--- 1/draft-ietf-jose-json-web-key-23.txt 2014-03-18 18:14:41.426332304 -0700 +++ 2/draft-ietf-jose-json-web-key-24.txt 2014-03-18 18:14:41.506334241 -0700 @@ -1,18 +1,18 @@ JOSE Working Group M. Jones Internet-Draft Microsoft -Intended status: Standards Track March 3, 2014 -Expires: September 4, 2014 +Intended status: Standards Track March 18, 2014 +Expires: September 19, 2014 JSON Web Key (JWK) - draft-ietf-jose-json-web-key-23 + draft-ietf-jose-json-web-key-24 Abstract A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This specification also defines a JSON Web Key Set (JWK Set) JSON data structure for representing a set of JWKs. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and IANA registries defined by that specification. @@ -25,21 +25,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on September 4, 2014. + This Internet-Draft will expire on September 19, 2014. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -101,21 +101,21 @@ C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 30 C.7. Additional Authenticated Data . . . . . . . . . . . . . . 31 C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 31 C.9. Complete Representation . . . . . . . . . . . . . . . . . 34 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 35 Appendix E. Document History . . . . . . . . . . . . . . . . . . 36 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 41 1. Introduction - A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7158] + A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7159] data structure that represents a cryptographic key. This specification also defines a JSON Web Key Set (JWK Set) JSON data structure for representing a set of JWKs. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) [JWA] specification and IANA registries defined by that specification. Goals for this specification do not include representing certificate chains, representing certified keys, and replacing X.509 certificates. @@ -851,23 +851,23 @@ International Telecommunications Union, "Information Technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)", ITU-T Recommendation X.690, 1994. [JWA] Jones, M., "JSON Web Algorithms (JWA)", draft-ietf-jose-json-web-algorithms (work in progress), March 2014. - [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web - Encryption (JWE)", draft-ietf-jose-json-web-encryption - (work in progress), March 2014. + [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", + draft-ietf-jose-json-web-encryption (work in progress), + March 2014. [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Signature (JWS)", draft-ietf-jose-json-web-signature (work in progress), March 2014. [RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures", RFC 1421, February 1993. [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail @@ -890,22 +890,22 @@ Encodings", RFC 4648, October 2006. [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008. [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, May 2008. - [RFC7158] Bray, T., "The JavaScript Object Notation (JSON) Data - Interchange Format", RFC 7158, March 2014. + [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data + Interchange Format", RFC 7159, March 2014. [USASCII] American National Standards Institute, "Coded Character Set -- 7-bit American Standard Code for Information Interchange", ANSI X3.4, 1986. 9.2. Informative References [MagicSignatures] Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic Signatures", January 2011. @@ -1452,22 +1452,22 @@ 56, 183, 165, 17, 85, 76, 238, 140, 211, 168, 53, 223, 194, 4, 97, 149, 156, 120, 137, 76, 33, 229, 243, 194, 208, 198, 202, 139, 28, 114, 46, 224, 92, 254, 83, 100, 134, 158, 92, 70, 78, 61, 62, 138, 24, 173, 216, 66, 198, 70, 254, 47, 59, 193, 53, 6, 139, 19, 153, 253, 28, 199, 122, 160, 27, 67, 234, 209, 227, 139, 4, 50, 7, 178, 183, 89, 252, 32, 128, 137, 55, 52, 29, 89, 12, 111, 42, 181, 51, 170, 132, 132, 207, 170, 228, 254, 178, 213, 0, 136, 175, 8 ] The resulting Authentication Tag value is: - [ 125, 249, 143, 191, 240, 4, 204, 132, 62, 241, 113, 178, 91, 88, - 254, 19 ] + [ 208, 113, 102, 132, 236, 236, 67, 223, 39, 53, 98, 99, 32, 121, 17, + 236 ] Encoding this JWE Ciphertext as BASE64URL(JWE Ciphertext) gives this value: AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g 0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_ GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3 @@ -1496,21 +1496,21 @@ H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg Encoding this JWE Authentication Tag as BASE64URL(JWE Authentication Tag) gives this value: - ffmPv_AEzIQ-8XGyW1j-Ew + 0HFmhOzsQ98nNWJjIHkR7A C.9. Complete Representation Assemble the final representation: The Compact Serialization of this result is the string BASE64URL(UTF8(JWE Protected Header)) || '.' || BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE Authentication Tag). The final result in this example is: @@ -1547,48 +1547,58 @@ Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM 38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg. - ffmPv_AEzIQ-8XGyW1j-Ew + 0HFmhOzsQ98nNWJjIHkR7A Appendix D. Acknowledgements A JSON representation for RSA public keys was previously introduced by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures [MagicSignatures]. + Thanks to Matt Miller for creating the encrypted key example and to + Edmund Jay and Brian Campbell for validating the example. + This specification is the work of the JOSE Working Group, which includes dozens of active and dedicated participants. In particular, the following individuals contributed ideas, feedback, and wording that influenced this specification: Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de Medeiros, Joe Hildebrand, Edmund Jay, Ben Laurie, James Manger, Matt Miller, Tony Nadalin, Axel Nennker, John Panzer, Eric Rescorla, Nat Sakimura, Jim Schaad, Paul Tarjan, Hannes Tschofenig, and Sean Turner. Jim Schaad and Karen O'Donoghue chaired the JOSE working group and Sean Turner and Stephen Farrell served as Security area directors during the creation of this specification. Appendix E. Document History [[ to be removed by the RFC Editor before publication as an RFC ]] + -24 + + o Corrected the authentication tag value in the encrypted key + example. + + o Updated the JSON reference to RFC 7159. + -23 o No changes were made, other than to the version number and date. -22 o Corrected RFC 2119 terminology usage. o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158.