, 103, 51, 24, 228, 190, 3, 236, 1505 48, 182, 121, 176, 140, 128, 117, 87, 251, 224, 37, 23, 248, 21, 218, 1506 85, 251, 136, 84, 147, 143, 144, 46, 155, 183, 251, 89, 86, 23, 26, 1507 237, 100, 167, 32, 130, 173, 237, 89, 55, 110, 70, 142, 127, 65, 230, 1508 208, 109, 69, 19, 253, 84, 130, 130, 193, 92, 58, 108, 150, 42, 136, 1509 249, 234, 86, 241, 182, 19, 117, 246, 26, 181, 92, 101, 155, 44, 103, 1510 235, 173, 30, 140, 90, 29, 183, 190, 77, 53, 206, 127, 5, 87, 8, 187, 1511 184, 92, 4, 157, 22, 18, 105, 251, 39, 88, 182, 181, 103, 148, 233, 1512 6, 63, 70, 188, 7, 101, 216, 127, 77, 31, 12, 233, 7, 147, 106, 30, 1513 150, 77, 145, 13, 205, 48, 56, 245, 220, 89, 252, 127, 51, 180, 36, 1514 31, 55, 18, 214, 230, 254, 217, 197, 65, 247, 27, 215, 117, 247, 108, 1515 157, 121, 11, 63, 150, 195, 83, 6, 134, 242, 41, 24, 105, 204, 5, 63, 1516 192, 14, 159, 113, 72, 140, 128, 51, 215, 80, 215, 39, 149, 94, 79, 1517 128, 34, 5, 129, 82, 83, 121, 187, 37, 146, 27, 32, 177, 167, 71, 9, 1518 195, 30, 199, 196, 205, 252, 207, 69, 8, 120, 27, 190, 51, 43, 75, 1519 249, 234, 167, 116, 206, 203, 199, 43, 108, 87, 48, 155, 140, 228, 1520 210, 85, 25, 161, 96, 67, 8, 205, 64, 39, 75, 88, 44, 238, 227, 16, 1521 0, 100, 93, 129, 18, 4, 149, 50, 68, 72, 99, 35, 111, 254, 27, 102, 1522 175, 108, 233, 87, 181, 44, 169, 18, 139, 79, 208, 14, 202, 192, 5, 1523 162, 222, 231, 149, 24, 211, 49, 120, 101, 39, 206, 87, 147, 204, 1524 200, 251, 104, 115, 5, 127, 117, 195, 79, 151, 18, 224, 52, 0, 245, 1525 4, 85, 255, 103, 217, 0, 116, 198, 80, 91, 167, 192, 154, 199, 197, 1526 149, 237, 51, 2, 131, 30, 226, 95, 105, 48, 68, 135, 208, 144, 120, 1527 176, 145, 157, 8, 171, 80, 94, 61, 92, 92, 220, 157, 13, 138, 51, 23, 1528 185, 124, 31, 77, 1, 87, 241, 43, 239, 55, 122, 86, 210, 48, 208, 1529 204, 112, 144, 80, 147, 106, 219, 47, 253, 31, 134, 176, 16, 135, 1530 219, 95, 17, 129, 83, 236, 125, 136, 112, 86, 228, 252, 71, 129, 218, 1531 174, 156, 236, 12, 27, 159, 11, 138, 252, 253, 207, 31, 115, 214, 1532 118, 239, 203, 16, 211, 205, 99, 22, 51, 163, 107, 162, 246, 199, 67, 1533 127, 34, 108, 197, 53, 117, 58, 199, 3, 190, 74, 70, 190, 65, 235, 1534 175, 97, 157, 215, 252, 189, 245, 100, 229, 248, 46, 90, 126, 237, 4, 1535 159, 128, 58, 7, 156, 236, 69, 191, 85, 240, 179, 224, 249, 152, 49, 1536 195, 223, 60, 78, 186, 157, 155, 217, 58, 105, 116, 164, 217, 111, 1537 215, 150, 218, 252, 84, 86, 248, 140, 240, 226, 61, 106, 208, 95, 60, 1538 163, 6, 0, 235, 253, 162, 96, 62, 234, 251, 249, 35, 21, 7, 211, 233, 1539 86, 50, 33, 203, 67, 248, 60, 190, 123, 48, 167, 226, 90, 191, 71, 1540 56, 183, 165, 17, 85, 76, 238, 140, 211, 168, 53, 223, 194, 4, 97, 1541 149, 156, 120, 137, 76, 33, 229, 243, 194, 208, 198, 202, 139, 28, 1542 114, 46, 224, 92, 254, 83, 100, 134, 158, 92, 70, 78, 61, 62, 138, 1543 24, 173, 216, 66, 198, 70, 254, 47, 59, 193, 53, 6, 139, 19, 153, 1544 253, 28, 199, 122, 160, 27, 67, 234, 209, 227, 139, 4, 50, 7, 178, 1545 183, 89, 252, 32, 128, 137, 55, 52, 29, 89, 12, 111, 42, 181, 51, 1546 170, 132, 132, 207, 170, 228, 254, 178, 213, 0, 136, 175, 8] 1548 The resulting Authentication Tag value is: 1550 [208, 113, 102, 132, 236, 236, 67, 223, 39, 53, 98, 99, 32, 121, 17, 1551 236] 1553 Encoding this JWE Ciphertext as BASE64URL(JWE Ciphertext) gives this 1554 value (with line breaks for display purposes only): 1556 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1557 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1558 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1559 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1560 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1561 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1562 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1563 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1564 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1565 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1566 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1567 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1568 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1569 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1570 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1571 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1572 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1573 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1574 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1575 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1576 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1577 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1578 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1579 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1580 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1581 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1582 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1583 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1584 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1585 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1586 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1587 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1588 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1589 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg 1591 Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication 1592 Tag) gives this value: 1594 0HFmhOzsQ98nNWJjIHkR7A 1596 C.9. Complete Representation 1598 Assemble the final representation: The Compact Serialization of this 1599 result is the string BASE64URL(UTF8(JWE Protected Header)) || '.' || 1600 BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization 1601 Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE 1602 Authentication Tag). 1604 The final result in this example is: 1606 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1607 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1608 andrK2pzb24ifQ. 1609 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA. 1610 Ye9j1qs22DmRSAddIh-VnA. 1611 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1612 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1613 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1614 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1615 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1616 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1617 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1618 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1619 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1620 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1621 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1622 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1623 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1624 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1625 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1626 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1627 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1628 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1629 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1630 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1631 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1632 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1633 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1634 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1635 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1636 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1637 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1638 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1639 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1640 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1641 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1642 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1643 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1644 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg. 1645 0HFmhOzsQ98nNWJjIHkR7A 1647 Appendix D. Acknowledgements 1649 A JSON representation for RSA public keys was previously introduced 1650 by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures 1652 [MagicSignatures]. 1654 Thanks to Matt Miller for creating the encrypted key example and to 1655 Edmund Jay and Brian Campbell for validating the example. 1657 This specification is the work of the JOSE Working Group, which 1658 includes dozens of active and dedicated participants. In particular, 1659 the following individuals contributed ideas, feedback, and wording 1660 that influenced this specification: 1662 Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de 1663 Medeiros, Joe Hildebrand, Edmund Jay, Ben Laurie, James Manger, Matt 1664 Miller, Kathleen Moriarty, Tony Nadalin, Axel Nennker, John Panzer, 1665 Eric Rescorla, Nat Sakimura, Jim Schaad, Ryan Sleevi, Paul Tarjan, 1666 Hannes Tschofenig, and Sean Turner. 1668 Jim Schaad and Karen O'Donoghue chaired the JOSE working group and 1669 Sean Turner, Stephen Farrell, and Kathleen Moriarty served as 1670 Security area directors during the creation of this specification. 1672 Appendix E. Document History 1674 [[ to be removed by the RFC Editor before publication as an RFC ]] 1676 -32 1678 o Addressed Gen-ART review comments by Russ Housley. 1680 o Addressed secdir review comments by Stephen Kent. 1682 -31 1684 o No changes were made, other than to the version number and date. 1686 -30 1688 o Added references and cleaned up the reference syntax in a few 1689 places. 1691 o Applied minor wording changes to the Security Considerations 1692 section. 1694 -29 1696 o Replaced the terms JWS Header, JWE Header, and JWT Header with a 1697 single JOSE Header term defined in the JWS specification. This 1698 also enabled a single Header Parameter definition to be used and 1699 reduced other areas of duplication between specifications. 1701 -28 1703 o Revised the introduction to the Security Considerations section. 1705 o Refined the text about when applications using encrypted JWKs and 1706 JWK Sets would not need to use the "cty" header parameter. 1708 -27 1710 o Added an example JWK early in the draft. 1712 o Described additional security considerations. 1714 o Added the "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) JWK 1715 member. 1717 o Addressed a few editorial issues. 1719 -26 1721 o Referenced Section 6 of RFC 6125 for TLS server certificate 1722 identity validation. 1724 o Deleted misleading non-normative phrase from the "use" 1725 description. 1727 o Noted that octet sequences are depicted using JSON array notation. 1729 o Updated references, including to W3C specifications. 1731 -25 1733 o Updated WebCrypto reference to refer to W3C Last Call draft. 1735 -24 1737 o Corrected the authentication tag value in the encrypted key 1738 example. 1740 o Updated the JSON reference to RFC 7159. 1742 -23 1744 o No changes were made, other than to the version number and date. 1746 -22 1747 o Corrected RFC 2119 terminology usage. 1749 o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158. 1751 -21 1753 o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey" 1754 and "unwrapKey" to match the "KeyUsage" values defined in the 1755 current Web Cryptography API [WebCrypto] editor's draft. 1757 o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt 1758 Input), where the "p2s" Header Parameter encodes the Salt Input 1759 value and Alg is the "alg" Header Parameter value. 1761 o Changed some references from being normative to informative, 1762 addressing issue #90. 1764 -20 1766 o Renamed "use_details" to "key_ops" (key operations). 1768 o Clarified that "use" is meant for public key use cases, "key_ops" 1769 is meant for use cases in which public, private, or symmetric keys 1770 may be present, and that "use" and "key_ops" should not be used 1771 together. 1773 o Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis, 1774 addressing issue #90. 1776 -19 1778 o Added optional "use_details" (key use details) JWK member. 1780 o Reordered the key selection parameters. 1782 -18 1784 o Changes to address editorial and minor issues #68, #69, #73, #74, 1785 #76, #77, #78, #79, #82, #85, #89, and #135. 1787 o Added and used Description registry fields. 1789 -17 1791 o Refined the "typ" and "cty" definitions to always be MIME Media 1792 Types, with the omission of "application/" prefixes recommended 1793 for brevity, addressing issue #50. 1795 o Added an example encrypting an RSA private key with 1796 "PBES2-HS256+A128KW" and "A128CBC-HS256". Thanks to Matt Miller 1797 for producing this! 1799 o Processing rules occurring in both JWS and JWK are now referenced 1800 in JWS by JWK, rather than duplicated, addressing issue #57. 1802 o Terms used in multiple documents are now defined in one place and 1803 incorporated by reference. Some lightly used or obvious terms 1804 were also removed. This addresses issue #58. 1806 -16 1808 o Changes to address editorial and minor issues #41, #42, #43, #47, 1809 #51, #67, #71, #76, #80, #83, #84, #85, #86, #87, and #88. 1811 -15 1813 o Changes to address editorial issues #48, #64, #65, #66, and #91. 1815 -14 1817 o Relaxed language introducing key parameters since some parameters 1818 are applicable to multiple, but not all, key types. 1820 -13 1822 o Applied spelling and grammar corrections. 1824 -12 1826 o Stated that recipients MUST either reject JWKs and JWK Sets with 1827 duplicate member names or use a JSON parser that returns only the 1828 lexically last duplicate member name. 1830 -11 1832 o Stated that when "kid" values are used within a JWK Set, different 1833 keys within the JWK Set SHOULD use distinct "kid" values. 1835 o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate 1836 Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters. 1838 o Added section on Encrypted JWK and Encrypted JWK Set Formats. 1840 o Added a Parameter Information Class value to the JSON Web Key 1841 Parameters registry, which registers whether the parameter conveys 1842 public or private information. 1844 o Registered "application/jwk+json" and "application/jwk-set+json" 1845 MIME types and "JWK" and "JWK-SET" typ header parameter values, 1846 addressing issue #21. 1848 -10 1850 o No changes were made, other than to the version number and date. 1852 -09 1854 o Expanded the scope of the JWK specification to include private and 1855 symmetric key representations, as specified by 1856 draft-jones-jose-json-private-and-symmetric-key-00. 1858 o Defined that members that are not understood must be ignored. 1860 -08 1862 o Changed the name of the JWK key type parameter from "alg" to "kty" 1863 to enable use of "alg" to indicate the particular algorithm that 1864 the key is intended to be used with. 1866 o Clarified statements of the form "This member is OPTIONAL" to "Use 1867 of this member is OPTIONAL". 1869 o Referenced String Comparison Rules in JWS. 1871 o Added seriesInfo information to Internet Draft references. 1873 -07 1875 o Changed the name of the JWK RSA modulus parameter from "mod" to 1876 "n" and the name of the JWK RSA exponent parameter from "xpo" to 1877 "e", so that the identifiers are the same as those used in RFC 1878 3447. 1880 -06 1882 o Changed the name of the JWK RSA exponent parameter from "exp" to 1883 "xpo" so as to allow the potential use of the name "exp" for a 1884 future extension that might define an expiration parameter for 1885 keys. (The "exp" name is already used for this purpose in the JWT 1886 specification.) 1888 o Clarify that the "alg" (algorithm family) member is REQUIRED. 1890 o Correct an instance of "JWK" that should have been "JWK Set". 1892 o Applied changes made by the RFC Editor to RFC 6749's registry 1893 language to this specification. 1895 -05 1897 o Indented artwork elements to better distinguish them from the body 1898 text. 1900 -04 1902 o Refer to the registries as the primary sources of defined values 1903 and then secondarily reference the sections defining the initial 1904 contents of the registries. 1906 o Normatively reference XML DSIG 2.0 for its security 1907 considerations. 1909 o Added this language to Registration Templates: "This name is case 1910 sensitive. Names that match other registered names in a case 1911 insensitive manner SHOULD NOT be accepted." 1913 o Described additional open issues. 1915 o Applied editorial suggestions. 1917 -03 1919 o Clarified that "kid" values need not be unique within a JWK Set. 1921 o Moved JSON Web Key Parameters registry to the JWK specification. 1923 o Added "Collision Resistant Namespace" to the terminology section. 1925 o Changed registration requirements from RFC Required to 1926 Specification Required with Expert Review. 1928 o Added Registration Template sections for defined registries. 1930 o Added Registry Contents sections to populate registry values. 1932 o Numerous editorial improvements. 1934 -02 1936 o Simplified JWK terminology to get replace the "JWK Key Object" and 1937 "JWK Container Object" terms with simply "JSON Web Key (JWK)" and 1938 "JSON Web Key Set (JWK Set)" and to eliminate potential confusion 1939 between single keys and sets of keys. As part of this change, the 1940 top-level member name for a set of keys was changed from "jwk" to 1941 "keys". 1943 o Clarified that values with duplicate member names MUST be 1944 rejected. 1946 o Established JSON Web Key Set Parameters registry. 1948 o Explicitly listed non-goals in the introduction. 1950 o Moved algorithm-specific definitions from JWK to JWA. 1952 o Reformatted to give each member definition its own section 1953 heading. 1955 -01 1957 o Corrected the Magic Signatures reference. 1959 -00 1961 o Created the initial IETF draft based upon 1962 draft-jones-json-web-key-03 with no normative changes. 1964 Author's Address 1966 Michael B. Jones 1967 Microsoft 1969 Email: mbj@microsoft.com 1970 URI: http://self-issued.info/