draft-ietf-jose-json-web-key-21.txt   draft-ietf-jose-json-web-key-22.txt 
JOSE Working Group M. Jones JOSE Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track February 14, 2014 Intended status: Standards Track March 2, 2014
Expires: August 18, 2014 Expires: September 3, 2014
JSON Web Key (JWK) JSON Web Key (JWK)
draft-ietf-jose-json-web-key-21 draft-ietf-jose-json-web-key-22
Abstract Abstract
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data
structure that represents a cryptographic key. This specification structure that represents a cryptographic key. This specification
also defines a JSON Web Key Set (JWK Set) JSON data structure for also defines a JSON Web Key Set (JWK Set) JSON data structure for
representing a set of JWKs. Cryptographic algorithms and identifiers representing a set of JWKs. Cryptographic algorithms and identifiers
for use with this specification are described in the separate JSON for use with this specification are described in the separate JSON
Web Algorithms (JWA) specification and IANA registries defined by Web Algorithms (JWA) specification and IANA registries defined by
that specification. that specification.
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 18, 2014. This Internet-Draft will expire on September 3, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 15 skipping to change at page 3, line 15
C.2. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . 29 C.2. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . 29
C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 29 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 29
C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 30 C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 30
C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 30 C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 30
C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 30 C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 30
C.7. Additional Authenticated Data . . . . . . . . . . . . . . 31 C.7. Additional Authenticated Data . . . . . . . . . . . . . . 31
C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 31 C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 31
C.9. Complete Representation . . . . . . . . . . . . . . . . . 34 C.9. Complete Representation . . . . . . . . . . . . . . . . . 34
Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 35 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 35
Appendix E. Document History . . . . . . . . . . . . . . . . . . 36 Appendix E. Document History . . . . . . . . . . . . . . . . . . 36
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 40 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 41
1. Introduction 1. Introduction
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7158]
[I-D.ietf-json-rfc4627bis] data structure that represents a data structure that represents a cryptographic key. This
cryptographic key. This specification also defines a JSON Web Key specification also defines a JSON Web Key Set (JWK Set) JSON data
Set (JWK Set) JSON data structure for representing a set of JWKs. structure for representing a set of JWKs. Cryptographic algorithms
Cryptographic algorithms and identifiers for use with this and identifiers for use with this specification are described in the
specification are described in the separate JSON Web Algorithms (JWA) separate JSON Web Algorithms (JWA) [JWA] specification and IANA
[JWA] specification and IANA registries defined by that registries defined by that specification.
specification.
Goals for this specification do not include representing certificate Goals for this specification do not include representing certificate
chains, representing certified keys, and replacing X.509 chains, representing certified keys, and replacing X.509
certificates. certificates.
JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and
JSON Web Encryption (JWE) [JWE] specifications. JSON Web Encryption (JWE) [JWE] specifications.
Names defined by this specification are short because a core goal is Names defined by this specification are short because a core goal is
for the resulting representations to be compact. for the resulting representations to be compact.
1.1. Notational Conventions 1.1. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
document are to be interpreted as described in Key words for use in "OPTIONAL" in this document are to be interpreted as described in Key
RFCs to Indicate Requirement Levels [RFC2119]. If these words are words for use in RFCs to Indicate Requirement Levels [RFC2119]. If
used without being spelled in uppercase then they are to be these words are used without being spelled in uppercase then they are
interpreted with their normal natural language meanings. to be interpreted with their normal natural language meanings.
BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per
Section 2. Section 2.
UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation
of STRING. of STRING.
ASCII(STRING) denotes the octets of the ASCII [USASCII] ASCII(STRING) denotes the octets of the ASCII [USASCII]
representation of STRING. representation of STRING.
The concatenation of two values A and B is denoted as A || B. The concatenation of two values A and B is denoted as A || B.
2. Terminology 2. Terminology
These terms defined by the JSON Web Signature (JWS) [JWS] These terms defined by the JSON Web Signature (JWS) [JWS]
specification are incorporated into this specification: "Base64url specification are incorporated into this specification: "Base64url
Encoding" and "Collision-Resistant Name". Encoding" and "Collision-Resistant Name".
These terms are defined for use by this specification: These terms are defined for use by this specification:
JSON Web Key (JWK) A JSON object that represents a cryptographic JSON Web Key (JWK)
key. A JSON object that represents a cryptographic key.
JSON Web Key Set (JWK Set) A JSON object that contains an array of JSON Web Key Set (JWK Set)
JWKs as the value of its "keys" member. A JSON object that contains an array of JWKs as the value of its
"keys" member.
3. JSON Web Key (JWK) Format 3. JSON Web Key (JWK) Format
A JSON Web Key (JWK) is a JSON object. The members of the object A JSON Web Key (JWK) is a JSON object. The members of the object
represent properties of the key, including its value. This document represent properties of the key, including its value. This document
defines the key parameters that are not algorithm specific, and thus defines the key parameters that are not algorithm specific, and thus
common to many keys. common to many keys.
In addition to the common parameters, each JWK will have members that In addition to the common parameters, each JWK will have members that
are specific to the kind of key being represented. These members are specific to the kind of key being represented. These members
skipping to change at page 19, line 38 skipping to change at page 19, line 38
The TLS Requirements in [JWS] also apply to this specification. The TLS Requirements in [JWS] also apply to this specification.
9. References 9. References
9.1. Normative References 9.1. Normative References
[ECMAScript] [ECMAScript]
Ecma International, "ECMAScript Language Specification, Ecma International, "ECMAScript Language Specification,
5.1 Edition", ECMA 262, June 2011. 5.1 Edition", ECMA 262, June 2011.
[I-D.ietf-json-rfc4627bis]
Bray, T., "The JSON Data Interchange Format",
draft-ietf-json-rfc4627bis-10 (work in progress),
December 2013.
[IANA.MediaTypes] [IANA.MediaTypes]
Internet Assigned Numbers Authority (IANA), "MIME Media Internet Assigned Numbers Authority (IANA), "MIME Media
Types", 2005. Types", 2005.
[ITU.X690.1994] [ITU.X690.1994]
International Telecommunications Union, "Information International Telecommunications Union, "Information
Technology - ASN.1 encoding rules: Specification of Basic Technology - ASN.1 encoding rules: Specification of Basic
Encoding Rules (BER), Canonical Encoding Rules (CER) and Encoding Rules (BER), Canonical Encoding Rules (CER) and
Distinguished Encoding Rules (DER)", ITU-T Recommendation Distinguished Encoding Rules (DER)", ITU-T Recommendation
X.690, 1994. X.690, 1994.
[JWA] Jones, M., "JSON Web Algorithms (JWA)", [JWA] Jones, M., "JSON Web Algorithms (JWA)",
draft-ietf-jose-json-web-algorithms (work in progress), draft-ietf-jose-json-web-algorithms (work in progress),
February 2014. March 2014.
[JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web
Encryption (JWE)", draft-ietf-jose-json-web-encryption Encryption (JWE)", draft-ietf-jose-json-web-encryption
(work in progress), February 2014. (work in progress), March 2014.
[JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web
Signature (JWS)", draft-ietf-jose-json-web-signature (work Signature (JWS)", draft-ietf-jose-json-web-signature (work
in progress), February 2014. in progress), March 2014.
[RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic [RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic
Mail: Part I: Message Encryption and Authentication Mail: Part I: Message Encryption and Authentication
Procedures", RFC 1421, February 1993. Procedures", RFC 1421, February 1993.
[RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part Two: Media Types", RFC 2046, Extensions (MIME) Part Two: Media Types", RFC 2046,
November 1996. November 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
skipping to change at page 20, line 50 skipping to change at page 20, line 45
Encodings", RFC 4648, October 2006. Encodings", RFC 4648, October 2006.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, August 2008. (TLS) Protocol Version 1.2", RFC 5246, August 2008.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, May 2008. (CRL) Profile", RFC 5280, May 2008.
[RFC7158] Bray, T., "The JavaScript Object Notation (JSON) Data
Interchange Format", RFC 7158, March 2014.
[USASCII] American National Standards Institute, "Coded Character [USASCII] American National Standards Institute, "Coded Character
Set -- 7-bit American Standard Code for Information Set -- 7-bit American Standard Code for Information
Interchange", ANSI X3.4, 1986. Interchange", ANSI X3.4, 1986.
9.2. Informative References 9.2. Informative References
[MagicSignatures] [MagicSignatures]
Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic
Signatures", January 2011. Signatures", January 2011.
skipping to change at page 36, line 26 skipping to change at page 36, line 26
Turner. Turner.
Jim Schaad and Karen O'Donoghue chaired the JOSE working group and Jim Schaad and Karen O'Donoghue chaired the JOSE working group and
Sean Turner and Stephen Farrell served as Security area directors Sean Turner and Stephen Farrell served as Security area directors
during the creation of this specification. during the creation of this specification.
Appendix E. Document History Appendix E. Document History
[[ to be removed by the RFC Editor before publication as an RFC ]] [[ to be removed by the RFC Editor before publication as an RFC ]]
-22
o Corrected RFC 2119 terminology usage.
o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158.
-21 -21
o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey" o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey"
and "unwrapKey" to match the "KeyUsage" values defined in the and "unwrapKey" to match the "KeyUsage" values defined in the
current Web Cryptography API [WebCrypto] editor's draft. current Web Cryptography API [WebCrypto] editor's draft.
o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt
Input), where the "p2s" Header Parameter encodes the Salt Input Input), where the "p2s" Header Parameter encodes the Salt Input
value and Alg is the "alg" Header Parameter value. value and Alg is the "alg" Header Parameter value.
 End of changes. 14 change blocks. 
30 lines changed or deleted 34 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/