idnits 2.17.00 (12 Aug 2021) /tmp/idnits14770/draft-ietf-jose-json-web-key-34.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 14, 2014) is 2775 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ECMAScript' -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.X690.1994' == Outdated reference: draft-ietf-jose-json-web-algorithms has been published as RFC 7518 == Outdated reference: draft-ietf-jose-json-web-encryption has been published as RFC 7516 == Outdated reference: draft-ietf-jose-json-web-signature has been published as RFC 7515 ** Downref: Normative reference to an Informational RFC: RFC 2818 ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 7159 (Obsoleted by RFC 8259) -- Possible downref: Non-RFC (?) normative reference: ref. 'USASCII' -- Obsolete informational reference (is this intentional?): RFC 3447 (Obsoleted by RFC 8017) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 3 errors (**), 0 flaws (~~), 4 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 JOSE Working Group M. Jones 3 Internet-Draft Microsoft 4 Intended status: Standards Track October 14, 2014 5 Expires: April 17, 2015 7 JSON Web Key (JWK) 8 draft-ietf-jose-json-web-key-34 10 Abstract 12 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data 13 structure that represents a cryptographic key. This specification 14 also defines a JSON Web Key Set (JWK Set) JSON data structure that 15 represents a set of JWKs. Cryptographic algorithms and identifiers 16 for use with this specification are described in the separate JSON 17 Web Algorithms (JWA) specification and IANA registries defined by 18 that specification. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on April 17, 2015. 37 Copyright Notice 39 Copyright (c) 2014 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 4 56 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. Example JWK . . . . . . . . . . . . . . . . . . . . . . . . . 5 58 4. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 5 59 4.1. "kty" (Key Type) Parameter . . . . . . . . . . . . . . . . 6 60 4.2. "use" (Public Key Use) Parameter . . . . . . . . . . . . . 6 61 4.3. "key_ops" (Key Operations) Parameter . . . . . . . . . . . 7 62 4.4. "alg" (Algorithm) Parameter . . . . . . . . . . . . . . . 8 63 4.5. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 8 64 4.6. "x5u" (X.509 URL) Parameter . . . . . . . . . . . . . . . 8 65 4.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 9 66 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 9 67 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) 68 Parameter . . . . . . . . . . . . . . . . . . . . . . . . 9 69 5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 10 70 5.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 10 71 6. String Comparison Rules . . . . . . . . . . . . . . . . . . . 10 72 7. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 11 73 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 74 8.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 12 75 8.1.1. Registration Template . . . . . . . . . . . . . . . . 13 76 8.1.2. Initial Registry Contents . . . . . . . . . . . . . . 14 77 8.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 15 78 8.2.1. Registration Template . . . . . . . . . . . . . . . . 15 79 8.2.2. Initial Registry Contents . . . . . . . . . . . . . . 16 80 8.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 16 81 8.3.1. Registration Template . . . . . . . . . . . . . . . . 16 82 8.3.2. Initial Registry Contents . . . . . . . . . . . . . . 17 83 8.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 18 84 8.4.1. Registration Template . . . . . . . . . . . . . . . . 18 85 8.4.2. Initial Registry Contents . . . . . . . . . . . . . . 19 86 8.5. Media Type Registration . . . . . . . . . . . . . . . . . 19 87 8.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 19 88 9. Security Considerations . . . . . . . . . . . . . . . . . . . 20 89 9.1. Key Provenance and Trust . . . . . . . . . . . . . . . . . 20 90 9.2. Preventing Disclosure of Non-Public Key Information . . . 20 91 9.3. RSA Private Key Representations and Blinding . . . . . . . 21 92 9.4. Key Entropy and Random Values . . . . . . . . . . . . . . 21 93 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21 94 10.1. Normative References . . . . . . . . . . . . . . . . . . . 21 95 10.2. Informative References . . . . . . . . . . . . . . . . . . 23 97 Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 24 98 A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 24 99 A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 24 100 A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 26 101 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) 102 Parameter . . . . . . . . . . . . . . . . . . . . . . 26 103 Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 27 104 C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 28 105 C.2. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . 31 106 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 31 107 C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 32 108 C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 32 109 C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 32 110 C.7. Additional Authenticated Data . . . . . . . . . . . . . . 33 111 C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 33 112 C.9. Complete Representation . . . . . . . . . . . . . . . . . 36 113 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 37 114 Appendix E. Document History . . . . . . . . . . . . . . . . . . 38 115 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 44 117 1. Introduction 119 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7159] 120 data structure that represents a cryptographic key. This 121 specification also defines a JSON Web Key Set (JWK Set) JSON data 122 structure that represents a set of JWKs. Cryptographic algorithms 123 and identifiers for use with this specification are described in the 124 separate JSON Web Algorithms (JWA) [JWA] specification and IANA 125 registries defined by that specification. 127 Goals for this specification do not include representing new kinds of 128 certificate chains, representing new kinds of certified keys, or 129 replacing X.509 certificates. 131 JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and 132 JSON Web Encryption (JWE) [JWE] specifications. 134 Names defined by this specification are short because a core goal is 135 for the resulting representations to be compact. 137 1.1. Notational Conventions 139 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 140 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 141 "OPTIONAL" in this document are to be interpreted as described in Key 142 words for use in RFCs to Indicate Requirement Levels [RFC2119]. If 143 these words are used without being spelled in uppercase then they are 144 to be interpreted with their normal natural language meanings. 146 BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per 147 Section 2 of [JWS]. 149 UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation 150 of STRING. 152 ASCII(STRING) denotes the octets of the ASCII [USASCII] 153 representation of STRING. 155 The concatenation of two values A and B is denoted as A || B. 157 2. Terminology 159 These terms defined by the JSON Web Signature (JWS) [JWS] 160 specification are incorporated into this specification: "Base64url 161 Encoding", "Collision-Resistant Name", "Header Parameter", and "JOSE 162 Header". 164 These terms are defined by this specification: 166 JSON Web Key (JWK) 167 A JSON object that represents a cryptographic key. The members of 168 the object represent properties of the key, including its value. 170 JSON Web Key Set (JWK Set) 171 A JSON object that represents a set of JWKs. The JSON object MUST 172 have a "keys" member, which is an array of JWK objects. 174 3. Example JWK 176 This section provides an example of a JWK. The following example JWK 177 declares that the key is an Elliptic Curve [DSS] key, it is used with 178 the P-256 Elliptic Curve, and its x and y coordinates are the 179 base64url encoded values shown. A key identifier is also provided 180 for the key. 182 {"kty":"EC", 183 "crv":"P-256", 184 "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", 185 "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", 186 "kid":"Public key used in JWS A.3 example" 187 } 189 Additional example JWK values can be found in Appendix A. 191 4. JSON Web Key (JWK) Format 193 A JSON Web Key (JWK) is a JSON object that represents a cryptographic 194 key. The members of the object represent properties of the key, 195 including its value. This JSON object MAY contain white space and/or 196 line breaks. This document defines the key parameters that are not 197 algorithm specific, and thus common to many keys. 199 In addition to the common parameters, each JWK will have members that 200 are key type-specific. These members represent the parameters of the 201 key. Section 6 of the JSON Web Algorithms (JWA) [JWA] specification 202 defines multiple kinds of cryptographic keys and their associated 203 members. 205 The member names within a JWK MUST be unique; JWK parsers MUST either 206 reject JWKs with duplicate member names or use a JSON parser that 207 returns only the lexically last duplicate member name, as specified 208 in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. 210 Additional members can be present in the JWK; if not understood by 211 implementations encountering them, they MUST be ignored. Member 212 names used for representing key parameters for different keys types 213 need not be distinct. Any new member name should either be 214 registered in the IANA JSON Web Key Parameters registry defined in 215 Section 8.1 or be a value that contains a Collision-Resistant Name. 217 4.1. "kty" (Key Type) Parameter 219 The "kty" (key type) member identifies the cryptographic algorithm 220 family used with the key, such as "RSA" or "EC". "kty" values should 221 either be registered in the IANA JSON Web Key Types registry defined 222 in [JWA] or be a value that contains a Collision-Resistant Name. The 223 "kty" value is a case-sensitive string. This member MUST be present 224 in a JWK. 226 A list of defined "kty" values can be found in the IANA JSON Web Key 227 Types registry defined in [JWA]; the initial contents of this 228 registry are the values defined in Section 6.1 of the JSON Web 229 Algorithms (JWA) [JWA] specification. 231 The key type definitions include specification of the members to be 232 used for those key types. Additional members used with "kty" values 233 can also be found in the IANA JSON Web Key Parameters registry 234 defined in Section 8.1. 236 4.2. "use" (Public Key Use) Parameter 238 The "use" (public key use) member identifies the intended use of the 239 public key. The "use" parameter is employed to indicate whether a 240 public key is used for encrypting data or verifying the signature on 241 data. 243 Values defined by this specification are: 245 o "sig" (signature) 246 o "enc" (encryption) 248 Other values MAY be used. The "use" value is a case-sensitive 249 string. Use of the "use" member is OPTIONAL, unless the application 250 requires its presence. 252 When a key is used to wrap another key and a Public Key Use 253 designation for the first key is desired, the "enc" (encryption) key 254 use value is used, since key wrapping is a kind of encryption. The 255 "enc" value is also be used for public keys used for key agreement 256 operations. 258 Additional Public Key Use values can be registered in the IANA JSON 259 Web Key Use registry defined in Section 8.2. Registering any 260 extension values used is highly recommended when this specification 261 is used in open environments, in which multiple organizations need to 262 have a common understanding of any extensions used. However, 263 unregistered extension values can be used in closed environments, in 264 which the producing and consuming organization will always be the 265 same. 267 4.3. "key_ops" (Key Operations) Parameter 269 The "key_ops" (key operations) member identifies the operation(s) 270 that the key is intended to be used for. The "key_ops" parameter is 271 intended for use cases in which public, private, or symmetric keys 272 may be present. 274 Its value is an array of key operation values. Values defined by 275 this specification are: 277 o "sign" (compute signature or MAC) 278 o "verify" (verify signature or MAC) 279 o "encrypt" (encrypt content) 280 o "decrypt" (decrypt content and validate decryption, if applicable) 281 o "wrapKey" (encrypt key) 282 o "unwrapKey" (decrypt key and validate decryption, if applicable) 283 o "deriveKey" (derive key) 284 o "deriveBits" (derive bits not to be used as a key) 286 (Note that the "key_ops" values intentionally match the "KeyUsage" 287 values defined in the Web Cryptography API [WebCrypto] 288 specification.) 290 Other values MAY be used. The key operation values are case- 291 sensitive strings. Duplicate key operation values MUST NOT be 292 present in the array. Use of the "key_ops" member is OPTIONAL, 293 unless the application requires its presence. 295 Multiple unrelated key operations SHOULD NOT be specified for a key 296 because of the potential vulnerabilities associated with using the 297 same key with multiple algorithms. Thus, the combinations "sign" 298 with "verify", "encrypt" with "decrypt", and "wrapKey" with 299 "unwrapKey" are permitted, but other combinations SHOULD NOT be used. 301 Additional Key Operations values can be registered in the IANA JSON 302 Web Key Operations registry defined in Section 8.3. The same 303 considerations about registering extension values apply to the 304 "key_ops" member as do for the "use" member. 306 The "use" and "key_ops" JWK members SHOULD NOT be used together. 307 Applications should specify which of these members they use, if 308 either is to be used by the application. 310 4.4. "alg" (Algorithm) Parameter 312 The "alg" (algorithm) member identifies the algorithm intended for 313 use with the key. The values used should either be registered in the 314 IANA JSON Web Signature and Encryption Algorithms registry defined in 315 [JWA] or be a value that contains a Collision-Resistant Name. Use of 316 this member is OPTIONAL. 318 4.5. "kid" (Key ID) Parameter 320 The "kid" (key ID) member is used to match a specific key. This is 321 used, for instance, to choose among a set of keys within a JWK Set 322 during key rollover. The structure of the "kid" value is 323 unspecified. When "kid" values are used within a JWK Set, different 324 keys within the JWK Set SHOULD use distinct "kid" values. (One 325 example in which different keys might use the same "kid" value is if 326 they have different "kty" (key type) values but are considered to be 327 equivalent alternatives by the application using them.) The "kid" 328 value is a case-sensitive string. Use of this member is OPTIONAL. 330 When used with JWS or JWE, the "kid" value is used to match a JWS or 331 JWE "kid" Header Parameter value. 333 4.6. "x5u" (X.509 URL) Parameter 335 The "x5u" (X.509 URL) member is a URI [RFC3986] that refers to a 336 resource for an X.509 public key certificate or certificate chain 337 [RFC5280]. The identified resource MUST provide a representation of 338 the certificate or certificate chain that conforms to RFC 5280 339 [RFC5280] in PEM encoded form, with each certificate delimited as 340 specified in Section 6.1 of RFC 4945 [RFC4945]. The key in the first 341 certificate MUST match the public key represented by other members of 342 the JWK. The protocol used to acquire the resource MUST provide 343 integrity protection; an HTTP GET request to retrieve the certificate 344 MUST use TLS [RFC2818, RFC5246]; the identity of the server MUST be 345 validated, as per Section 6 of RFC 6125 [RFC6125]. Use of this 346 member is OPTIONAL. 348 While there is no requirement that optional JWK members providing key 349 usage, algorithm, or other information be present when the "x5u" 350 member is used, doing so may improve interoperability for 351 applications that do not handle PKIX certificates. If other members 352 are present, the contents of those members MUST be semantically 353 consistent with the related fields in the first certificate. For 354 instance, if the "use" member is present, then it MUST correspond to 355 the usage that is specified in the certificate, when it includes this 356 information. Similarly, if the "alg" member is present, it MUST 357 correspond to the algorithm specified in the certificate. 359 4.7. "x5c" (X.509 Certificate Chain) Parameter 361 The "x5c" (X.509 Certificate Chain) member contains a chain of one or 362 more PKIX certificates [RFC5280]. The certificate chain is 363 represented as a JSON array of certificate value strings. Each 364 string in the array is a base64 encoded ([RFC4648] Section 4 -- not 365 base64url encoded) DER [ITU.X690.1994] PKIX certificate value. The 366 PKIX certificate containing the key value MUST be the first 367 certificate. This MAY be followed by additional certificates, with 368 each subsequent certificate being the one used to certify the 369 previous one. The key in the first certificate MUST match the public 370 key represented by other members of the JWK. Use of this member is 371 OPTIONAL. 373 As with the "x5u" member, optional JWK members providing key usage, 374 algorithm, or other information MAY also be present when the "x5c" 375 member is used. If other members are present, the contents of those 376 members MUST be semantically consistent with the related fields in 377 the first certificate. See the last paragraph of Section 4.6 for 378 additional guidance on this. 380 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter 382 The "x5t" (X.509 Certificate SHA-1 Thumbprint) member is a base64url 383 encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an 384 X.509 certificate [RFC5280]. Note that certificate thumbprints are 385 also sometimes known as certificate fingerprints. The key in the 386 certificate MUST match the public key represented by other members of 387 the JWK. Use of this member is OPTIONAL. 389 As with the "x5u" member, optional JWK members providing key usage, 390 algorithm, or other information MAY also be present when the "x5t" 391 member is used. If other members are present, the contents of those 392 members MUST be semantically consistent with the related fields in 393 the referenced certificate. See the last paragraph of Section 4.6 394 for additional guidance on this. 396 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter 398 The "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) member is a 399 base64url encoded SHA-256 thumbprint (a.k.a. digest) of the DER 400 encoding of an X.509 certificate [RFC5280]. Note that certificate 401 thumbprints are also sometimes known as certificate fingerprints. 403 The key in the certificate MUST match the public key represented by 404 other members of the JWK. Use of this member is OPTIONAL. 406 As with the "x5u" member, optional JWK members providing key usage, 407 algorithm, or other information MAY also be present when the 408 "x5t#S256" member is used. If other members are present, the 409 contents of those members MUST be semantically consistent with the 410 related fields in the referenced certificate. See the last paragraph 411 of Section 4.6 for additional guidance on this. 413 5. JSON Web Key Set (JWK Set) Format 415 A JSON Web Key Set (JWK Set) is a JSON object that represents a set 416 of JWKs. The JSON object MUST have a "keys" member, with its value 417 being an array of JWK objects. This JSON object MAY contain white 418 space and/or line breaks. 420 The member names within a JWK Set MUST be unique; JWK Set parsers 421 MUST either reject JWK Sets with duplicate member names or use a JSON 422 parser that returns only the lexically last duplicate member name, as 423 specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 424 [ECMAScript]. 426 Additional members can be present in the JWK Set; if not understood 427 by implementations encountering them, they MUST be ignored. 428 Parameters for representing additional properties of JWK Sets should 429 either be registered in the IANA JSON Web Key Set Parameters registry 430 defined in Section 8.4 or be a value that contains a Collision- 431 Resistant Name. 433 Implementations SHOULD ignore JWKs within a JWK Set that use "kty" 434 (key type) values that are not understood by them, are missing 435 required members, or for which values are out of the supported 436 ranges. 438 5.1. "keys" Parameter 440 The value of the "keys" member is an array of JWK values. By 441 default, the order of the JWK values within the array does not imply 442 an order of preference among them, although applications of JWK Sets 443 can choose to assign a meaning to the order for their purposes, if 444 desired. 446 6. String Comparison Rules 448 The string comparison rules for this specification are the same as 449 those defined in Section 5.3 of [JWS]. 451 7. Encrypted JWK and Encrypted JWK Set Formats 453 Access to JWKs containing non-public key material by parties without 454 legitimate access to the non-public information MUST be prevented. 455 This can be accomplished by encrypting the JWK when potentially 456 observable by such parties to prevent the disclosure of private or 457 symmetric key values. The use of an Encrypted JWK, which is a JWE 458 with the UTF-8 encoding of a JWK as its plaintext value, is 459 recommended for this purpose. The processing of Encrypted JWKs is 460 identical to the processing of other JWEs. A "cty" (content type) 461 Header Parameter value of "jwk+json" MUST be used to indicate that 462 the content of the JWE is a JWK, unless the application knows that 463 the encrypted content is a JWK by another means or convention, in 464 which case the "cty" value would typically be omitted. 466 JWK Sets containing non-public key material will also need to be 467 encrypted under these circumstances. The use of an Encrypted JWK 468 Set, which is a JWE with the UTF-8 encoding of a JWK Set as its 469 plaintext value, is recommended for this purpose. The processing of 470 Encrypted JWK Sets is identical to the processing of other JWEs. A 471 "cty" (content type) Header Parameter value of "jwk-set+json" MUST be 472 used to indicate that the content of the JWE is a JWK Set, unless the 473 application knows that the encrypted content is a JWK Set by another 474 means or convention, in which case the "cty" value would typically be 475 omitted. 477 See Appendix C for an example encrypted JWK. 479 8. IANA Considerations 481 The following registration procedure is used for all the registries 482 established by this specification. 484 Values are registered on a Specification Required [RFC5226] basis 485 after a three-week review period on the [TBD]@ietf.org mailing list, 486 on the advice of one or more Designated Experts. However, to allow 487 for the allocation of values prior to publication, the Designated 488 Expert(s) may approve registration once they are satisfied that such 489 a specification will be published. 491 Registration requests must be sent to the [TBD]@ietf.org mailing list 492 for review and comment, with an appropriate subject (e.g., "Request 493 for access token type: example"). [[ Note to the RFC Editor: The name 494 of the mailing list should be determined in consultation with the 495 IESG and IANA. Suggested name: jose-reg-review. ]] 497 Within the review period, the Designated Expert(s) will either 498 approve or deny the registration request, communicating this decision 499 to the review list and IANA. Denials should include an explanation 500 and, if applicable, suggestions as to how to make the request 501 successful. Registration requests that are undetermined for a period 502 longer than 21 days can be brought to the IESG's attention (using the 503 iesg@ietf.org mailing list) for resolution. 505 Criteria that should be applied by the Designated Expert(s) includes 506 determining whether the proposed registration duplicates existing 507 functionality, determining whether it is likely to be of general 508 applicability or whether it is useful only for a single application, 509 and whether the registration description is clear. 511 IANA must only accept registry updates from the Designated Expert(s) 512 and should direct all requests for registration to the review mailing 513 list. 515 It is suggested that multiple Designated Experts be appointed who are 516 able to represent the perspectives of different applications using 517 this specification, in order to enable broadly-informed review of 518 registration decisions. In cases where a registration decision could 519 be perceived as creating a conflict of interest for a particular 520 Expert, that Expert should defer to the judgment of the other 521 Expert(s). 523 [[ Note to the RFC Editor and IANA: Pearl Liang of ICANN had 524 requested that the draft supply the following proposed registry 525 description information. It is to be used for all registries 526 established by this specification. 528 o Protocol Category: JSON Object Signing and Encryption (JOSE) 530 o Registry Location: http://www.iana.org/assignments/jose 532 o Webpage Title: (same as the protocol category) 534 o Registry Name: (same as the section title, but excluding the word 535 "Registry", for example "JSON Web Key Parameters") 537 ]] 539 8.1. JSON Web Key Parameters Registry 541 This specification establishes the IANA JSON Web Key Parameters 542 registry for JWK parameter names. The registry records the parameter 543 name, the key type(s) that the parameter is used with, and a 544 reference to the specification that defines it. It also records 545 whether the parameter conveys public or private information. This 546 specification registers the parameter names defined in Section 4. 547 The same JWK parameter name may be registered multiple times, 548 provided that duplicate parameter registrations are only for key type 549 specific JWK parameters; in this case, the meaning of the duplicate 550 parameter name is disambiguated by the "kty" value of the JWK 551 containing it. 553 8.1.1. Registration Template 555 Parameter Name: 556 The name requested (e.g., "example"). Because a core goal of this 557 specification is for the resulting representations to be compact, 558 it is RECOMMENDED that the name be short -- not to exceed 8 559 characters without a compelling reason to do so. This name is 560 case-sensitive. Names may not match other registered names in a 561 case-insensitive manner unless the Designated Expert(s) state that 562 there is a compelling reason to allow an exception in this 563 particular case. However, matching names may be registered, 564 provided that the accompanying sets of "kty" values that the 565 Parameter Name is used with are disjoint; for the purposes of 566 matching "kty" values, "*" matches all values. 568 Parameter Description: 569 Brief description of the parameter (e.g., "Example description"). 571 Used with "kty" Value(s): 572 The key type parameter value(s) that the parameter name is to be 573 used with, or the value "*" if the parameter value is used with 574 all key types. Values may not match other registered "kty" values 575 in a case-insensitive manner when the registered Parameter Name is 576 the same (including when the Parameter Name matches in a case- 577 insensitive manner) unless the Designated Expert(s) state that 578 there is a compelling reason to allow an exception in this 579 particular case. 581 Parameter Information Class: 582 Registers whether the parameter conveys public or private 583 information. Its value must be one the words Public or Private. 585 Change Controller: 586 For Standards Track RFCs, state "IESG". For others, give the name 587 of the responsible party. Other details (e.g., postal address, 588 email address, home page URI) may also be included. 590 Specification Document(s): 591 Reference to the document(s) that specify the parameter, 592 preferably including URI(s) that can be used to retrieve copies of 593 the document(s). An indication of the relevant sections may also 594 be included but is not required. 596 8.1.2. Initial Registry Contents 598 o Parameter Name: "kty" 599 o Parameter Description: Key Type 600 o Used with "kty" Value(s): * 601 o Parameter Information Class: Public 602 o Change Controller: IESG 603 o Specification Document(s): Section 4.1 of [[ this document ]] 605 o Parameter Name: "use" 606 o Parameter Description: Public Key Use 607 o Used with "kty" Value(s): * 608 o Parameter Information Class: Public 609 o Change Controller: IESG 610 o Specification Document(s): Section 4.2 of [[ this document ]] 612 o Parameter Name: "key_ops" 613 o Parameter Description: Key Operations 614 o Used with "kty" Value(s): * 615 o Parameter Information Class: Public 616 o Change Controller: IESG 617 o Specification Document(s): Section 4.3 of [[ this document ]] 619 o Parameter Name: "alg" 620 o Parameter Description: Algorithm 621 o Used with "kty" Value(s): * 622 o Parameter Information Class: Public 623 o Change Controller: IESG 624 o Specification Document(s): Section 4.4 of [[ this document ]] 626 o Parameter Name: "kid" 627 o Parameter Description: Key ID 628 o Used with "kty" Value(s): * 629 o Parameter Information Class: Public 630 o Change Controller: IESG 631 o Specification Document(s): Section 4.5 of [[ this document ]] 633 o Parameter Name: "x5u" 634 o Parameter Description: X.509 URL 635 o Used with "kty" Value(s): * 636 o Parameter Information Class: Public 637 o Change Controller: IESG 638 o Specification Document(s): Section 4.6 of [[ this document ]] 640 o Parameter Name: "x5c" 641 o Parameter Description: X.509 Certificate Chain 642 o Used with "kty" Value(s): * 643 o Parameter Information Class: Public 644 o Change Controller: IESG 645 o Specification Document(s): Section 4.7 of [[ this document ]] 647 o Parameter Name: "x5t" 648 o Parameter Description: X.509 Certificate SHA-1 Thumbprint 649 o Used with "kty" Value(s): * 650 o Parameter Information Class: Public 651 o Change Controller: IESG 652 o Specification Document(s): Section 4.8 of [[ this document ]] 654 o Parameter Name: "x5t#S256" 655 o Parameter Description: X.509 Certificate SHA-256 Thumbprint 656 o Used with "kty" Value(s): * 657 o Parameter Information Class: Public 658 o Change Controller: IESG 659 o Specification Document(s): Section 4.9 of [[ this document ]] 661 8.2. JSON Web Key Use Registry 663 This specification establishes the IANA JSON Web Key Use registry for 664 JWK "use" (public key use) member values. The registry records the 665 public key use value and a reference to the specification that 666 defines it. This specification registers the parameter names defined 667 in Section 4.2. 669 8.2.1. Registration Template 671 Use Member Value: 672 The name requested (e.g., "example"). Because a core goal of this 673 specification is for the resulting representations to be compact, 674 it is RECOMMENDED that the name be short -- not to exceed 8 675 characters without a compelling reason to do so. This name is 676 case-sensitive. Names may not match other registered names in a 677 case-insensitive manner unless the Designated Expert(s) state that 678 there is a compelling reason to allow an exception in this 679 particular case. 681 Use Description: 682 Brief description of the use (e.g., "Example description"). 684 Change Controller: 685 For Standards Track RFCs, state "IESG". For others, give the name 686 of the responsible party. Other details (e.g., postal address, 687 email address, home page URI) may also be included. 689 Specification Document(s): 690 Reference to the document(s) that specify the parameter, 691 preferably including URI(s) that can be used to retrieve copies of 692 the document(s). An indication of the relevant sections may also 693 be included but is not required. 695 8.2.2. Initial Registry Contents 697 o Use Member Value: "sig" 698 o Use Description: Signature or MAC 699 o Change Controller: IESG 700 o Specification Document(s): Section 4.2 of [[ this document ]] 702 o Use Member Value: "enc" 703 o Use Description: Encryption 704 o Change Controller: IESG 705 o Specification Document(s): Section 4.2 of [[ this document ]] 707 8.3. JSON Web Key Operations Registry 709 This specification establishes the IANA JSON Web Key Operations 710 registry for values of JWK "key_ops" array elements. The registry 711 records the key operation value and a reference to the specification 712 that defines it. This specification registers the parameter names 713 defined in Section 4.3. 715 8.3.1. Registration Template 717 Key Operation Value: 718 The name requested (e.g., "example"). Because a core goal of this 719 specification is for the resulting representations to be compact, 720 it is RECOMMENDED that the name be short -- not to exceed 8 721 characters without a compelling reason to do so. This name is 722 case-sensitive. Names may not match other registered names in a 723 case-insensitive manner unless the Designated Expert(s) state that 724 there is a compelling reason to allow an exception in this 725 particular case. 727 Key Operation Description: 728 Brief description of the key operation (e.g., "Example 729 description"). 731 Change Controller: 732 For Standards Track RFCs, state "IESG". For others, give the name 733 of the responsible party. Other details (e.g., postal address, 734 email address, home page URI) may also be included. 736 Specification Document(s): 737 Reference to the document(s) that specify the parameter, 738 preferably including URI(s) that can be used to retrieve copies of 739 the document(s). An indication of the relevant sections may also 740 be included but is not required. 742 8.3.2. Initial Registry Contents 744 o Key Operation Value: "sign" 745 o Key Operation Description: Compute signature or MAC 746 o Change Controller: IESG 747 o Specification Document(s): Section 4.3 of [[ this document ]] 749 o Key Operation Value: "verify" 750 o Key Operation Description: Verify signature or MAC 751 o Change Controller: IESG 752 o Specification Document(s): Section 4.3 of [[ this document ]] 754 o Key Operation Value: "encrypt" 755 o Key Operation Description: Encrypt content 756 o Change Controller: IESG 757 o Specification Document(s): Section 4.3 of [[ this document ]] 759 o Key Operation Value: "decrypt" 760 o Key Operation Description: Decrypt content and validate 761 decryption, if applicable 762 o Change Controller: IESG 763 o Specification Document(s): Section 4.3 of [[ this document ]] 765 o Key Operation Value: "wrapKey" 766 o Key Operation Description: Encrypt key 767 o Change Controller: IESG 768 o Specification Document(s): Section 4.3 of [[ this document ]] 770 o Key Operation Value: "unwrapKey" 771 o Key Operation Description: Decrypt key and validate decryption, if 772 applicable 774 o Change Controller: IESG 775 o Specification Document(s): Section 4.3 of [[ this document ]] 777 o Key Operation Value: "deriveKey" 778 o Key Operation Description: Derive key 779 o Change Controller: IESG 780 o Specification Document(s): Section 4.3 of [[ this document ]] 782 o Key Operation Value: "deriveBits" 783 o Key Operation Description: Derive bits not to be used as a key 784 o Change Controller: IESG 785 o Specification Document(s): Section 4.3 of [[ this document ]] 787 8.4. JSON Web Key Set Parameters Registry 789 This specification establishes the IANA JSON Web Key Set Parameters 790 registry for JWK Set parameter names. The registry records the 791 parameter name and a reference to the specification that defines it. 792 This specification registers the parameter names defined in 793 Section 5. 795 8.4.1. Registration Template 797 Parameter Name: 798 The name requested (e.g., "example"). Because a core goal of this 799 specification is for the resulting representations to be compact, 800 it is RECOMMENDED that the name be short -- not to exceed 8 801 characters without a compelling reason to do so. This name is 802 case-sensitive. Names may not match other registered names in a 803 case-insensitive manner unless the Designated Expert(s) state that 804 there is a compelling reason to allow an exception in this 805 particular case. 807 Parameter Description: 808 Brief description of the parameter (e.g., "Example description"). 810 Change Controller: 811 For Standards Track RFCs, state "IESG". For others, give the name 812 of the responsible party. Other details (e.g., postal address, 813 email address, home page URI) may also be included. 815 Specification Document(s): 816 Reference to the document(s) that specify the parameter, 817 preferably including URI(s) that can be used to retrieve copies of 818 the document(s). An indication of the relevant sections may also 819 be included but is not required. 821 8.4.2. Initial Registry Contents 823 o Parameter Name: "keys" 824 o Parameter Description: Array of JWK values 825 o Change Controller: IESG 826 o Specification Document(s): Section 5.1 of [[ this document ]] 828 8.5. Media Type Registration 830 8.5.1. Registry Contents 832 This specification registers the "application/jwk+json" and 833 "application/jwk-set+json" Media Types [RFC2046] in the MIME Media 834 Types registry [IANA.MediaTypes] in the manner described in RFC 6838 835 [RFC6838], which can be used to indicate, respectively, that the 836 content is a JWK or a JWK Set. 838 o Type Name: application 839 o Subtype Name: jwk+json 840 o Required Parameters: n/a 841 o Optional Parameters: n/a 842 o Encoding considerations: 8bit; application/jwk+json values are 843 represented as JSON object; UTF-8 encoding SHOULD be employed for 844 the JSON object. 845 o Security Considerations: See the Security Considerations section 846 of [[ this document ]] 847 o Interoperability Considerations: n/a 848 o Published Specification: [[ this document ]] 849 o Applications that use this media type: OpenID Connect, Salesforce, 850 Google, Android, Windows Azure, W3C WebCrypto API, numerous others 851 o Fragment identifier considerations: n/a 852 o Additional Information: Magic number(s): n/a, File extension(s): 853 n/a, Macintosh file type code(s): n/a 854 o Person & email address to contact for further information: Michael 855 B. Jones, mbj@microsoft.com 856 o Intended Usage: COMMON 857 o Restrictions on Usage: none 858 o Author: Michael B. Jones, mbj@microsoft.com 859 o Change Controller: IESG 860 o Provisional registration? No 862 o Type Name: application 863 o Subtype Name: jwk-set+json 864 o Required Parameters: n/a 865 o Optional Parameters: n/a 866 o Encoding considerations: 8bit; application/jwk-set+json values are 867 represented as a JSON Object; UTF-8 encoding SHOULD be employed 868 for the JSON object. 870 o Security Considerations: See the Security Considerations section 871 of [[ this document ]] 872 o Interoperability Considerations: n/a 873 o Published Specification: [[ this document ]] 874 o Applications that use this media type: OpenID Connect, Salesforce, 875 Google, Android, Windows Azure, W3C WebCrypto API, numerous others 876 o Fragment identifier considerations: n/a 877 o Additional Information: Magic number(s): n/a, File extension(s): 878 n/a, Macintosh file type code(s): n/a 879 o Person & email address to contact for further information: Michael 880 B. Jones, mbj@microsoft.com 881 o Intended Usage: COMMON 882 o Restrictions on Usage: none 883 o Author: Michael B. Jones, mbj@microsoft.com 884 o Change Controller: IESG 885 o Provisional registration? No 887 9. Security Considerations 889 All of the security issues that are pertinent to any cryptographic 890 application must be addressed by JWS/JWE/JWK agents. Among these 891 issues are protecting the user's asymmetric private and symmetric 892 secret keys and employing countermeasures to various attacks. 894 9.1. Key Provenance and Trust 896 One should place no more trust in the data cryptographically secured 897 by a key than in the method by which it was obtained and in the 898 trustworthiness of the entity asserting an association with the key. 899 Any data associated with a key that is obtained in an untrusted 900 manner should be treated with skepticism. See Section 10.3 of [JWS] 901 for security considerations on key origin authentication. 903 The security considerations in Section 12.3 of XML DSIG 2.0 904 [W3C.NOTE-xmldsig-core2-20130411] about the strength of a signature 905 depending upon all the links in the security chain also apply to this 906 specification. 908 The TLS Requirements in Section 8 of [JWS] also apply to this 909 specification. 911 9.2. Preventing Disclosure of Non-Public Key Information 913 Private and symmetric keys MUST be protected from disclosure to 914 unintended parties. One recommended means of doing so is to encrypt 915 JWKs or JWK Sets containing them by using the JWK or JWK Set value as 916 the plaintext of a JWE. Of course, this requires that there be a 917 secure way to obtain the key used to encrypt the non-public key 918 information to the intended party and a secure way for that party to 919 obtain the corresponding decryption key. 921 The security considerations in RFC 3447 [RFC3447] and RFC 6030 922 [RFC6030] about protecting private and symmetric keys, key usage, and 923 information leakage also apply to this specification. 925 9.3. RSA Private Key Representations and Blinding 927 The RSA Key blinding operation [Kocher], which is a defense against 928 some timing attacks, requires all of the RSA key values "n", "e", and 929 "d". However, some RSA private key representations do not include 930 the public exponent "e", but only include the modulus "n" and the 931 private exponent "d". This is true, for instance, of the Java 932 RSAPrivateKeySpec API, which does not include the public exponent "e" 933 as a parameter. So as to enable RSA key blinding, such 934 representations should be avoided. For Java, the 935 RSAPrivateCrtKeySpec API can be used instead. Section 8.2.2(i) of 936 the Handbook of Applied Cryptography [HAC] discusses how to compute 937 the remaining RSA private key parameters, if needed, using only "n", 938 "e", and "d". 940 9.4. Key Entropy and Random Values 942 See Section 10.1 of [JWS] for security considerations on key entropy 943 and random values. 945 10. References 947 10.1. Normative References 949 [ECMAScript] 950 Ecma International, "ECMAScript Language Specification, 951 5.1 Edition", ECMA 262, June 2011. 953 [IANA.MediaTypes] 954 Internet Assigned Numbers Authority (IANA), "MIME Media 955 Types", 2005. 957 [ITU.X690.1994] 958 International Telecommunications Union, "Information 959 Technology - ASN.1 encoding rules: Specification of Basic 960 Encoding Rules (BER), Canonical Encoding Rules (CER) and 961 Distinguished Encoding Rules (DER)", ITU-T Recommendation 962 X.690, 1994. 964 [JWA] Jones, M., "JSON Web Algorithms (JWA)", 965 draft-ietf-jose-json-web-algorithms (work in progress), 966 October 2014. 968 [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", 969 draft-ietf-jose-json-web-encryption (work in progress), 970 October 2014. 972 [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web 973 Signature (JWS)", draft-ietf-jose-json-web-signature (work 974 in progress), October 2014. 976 [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 977 Extensions (MIME) Part Two: Media Types", RFC 2046, 978 November 1996. 980 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 981 Requirement Levels", BCP 14, RFC 2119, March 1997. 983 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 985 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 986 10646", STD 63, RFC 3629, November 2003. 988 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 989 Resource Identifier (URI): Generic Syntax", STD 66, 990 RFC 3986, January 2005. 992 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 993 Encodings", RFC 4648, October 2006. 995 [RFC4945] Korver, B., "The Internet IP Security PKI Profile of 996 IKEv1/ISAKMP, IKEv2, and PKIX", RFC 4945, August 2007. 998 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 999 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 1001 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 1002 Housley, R., and W. Polk, "Internet X.509 Public Key 1003 Infrastructure Certificate and Certificate Revocation List 1004 (CRL) Profile", RFC 5280, May 2008. 1006 [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and 1007 Verification of Domain-Based Application Service Identity 1008 within Internet Public Key Infrastructure Using X.509 1009 (PKIX) Certificates in the Context of Transport Layer 1010 Security (TLS)", RFC 6125, March 2011. 1012 [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data 1013 Interchange Format", RFC 7159, March 2014. 1015 [USASCII] American National Standards Institute, "Coded Character 1016 Set -- 7-bit American Standard Code for Information 1017 Interchange", ANSI X3.4, 1986. 1019 10.2. Informative References 1021 [DSS] National Institute of Standards and Technology, "Digital 1022 Signature Standard (DSS)", FIPS PUB 186-4, July 2013. 1024 [HAC] Menezes, A., van Oorschot, P., and S. Vanstone, "Handbook 1025 of Applied Cryptography", CRC Press, 1996, 1026 . 1028 [Kocher] Kocher, P., "Timing Attacks on Implementations of Diffe- 1029 Hellman, RSA, DSS, and Other Systems", In Proceedings of 1030 the 16th Annual International Cryptology Conference 1031 Advances in Cryptology, Springer-Verlag, pp. 104-113, 1032 1996. 1034 [MagicSignatures] 1035 Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic 1036 Signatures", January 2011. 1038 [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography 1039 Standards (PKCS) #1: RSA Cryptography Specifications 1040 Version 2.1", RFC 3447, February 2003. 1042 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1043 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 1044 May 2008. 1046 [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric 1047 Key Container (PSKC)", RFC 6030, October 2010. 1049 [RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type 1050 Specifications and Registration Procedures", BCP 13, 1051 RFC 6838, January 2013. 1053 [W3C.NOTE-xmldsig-core2-20130411] 1054 Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Roessler, 1055 T., Yiu, K., Datta, P., and S. Cantor, "XML Signature 1056 Syntax and Processing Version 2.0", World Wide Web 1057 Consortium Note NOTE-xmldsig-core2-20130411, April 2013, 1058 . 1060 [WebCrypto] 1061 Sleevi, R. and M. Watson, "Web Cryptography API", World 1062 Wide Web Consortium Draft, March 2014, 1063 . 1065 Appendix A. Example JSON Web Key Sets 1067 A.1. Example Public Keys 1069 The following example JWK Set contains two public keys represented as 1070 JWKs: one using an Elliptic Curve algorithm and a second one using an 1071 RSA algorithm. The first specifies that the key is to be used for 1072 encryption. The second specifies that the key is to be used with the 1073 "RS256" algorithm. Both provide a Key ID for key matching purposes. 1074 In both cases, integers are represented using the base64url encoding 1075 of their big endian representations. (Long lines are broken are for 1076 display purposes only.) 1078 {"keys": 1079 [ 1080 {"kty":"EC", 1081 "crv":"P-256", 1082 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1083 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1084 "use":"enc", 1085 "kid":"1"}, 1087 {"kty":"RSA", 1088 "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx 1089 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs 1090 tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2 1091 QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI 1092 SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb 1093 w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1094 "e":"AQAB", 1095 "alg":"RS256", 1096 "kid":"2011-04-29"} 1097 ] 1098 } 1100 A.2. Example Private Keys 1102 The following example JWK Set contains two keys represented as JWKs 1103 containing both public and private key values: one using an Elliptic 1104 Curve algorithm and a second one using an RSA algorithm. This 1105 example extends the example in the previous section, adding private 1106 key values. (Line breaks are for display purposes only.) 1107 {"keys": 1108 [ 1109 {"kty":"EC", 1110 "crv":"P-256", 1111 "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", 1112 "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", 1113 "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", 1114 "use":"enc", 1115 "kid":"1"}, 1117 {"kty":"RSA", 1118 "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4 1119 cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMst 1120 n64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2Q 1121 vzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbIS 1122 D08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw 1123 0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 1124 "e":"AQAB", 1125 "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9 1126 M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij 1127 wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d 1128 _cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz 1129 nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz 1130 me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", 1131 "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV 1132 nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV 1133 WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", 1134 "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum 1135 qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx 1136 kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", 1137 "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim 1138 YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu 1139 YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", 1140 "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU 1141 vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9 1142 GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", 1143 "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg 1144 UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx 1145 yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", 1146 "alg":"RS256", 1147 "kid":"2011-04-29"} 1148 ] 1149 } 1151 A.3. Example Symmetric Keys 1153 The following example JWK Set contains two symmetric keys represented 1154 as JWKs: one designated as being for use with the AES Key Wrap 1155 algorithm and a second one that is an HMAC key. (Line breaks are for 1156 display purposes only.) 1158 {"keys": 1159 [ 1160 {"kty":"oct", 1161 "alg":"A128KW", 1162 "k":"GawgguFyGrWKav7AX4VKUg"}, 1164 {"kty":"oct", 1165 "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75 1166 aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", 1167 "kid":"HMAC key used in JWS A.1 example"} 1168 ] 1169 } 1171 Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter 1172 The following is an example of a JWK with a RSA signing key 1173 represented both as an RSA public key and as an X.509 certificate 1174 using the "x5c" parameter: 1176 {"kty":"RSA", 1177 "use":"sig", 1178 "kid":"1b94c", 1179 "n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08 1180 PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q 1181 u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a 1182 YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH 1183 MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv 1184 VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ", 1185 "e":"AQAB", 1186 "x5c": 1187 ["MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJB 1188 gNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYD 1189 VQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1 1190 wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBg 1191 NVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDV 1192 QQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1w 1193 YmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnH 1194 YMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66 1195 s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6 1196 SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpn 1197 fajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPq 1198 PvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVk 1199 aZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BA 1200 QUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL 1201 +9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1 1202 zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL 1203 2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo 1204 4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTq 1205 gawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA=="] 1206 } 1208 Appendix C. Example Encrypted RSA Private Key 1210 This example encrypts an RSA private key to the recipient using 1211 "PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for 1212 content encryption. 1214 NOTE: Unless otherwise indicated, all line breaks are included solely 1215 for readability. 1217 C.1. Plaintext RSA Private Key 1219 The following RSA key is the plaintext for the authenticated 1220 encryption operation, formatted as a JWK object: 1222 { 1223 "kty":"RSA", 1224 "kid":"juliet@capulet.lit", 1225 "use":"enc", 1226 "n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy 1227 O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP 1228 8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0 1229 Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X 1230 OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1 1231 _I8sLGuSiVdt3C_Fn2PZ3Z8i744FPFGGcG1qs2Wz-Q", 1232 "e":"AQAB", 1233 "d":"GRtbIQmhOZtyszfgKdg4u_N-R_mZGU_9k7JQ_jn1DnfTuMdSNprTeaSTyWfS 1234 NkuaAwnOEbIQVy1IQbWVV25NY3ybc_IhUJtfri7bAXYEReWaCl3hdlPKXy9U 1235 vqPYGR0kIXTQRqns-dVJ7jahlI7LyckrpTmrM8dWBo4_PMaenNnPiQgO0xnu 1236 ToxutRZJfJvG4Ox4ka3GORQd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu 1237 rY15k9qMSpG9OX_IJAXmxzAh_tWiZOwk2K4yxH9tS3Lq1yX8C1EWmeRDkK2a 1238 hecG85-oLKQt5VEpWHKmjOi_gJSdSgqcN96X52esAQ", 1239 "p":"2rnSOV4hKSN8sS4CgcQHFbs08XboFDqKum3sc4h3GRxrTmQdl1ZK9uw-PIHf 1240 QP0FkxXVrx-WE-ZEbrqivH_2iCLUS7wAl6XvARt1KkIaUxPPSYB9yk31s0Q8 1241 UK96E3_OrADAYtAJs-M3JxCLfNgqh56HDnETTQhH3rCT5T3yJws", 1242 "q":"1u_RiFDP7LBYh3N4GXLT9OpSKYP0uQZyiaZwBtOCBNJgQxaj10RWjsZu0c6I 1243 edis4S7B_coSKB0Kj9PaPaBzg-IySRvvcQuPamQu66riMhjVtG6TlV8CLCYK 1244 rYl52ziqK0E_ym2QnkwsUX7eYTB7LbAHRK9GqocDE5B0f808I4s", 1245 "dp":"KkMTWqBUefVwZ2_Dbj1pPQqyHSHjj90L5x_MOzqYAJMcLMZtbUtwKqvVDq3 1246 tbEo3ZIcohbDtt6SbfmWzggabpQxNxuBpoOOf_a_HgMXK_lhqigI4y_kqS1w 1247 Y52IwjUn5rgRrJ-yYo1h41KR-vz2pYhEAeYrhttWtxVqLCRViD6c", 1248 "dq":"AvfS0-gRxvn0bwJoMSnFxYcK1WnuEjQFluMGfwGitQBWtfZ1Er7t1xDkbN9 1249 GQTB9yqpDoYaN06H7CFtrkxhJIBQaj6nkF5KKS3TQtQ5qCzkOkmxIe3KRbBy 1250 mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu_lRFCOJ3xDea-ots", 1251 "qi":"lSQi-w9CpyUReMErP1RsBLk7wNtOvs5EQpPqmuMvqW57NBUczScEoPwmUqq 1252 abu9V0-Py4dQ57_bapoKRu1R90bvuFnU63SHWEFglZQvJDMeAvmj4sm-Fp0o 1253 Yu_neotgQ0hzbI5gry7ajdYy9-2lNx_76aBZoOUu9HCJ-UsfSOI8" 1254 } 1256 The octets representing the Plaintext used in this example (using 1257 JSON array notation) are: 1259 [123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107, 1260 105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112, 1261 117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34, 1262 58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56, 1263 80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78, 1264 89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87, 1265 101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49, 1266 103, 80, 78, 113, 70, 77, 83, 81, 82, 121, 79, 49, 50, 53, 71, 112, 1267 45, 84, 69, 107, 111, 100, 104, 87, 114, 48, 105, 117, 106, 106, 72, 1268 86, 120, 55, 66, 99, 86, 48, 108, 108, 83, 52, 119, 53, 65, 67, 71, 1269 103, 80, 114, 99, 65, 100, 54, 90, 99, 83, 82, 48, 45, 73, 113, 111, 1270 109, 45, 81, 70, 99, 78, 80, 56, 83, 106, 103, 48, 56, 54, 77, 119, 1271 111, 113, 81, 85, 95, 76, 89, 121, 119, 108, 65, 71, 90, 50, 49, 87, 1272 83, 100, 83, 95, 80, 69, 82, 121, 71, 70, 105, 78, 110, 106, 51, 81, 1273 81, 108, 79, 56, 89, 110, 115, 53, 106, 67, 116, 76, 67, 82, 119, 76, 1274 72, 76, 48, 80, 98, 49, 102, 69, 118, 52, 53, 65, 117, 82, 73, 117, 1275 85, 102, 86, 99, 80, 121, 83, 66, 87, 89, 110, 68, 121, 71, 120, 118, 1276 106, 89, 71, 68, 83, 77, 45, 65, 113, 87, 83, 57, 122, 73, 81, 50, 1277 90, 105, 108, 103, 84, 45, 71, 113, 85, 109, 105, 112, 103, 48, 88, 1278 79, 67, 48, 67, 99, 50, 48, 114, 103, 76, 101, 50, 121, 109, 76, 72, 1279 106, 112, 72, 99, 105, 67, 75, 86, 65, 98, 89, 53, 45, 76, 51, 50, 1280 45, 108, 83, 101, 90, 79, 45, 79, 115, 54, 85, 49, 53, 95, 97, 88, 1281 114, 107, 57, 71, 119, 56, 99, 80, 85, 97, 88, 49, 95, 73, 56, 115, 1282 76, 71, 117, 83, 105, 86, 100, 116, 51, 67, 95, 70, 110, 50, 80, 90, 1283 51, 90, 56, 105, 55, 52, 52, 70, 80, 70, 71, 71, 99, 71, 49, 113, 1284 115, 50, 87, 122, 45, 81, 34, 44, 34, 101, 34, 58, 34, 65, 81, 65, 1285 66, 34, 44, 34, 100, 34, 58, 34, 71, 82, 116, 98, 73, 81, 109, 104, 1286 79, 90, 116, 121, 115, 122, 102, 103, 75, 100, 103, 52, 117, 95, 78, 1287 45, 82, 95, 109, 90, 71, 85, 95, 57, 107, 55, 74, 81, 95, 106, 110, 1288 49, 68, 110, 102, 84, 117, 77, 100, 83, 78, 112, 114, 84, 101, 97, 1289 83, 84, 121, 87, 102, 83, 78, 107, 117, 97, 65, 119, 110, 79, 69, 98, 1290 73, 81, 86, 121, 49, 73, 81, 98, 87, 86, 86, 50, 53, 78, 89, 51, 121, 1291 98, 99, 95, 73, 104, 85, 74, 116, 102, 114, 105, 55, 98, 65, 88, 89, 1292 69, 82, 101, 87, 97, 67, 108, 51, 104, 100, 108, 80, 75, 88, 121, 57, 1293 85, 118, 113, 80, 89, 71, 82, 48, 107, 73, 88, 84, 81, 82, 113, 110, 1294 115, 45, 100, 86, 74, 55, 106, 97, 104, 108, 73, 55, 76, 121, 99, 1295 107, 114, 112, 84, 109, 114, 77, 56, 100, 87, 66, 111, 52, 95, 80, 1296 77, 97, 101, 110, 78, 110, 80, 105, 81, 103, 79, 48, 120, 110, 117, 1297 84, 111, 120, 117, 116, 82, 90, 74, 102, 74, 118, 71, 52, 79, 120, 1298 52, 107, 97, 51, 71, 79, 82, 81, 100, 57, 67, 115, 67, 90, 50, 118, 1299 115, 85, 68, 109, 115, 88, 79, 102, 85, 69, 78, 79, 121, 77, 113, 65, 1300 68, 67, 54, 112, 49, 77, 51, 104, 51, 51, 116, 115, 117, 114, 89, 49, 1301 53, 107, 57, 113, 77, 83, 112, 71, 57, 79, 88, 95, 73, 74, 65, 88, 1302 109, 120, 122, 65, 104, 95, 116, 87, 105, 90, 79, 119, 107, 50, 75, 1303 52, 121, 120, 72, 57, 116, 83, 51, 76, 113, 49, 121, 88, 56, 67, 49, 1304 69, 87, 109, 101, 82, 68, 107, 75, 50, 97, 104, 101, 99, 71, 56, 53, 1305 45, 111, 76, 75, 81, 116, 53, 86, 69, 112, 87, 72, 75, 109, 106, 79, 1306 105, 95, 103, 74, 83, 100, 83, 103, 113, 99, 78, 57, 54, 88, 53, 50, 1307 101, 115, 65, 81, 34, 44, 34, 112, 34, 58, 34, 50, 114, 110, 83, 79, 1308 86, 52, 104, 75, 83, 78, 56, 115, 83, 52, 67, 103, 99, 81, 72, 70, 1309 98, 115, 48, 56, 88, 98, 111, 70, 68, 113, 75, 117, 109, 51, 115, 99, 1310 52, 104, 51, 71, 82, 120, 114, 84, 109, 81, 100, 108, 49, 90, 75, 57, 1311 117, 119, 45, 80, 73, 72, 102, 81, 80, 48, 70, 107, 120, 88, 86, 114, 1312 120, 45, 87, 69, 45, 90, 69, 98, 114, 113, 105, 118, 72, 95, 50, 105, 1313 67, 76, 85, 83, 55, 119, 65, 108, 54, 88, 118, 65, 82, 116, 49, 75, 1314 107, 73, 97, 85, 120, 80, 80, 83, 89, 66, 57, 121, 107, 51, 49, 115, 1315 48, 81, 56, 85, 75, 57, 54, 69, 51, 95, 79, 114, 65, 68, 65, 89, 116, 1316 65, 74, 115, 45, 77, 51, 74, 120, 67, 76, 102, 78, 103, 113, 104, 53, 1317 54, 72, 68, 110, 69, 84, 84, 81, 104, 72, 51, 114, 67, 84, 53, 84, 1318 51, 121, 74, 119, 115, 34, 44, 34, 113, 34, 58, 34, 49, 117, 95, 82, 1319 105, 70, 68, 80, 55, 76, 66, 89, 104, 51, 78, 52, 71, 88, 76, 84, 57, 1320 79, 112, 83, 75, 89, 80, 48, 117, 81, 90, 121, 105, 97, 90, 119, 66, 1321 116, 79, 67, 66, 78, 74, 103, 81, 120, 97, 106, 49, 48, 82, 87, 106, 1322 115, 90, 117, 48, 99, 54, 73, 101, 100, 105, 115, 52, 83, 55, 66, 95, 1323 99, 111, 83, 75, 66, 48, 75, 106, 57, 80, 97, 80, 97, 66, 122, 103, 1324 45, 73, 121, 83, 82, 118, 118, 99, 81, 117, 80, 97, 109, 81, 117, 54, 1325 54, 114, 105, 77, 104, 106, 86, 116, 71, 54, 84, 108, 86, 56, 67, 76, 1326 67, 89, 75, 114, 89, 108, 53, 50, 122, 105, 113, 75, 48, 69, 95, 121, 1327 109, 50, 81, 110, 107, 119, 115, 85, 88, 55, 101, 89, 84, 66, 55, 76, 1328 98, 65, 72, 82, 75, 57, 71, 113, 111, 99, 68, 69, 53, 66, 48, 102, 1329 56, 48, 56, 73, 52, 115, 34, 44, 34, 100, 112, 34, 58, 34, 75, 107, 1330 77, 84, 87, 113, 66, 85, 101, 102, 86, 119, 90, 50, 95, 68, 98, 106, 1331 49, 112, 80, 81, 113, 121, 72, 83, 72, 106, 106, 57, 48, 76, 53, 120, 1332 95, 77, 79, 122, 113, 89, 65, 74, 77, 99, 76, 77, 90, 116, 98, 85, 1333 116, 119, 75, 113, 118, 86, 68, 113, 51, 116, 98, 69, 111, 51, 90, 1334 73, 99, 111, 104, 98, 68, 116, 116, 54, 83, 98, 102, 109, 87, 122, 1335 103, 103, 97, 98, 112, 81, 120, 78, 120, 117, 66, 112, 111, 79, 79, 1336 102, 95, 97, 95, 72, 103, 77, 88, 75, 95, 108, 104, 113, 105, 103, 1337 73, 52, 121, 95, 107, 113, 83, 49, 119, 89, 53, 50, 73, 119, 106, 85, 1338 110, 53, 114, 103, 82, 114, 74, 45, 121, 89, 111, 49, 104, 52, 49, 1339 75, 82, 45, 118, 122, 50, 112, 89, 104, 69, 65, 101, 89, 114, 104, 1340 116, 116, 87, 116, 120, 86, 113, 76, 67, 82, 86, 105, 68, 54, 99, 34, 1341 44, 34, 100, 113, 34, 58, 34, 65, 118, 102, 83, 48, 45, 103, 82, 120, 1342 118, 110, 48, 98, 119, 74, 111, 77, 83, 110, 70, 120, 89, 99, 75, 49, 1343 87, 110, 117, 69, 106, 81, 70, 108, 117, 77, 71, 102, 119, 71, 105, 1344 116, 81, 66, 87, 116, 102, 90, 49, 69, 114, 55, 116, 49, 120, 68, 1345 107, 98, 78, 57, 71, 81, 84, 66, 57, 121, 113, 112, 68, 111, 89, 97, 1346 78, 48, 54, 72, 55, 67, 70, 116, 114, 107, 120, 104, 74, 73, 66, 81, 1347 97, 106, 54, 110, 107, 70, 53, 75, 75, 83, 51, 84, 81, 116, 81, 53, 1348 113, 67, 122, 107, 79, 107, 109, 120, 73, 101, 51, 75, 82, 98, 66, 1349 121, 109, 88, 120, 107, 98, 53, 113, 119, 85, 112, 88, 53, 69, 76, 1350 68, 53, 120, 70, 99, 54, 70, 101, 105, 97, 102, 87, 89, 89, 54, 51, 1351 84, 109, 109, 69, 65, 117, 95, 108, 82, 70, 67, 79, 74, 51, 120, 68, 1352 101, 97, 45, 111, 116, 115, 34, 44, 34, 113, 105, 34, 58, 34, 108, 1353 83, 81, 105, 45, 119, 57, 67, 112, 121, 85, 82, 101, 77, 69, 114, 80, 1354 49, 82, 115, 66, 76, 107, 55, 119, 78, 116, 79, 118, 115, 53, 69, 81, 1355 112, 80, 113, 109, 117, 77, 118, 113, 87, 53, 55, 78, 66, 85, 99, 1356 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, 1357 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, 1358 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, 1359 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, 1360 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, 1361 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, 1362 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, 1363 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, 1364 125] 1366 C.2. JOSE Header 1368 The following example JWE Protected Header declares that: 1370 o the Content Encryption Key is encrypted to the recipient using the 1371 PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, 1373 o the Salt Input ("p2s") value is [217, 96, 147, 112, 150, 117, 70, 1374 247, 127, 8, 155, 137, 174, 42, 80, 215], 1376 o the Iteration Count ("p2c") value is 4096, 1378 o authenticated encryption is performed on the Plaintext using the 1379 AES_128_CBC_HMAC_SHA_256 algorithm to produce the Ciphertext and 1380 the Authentication Tag, and 1382 o the content type is application/jwk+json. 1384 { 1385 "alg":"PBES2-HS256+A128KW", 1386 "p2s":"2WCTcJZ1Rvd_CJuJripQ1w", 1387 "p2c":4096, 1388 "enc":"A128CBC-HS256", 1389 "cty":"jwk+json" 1390 } 1392 Encoding this JWE Protected Header as BASE64URL(UTF8(JWE Protected 1393 Header)) gives this value (with line breaks for display purposes 1394 only): 1396 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1397 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1398 andrK2pzb24ifQ 1400 C.3. Content Encryption Key (CEK) 1402 Generate a 256 bit random Content Encryption Key (CEK). In this 1403 example, the value (using JSON array notation) is: 1405 [111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 112, 1406 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 48, 1407 253, 182] 1409 C.4. Key Derivation 1411 Derive a key from a shared passphrase using the PBKDF2 algorithm with 1412 HMAC SHA-256 and the specified Salt and Iteration Count values and a 1413 128 bit requested output key size to produce the PBKDF2 Derived Key. 1414 This example uses the following passphrase: 1416 Thus from my lips, by yours, my sin is purged. 1418 The octets representing the passphrase are: 1420 [84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108, 1421 105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, 1422 109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103, 1423 101, 100, 46] 1425 The Salt value (UTF8(Alg) || 0x00 || Salt Input) is: 1427 [80, 66, 69, 83, 50, 45, 72, 83, 50, 53, 54, 43, 65, 49, 50, 56, 75, 1428 87, 0, 217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 155, 137, 174, 1429 42, 80, 215]. 1431 The resulting PBKDF2 Derived Key value is: 1433 [110, 171, 169, 92, 129, 92, 109, 117, 233, 242, 116, 233, 170, 14, 1434 24, 75] 1436 C.5. Key Encryption 1438 Encrypt the CEK with the "A128KW" algorithm using the PBKDF2 Derived 1439 Key. The resulting JWE Encrypted Key value is: 1441 [78, 186, 151, 59, 11, 141, 81, 240, 213, 245, 83, 211, 53, 188, 134, 1442 188, 66, 125, 36, 200, 222, 124, 5, 103, 249, 52, 117, 184, 140, 81, 1443 246, 158, 161, 177, 20, 33, 245, 57, 59, 4] 1445 Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives 1446 this value: 1448 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA 1450 C.6. Initialization Vector 1452 Generate a random 128 bit JWE Initialization Vector. In this 1453 example, the value is: 1455 [97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149, 1456 156] 1457 Encoding this JWE Initialization Vector as BASE64URL(JWE 1458 Initialization Vector) gives this value: 1460 Ye9j1qs22DmRSAddIh-VnA 1462 C.7. Additional Authenticated Data 1464 Let the Additional Authenticated Data encryption parameter be 1465 ASCII(BASE64URL(UTF8(JWE Protected Header))). This value is: 1467 [123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, 1468 50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, 1469 58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, 1470 117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, 1471 52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, 1472 66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, 1473 106, 119, 107, 43, 106, 115, 111, 110, 34, 125] 1475 C.8. Content Encryption 1477 Perform authenticated encryption on the Plaintext with the 1478 AES_128_CBC_HMAC_SHA_256 algorithm using the CEK as the encryption 1479 key, the JWE Initialization Vector, and the Additional Authenticated 1480 Data value above. The resulting Ciphertext is: 1482 [3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, 1483 131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, 1484 112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, 1485 157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, 1486 129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60, 1487 60, 47, 233, 132, 121, 13, 35, 188, 53, 19, 172, 77, 59, 54, 211, 1488 158, 172, 25, 60, 111, 0, 80, 201, 158, 160, 210, 68, 55, 12, 67, 1489 136, 130, 87, 216, 197, 95, 62, 20, 155, 205, 5, 140, 27, 168, 221, 1490 65, 114, 78, 157, 254, 46, 206, 182, 52, 135, 87, 239, 3, 34, 186, 1491 126, 220, 151, 17, 33, 237, 57, 96, 172, 183, 58, 45, 248, 103, 241, 1492 142, 136, 7, 53, 16, 173, 181, 7, 93, 92, 252, 1, 53, 212, 242, 8, 1493 255, 11, 239, 181, 24, 148, 136, 111, 24, 161, 244, 23, 106, 69, 157, 1494 215, 243, 189, 240, 166, 169, 249, 72, 38, 201, 99, 223, 173, 229, 9, 1495 222, 82, 79, 157, 176, 248, 85, 239, 121, 163, 1, 31, 48, 98, 206, 1496 61, 249, 104, 216, 201, 227, 105, 48, 194, 193, 10, 36, 160, 159, 1497 241, 166, 84, 54, 188, 211, 243, 242, 40, 46, 45, 193, 193, 160, 169, 1498 101, 201, 1, 73, 47, 105, 142, 88, 28, 42, 132, 26, 61, 58, 63, 142, 1499 243, 77, 26, 179, 153, 166, 46, 203, 208, 49, 55, 229, 34, 178, 4, 1500 109, 180, 204, 204, 115, 1, 103, 193, 5, 91, 215, 214, 195, 1, 110, 1501 208, 53, 144, 36, 105, 12, 54, 25, 129, 101, 15, 183, 150, 250, 147, 1502 115, 227, 58, 250, 5, 128, 232, 63, 15, 14, 19, 141, 124, 253, 142, 1503 137, 189, 135, 26, 44, 240, 27, 88, 132, 105, 127, 6, 71, 37, 41, 1504 124, 187, 165, 140, 34, 200, 123, 80, 228, 24, 231, 176, 132, 171, 1505 138, 145, 152, 116, 224, 50, 141, 51, 147, 91, 186, 7, 246, 106, 217, 1506 148, 244, 227, 244, 45, 220, 121, 165, 224, 148, 181, 17, 181, 128, 1507 197, 101, 237, 11, 169, 229, 149, 199, 78, 56, 15, 14, 190, 91, 216, 1508 222, 247, 213, 74, 40, 8, 96, 20, 168, 119, 96, 26, 24, 52, 37, 82, 1509 127, 57, 176, 147, 118, 59, 7, 224, 33, 117, 72, 155, 29, 82, 26, 1510 215, 189, 140, 119, 28, 152, 118, 93, 222, 194, 192, 148, 115, 83, 1511 253, 216, 212, 108, 88, 83, 175, 172, 220, 97, 79, 110, 42, 223, 170, 1512 161, 34, 164, 144, 193, 76, 122, 92, 160, 41, 178, 175, 6, 35, 96, 1513 113, 96, 158, 90, 129, 101, 26, 45, 70, 180, 189, 230, 15, 5, 247, 1514 150, 209, 94, 171, 26, 13, 142, 212, 129, 1, 176, 5, 0, 112, 203, 1515 174, 185, 119, 76, 233, 189, 54, 172, 189, 245, 223, 253, 205, 12, 1516 88, 9, 126, 157, 225, 90, 40, 229, 191, 63, 30, 160, 224, 69, 3, 140, 1517 109, 70, 89, 37, 213, 245, 194, 210, 180, 188, 63, 210, 139, 221, 2, 1518 144, 200, 20, 177, 216, 29, 227, 242, 106, 12, 135, 142, 139, 144, 1519 82, 225, 162, 171, 176, 108, 99, 6, 43, 193, 161, 116, 234, 216, 1, 1520 242, 21, 124, 162, 98, 205, 124, 193, 38, 12, 242, 90, 101, 76, 204, 1521 184, 124, 58, 180, 16, 240, 26, 76, 195, 250, 212, 191, 185, 191, 97, 1522 198, 186, 73, 225, 75, 14, 90, 123, 121, 172, 101, 50, 160, 221, 141, 1523 253, 205, 126, 77, 9, 87, 198, 110, 104, 182, 141, 120, 51, 25, 232, 1524 3, 32, 80, 6, 156, 8, 18, 4, 135, 221, 142, 25, 135, 2, 129, 132, 1525 115, 227, 74, 141, 28, 119, 11, 141, 117, 134, 198, 62, 150, 254, 97, 1526 75, 197, 251, 99, 89, 204, 224, 226, 67, 83, 175, 89, 0, 81, 29, 38, 1527 207, 89, 140, 255, 197, 177, 164, 128, 62, 116, 224, 180, 109, 169, 1528 28, 2, 59, 176, 130, 252, 44, 178, 81, 24, 181, 176, 75, 44, 61, 91, 1529 12, 37, 21, 255, 83, 130, 197, 16, 231, 60, 217, 56, 131, 118, 168, 1530 202, 58, 52, 84, 124, 162, 185, 174, 162, 226, 242, 112, 68, 246, 1531 202, 16, 208, 52, 154, 58, 129, 80, 102, 33, 171, 6, 186, 177, 14, 1532 195, 88, 136, 6, 0, 155, 28, 100, 162, 207, 162, 222, 117, 248, 170, 1533 208, 114, 87, 31, 57, 176, 33, 57, 83, 253, 12, 168, 110, 194, 59, 1534 22, 86, 48, 227, 196, 22, 176, 218, 122, 149, 21, 249, 195, 178, 174, 1535 250, 20, 34, 120, 60, 139, 201, 99, 40, 18, 177, 17, 54, 54, 6, 3, 1536 222, 128, 160, 88, 11, 27, 0, 81, 192, 36, 41, 169, 146, 8, 47, 64, 1537 136, 28, 64, 209, 67, 135, 202, 20, 234, 182, 91, 204, 146, 195, 187, 1538 0, 72, 77, 11, 111, 152, 204, 252, 177, 212, 89, 33, 50, 132, 184, 1539 44, 183, 186, 19, 250, 69, 176, 201, 102, 140, 14, 143, 212, 212, 1540 160, 123, 208, 185, 27, 155, 68, 77, 133, 198, 2, 126, 155, 215, 22, 1541 91, 30, 217, 176, 172, 244, 156, 174, 143, 75, 90, 21, 102, 1, 160, 1542 59, 253, 188, 88, 57, 185, 197, 83, 24, 22, 180, 174, 47, 207, 52, 1, 1543 141, 146, 119, 233, 68, 228, 224, 228, 193, 248, 155, 202, 90, 7, 1544 213, 88, 33, 108, 107, 14, 86, 8, 120, 250, 58, 142, 35, 164, 238, 1545 221, 219, 35, 123, 88, 199, 192, 143, 104, 83, 17, 166, 243, 247, 11, 1546 166, 67, 68, 204, 132, 23, 110, 103, 228, 14, 55, 122, 88, 57, 180, 1547 178, 237, 52, 130, 214, 245, 102, 123, 67, 73, 175, 1, 127, 112, 148, 1548 94, 132, 164, 197, 153, 217, 87, 25, 89, 93, 63, 22, 66, 166, 90, 1549 251, 101, 10, 145, 66, 17, 124, 36, 255, 165, 226, 97, 16, 86, 112, 1550 154, 88, 105, 253, 56, 209, 229, 122, 103, 51, 24, 228, 190, 3, 236, 1551 48, 182, 121, 176, 140, 128, 117, 87, 251, 224, 37, 23, 248, 21, 218, 1552 85, 251, 136, 84, 147, 143, 144, 46, 155, 183, 251, 89, 86, 23, 26, 1553 237, 100, 167, 32, 130, 173, 237, 89, 55, 110, 70, 142, 127, 65, 230, 1554 208, 109, 69, 19, 253, 84, 130, 130, 193, 92, 58, 108, 150, 42, 136, 1555 249, 234, 86, 241, 182, 19, 117, 246, 26, 181, 92, 101, 155, 44, 103, 1556 235, 173, 30, 140, 90, 29, 183, 190, 77, 53, 206, 127, 5, 87, 8, 187, 1557 184, 92, 4, 157, 22, 18, 105, 251, 39, 88, 182, 181, 103, 148, 233, 1558 6, 63, 70, 188, 7, 101, 216, 127, 77, 31, 12, 233, 7, 147, 106, 30, 1559 150, 77, 145, 13, 205, 48, 56, 245, 220, 89, 252, 127, 51, 180, 36, 1560 31, 55, 18, 214, 230, 254, 217, 197, 65, 247, 27, 215, 117, 247, 108, 1561 157, 121, 11, 63, 150, 195, 83, 6, 134, 242, 41, 24, 105, 204, 5, 63, 1562 192, 14, 159, 113, 72, 140, 128, 51, 215, 80, 215, 39, 149, 94, 79, 1563 128, 34, 5, 129, 82, 83, 121, 187, 37, 146, 27, 32, 177, 167, 71, 9, 1564 195, 30, 199, 196, 205, 252, 207, 69, 8, 120, 27, 190, 51, 43, 75, 1565 249, 234, 167, 116, 206, 203, 199, 43, 108, 87, 48, 155, 140, 228, 1566 210, 85, 25, 161, 96, 67, 8, 205, 64, 39, 75, 88, 44, 238, 227, 16, 1567 0, 100, 93, 129, 18, 4, 149, 50, 68, 72, 99, 35, 111, 254, 27, 102, 1568 175, 108, 233, 87, 181, 44, 169, 18, 139, 79, 208, 14, 202, 192, 5, 1569 162, 222, 231, 149, 24, 211, 49, 120, 101, 39, 206, 87, 147, 204, 1570 200, 251, 104, 115, 5, 127, 117, 195, 79, 151, 18, 224, 52, 0, 245, 1571 4, 85, 255, 103, 217, 0, 116, 198, 80, 91, 167, 192, 154, 199, 197, 1572 149, 237, 51, 2, 131, 30, 226, 95, 105, 48, 68, 135, 208, 144, 120, 1573 176, 145, 157, 8, 171, 80, 94, 61, 92, 92, 220, 157, 13, 138, 51, 23, 1574 185, 124, 31, 77, 1, 87, 241, 43, 239, 55, 122, 86, 210, 48, 208, 1575 204, 112, 144, 80, 147, 106, 219, 47, 253, 31, 134, 176, 16, 135, 1576 219, 95, 17, 129, 83, 236, 125, 136, 112, 86, 228, 252, 71, 129, 218, 1577 174, 156, 236, 12, 27, 159, 11, 138, 252, 253, 207, 31, 115, 214, 1578 118, 239, 203, 16, 211, 205, 99, 22, 51, 163, 107, 162, 246, 199, 67, 1579 127, 34, 108, 197, 53, 117, 58, 199, 3, 190, 74, 70, 190, 65, 235, 1580 175, 97, 157, 215, 252, 189, 245, 100, 229, 248, 46, 90, 126, 237, 4, 1581 159, 128, 58, 7, 156, 236, 69, 191, 85, 240, 179, 224, 249, 152, 49, 1582 195, 223, 60, 78, 186, 157, 155, 217, 58, 105, 116, 164, 217, 111, 1583 215, 150, 218, 252, 84, 86, 248, 140, 240, 226, 61, 106, 208, 95, 60, 1584 163, 6, 0, 235, 253, 162, 96, 62, 234, 251, 249, 35, 21, 7, 211, 233, 1585 86, 50, 33, 203, 67, 248, 60, 190, 123, 48, 167, 226, 90, 191, 71, 1586 56, 183, 165, 17, 85, 76, 238, 140, 211, 168, 53, 223, 194, 4, 97, 1587 149, 156, 120, 137, 76, 33, 229, 243, 194, 208, 198, 202, 139, 28, 1588 114, 46, 224, 92, 254, 83, 100, 134, 158, 92, 70, 78, 61, 62, 138, 1589 24, 173, 216, 66, 198, 70, 254, 47, 59, 193, 53, 6, 139, 19, 153, 1590 253, 28, 199, 122, 160, 27, 67, 234, 209, 227, 139, 4, 50, 7, 178, 1591 183, 89, 252, 32, 128, 137, 55, 52, 29, 89, 12, 111, 42, 181, 51, 1592 170, 132, 132, 207, 170, 228, 254, 178, 213, 0, 136, 175, 8] 1594 The resulting Authentication Tag value is: 1596 [208, 113, 102, 132, 236, 236, 67, 223, 39, 53, 98, 99, 32, 121, 17, 1597 236] 1599 Encoding this JWE Ciphertext as BASE64URL(JWE Ciphertext) gives this 1600 value (with line breaks for display purposes only): 1602 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1603 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1604 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1605 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1606 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1607 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1608 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1609 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1610 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1611 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1612 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1613 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1614 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1615 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1616 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1617 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1618 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1619 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1620 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1621 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1622 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1623 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1624 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1625 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1626 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1627 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1628 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1629 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1630 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1631 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1632 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1633 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1634 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1635 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg 1637 Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication 1638 Tag) gives this value: 1640 0HFmhOzsQ98nNWJjIHkR7A 1642 C.9. Complete Representation 1644 Assemble the final representation: The JWE Compact Serialization of 1645 this result, as defined in Section 7.1 of [JWE], is the string 1646 BASE64URL(UTF8(JWE Protected Header)) || '.' || BASE64URL(JWE 1647 Encrypted Key) || '.' || BASE64URL(JWE Initialization Vector) || '.' 1648 || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE Authentication 1649 Tag). 1651 The final result in this example is: 1653 eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn 1654 VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi 1655 andrK2pzb24ifQ. 1656 TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA. 1657 Ye9j1qs22DmRSAddIh-VnA. 1658 AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo 1659 wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 1660 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ 1661 GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP 1662 nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB 1663 wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 1664 lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ 1665 h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU 1666 qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi 1667 rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665 1668 d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe 1669 PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_ 1670 ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH 1671 PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC 1672 _CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi 1673 GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy 1674 rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE 1675 hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc 1676 ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo 1677 4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe 1678 hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI 1679 B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc 1680 OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5 1681 TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15 1682 Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 1683 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE 1684 SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA 1685 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 1686 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 1687 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 1688 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 1689 v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 1690 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 1691 IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg. 1692 0HFmhOzsQ98nNWJjIHkR7A 1694 Appendix D. Acknowledgements 1696 A JSON representation for RSA public keys was previously introduced 1697 by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures 1699 [MagicSignatures]. 1701 Thanks to Matt Miller for creating the encrypted key example and to 1702 Edmund Jay and Brian Campbell for validating the example. 1704 This specification is the work of the JOSE Working Group, which 1705 includes dozens of active and dedicated participants. In particular, 1706 the following individuals contributed ideas, feedback, and wording 1707 that influenced this specification: 1709 Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de 1710 Medeiros, Stephen Farrell, Joe Hildebrand, Edmund Jay, Stephen Kent, 1711 Ben Laurie, James Manger, Matt Miller, Kathleen Moriarty, Chuck 1712 Mortimore, Tony Nadalin, Axel Nennker, John Panzer, Eric Rescorla, 1713 Pete Resnick, Nat Sakimura, Jim Schaad, Ryan Sleevi, Paul Tarjan, 1714 Hannes Tschofenig, and Sean Turner. 1716 Jim Schaad and Karen O'Donoghue chaired the JOSE working group and 1717 Sean Turner, Stephen Farrell, and Kathleen Moriarty served as 1718 Security area directors during the creation of this specification. 1720 Appendix E. Document History 1722 [[ to be removed by the RFC Editor before publication as an RFC ]] 1724 -34 1726 o Addressed IESG review comments by Pete Resnick, Stephen Farrell, 1727 and Richard Barnes. 1729 o Referenced RFC 4945 for PEM certificate delimiter syntax. 1731 -33 1733 o Addressed secdir review comments by Stephen Kent for which 1734 resolutions had mistakenly been omitted in the previous draft. 1736 o Acknowledged additional contributors. 1738 -32 1740 o Addressed Gen-ART review comments by Russ Housley. 1742 o Addressed secdir review comments by Stephen Kent. 1744 -31 1745 o No changes were made, other than to the version number and date. 1747 -30 1749 o Added references and cleaned up the reference syntax in a few 1750 places. 1752 o Applied minor wording changes to the Security Considerations 1753 section. 1755 -29 1757 o Replaced the terms JWS Header, JWE Header, and JWT Header with a 1758 single JOSE Header term defined in the JWS specification. This 1759 also enabled a single Header Parameter definition to be used and 1760 reduced other areas of duplication between specifications. 1762 -28 1764 o Revised the introduction to the Security Considerations section. 1766 o Refined the text about when applications using encrypted JWKs and 1767 JWK Sets would not need to use the "cty" header parameter. 1769 -27 1771 o Added an example JWK early in the draft. 1773 o Described additional security considerations. 1775 o Added the "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) JWK 1776 member. 1778 o Addressed a few editorial issues. 1780 -26 1782 o Referenced Section 6 of RFC 6125 for TLS server certificate 1783 identity validation. 1785 o Deleted misleading non-normative phrase from the "use" 1786 description. 1788 o Noted that octet sequences are depicted using JSON array notation. 1790 o Updated references, including to W3C specifications. 1792 -25 1793 o Updated WebCrypto reference to refer to W3C Last Call draft. 1795 -24 1797 o Corrected the authentication tag value in the encrypted key 1798 example. 1800 o Updated the JSON reference to RFC 7159. 1802 -23 1804 o No changes were made, other than to the version number and date. 1806 -22 1808 o Corrected RFC 2119 terminology usage. 1810 o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158. 1812 -21 1814 o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey" 1815 and "unwrapKey" to match the "KeyUsage" values defined in the 1816 current Web Cryptography API [WebCrypto] editor's draft. 1818 o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt 1819 Input), where the "p2s" Header Parameter encodes the Salt Input 1820 value and Alg is the "alg" Header Parameter value. 1822 o Changed some references from being normative to informative, 1823 addressing issue #90. 1825 -20 1827 o Renamed "use_details" to "key_ops" (key operations). 1829 o Clarified that "use" is meant for public key use cases, "key_ops" 1830 is meant for use cases in which public, private, or symmetric keys 1831 may be present, and that "use" and "key_ops" should not be used 1832 together. 1834 o Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis, 1835 addressing issue #90. 1837 -19 1839 o Added optional "use_details" (key use details) JWK member. 1841 o Reordered the key selection parameters. 1843 -18 1845 o Changes to address editorial and minor issues #68, #69, #73, #74, 1846 #76, #77, #78, #79, #82, #85, #89, and #135. 1848 o Added and used Description registry fields. 1850 -17 1852 o Refined the "typ" and "cty" definitions to always be MIME Media 1853 Types, with the omission of "application/" prefixes recommended 1854 for brevity, addressing issue #50. 1856 o Added an example encrypting an RSA private key with 1857 "PBES2-HS256+A128KW" and "A128CBC-HS256". Thanks to Matt Miller 1858 for producing this! 1860 o Processing rules occurring in both JWS and JWK are now referenced 1861 in JWS by JWK, rather than duplicated, addressing issue #57. 1863 o Terms used in multiple documents are now defined in one place and 1864 incorporated by reference. Some lightly used or obvious terms 1865 were also removed. This addresses issue #58. 1867 -16 1869 o Changes to address editorial and minor issues #41, #42, #43, #47, 1870 #51, #67, #71, #76, #80, #83, #84, #85, #86, #87, and #88. 1872 -15 1874 o Changes to address editorial issues #48, #64, #65, #66, and #91. 1876 -14 1878 o Relaxed language introducing key parameters since some parameters 1879 are applicable to multiple, but not all, key types. 1881 -13 1883 o Applied spelling and grammar corrections. 1885 -12 1887 o Stated that recipients MUST either reject JWKs and JWK Sets with 1888 duplicate member names or use a JSON parser that returns only the 1889 lexically last duplicate member name. 1891 -11 1893 o Stated that when "kid" values are used within a JWK Set, different 1894 keys within the JWK Set SHOULD use distinct "kid" values. 1896 o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate 1897 Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters. 1899 o Added section on Encrypted JWK and Encrypted JWK Set Formats. 1901 o Added a Parameter Information Class value to the JSON Web Key 1902 Parameters registry, which registers whether the parameter conveys 1903 public or private information. 1905 o Registered "application/jwk+json" and "application/jwk-set+json" 1906 MIME types and "JWK" and "JWK-SET" typ header parameter values, 1907 addressing issue #21. 1909 -10 1911 o No changes were made, other than to the version number and date. 1913 -09 1915 o Expanded the scope of the JWK specification to include private and 1916 symmetric key representations, as specified by 1917 draft-jones-jose-json-private-and-symmetric-key-00. 1919 o Defined that members that are not understood must be ignored. 1921 -08 1923 o Changed the name of the JWK key type parameter from "alg" to "kty" 1924 to enable use of "alg" to indicate the particular algorithm that 1925 the key is intended to be used with. 1927 o Clarified statements of the form "This member is OPTIONAL" to "Use 1928 of this member is OPTIONAL". 1930 o Referenced String Comparison Rules in JWS. 1932 o Added seriesInfo information to Internet Draft references. 1934 -07 1935 o Changed the name of the JWK RSA modulus parameter from "mod" to 1936 "n" and the name of the JWK RSA exponent parameter from "xpo" to 1937 "e", so that the identifiers are the same as those used in RFC 1938 3447. 1940 -06 1942 o Changed the name of the JWK RSA exponent parameter from "exp" to 1943 "xpo" so as to allow the potential use of the name "exp" for a 1944 future extension that might define an expiration parameter for 1945 keys. (The "exp" name is already used for this purpose in the JWT 1946 specification.) 1948 o Clarify that the "alg" (algorithm family) member is REQUIRED. 1950 o Correct an instance of "JWK" that should have been "JWK Set". 1952 o Applied changes made by the RFC Editor to RFC 6749's registry 1953 language to this specification. 1955 -05 1957 o Indented artwork elements to better distinguish them from the body 1958 text. 1960 -04 1962 o Refer to the registries as the primary sources of defined values 1963 and then secondarily reference the sections defining the initial 1964 contents of the registries. 1966 o Normatively reference XML DSIG 2.0 for its security 1967 considerations. 1969 o Added this language to Registration Templates: "This name is case 1970 sensitive. Names that match other registered names in a case 1971 insensitive manner SHOULD NOT be accepted." 1973 o Described additional open issues. 1975 o Applied editorial suggestions. 1977 -03 1979 o Clarified that "kid" values need not be unique within a JWK Set. 1981 o Moved JSON Web Key Parameters registry to the JWK specification. 1983 o Added "Collision Resistant Namespace" to the terminology section. 1985 o Changed registration requirements from RFC Required to 1986 Specification Required with Expert Review. 1988 o Added Registration Template sections for defined registries. 1990 o Added Registry Contents sections to populate registry values. 1992 o Numerous editorial improvements. 1994 -02 1996 o Simplified JWK terminology to get replace the "JWK Key Object" and 1997 "JWK Container Object" terms with simply "JSON Web Key (JWK)" and 1998 "JSON Web Key Set (JWK Set)" and to eliminate potential confusion 1999 between single keys and sets of keys. As part of this change, the 2000 top-level member name for a set of keys was changed from "jwk" to 2001 "keys". 2003 o Clarified that values with duplicate member names MUST be 2004 rejected. 2006 o Established JSON Web Key Set Parameters registry. 2008 o Explicitly listed non-goals in the introduction. 2010 o Moved algorithm-specific definitions from JWK to JWA. 2012 o Reformatted to give each member definition its own section 2013 heading. 2015 -01 2017 o Corrected the Magic Signatures reference. 2019 -00 2021 o Created the initial IETF draft based upon 2022 draft-jones-json-web-key-03 with no normative changes. 2024 Author's Address 2026 Michael B. Jones 2027 Microsoft 2029 Email: mbj@microsoft.com 2030 URI: http://self-issued.info/