draft-ietf-jose-json-web-key-28.txt   draft-ietf-jose-json-web-key-29.txt 
JOSE Working Group M. Jones JOSE Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track June 20, 2014 Intended status: Standards Track June 20, 2014
Expires: December 22, 2014 Expires: December 22, 2014
JSON Web Key (JWK) JSON Web Key (JWK)
draft-ietf-jose-json-web-key-28 draft-ietf-jose-json-web-key-29
Abstract Abstract
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data
structure that represents a cryptographic key. This specification structure that represents a cryptographic key. This specification
also defines a JSON Web Key Set (JWK Set) JSON data structure that also defines a JSON Web Key Set (JWK Set) JSON data structure that
represents a set of JWKs. Cryptographic algorithms and identifiers represents a set of JWKs. Cryptographic algorithms and identifiers
for use with this specification are described in the separate JSON for use with this specification are described in the separate JSON
Web Algorithms (JWA) specification and IANA registries defined by Web Algorithms (JWA) specification and IANA registries defined by
that specification. that specification.
skipping to change at page 3, line 11 skipping to change at page 3, line 11
10.1. Normative References . . . . . . . . . . . . . . . . . . . 20 10.1. Normative References . . . . . . . . . . . . . . . . . . . 20
10.2. Informative References . . . . . . . . . . . . . . . . . . 22 10.2. Informative References . . . . . . . . . . . . . . . . . . 22
Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 23 Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 23
A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 23 A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 23
A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 23 A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 23
A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 25 A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 25
Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Appendix B. Example Use of "x5c" (X.509 Certificate Chain)
Parameter . . . . . . . . . . . . . . . . . . . . . . 25 Parameter . . . . . . . . . . . . . . . . . . . . . . 25
Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 26 Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 26
C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 27 C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 27
C.2. JWE Header . . . . . . . . . . . . . . . . . . . . . . . . 30 C.2. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . 30
C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 30 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 30
C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 31 C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 31
C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 31 C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 31
C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 31 C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 31
C.7. Additional Authenticated Data . . . . . . . . . . . . . . 32 C.7. Additional Authenticated Data . . . . . . . . . . . . . . 32
C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 32 C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 32
C.9. Complete Representation . . . . . . . . . . . . . . . . . 35 C.9. Complete Representation . . . . . . . . . . . . . . . . . 35
Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 36 Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 36
Appendix E. Document History . . . . . . . . . . . . . . . . . . 37 Appendix E. Document History . . . . . . . . . . . . . . . . . . 37
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 43 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 43
skipping to change at page 4, line 49 skipping to change at page 4, line 49
ASCII(STRING) denotes the octets of the ASCII [USASCII] ASCII(STRING) denotes the octets of the ASCII [USASCII]
representation of STRING. representation of STRING.
The concatenation of two values A and B is denoted as A || B. The concatenation of two values A and B is denoted as A || B.
2. Terminology 2. Terminology
These terms defined by the JSON Web Signature (JWS) [JWS] These terms defined by the JSON Web Signature (JWS) [JWS]
specification are incorporated into this specification: "Base64url specification are incorporated into this specification: "Base64url
Encoding" and "Collision-Resistant Name". Encoding", "Collision-Resistant Name", "Header Parameter", and "JOSE
Header".
These terms are defined for use by this specification: These terms are defined by this specification:
JSON Web Key (JWK) JSON Web Key (JWK)
A JSON object that represents a cryptographic key. The members of A JSON object that represents a cryptographic key. The members of
the object represent properties of the key, including its value. the object represent properties of the key, including its value.
JSON Web Key Set (JWK Set) JSON Web Key Set (JWK Set)
A JSON object that represents a set of JWKs. The JSON object MUST A JSON object that represents a set of JWKs. The JSON object MUST
have a "keys" member, which is an array of JWK objects. have a "keys" member, which is an array of JWK objects.
3. Example JWK 3. Example JWK
skipping to change at page 30, line 9 skipping to change at page 30, line 9
122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57,
86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75,
82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72,
87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109,
106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111,
116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106,
100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111,
79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34,
125] 125]
C.2. JWE Header C.2. JOSE Header
The following example JWE Protected Header declares that: The following example JWE Protected Header declares that:
o the Content Encryption Key is encrypted to the recipient using the o the Content Encryption Key is encrypted to the recipient using the
PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key,
o the Salt Input ("p2s") value is [217, 96, 147, 112, 150, 117, 70, o the Salt Input ("p2s") value is [217, 96, 147, 112, 150, 117, 70,
247, 127, 8, 155, 137, 174, 42, 80, 215], 247, 127, 8, 155, 137, 174, 42, 80, 215],
o the Iteration Count ("p2c") value is 4096, o the Iteration Count ("p2c") value is 4096,
skipping to change at page 37, line 29 skipping to change at page 37, line 29
and Sean Turner. and Sean Turner.
Jim Schaad and Karen O'Donoghue chaired the JOSE working group and Jim Schaad and Karen O'Donoghue chaired the JOSE working group and
Sean Turner, Stephen Farrell, and Kathleen Moriarty served as Sean Turner, Stephen Farrell, and Kathleen Moriarty served as
Security area directors during the creation of this specification. Security area directors during the creation of this specification.
Appendix E. Document History Appendix E. Document History
[[ to be removed by the RFC Editor before publication as an RFC ]] [[ to be removed by the RFC Editor before publication as an RFC ]]
-29
o Replaced the terms JWS Header, JWE Header, and JWT Header with a
single JOSE Header term defined in the JWS specification. This
also enabled a single Header Parameter definition to be used and
reduced other areas of duplication between specifications.
-28 -28
o Revised the introduction to the Security Considerations section. o Revised the introduction to the Security Considerations section.
o Refined the text about when applications using encrypted JWKs and o Refined the text about when applications using encrypted JWKs and
JWK Sets would not need to use the "cty" header parameter. JWK Sets would not need to use the "cty" header parameter.
-27 -27
o Added an example JWK early in the draft. o Added an example JWK early in the draft.
 End of changes. 6 change blocks. 
5 lines changed or deleted 13 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/