draft-ietf-jose-json-web-key-41.txt   rfc7517.txt 
JOSE Working Group M. Jones Internet Engineering Task Force (IETF) M. Jones
Internet-Draft Microsoft Request for Comments: 7517 Microsoft
Intended status: Standards Track January 16, 2015 Category: Standards Track May 2015
Expires: July 20, 2015 ISSN: 2070-1721
JSON Web Key (JWK) JSON Web Key (JWK)
draft-ietf-jose-json-web-key-41
Abstract Abstract
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data
structure that represents a cryptographic key. This specification structure that represents a cryptographic key. This specification
also defines a JSON Web Key Set (JWK Set) JSON data structure that also defines a JWK Set JSON data structure that represents a set of
represents a set of JWKs. Cryptographic algorithms and identifiers JWKs. Cryptographic algorithms and identifiers for use with this
for use with this specification are described in the separate JSON specification are described in the separate JSON Web Algorithms (JWA)
Web Algorithms (JWA) specification and IANA registries defined by specification and IANA registries established by that specification.
that specification.
Status of this Memo
This Internet-Draft is submitted in full conformance with the Status of This Memo
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering This is an Internet Standards Track document.
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
This Internet-Draft will expire on July 20, 2015. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7517.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 4 1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Example JWK . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Example JWK . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 5 4. JSON Web Key (JWK) Format . . . . . . . . . . . . . . . . . . 5
4.1. "kty" (Key Type) Parameter . . . . . . . . . . . . . . . . 6 4.1. "kty" (Key Type) Parameter . . . . . . . . . . . . . . . 6
4.2. "use" (Public Key Use) Parameter . . . . . . . . . . . . . 6 4.2. "use" (Public Key Use) Parameter . . . . . . . . . . . . 6
4.3. "key_ops" (Key Operations) Parameter . . . . . . . . . . . 7 4.3. "key_ops" (Key Operations) Parameter . . . . . . . . . . 7
4.4. "alg" (Algorithm) Parameter . . . . . . . . . . . . . . . 8 4.4. "alg" (Algorithm) Parameter . . . . . . . . . . . . . . . 8
4.5. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . . 8 4.5. "kid" (Key ID) Parameter . . . . . . . . . . . . . . . . 8
4.6. "x5u" (X.509 URL) Parameter . . . . . . . . . . . . . . . 8 4.6. "x5u" (X.509 URL) Parameter . . . . . . . . . . . . . . . 8
4.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 9 4.7. "x5c" (X.509 Certificate Chain) Parameter . . . . . . . . 9
4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . . 9 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter . . 9
4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint)
Parameter . . . . . . . . . . . . . . . . . . . . . . . . 10 Parameter . . . . . . . . . . . . . . . . . . . . . . . . 10
5. JSON Web Key Set (JWK Set) Format . . . . . . . . . . . . . . 10 5. JWK Set Format . . . . . . . . . . . . . . . . . . . . . . . 10
5.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . . 11 5.1. "keys" Parameter . . . . . . . . . . . . . . . . . . . . 10
6. String Comparison Rules . . . . . . . . . . . . . . . . . . . 11 6. String Comparison Rules . . . . . . . . . . . . . . . . . . . 11
7. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 11 7. Encrypted JWK and Encrypted JWK Set Formats . . . . . . . . . 11
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
8.1. JSON Web Key Parameters Registry . . . . . . . . . . . . . 13 8.1. JSON Web Key Parameters Registry . . . . . . . . . . . . 12
8.1.1. Registration Template . . . . . . . . . . . . . . . . 13 8.1.1. Registration Template . . . . . . . . . . . . . . . . 12
8.1.2. Initial Registry Contents . . . . . . . . . . . . . . 14 8.1.2. Initial Registry Contents . . . . . . . . . . . . . . 13
8.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 15 8.2. JSON Web Key Use Registry . . . . . . . . . . . . . . . . 15
8.2.1. Registration Template . . . . . . . . . . . . . . . . 16 8.2.1. Registration Template . . . . . . . . . . . . . . . . 15
8.2.2. Initial Registry Contents . . . . . . . . . . . . . . 16 8.2.2. Initial Registry Contents . . . . . . . . . . . . . . 15
8.3. JSON Web Key Operations Registry . . . . . . . . . . . . . 16 8.3. JSON Web Key Operations Registry . . . . . . . . . . . . 16
8.3.1. Registration Template . . . . . . . . . . . . . . . . 17 8.3.1. Registration Template . . . . . . . . . . . . . . . . 16
8.3.2. Initial Registry Contents . . . . . . . . . . . . . . 17 8.3.2. Initial Registry Contents . . . . . . . . . . . . . . 16
8.4. JSON Web Key Set Parameters Registry . . . . . . . . . . . 18 8.4. JSON Web Key Set Parameters Registry . . . . . . . . . . 17
8.4.1. Registration Template . . . . . . . . . . . . . . . . 18 8.4.1. Registration Template . . . . . . . . . . . . . . . . 17
8.4.2. Initial Registry Contents . . . . . . . . . . . . . . 19 8.4.2. Initial Registry Contents . . . . . . . . . . . . . . 18
8.5. Media Type Registration . . . . . . . . . . . . . . . . . 19 8.5. Media Type Registration . . . . . . . . . . . . . . . . . 18
8.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 19 8.5.1. Registry Contents . . . . . . . . . . . . . . . . . . 18
9. Security Considerations . . . . . . . . . . . . . . . . . . . 20 9. Security Considerations . . . . . . . . . . . . . . . . . . . 19
9.1. Key Provenance and Trust . . . . . . . . . . . . . . . . . 20 9.1. Key Provenance and Trust . . . . . . . . . . . . . . . . 20
9.2. Preventing Disclosure of Non-Public Key Information . . . 21 9.2. Preventing Disclosure of Non-public Key Information . . . 20
9.3. RSA Private Key Representations and Blinding . . . . . . . 21 9.3. RSA Private Key Representations and Blinding . . . . . . 21
9.4. Key Entropy and Random Values . . . . . . . . . . . . . . 22 9.4. Key Entropy and Random Values . . . . . . . . . . . . . . 21
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 22 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 21
10.1. Normative References . . . . . . . . . . . . . . . . . . . 22 10.1. Normative References . . . . . . . . . . . . . . . . . . 21
10.2. Informative References . . . . . . . . . . . . . . . . . . 24 10.2. Informative References . . . . . . . . . . . . . . . . . 23
Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . 25
A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 25
A.2. Example Private Keys . . . . . . . . . . . . . . . . . . 25
A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . 27
Appendix A. Example JSON Web Key Sets . . . . . . . . . . . . . . 25
A.1. Example Public Keys . . . . . . . . . . . . . . . . . . . 25
A.2. Example Private Keys . . . . . . . . . . . . . . . . . . . 25
A.3. Example Symmetric Keys . . . . . . . . . . . . . . . . . . 27
Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Appendix B. Example Use of "x5c" (X.509 Certificate Chain)
Parameter . . . . . . . . . . . . . . . . . . . . . . 27 Parameter . . . . . . . . . . . . . . . . . . . . . 28
Appendix C. Example Encrypted RSA Private Key . . . . . . . . . . 28 Appendix C. Example Encrypted RSA Private Key . . . . . . . . . 28
C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 29 C.1. Plaintext RSA Private Key . . . . . . . . . . . . . . . . 29
C.2. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . 32 C.2. JOSE Header . . . . . . . . . . . . . . . . . . . . . . . 32
C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . . 32 C.3. Content Encryption Key (CEK) . . . . . . . . . . . . . . 32
C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . . 33 C.4. Key Derivation . . . . . . . . . . . . . . . . . . . . . 33
C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . . 33 C.5. Key Encryption . . . . . . . . . . . . . . . . . . . . . 33
C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 33 C.6. Initialization Vector . . . . . . . . . . . . . . . . . . 33
C.7. Additional Authenticated Data . . . . . . . . . . . . . . 34 C.7. Additional Authenticated Data . . . . . . . . . . . . . . 34
C.8. Content Encryption . . . . . . . . . . . . . . . . . . . . 34 C.8. Content Encryption . . . . . . . . . . . . . . . . . . . 34
C.9. Complete Representation . . . . . . . . . . . . . . . . . 37 C.9. Complete Representation . . . . . . . . . . . . . . . . . 38
Appendix D. Acknowledgements . . . . . . . . . . . . . . . . . . 39 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 40
Appendix E. Document History . . . . . . . . . . . . . . . . . . 39 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 40
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 47
1. Introduction 1. Introduction
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7159] A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) [RFC7159]
data structure that represents a cryptographic key. This data structure that represents a cryptographic key. This
specification also defines a JSON Web Key Set (JWK Set) JSON data specification also defines a JWK Set JSON data structure that
structure that represents a set of JWKs. Cryptographic algorithms represents a set of JWKs. Cryptographic algorithms and identifiers
and identifiers for use with this specification are described in the for use with this specification are described in the separate JSON
separate JSON Web Algorithms (JWA) [JWA] specification and IANA Web Algorithms (JWA) [JWA] specification and IANA registries
registries defined by that specification. established by that specification.
Goals for this specification do not include representing new kinds of Goals for this specification do not include representing new kinds of
certificate chains, representing new kinds of certified keys, or certificate chains, representing new kinds of certified keys, or
replacing X.509 certificates. replacing X.509 certificates.
JWKs and JWK Sets are used in the JSON Web Signature (JWS) [JWS] and JWKs and JWK Sets are used in the JSON Web Signature [JWS] and JSON
JSON Web Encryption (JWE) [JWE] specifications. Web Encryption [JWE] specifications.
Names defined by this specification are short because a core goal is Names defined by this specification are short because a core goal is
for the resulting representations to be compact. for the resulting representations to be compact.
1.1. Notational Conventions 1.1. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in Key "OPTIONAL" in this document are to be interpreted as described in
words for use in RFCs to Indicate Requirement Levels [RFC2119]. If "Key words for use in RFCs to Indicate Requirement Levels" [RFC2119].
these words are used without being spelled in uppercase then they are The interpretation should only be applied when the terms appear in
to be interpreted with their normal natural language meanings. all capital letters.
BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per
Section 2 of [JWS]. Section 2 of [JWS].
UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation
of STRING, where STRING is a sequence of zero or more Unicode of STRING, where STRING is a sequence of zero or more Unicode
[UNICODE] characters. [UNICODE] characters.
ASCII(STRING) denotes the octets of the ASCII [RFC20] representation ASCII(STRING) denotes the octets of the ASCII [RFC20] representation
of STRING, where STRING is a sequence of zero or more ASCII of STRING, where STRING is a sequence of zero or more ASCII
characters. characters.
The concatenation of two values A and B is denoted as A || B. The concatenation of two values A and B is denoted as A || B.
2. Terminology 2. Terminology
These terms defined by the JSON Web Signature (JWS) [JWS] The terms "JSON Web Signature (JWS)", "Base64url Encoding",
specification are incorporated into this specification: "JSON Web "Collision-Resistant Name", "Header Parameter", and "JOSE Header" are
Signature (JWS)", "Base64url Encoding", "Collision-Resistant Name", defined by the JWS specification [JWS].
"Header Parameter", and "JOSE Header".
These terms defined by the JSON Web Encryption (JWE) [JWE] The terms "JSON Web Encryption (JWE)", "Additional Authenticated Data
specification are incorporated into this specification: "JSON Web (AAD)", "JWE Authentication Tag", "JWE Ciphertext", "JWE Compact
Encryption (JWE)", "Additional Authenticated Data (AAD)", "JWE Serialization", "JWE Encrypted Key", "JWE Initialization Vector", and
Authentication Tag", "JWE Ciphertext", "JWE Compact Serialization", "JWE Protected Header" are defined by the JWE specification [JWE].
"JWE Encrypted Key", "JWE Initialization Vector", and "JWE Protected
Header".
These terms defined by the Internet Security Glossary, Version 2 The terms "Ciphertext", "Digital Signature", "Message Authentication
[RFC4949] are incorporated into this specification: "Ciphertext", Code (MAC)", and "Plaintext" are defined by the "Internet Security
"Digital Signature", "Message Authentication Code (MAC)", and Glossary, Version 2" [RFC4949].
"Plaintext".
These terms are defined by this specification: These terms are defined by this specification:
JSON Web Key (JWK) JSON Web Key (JWK)
A JSON object that represents a cryptographic key. The members of A JSON object that represents a cryptographic key. The members of
the object represent properties of the key, including its value. the object represent properties of the key, including its value.
JSON Web Key Set (JWK Set) JWK Set
A JSON object that represents a set of JWKs. The JSON object MUST A JSON object that represents a set of JWKs. The JSON object MUST
have a "keys" member, which is an array of JWKs. have a "keys" member, which is an array of JWKs.
3. Example JWK 3. Example JWK
This section provides an example of a JWK. The following example JWK This section provides an example of a JWK. The following example JWK
declares that the key is an Elliptic Curve [DSS] key, it is used with declares that the key is an Elliptic Curve [DSS] key, it is used with
the P-256 Elliptic Curve, and its x and y coordinates are the the P-256 Elliptic Curve, and its x and y coordinates are the
base64url encoded values shown. A key identifier is also provided base64url-encoded values shown. A key identifier is also provided
for the key. for the key.
{"kty":"EC", {"kty":"EC",
"crv":"P-256", "crv":"P-256",
"x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU",
"y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0",
"kid":"Public key used in JWS A.3 example" "kid":"Public key used in JWS spec Appendix A.3 example"
} }
Additional example JWK values can be found in Appendix A. Additional example JWK values can be found in Appendix A.
4. JSON Web Key (JWK) Format 4. JSON Web Key (JWK) Format
A JSON Web Key (JWK) is a JSON object that represents a cryptographic A JWK is a JSON object that represents a cryptographic key. The
key. The members of the object represent properties of the key, members of the object represent properties of the key, including its
including its value. This JSON object MAY contain white space and/or value. This JSON object MAY contain whitespace and/or line breaks
line breaks before or after any JSON values or structural characters, before or after any JSON values or structural characters, in
in accordance with Section 2 of RFC 7159 [RFC7159]. This document accordance with Section 2 of RFC 7159 [RFC7159]. This document
defines the key parameters that are not algorithm specific, and thus defines the key parameters that are not algorithm specific and, thus,
common to many keys. common to many keys.
In addition to the common parameters, each JWK will have members that In addition to the common parameters, each JWK will have members that
are key type-specific. These members represent the parameters of the are key type specific. These members represent the parameters of the
key. Section 6 of the JSON Web Algorithms (JWA) [JWA] specification key. Section 6 of the JSON Web Algorithms (JWA) [JWA] specification
defines multiple kinds of cryptographic keys and their associated defines multiple kinds of cryptographic keys and their associated
members. members.
The member names within a JWK MUST be unique; JWK parsers MUST either The member names within a JWK MUST be unique; JWK parsers MUST either
reject JWKs with duplicate member names or use a JSON parser that reject JWKs with duplicate member names or use a JSON parser that
returns only the lexically last duplicate member name, as specified returns only the lexically last duplicate member name, as specified
in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript]. in Section 15.12 (The JSON Object) of ECMAScript 5.1 [ECMAScript].
Additional members can be present in the JWK; if not understood by Additional members can be present in the JWK; if not understood by
implementations encountering them, they MUST be ignored. Member implementations encountering them, they MUST be ignored. Member
names used for representing key parameters for different keys types names used for representing key parameters for different keys types
need not be distinct. Any new member name should either be need not be distinct. Any new member name should either be
registered in the IANA JSON Web Key Parameters registry defined in registered in the IANA "JSON Web Key Parameters" registry established
Section 8.1 or be a value that contains a Collision-Resistant Name. by Section 8.1 or be a value that contains a Collision-Resistant
Name.
4.1. "kty" (Key Type) Parameter 4.1. "kty" (Key Type) Parameter
The "kty" (key type) member identifies the cryptographic algorithm The "kty" (key type) parameter identifies the cryptographic algorithm
family used with the key, such as "RSA" or "EC". "kty" values should family used with the key, such as "RSA" or "EC". "kty" values should
either be registered in the IANA JSON Web Key Types registry defined either be registered in the IANA "JSON Web Key Types" registry
in [JWA] or be a value that contains a Collision-Resistant Name. The established by [JWA] or be a value that contains a Collision-
"kty" value is a case-sensitive string. This member MUST be present Resistant Name. The "kty" value is a case-sensitive string. This
in a JWK. member MUST be present in a JWK.
A list of defined "kty" values can be found in the IANA JSON Web Key A list of defined "kty" values can be found in the IANA "JSON Web Key
Types registry defined in [JWA]; the initial contents of this Types" registry established by [JWA]; the initial contents of this
registry are the values defined in Section 6.1 of the JSON Web registry are the values defined in Section 6.1 of [JWA].
Algorithms (JWA) [JWA] specification.
The key type definitions include specification of the members to be The key type definitions include specification of the members to be
used for those key types. Additional members used with "kty" values used for those key types. Members used with specific "kty" values
can also be found in the IANA JSON Web Key Parameters registry can be found in the IANA "JSON Web Key Parameters" registry
defined in Section 8.1. established by Section 8.1.
4.2. "use" (Public Key Use) Parameter 4.2. "use" (Public Key Use) Parameter
The "use" (public key use) member identifies the intended use of the The "use" (public key use) parameter identifies the intended use of
public key. The "use" parameter is employed to indicate whether a the public key. The "use" parameter is employed to indicate whether
public key is used for encrypting data or verifying the signature on a public key is used for encrypting data or verifying the signature
data. on data.
Values defined by this specification are: Values defined by this specification are:
o "sig" (signature) o "sig" (signature)
o "enc" (encryption) o "enc" (encryption)
Other values MAY be used. The "use" value is a case-sensitive Other values MAY be used. The "use" value is a case-sensitive
string. Use of the "use" member is OPTIONAL, unless the application string. Use of the "use" member is OPTIONAL, unless the application
requires its presence. requires its presence.
When a key is used to wrap another key and a Public Key Use When a key is used to wrap another key and a public key use
designation for the first key is desired, the "enc" (encryption) key designation for the first key is desired, the "enc" (encryption) key
use value is used, since key wrapping is a kind of encryption. The use value is used, since key wrapping is a kind of encryption. The
"enc" value is also be used for public keys used for key agreement "enc" value is also to be used for public keys used for key agreement
operations. operations.
Additional Public Key Use values can be registered in the IANA JSON Additional "use" (public key use) values can be registered in the
Web Key Use registry defined in Section 8.2. Registering any IANA "JSON Web Key Use" registry established by Section 8.2.
extension values used is highly recommended when this specification Registering any extension values used is highly recommended when this
is used in open environments, in which multiple organizations need to specification is used in open environments, in which multiple
have a common understanding of any extensions used. However, organizations need to have a common understanding of any extensions
unregistered extension values can be used in closed environments, in used. However, unregistered extension values can be used in closed
which the producing and consuming organization will always be the environments, in which the producing and consuming organization will
same. always be the same.
4.3. "key_ops" (Key Operations) Parameter 4.3. "key_ops" (Key Operations) Parameter
The "key_ops" (key operations) member identifies the operation(s) The "key_ops" (key operations) parameter identifies the operation(s)
that the key is intended to be used for. The "key_ops" parameter is for which the key is intended to be used. The "key_ops" parameter is
intended for use cases in which public, private, or symmetric keys intended for use cases in which public, private, or symmetric keys
may be present. may be present.
Its value is an array of key operation values. Values defined by Its value is an array of key operation values. Values defined by
this specification are: this specification are:
o "sign" (compute digital signature or MAC) o "sign" (compute digital signature or MAC)
o "verify" (verify digital signature or MAC) o "verify" (verify digital signature or MAC)
o "encrypt" (encrypt content) o "encrypt" (encrypt content)
o "decrypt" (decrypt content and validate decryption, if applicable) o "decrypt" (decrypt content and validate decryption, if applicable)
skipping to change at page 8, line 14 skipping to change at page 7, line 39
sensitive strings. Duplicate key operation values MUST NOT be sensitive strings. Duplicate key operation values MUST NOT be
present in the array. Use of the "key_ops" member is OPTIONAL, present in the array. Use of the "key_ops" member is OPTIONAL,
unless the application requires its presence. unless the application requires its presence.
Multiple unrelated key operations SHOULD NOT be specified for a key Multiple unrelated key operations SHOULD NOT be specified for a key
because of the potential vulnerabilities associated with using the because of the potential vulnerabilities associated with using the
same key with multiple algorithms. Thus, the combinations "sign" same key with multiple algorithms. Thus, the combinations "sign"
with "verify", "encrypt" with "decrypt", and "wrapKey" with with "verify", "encrypt" with "decrypt", and "wrapKey" with
"unwrapKey" are permitted, but other combinations SHOULD NOT be used. "unwrapKey" are permitted, but other combinations SHOULD NOT be used.
Additional Key Operations values can be registered in the IANA JSON Additional "key_ops" (key operations) values can be registered in the
Web Key Operations registry defined in Section 8.3. The same IANA "JSON Web Key Operations" registry established by Section 8.3.
considerations about registering extension values apply to the The same considerations about registering extension values apply to
"key_ops" member as do for the "use" member. the "key_ops" member as do for the "use" member.
The "use" and "key_ops" JWK members SHOULD NOT be used together; The "use" and "key_ops" JWK members SHOULD NOT be used together;
however, if both are used, the information they convey MUST be however, if both are used, the information they convey MUST be
consistent. Applications should specify which of these members they consistent. Applications should specify which of these members they
use, if either is to be used by the application. use, if either is to be used by the application.
4.4. "alg" (Algorithm) Parameter 4.4. "alg" (Algorithm) Parameter
The "alg" (algorithm) member identifies the algorithm intended for The "alg" (algorithm) parameter identifies the algorithm intended for
use with the key. The values used should either be registered in the use with the key. The values used should either be registered in the
IANA JSON Web Signature and Encryption Algorithms registry defined in IANA "JSON Web Signature and Encryption Algorithms" registry
[JWA] or be a value that contains a Collision-Resistant Name. The established by [JWA] or be a value that contains a Collision-
"alg" value is a case-sensitive ASCII string. Use of this member is Resistant Name. The "alg" value is a case-sensitive ASCII string.
OPTIONAL. Use of this member is OPTIONAL.
4.5. "kid" (Key ID) Parameter 4.5. "kid" (Key ID) Parameter
The "kid" (key ID) member is used to match a specific key. This is The "kid" (key ID) parameter is used to match a specific key. This
used, for instance, to choose among a set of keys within a JWK Set is used, for instance, to choose among a set of keys within a JWK Set
during key rollover. The structure of the "kid" value is during key rollover. The structure of the "kid" value is
unspecified. When "kid" values are used within a JWK Set, different unspecified. When "kid" values are used within a JWK Set, different
keys within the JWK Set SHOULD use distinct "kid" values. (One keys within the JWK Set SHOULD use distinct "kid" values. (One
example in which different keys might use the same "kid" value is if example in which different keys might use the same "kid" value is if
they have different "kty" (key type) values but are considered to be they have different "kty" (key type) values but are considered to be
equivalent alternatives by the application using them.) The "kid" equivalent alternatives by the application using them.) The "kid"
value is a case-sensitive string. Use of this member is OPTIONAL. value is a case-sensitive string. Use of this member is OPTIONAL.
When used with JWS or JWE, the "kid" value is used to match a JWS or When used with JWS or JWE, the "kid" value is used to match a JWS or
JWE "kid" Header Parameter value. JWE "kid" Header Parameter value.
4.6. "x5u" (X.509 URL) Parameter 4.6. "x5u" (X.509 URL) Parameter
The "x5u" (X.509 URL) member is a URI [RFC3986] that refers to a The "x5u" (X.509 URL) parameter is a URI [RFC3986] that refers to a
resource for an X.509 public key certificate or certificate chain resource for an X.509 public key certificate or certificate chain
[RFC5280]. The identified resource MUST provide a representation of [RFC5280]. The identified resource MUST provide a representation of
the certificate or certificate chain that conforms to RFC 5280 the certificate or certificate chain that conforms to RFC 5280
[RFC5280] in PEM encoded form, with each certificate delimited as [RFC5280] in PEM-encoded form, with each certificate delimited as
specified in Section 6.1 of RFC 4945 [RFC4945]. The key in the first specified in Section 6.1 of RFC 4945 [RFC4945]. The key in the first
certificate MUST match the public key represented by other members of certificate MUST match the public key represented by other members of
the JWK. The protocol used to acquire the resource MUST provide the JWK. The protocol used to acquire the resource MUST provide
integrity protection; an HTTP GET request to retrieve the certificate integrity protection; an HTTP GET request to retrieve the certificate
MUST use TLS [RFC2818, RFC5246]; the identity of the server MUST be MUST use TLS [RFC2818] [RFC5246]; the identity of the server MUST be
validated, as per Section 6 of RFC 6125 [RFC6125]. Use of this validated, as per Section 6 of RFC 6125 [RFC6125]. Use of this
member is OPTIONAL. member is OPTIONAL.
While there is no requirement that optional JWK members providing key While there is no requirement that optional JWK members providing key
usage, algorithm, or other information be present when the "x5u" usage, algorithm, or other information be present when the "x5u"
member is used, doing so may improve interoperability for member is used, doing so may improve interoperability for
applications that do not handle PKIX certificates [RFC5280]. If applications that do not handle PKIX certificates [RFC5280]. If
other members are present, the contents of those members MUST be other members are present, the contents of those members MUST be
semantically consistent with the related fields in the first semantically consistent with the related fields in the first
certificate. For instance, if the "use" member is present, then it certificate. For instance, if the "use" member is present, then it
MUST correspond to the usage that is specified in the certificate, MUST correspond to the usage that is specified in the certificate,
when it includes this information. Similarly, if the "alg" member is when it includes this information. Similarly, if the "alg" member is
present, it MUST correspond to the algorithm specified in the present, it MUST correspond to the algorithm specified in the
certificate. certificate.
4.7. "x5c" (X.509 Certificate Chain) Parameter 4.7. "x5c" (X.509 Certificate Chain) Parameter
The "x5c" (X.509 Certificate Chain) member contains a chain of one or The "x5c" (X.509 certificate chain) parameter contains a chain of one
more PKIX certificates [RFC5280]. The certificate chain is or more PKIX certificates [RFC5280]. The certificate chain is
represented as a JSON array of certificate value strings. Each represented as a JSON array of certificate value strings. Each
string in the array is a base64 encoded ([RFC4648] Section 4 -- not string in the array is a base64-encoded (Section 4 of [RFC4648] --
base64url encoded) DER [ITU.X690.1994] PKIX certificate value. The not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.
PKIX certificate containing the key value MUST be the first The PKIX certificate containing the key value MUST be the first
certificate. This MAY be followed by additional certificates, with certificate. This MAY be followed by additional certificates, with
each subsequent certificate being the one used to certify the each subsequent certificate being the one used to certify the
previous one. The key in the first certificate MUST match the public previous one. The key in the first certificate MUST match the public
key represented by other members of the JWK. Use of this member is key represented by other members of the JWK. Use of this member is
OPTIONAL. OPTIONAL.
As with the "x5u" member, optional JWK members providing key usage, As with the "x5u" member, optional JWK members providing key usage,
algorithm, or other information MAY also be present when the "x5c" algorithm, or other information MAY also be present when the "x5c"
member is used. If other members are present, the contents of those member is used. If other members are present, the contents of those
members MUST be semantically consistent with the related fields in members MUST be semantically consistent with the related fields in
the first certificate. See the last paragraph of Section 4.6 for the first certificate. See the last paragraph of Section 4.6 for
additional guidance on this. additional guidance on this.
4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter
The "x5t" (X.509 Certificate SHA-1 Thumbprint) member is a base64url The "x5t" (X.509 certificate SHA-1 thumbprint) parameter is a
encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of an base64url-encoded SHA-1 thumbprint (a.k.a. digest) of the DER
X.509 certificate [RFC5280]. Note that certificate thumbprints are encoding of an X.509 certificate [RFC5280]. Note that certificate
also sometimes known as certificate fingerprints. The key in the thumbprints are also sometimes known as certificate fingerprints.
certificate MUST match the public key represented by other members of The key in the certificate MUST match the public key represented by
the JWK. Use of this member is OPTIONAL. other members of the JWK. Use of this member is OPTIONAL.
As with the "x5u" member, optional JWK members providing key usage, As with the "x5u" member, optional JWK members providing key usage,
algorithm, or other information MAY also be present when the "x5t" algorithm, or other information MAY also be present when the "x5t"
member is used. If other members are present, the contents of those member is used. If other members are present, the contents of those
members MUST be semantically consistent with the related fields in members MUST be semantically consistent with the related fields in
the referenced certificate. See the last paragraph of Section 4.6 the referenced certificate. See the last paragraph of Section 4.6
for additional guidance on this. for additional guidance on this.
4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter
The "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) member is a The "x5t#S256" (X.509 certificate SHA-256 thumbprint) parameter is a
base64url encoded SHA-256 thumbprint (a.k.a. digest) of the DER base64url-encoded SHA-256 thumbprint (a.k.a. digest) of the DER
encoding of an X.509 certificate [RFC5280]. Note that certificate encoding of an X.509 certificate [RFC5280]. Note that certificate
thumbprints are also sometimes known as certificate fingerprints. thumbprints are also sometimes known as certificate fingerprints.
The key in the certificate MUST match the public key represented by The key in the certificate MUST match the public key represented by
other members of the JWK. Use of this member is OPTIONAL. other members of the JWK. Use of this member is OPTIONAL.
As with the "x5u" member, optional JWK members providing key usage, As with the "x5u" member, optional JWK members providing key usage,
algorithm, or other information MAY also be present when the algorithm, or other information MAY also be present when the
"x5t#S256" member is used. If other members are present, the "x5t#S256" member is used. If other members are present, the
contents of those members MUST be semantically consistent with the contents of those members MUST be semantically consistent with the
related fields in the referenced certificate. See the last paragraph related fields in the referenced certificate. See the last paragraph
of Section 4.6 for additional guidance on this. of Section 4.6 for additional guidance on this.
5. JSON Web Key Set (JWK Set) Format 5. JWK Set Format
A JSON Web Key Set (JWK Set) is a JSON object that represents a set A JWK Set is a JSON object that represents a set of JWKs. The JSON
of JWKs. The JSON object MUST have a "keys" member, with its value object MUST have a "keys" member, with its value being an array of
being an array of JWKs. This JSON object MAY contain white space JWKs. This JSON object MAY contain whitespace and/or line breaks.
and/or line breaks.
The member names within a JWK Set MUST be unique; JWK Set parsers The member names within a JWK Set MUST be unique; JWK Set parsers
MUST either reject JWK Sets with duplicate member names or use a JSON MUST either reject JWK Sets with duplicate member names or use a JSON
parser that returns only the lexically last duplicate member name, as parser that returns only the lexically last duplicate member name, as
specified in Section 15.12 (The JSON Object) of ECMAScript 5.1 specified in Section 15.12 ("The JSON Object") of ECMAScript 5.1
[ECMAScript]. [ECMAScript].
Additional members can be present in the JWK Set; if not understood Additional members can be present in the JWK Set; if not understood
by implementations encountering them, they MUST be ignored. by implementations encountering them, they MUST be ignored.
Parameters for representing additional properties of JWK Sets should Parameters for representing additional properties of JWK Sets should
either be registered in the IANA JSON Web Key Set Parameters registry either be registered in the IANA "JSON Web Key Set Parameters"
defined in Section 8.4 or be a value that contains a Collision- registry established by Section 8.4 or be a value that contains a
Resistant Name. Collision-Resistant Name.
Implementations SHOULD ignore JWKs within a JWK Set that use "kty" Implementations SHOULD ignore JWKs within a JWK Set that use "kty"
(key type) values that are not understood by them, are missing (key type) values that are not understood by them, that are missing
required members, or for which values are out of the supported required members, or for which values are out of the supported
ranges. ranges.
5.1. "keys" Parameter 5.1. "keys" Parameter
The value of the "keys" member is an array of JWK values. By The value of the "keys" parameter is an array of JWK values. By
default, the order of the JWK values within the array does not imply default, the order of the JWK values within the array does not imply
an order of preference among them, although applications of JWK Sets an order of preference among them, although applications of JWK Sets
can choose to assign a meaning to the order for their purposes, if can choose to assign a meaning to the order for their purposes, if
desired. desired.
6. String Comparison Rules 6. String Comparison Rules
The string comparison rules for this specification are the same as The string comparison rules for this specification are the same as
those defined in Section 5.3 of [JWS]. those defined in Section 5.3 of [JWS].
skipping to change at page 12, line 10 skipping to change at page 11, line 43
means or convention, in which case the "cty" value would typically be means or convention, in which case the "cty" value would typically be
omitted. omitted.
See Appendix C for an example encrypted JWK. See Appendix C for an example encrypted JWK.
8. IANA Considerations 8. IANA Considerations
The following registration procedure is used for all the registries The following registration procedure is used for all the registries
established by this specification. established by this specification.
Values are registered on a Specification Required [RFC5226] basis The registration procedure for values is Specification Required
after a three-week review period on the jose-reg-review@ietf.org [RFC5226] after a three-week review period on the
mailing list, on the advice of one or more Designated Experts. jose-reg-review@ietf.org mailing list, on the advice of one or more
However, to allow for the allocation of values prior to publication, Designated Experts. However, to allow for the allocation of values
the Designated Expert(s) may approve registration once they are prior to publication, the Designated Experts may approve registration
satisfied that such a specification will be published. once they are satisfied that such a specification will be published.
Registration requests must be sent to the jose-reg-review@ietf.org Registration requests sent to the mailing list for review should use
mailing list for review and comment, with an appropriate subject an appropriate subject (e.g., "Request to register JWK parameter:
(e.g., "Request to register JWK parameter: example"). example").
Within the review period, the Designated Expert(s) will either Within the review period, the Designated Experts will either approve
approve or deny the registration request, communicating this decision or deny the registration request, communicating this decision to the
to the review list and IANA. Denials should include an explanation review list and IANA. Denials should include an explanation and, if
and, if applicable, suggestions as to how to make the request applicable, suggestions as to how to make the request successful.
successful. Registration requests that are undetermined for a period Registration requests that are undetermined for a period longer than
longer than 21 days can be brought to the IESG's attention (using the 21 days can be brought to the IESG's attention (using the
iesg@ietf.org mailing list) for resolution. iesg@ietf.org mailing list) for resolution.
Criteria that should be applied by the Designated Expert(s) includes Criteria that should be applied by the Designated Experts include
determining whether the proposed registration duplicates existing determining whether the proposed registration duplicates existing
functionality, determining whether it is likely to be of general functionality, whether it is likely to be of general applicability or
applicability or whether it is useful only for a single application, useful only for a single application, and whether the registration
and whether the registration description is clear. description is clear.
IANA must only accept registry updates from the Designated Expert(s) IANA must only accept registry updates from the Designated Experts
and should direct all requests for registration to the review mailing and should direct all requests for registration to the review mailing
list. list.
It is suggested that multiple Designated Experts be appointed who are It is suggested that multiple Designated Experts be appointed who are
able to represent the perspectives of different applications using able to represent the perspectives of different applications using
this specification, in order to enable broadly-informed review of this specification, in order to enable broadly informed review of
registration decisions. In cases where a registration decision could registration decisions. In cases where a registration decision could
be perceived as creating a conflict of interest for a particular be perceived as creating a conflict of interest for a particular
Expert, that Expert should defer to the judgment of the other Expert, that Expert should defer to the judgment of the other
Expert(s). Experts.
[[ Note to the RFC Editor and IANA: Pearl Liang of ICANN had
requested that the draft supply the following proposed registry
description information. It is to be used for all registries
established by this specification.
o Protocol Category: JSON Object Signing and Encryption (JOSE)
o Registry Location: http://www.iana.org/assignments/jose
o Webpage Title: (same as the protocol category)
o Registry Name: (same as the section title, but excluding the word
"Registry", for example "JSON Web Key Parameters")
]]
8.1. JSON Web Key Parameters Registry 8.1. JSON Web Key Parameters Registry
This specification establishes the IANA JSON Web Key Parameters This section establishes the IANA "JSON Web Key Parameters" registry
registry for JWK parameter names. The registry records the parameter for JWK parameter names. The registry records the parameter name,
name, the key type(s) that the parameter is used with, and a the key type(s) that the parameter is used with, and a reference to
reference to the specification that defines it. It also records the specification that defines it. It also records whether the
whether the parameter conveys public or private information. This parameter conveys public or private information. This section
specification registers the parameter names defined in Section 4. registers the parameter names defined in Section 4. The same JWK
The same JWK parameter name may be registered multiple times, parameter name may be registered multiple times, provided that
provided that duplicate parameter registrations are only for key type duplicate parameter registrations are only for key-type-specific JWK
specific JWK parameters; in this case, the meaning of the duplicate parameters; in this case, the meaning of the duplicate parameter name
parameter name is disambiguated by the "kty" value of the JWK is disambiguated by the "kty" value of the JWK containing it.
containing it.
8.1.1. Registration Template 8.1.1. Registration Template
Parameter Name: Parameter Name:
The name requested (e.g., "kid"). Because a core goal of this The name requested (e.g., "kid"). Because a core goal of this
specification is for the resulting representations to be compact, specification is for the resulting representations to be compact,
it is RECOMMENDED that the name be short -- not to exceed 8 it is RECOMMENDED that the name be short -- not to exceed 8
characters without a compelling reason to do so. This name is characters without a compelling reason to do so. This name is
case-sensitive. Names may not match other registered names in a case sensitive. Names may not match other registered names in a
case-insensitive manner unless the Designated Expert(s) state that case-insensitive manner unless the Designated Experts state that
there is a compelling reason to allow an exception in this there is a compelling reason to allow an exception. However,
particular case. However, matching names may be registered, matching names may be registered, provided that the accompanying
provided that the accompanying sets of "kty" values that the sets of "kty" values that the parameter name is used with are
Parameter Name is used with are disjoint; for the purposes of disjoint; for the purposes of matching "kty" values, "*" matches
matching "kty" values, "*" matches all values. all values.
Parameter Description: Parameter Description:
Brief description of the parameter (e.g., "Key ID"). Brief description of the parameter (e.g., "Key ID").
Used with "kty" Value(s): Used with "kty" Value(s):
The key type parameter value(s) that the parameter name is to be The key type parameter value(s) that the parameter name is to be
used with, or the value "*" if the parameter value is used with used with, or the value "*" if the parameter value is used with
all key types. Values may not match other registered "kty" values all key types. Values may not match other registered "kty" values
in a case-insensitive manner when the registered Parameter Name is in a case-insensitive manner when the registered parameter name is
the same (including when the Parameter Name matches in a case- the same (including when the parameter name matches in a case-
insensitive manner) unless the Designated Expert(s) state that insensitive manner) unless the Designated Experts state that there
there is a compelling reason to allow an exception in this is a compelling reason to allow an exception.
particular case.
Parameter Information Class: Parameter Information Class:
Registers whether the parameter conveys public or private Registers whether the parameter conveys public or private
information. Its value must be one the words Public or Private. information. Its value must be either Public or Private.
Change Controller: Change Controller:
For Standards Track RFCs, state "IESG". For others, give the name For Standards Track RFCs, list the "IESG". For others, give the
of the responsible party. Other details (e.g., postal address, name of the responsible party. Other details (e.g., postal
email address, home page URI) may also be included. address, email address, home page URI) may also be included.
Specification Document(s): Specification Document(s):
Reference to the document(s) that specify the parameter, Reference to the document or documents that specify the parameter,
preferably including URI(s) that can be used to retrieve copies of preferably including URIs that can be used to retrieve copies of
the document(s). An indication of the relevant sections may also the documents. An indication of the relevant sections may also be
be included but is not required. included but is not required.
8.1.2. Initial Registry Contents 8.1.2. Initial Registry Contents
o Parameter Name: "kty" o Parameter Name: "kty"
o Parameter Description: Key Type o Parameter Description: Key Type
o Used with "kty" Value(s): * o Used with "kty" Value(s): *
o Parameter Information Class: Public o Parameter Information Class: Public
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.1 of [[ this document ]] o Specification Document(s): Section 4.1 of RFC 7517
o Parameter Name: "use" o Parameter Name: "use"
o Parameter Description: Public Key Use o Parameter Description: Public Key Use
o Used with "kty" Value(s): * o Used with "kty" Value(s): *
o Parameter Information Class: Public o Parameter Information Class: Public
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.2 of [[ this document ]] o Specification Document(s): Section 4.2 of RFC 7517
o Parameter Name: "key_ops" o Parameter Name: "key_ops"
o Parameter Description: Key Operations o Parameter Description: Key Operations
o Used with "kty" Value(s): * o Used with "kty" Value(s): *
o Parameter Information Class: Public o Parameter Information Class: Public
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.3 of [[ this document ]] o Specification Document(s): Section 4.3 of RFC 7517
o Parameter Name: "alg" o Parameter Name: "alg"
o Parameter Description: Algorithm o Parameter Description: Algorithm
o Used with "kty" Value(s): * o Used with "kty" Value(s): *
o Parameter Information Class: Public o Parameter Information Class: Public
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.4 of [[ this document ]] o Specification Document(s): Section 4.4 of RFC 7517
o Parameter Name: "kid" o Parameter Name: "kid"
o Parameter Description: Key ID o Parameter Description: Key ID
o Used with "kty" Value(s): * o Used with "kty" Value(s): *
o Parameter Information Class: Public o Parameter Information Class: Public
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.5 of [[ this document ]] o Specification Document(s): Section 4.5 of RFC 7517
o Parameter Name: "x5u" o Parameter Name: "x5u"
o Parameter Description: X.509 URL o Parameter Description: X.509 URL
o Used with "kty" Value(s): * o Used with "kty" Value(s): *
o Parameter Information Class: Public o Parameter Information Class: Public
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.6 of [[ this document ]] o Specification Document(s): Section 4.6 of RFC 7517
o Parameter Name: "x5c" o Parameter Name: "x5c"
o Parameter Description: X.509 Certificate Chain o Parameter Description: X.509 Certificate Chain
o Used with "kty" Value(s): * o Used with "kty" Value(s): *
o Parameter Information Class: Public o Parameter Information Class: Public
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.7 of [[ this document ]] o Specification Document(s): Section 4.7 of RFC 7517
o Parameter Name: "x5t" o Parameter Name: "x5t"
o Parameter Description: X.509 Certificate SHA-1 Thumbprint o Parameter Description: X.509 Certificate SHA-1 Thumbprint
o Used with "kty" Value(s): * o Used with "kty" Value(s): *
o Parameter Information Class: Public o Parameter Information Class: Public
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.8 of [[ this document ]] o Specification Document(s): Section 4.8 of RFC 7517
o Parameter Name: "x5t#S256" o Parameter Name: "x5t#S256"
o Parameter Description: X.509 Certificate SHA-256 Thumbprint o Parameter Description: X.509 Certificate SHA-256 Thumbprint
o Used with "kty" Value(s): * o Used with "kty" Value(s): *
o Parameter Information Class: Public o Parameter Information Class: Public
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.9 of [[ this document ]] o Specification Document(s): Section 4.9 of RFC 7517
8.2. JSON Web Key Use Registry 8.2. JSON Web Key Use Registry
This specification establishes the IANA JSON Web Key Use registry for This section establishes the IANA "JSON Web Key Use" registry for JWK
JWK "use" (public key use) member values. The registry records the "use" (public key use) member values. The registry records the
public key use value and a reference to the specification that public key use value and a reference to the specification that
defines it. This specification registers the parameter names defined defines it. This section registers the parameter names defined in
in Section 4.2. Section 4.2.
8.2.1. Registration Template 8.2.1. Registration Template
Use Member Value: Use Member Value:
The name requested (e.g., "sig"). Because a core goal of this The name requested (e.g., "sig"). Because a core goal of this
specification is for the resulting representations to be compact, specification is for the resulting representations to be compact,
it is RECOMMENDED that the name be short -- not to exceed 8 it is RECOMMENDED that the name be short -- not to exceed 8
characters without a compelling reason to do so. This name is characters without a compelling reason to do so. This name is
case-sensitive. Names may not match other registered names in a case sensitive. Names may not match other registered names in a
case-insensitive manner unless the Designated Expert(s) state that case-insensitive manner unless the Designated Experts state that
there is a compelling reason to allow an exception in this there is a compelling reason to allow an exception.
particular case.
Use Description: Use Description:
Brief description of the use (e.g., "Digital Signature or MAC"). Brief description of the use (e.g., "Digital Signature or MAC").
Change Controller: Change Controller:
For Standards Track RFCs, state "IESG". For others, give the name For Standards Track RFCs, list the "IESG". For others, give the
of the responsible party. Other details (e.g., postal address, name of the responsible party. Other details (e.g., postal
email address, home page URI) may also be included. address, email address, home page URI) may also be included.
Specification Document(s): Specification Document(s):
Reference to the document(s) that specify the parameter, Reference to the document or documents that specify the parameter,
preferably including URI(s) that can be used to retrieve copies of preferably including URIs that can be used to retrieve copies of
the document(s). An indication of the relevant sections may also the documents. An indication of the relevant sections may also be
be included but is not required. included but is not required.
8.2.2. Initial Registry Contents 8.2.2. Initial Registry Contents
o Use Member Value: "sig" o Use Member Value: "sig"
o Use Description: Digital Signature or MAC o Use Description: Digital Signature or MAC
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.2 of [[ this document ]] o Specification Document(s): Section 4.2 of RFC 7517
o Use Member Value: "enc" o Use Member Value: "enc"
o Use Description: Encryption o Use Description: Encryption
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.2 of [[ this document ]] o Specification Document(s): Section 4.2 of RFC 7517
8.3. JSON Web Key Operations Registry 8.3. JSON Web Key Operations Registry
This specification establishes the IANA JSON Web Key Operations This section establishes the IANA "JSON Web Key Operations" registry
registry for values of JWK "key_ops" array elements. The registry for values of JWK "key_ops" array elements. The registry records the
records the key operation value and a reference to the specification key operation value and a reference to the specification that defines
that defines it. This specification registers the parameter names it. This section registers the parameter names defined in
defined in Section 4.3. Section 4.3.
8.3.1. Registration Template 8.3.1. Registration Template
Key Operation Value: Key Operation Value:
The name requested (e.g., "sign"). Because a core goal of this The name requested (e.g., "sign"). Because a core goal of this
specification is for the resulting representations to be compact, specification is for the resulting representations to be compact,
it is RECOMMENDED that the name be short -- not to exceed 8 it is RECOMMENDED that the name be short -- not to exceed 8
characters without a compelling reason to do so. This name is characters without a compelling reason to do so. This name is
case-sensitive. Names may not match other registered names in a case sensitive. Names may not match other registered names in a
case-insensitive manner unless the Designated Expert(s) state that case-insensitive manner unless the Designated Experts state that
there is a compelling reason to allow an exception in this there is a compelling reason to allow an exception.
particular case.
Key Operation Description: Key Operation Description:
Brief description of the key operation (e.g., "Compute digital Brief description of the key operation (e.g., "Compute digital
signature or MAC"). signature or MAC").
Change Controller: Change Controller:
For Standards Track RFCs, state "IESG". For others, give the name For Standards Track RFCs, list the "IESG". For others, give the
of the responsible party. Other details (e.g., postal address, name of the responsible party. Other details (e.g., postal
email address, home page URI) may also be included. address, email address, home page URI) may also be included.
Specification Document(s): Specification Document(s):
Reference to the document(s) that specify the parameter, Reference to the document or documents that specify the parameter,
preferably including URI(s) that can be used to retrieve copies of preferably including URIs that can be used to retrieve copies of
the document(s). An indication of the relevant sections may also the documents. An indication of the relevant sections may also be
be included but is not required. included but is not required.
8.3.2. Initial Registry Contents 8.3.2. Initial Registry Contents
o Key Operation Value: "sign" o Key Operation Value: "sign"
o Key Operation Description: Compute digital signature or MAC o Key Operation Description: Compute digital signature or MAC
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.3 of [[ this document ]] o Specification Document(s): Section 4.3 of RFC 7517
o Key Operation Value: "verify" o Key Operation Value: "verify"
o Key Operation Description: Verify digital signature or MAC o Key Operation Description: Verify digital signature or MAC
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.3 of [[ this document ]] o Specification Document(s): Section 4.3 of RFC 7517
o Key Operation Value: "encrypt" o Key Operation Value: "encrypt"
o Key Operation Description: Encrypt content o Key Operation Description: Encrypt content
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.3 of [[ this document ]] o Specification Document(s): Section 4.3 of RFC 7517
o Key Operation Value: "decrypt" o Key Operation Value: "decrypt"
o Key Operation Description: Decrypt content and validate o Key Operation Description: Decrypt content and validate
decryption, if applicable decryption, if applicable
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.3 of [[ this document ]] o Specification Document(s): Section 4.3 of RFC 7517
o Key Operation Value: "wrapKey" o Key Operation Value: "wrapKey"
o Key Operation Description: Encrypt key o Key Operation Description: Encrypt key
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.3 of [[ this document ]] o Specification Document(s): Section 4.3 of RFC 7517
o Key Operation Value: "unwrapKey" o Key Operation Value: "unwrapKey"
o Key Operation Description: Decrypt key and validate decryption, if o Key Operation Description: Decrypt key and validate decryption, if
applicable applicable
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.3 of [[ this document ]] o Specification Document(s): Section 4.3 of RFC 7517
o Key Operation Value: "deriveKey" o Key Operation Value: "deriveKey"
o Key Operation Description: Derive key o Key Operation Description: Derive key
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.3 of [[ this document ]] o Specification Document(s): Section 4.3 of RFC 7517
o Key Operation Value: "deriveBits" o Key Operation Value: "deriveBits"
o Key Operation Description: Derive bits not to be used as a key o Key Operation Description: Derive bits not to be used as a key
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4.3 of [[ this document ]] o Specification Document(s): Section 4.3 of RFC 7517
8.4. JSON Web Key Set Parameters Registry 8.4. JSON Web Key Set Parameters Registry
This specification establishes the IANA JSON Web Key Set Parameters This section establishes the IANA "JSON Web Key Set Parameters"
registry for JWK Set parameter names. The registry records the registry for JWK Set parameter names. The registry records the
parameter name and a reference to the specification that defines it. parameter name and a reference to the specification that defines it.
This specification registers the parameter names defined in This section registers the parameter names defined in Section 5.
Section 5.
8.4.1. Registration Template 8.4.1. Registration Template
Parameter Name: Parameter Name:
The name requested (e.g., "keys"). Because a core goal of this The name requested (e.g., "keys"). Because a core goal of this
specification is for the resulting representations to be compact, specification is for the resulting representations to be compact,
it is RECOMMENDED that the name be short -- not to exceed 8 it is RECOMMENDED that the name be short -- not to exceed 8
characters without a compelling reason to do so. This name is characters without a compelling reason to do so. This name is
case-sensitive. Names may not match other registered names in a case sensitive. Names may not match other registered names in a
case-insensitive manner unless the Designated Expert(s) state that case-insensitive manner unless the Designated Experts state that
there is a compelling reason to allow an exception in this there is a compelling reason to allow an exception.
particular case.
Parameter Description: Parameter Description:
Brief description of the parameter (e.g., "Array of JWK values"). Brief description of the parameter (e.g., "Array of JWK values").
Change Controller: Change Controller:
For Standards Track RFCs, state "IESG". For others, give the name For Standards Track RFCs, list the "IESG". For others, give the
of the responsible party. Other details (e.g., postal address, name of the responsible party. Other details (e.g., postal
email address, home page URI) may also be included. address, email address, home page URI) may also be included.
Specification Document(s): Specification Document(s):
Reference to the document(s) that specify the parameter, Reference to the document or documents that specify the parameter,
preferably including URI(s) that can be used to retrieve copies of preferably including URIs that can be used to retrieve copies of
the document(s). An indication of the relevant sections may also the documents. An indication of the relevant sections may also be
be included but is not required. included but is not required.
8.4.2. Initial Registry Contents 8.4.2. Initial Registry Contents
o Parameter Name: "keys" o Parameter Name: "keys"
o Parameter Description: Array of JWK values o Parameter Description: Array of JWK Values
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 5.1 of [[ this document ]] o Specification Document(s): Section 5.1 of RFC 7517
8.5. Media Type Registration 8.5. Media Type Registration
8.5.1. Registry Contents 8.5.1. Registry Contents
This specification registers the "application/jwk+json" and This section registers the "application/jwk+json" and "application/
"application/jwk-set+json" Media Types [RFC2046] in the MIME Media jwk-set+json" media types [RFC2046] in the "Media Types" registry
Types registry [IANA.MediaTypes] in the manner described in RFC 6838 [IANA.MediaTypes] in the manner described in RFC 6838 [RFC6838],
[RFC6838], which can be used to indicate, respectively, that the which can be used to indicate that the content is a JWK or a JWK Set,
content is a JWK or a JWK Set. respectively.
o Type Name: application o Type Name: application
o Subtype Name: jwk+json o Subtype Name: jwk+json
o Required Parameters: n/a o Required Parameters: n/a
o Optional Parameters: n/a o Optional Parameters: n/a
o Encoding considerations: 8bit; application/jwk+json values are o Encoding considerations: 8bit; application/jwk+json values are
represented as JSON object; UTF-8 encoding SHOULD be employed for represented as a JSON object; UTF-8 encoding SHOULD be employed
the JSON object. for the JSON object.
o Security Considerations: See the Security Considerations section o Security Considerations: See the Security Considerations section
of [[ this document ]] of RFC 7517.
o Interoperability Considerations: n/a o Interoperability Considerations: n/a
o Published Specification: [[ this document ]] o Published Specification: RFC 7517
o Applications that use this media type: OpenID Connect, Salesforce, o Applications that use this media type: OpenID Connect, Salesforce,
Google, Android, Windows Azure, W3C WebCrypto API, numerous others Google, Android, Windows Azure, W3C WebCrypto API, numerous others
o Fragment identifier considerations: n/a o Fragment identifier considerations: n/a
o Additional Information: Magic number(s): n/a, File extension(s): o Additional Information:
n/a, Macintosh file type code(s): n/a
o Person & email address to contact for further information: Michael
B. Jones, mbj@microsoft.com
Magic number(s): n/a
File extension(s): n/a
Macintosh file type code(s): n/a
o Person & email address to contact for further information:
Michael B. Jones, mbj@microsoft.com
o Intended Usage: COMMON o Intended Usage: COMMON
o Restrictions on Usage: none o Restrictions on Usage: none
o Author: Michael B. Jones, mbj@microsoft.com o Author: Michael B. Jones, mbj@microsoft.com
o Change Controller: IESG o Change Controller: IESG
o Provisional registration? No o Provisional registration? No
o Type Name: application o Type Name: application
o Subtype Name: jwk-set+json o Subtype Name: jwk-set+json
o Required Parameters: n/a o Required Parameters: n/a
o Optional Parameters: n/a o Optional Parameters: n/a
o Encoding considerations: 8bit; application/jwk-set+json values are o Encoding considerations: 8bit; application/jwk-set+json values are
represented as a JSON Object; UTF-8 encoding SHOULD be employed represented as a JSON Object; UTF-8 encoding SHOULD be employed
for the JSON object. for the JSON object.
o Security Considerations: See the Security Considerations section o Security Considerations: See the Security Considerations section
of [[ this document ]] of RFC 7517.
o Interoperability Considerations: n/a o Interoperability Considerations: n/a
o Published Specification: [[ this document ]] o Published Specification: RFC 7517
o Applications that use this media type: OpenID Connect, Salesforce, o Applications that use this media type: OpenID Connect, Salesforce,
Google, Android, Windows Azure, W3C WebCrypto API, numerous others Google, Android, Windows Azure, W3C WebCrypto API, numerous others
o Fragment identifier considerations: n/a o Fragment identifier considerations: n/a
o Additional Information: Magic number(s): n/a, File extension(s): o Additional Information:
n/a, Macintosh file type code(s): n/a
o Person & email address to contact for further information: Michael Magic number(s): n/a
B. Jones, mbj@microsoft.com File extension(s): n/a
Macintosh file type code(s): n/a
o Person & email address to contact for further information:
Michael B. Jones, mbj@microsoft.com
o Intended Usage: COMMON o Intended Usage: COMMON
o Restrictions on Usage: none o Restrictions on Usage: none
o Author: Michael B. Jones, mbj@microsoft.com o Author: Michael B. Jones, mbj@microsoft.com
o Change Controller: IESG o Change Controller: IESG
o Provisional registration? No o Provisional registration? No
9. Security Considerations 9. Security Considerations
All of the security issues that are pertinent to any cryptographic All of the security issues that are pertinent to any cryptographic
application must be addressed by JWS/JWE/JWK agents. Among these application must be addressed by JWS/JWE/JWK agents. Among these
issues are protecting the user's asymmetric private and symmetric issues are protecting the user's asymmetric private and symmetric
secret keys and employing countermeasures to various attacks. secret keys and employing countermeasures to various attacks.
skipping to change at page 21, line 17 skipping to change at page 20, line 28
ways that it can bind attributes to a JWK. Two example mechanisms ways that it can bind attributes to a JWK. Two example mechanisms
are PKIX [RFC5280] and JSON Web Token (JWT) [JWT]. are PKIX [RFC5280] and JSON Web Token (JWT) [JWT].
For instance, the creator of a JWK can include a PKIX certificate in For instance, the creator of a JWK can include a PKIX certificate in
the JWK's "x5c" member. If the application validates the certificate the JWK's "x5c" member. If the application validates the certificate
and verifies that the JWK corresponds to the subject public key in and verifies that the JWK corresponds to the subject public key in
the certificate, then the JWK can be associated with the attributes the certificate, then the JWK can be associated with the attributes
in the certificate, such as the subject name, subject alternative in the certificate, such as the subject name, subject alternative
names, extended key usages, and its signature chain. names, extended key usages, and its signature chain.
Also for instance, a JWT can be used to associate attributes with a As another example, a JWT can be used to associate attributes with a
JWK by referencing the JWK as a claim in the JWT. The JWK can be JWK by referencing the JWK as a claim in the JWT. The JWK can be
included directly as a claim value or the JWT can include a TLS- included directly as a claim value or the JWT can include a TLS-
secured URI from which to retrieve the JWK value. Either way, an secured URI from which to retrieve the JWK value. Either way, an
application that gets a JWK via a JWT claim can associate it with the application that gets a JWK via a JWT claim can associate it with the
JWT's cryptographic properties and use these and possibly additional JWT's cryptographic properties and use these and possibly additional
claims in deciding whether to trust the key. claims in deciding whether to trust the key.
The security considerations in Section 12.3 of XML DSIG 2.0 The security considerations in Section 12.3 of XML DSIG 2.0
[W3C.NOTE-xmldsig-core2-20130411] about the strength of a digital [W3C.NOTE-xmldsig-core2-20130411] about the strength of a digital
signature depending upon all the links in the security chain also signature depending upon all the links in the security chain also
apply to this specification. apply to this specification.
The TLS Requirements in Section 8 of [JWS] also apply to this The TLS Requirements in Section 8 of [JWS] also apply to this
specification, except that the "x5u" JWK member is the only feature specification, except that the "x5u" JWK member is the only feature
defined by this specification using TLS. defined by this specification using TLS.
9.2. Preventing Disclosure of Non-Public Key Information 9.2. Preventing Disclosure of Non-public Key Information
Private and symmetric keys MUST be protected from disclosure to Private and symmetric keys MUST be protected from disclosure to
unintended parties. One recommended means of doing so is to encrypt unintended parties. One recommended means of doing so is to encrypt
JWKs or JWK Sets containing them by using the JWK or JWK Set value as JWKs or JWK Sets containing them by using the JWK or JWK Set value as
the plaintext of a JWE. Of course, this requires that there be a the plaintext of a JWE. Of course, this requires that there be a
secure way to obtain the key used to encrypt the non-public key secure way to obtain the key used to encrypt the non-public key
information to the intended party and a secure way for that party to information to the intended party and a secure way for that party to
obtain the corresponding decryption key. obtain the corresponding decryption key.
The security considerations in RFC 3447 [RFC3447] and RFC 6030 The security considerations in RFC 3447 [RFC3447] and RFC 6030
skipping to change at page 22, line 11 skipping to change at page 21, line 23
The RSA Key blinding operation [Kocher], which is a defense against The RSA Key blinding operation [Kocher], which is a defense against
some timing attacks, requires all of the RSA key values "n", "e", and some timing attacks, requires all of the RSA key values "n", "e", and
"d". However, some RSA private key representations do not include "d". However, some RSA private key representations do not include
the public exponent "e", but only include the modulus "n" and the the public exponent "e", but only include the modulus "n" and the
private exponent "d". This is true, for instance, of the Java private exponent "d". This is true, for instance, of the Java
RSAPrivateKeySpec API, which does not include the public exponent "e" RSAPrivateKeySpec API, which does not include the public exponent "e"
as a parameter. So as to enable RSA key blinding, such as a parameter. So as to enable RSA key blinding, such
representations should be avoided. For Java, the representations should be avoided. For Java, the
RSAPrivateCrtKeySpec API can be used instead. Section 8.2.2(i) of RSAPrivateCrtKeySpec API can be used instead. Section 8.2.2(i) of
the Handbook of Applied Cryptography [HAC] discusses how to compute the "Handbook of Applied Cryptography" [HAC] discusses how to compute
the remaining RSA private key parameters, if needed, using only "n", the remaining RSA private key parameters, if needed, using only "n",
"e", and "d". "e", and "d".
9.4. Key Entropy and Random Values 9.4. Key Entropy and Random Values
See Section 10.1 of [JWS] for security considerations on key entropy See Section 10.1 of [JWS] for security considerations on key entropy
and random values. and random values.
10. References 10. References
10.1. Normative References 10.1. Normative References
[ECMAScript] [ECMAScript]
Ecma International, "ECMAScript Language Specification, Ecma International, "ECMAScript Language Specification,
5.1 Edition", ECMA 262, June 2011. 5.1 Edition", ECMA Standard 262, June 2011,
<http://www.ecma-international.org/ecma-262/5.1/
ECMA-262.pdf>.
[IANA.MediaTypes] [IANA.MediaTypes]
Internet Assigned Numbers Authority (IANA), "MIME Media Internet Assigned Numbers Authority (IANA), "Media Types",
Types", 2005. <http://www.iana.org/assignments/media-types>.
[ITU.X690.1994] [ITU.X690.1994]
International Telecommunications Union, "Information International Telecommunications Union, "Information
Technology - ASN.1 encoding rules: Specification of Basic Technology - ASN.1 encoding rules: Specification of Basic
Encoding Rules (BER), Canonical Encoding Rules (CER) and Encoding Rules (BER), Canonical Encoding Rules (CER) and
Distinguished Encoding Rules (DER)", ITU-T Recommendation Distinguished Encoding Rules (DER)", ITU-T Recommendation
X.690, 1994. X.690, 1994.
[JWA] Jones, M., "JSON Web Algorithms (JWA)", [JWA] Jones, M., "JSON Web Algorithms (JWA)", RFC 7518,
draft-ietf-jose-json-web-algorithms (work in progress), DOI 10.17487/RFC7518, May 2015,
January 2015. <http://www.rfc-editor.org/info/rfc7518>.
[JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)",
draft-ietf-jose-json-web-encryption (work in progress), RFC 7516, DOI 10.17487/RFC7516, May 2015,
January 2015. <http://www.rfc-editor.org/info/rfc7516>.
[JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web
Signature (JWS)", draft-ietf-jose-json-web-signature (work Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May
in progress), January 2015. 2015, <http://www.rfc-editor.org/info/rfc7515>.
[RFC20] Cerf, V., "ASCII format for Network Interchange", RFC 20, [RFC20] Cerf, V., "ASCII format for Network Interchange", STD 80,
October 1969. RFC 20, DOI 10.17487/RFC0020, October 1969,
<http://www.rfc-editor.org/info/rfc20>.
[RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part Two: Media Types", RFC 2046, Extensions (MIME) Part Two: Media Types", RFC 2046,
November 1996. DOI 10.17487/RFC2046, November 1996,
<http://www.rfc-editor.org/info/rfc2046>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818,
DOI 10.17487/RFC2818, May 2000,
<http://www.rfc-editor.org/info/rfc2818>.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003. 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November
2003, <http://www.rfc-editor.org/info/rfc3629>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, January 2005. RFC 3986, DOI 10.17487/RFC3986, January 2005,
<http://www.rfc-editor.org/info/rfc3986>.
[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
Encodings", RFC 4648, October 2006. Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006,
<http://www.rfc-editor.org/info/rfc4648>.
[RFC4945] Korver, B., "The Internet IP Security PKI Profile of [RFC4945] Korver, B., "The Internet IP Security PKI Profile of
IKEv1/ISAKMP, IKEv2, and PKIX", RFC 4945, August 2007. IKEv1/ISAKMP, IKEv2, and PKIX", RFC 4945,
DOI 10.17487/RFC4945, August 2007,
<http://www.rfc-editor.org/info/rfc4945>.
[RFC4949] Shirey, R., "Internet Security Glossary, Version 2", [RFC4949] Shirey, R., "Internet Security Glossary, Version 2",
RFC 4949, August 2007. FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007,
<http://www.rfc-editor.org/info/rfc4949>.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, August 2008. (TLS) Protocol Version 1.2", RFC 5246,
DOI 10.17487/RFC5246, August 2008,
<http://www.rfc-editor.org/info/rfc5246>.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, May 2008. (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
<http://www.rfc-editor.org/info/rfc5280>.
[RFC6125] Saint-Andre, P. and J. Hodges, "Representation and [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and
Verification of Domain-Based Application Service Identity Verification of Domain-Based Application Service Identity
within Internet Public Key Infrastructure Using X.509 within Internet Public Key Infrastructure Using X.509
(PKIX) Certificates in the Context of Transport Layer (PKIX) Certificates in the Context of Transport Layer
Security (TLS)", RFC 6125, March 2011. Security (TLS)", RFC 6125, DOI 10.17487/RFC6125, March
2011, <http://www.rfc-editor.org/info/rfc6125>.
[RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data [RFC7159] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
Interchange Format", RFC 7159, March 2014. Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March
2014, <http://www.rfc-editor.org/info/rfc7159>.
[UNICODE] The Unicode Consortium, "The Unicode Standard", 1991-, [UNICODE] The Unicode Consortium, "The Unicode Standard",
<http://www.unicode.org/versions/latest/>. <http://www.unicode.org/versions/latest/>.
10.2. Informative References 10.2. Informative References
[DSS] National Institute of Standards and Technology, "Digital [DSS] National Institute of Standards and Technology (NIST),
Signature Standard (DSS)", FIPS PUB 186-4, July 2013. "Digital Signature Standard (DSS)", FIPS PUB 186-4, July
2013, <http://nvlpubs.nist.gov/nistpubs/FIPS/
NIST.FIPS.186-4.pdf>.
[HAC] Menezes, A., van Oorschot, P., and S. Vanstone, "Handbook [HAC] Menezes, A., van Oorschot, P., and S. Vanstone, "Handbook
of Applied Cryptography", CRC Press, 1996, of Applied Cryptography", CRC Press, October 1996,
<http://cacr.uwaterloo.ca/hac/about/chap8.pdf>. <http://cacr.uwaterloo.ca/hac/>.
[JWT] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token [JWT] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token
(JWT)", draft-ietf-oauth-json-web-token (work in (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015,
progress), January 2015. <http://www.rfc-editor.org/info/rfc7519>.
[Kocher] Kocher, P., "Timing Attacks on Implementations of Diffe- [Kocher] Kocher, P., "Timing Attacks on Implementations of
Hellman, RSA, DSS, and Other Systems", In Proceedings of Diffe-Hellman, RSA, DSS, and Other Systems", In
the 16th Annual International Cryptology Conference Proceedings of the 16th Annual International Cryptology
Advances in Cryptology, Springer-Verlag, pp. 104-113, Conference Advances in Cryptology, Springer-Verlag, pp.
1996. 104-113, 1996.
[MagicSignatures] [MagicSignatures]
Panzer (editor), J., Laurie, B., and D. Balfanz, "Magic Panzer, J., Ed., Laurie, B., and D. Balfanz, "Magic
Signatures", January 2011. Signatures", January 2011,
<http://salmon-protocol.googlecode.com/svn/trunk/
draft-panzer-magicsig-01.html>.
[RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography
Standards (PKCS) #1: RSA Cryptography Specifications Standards (PKCS) #1: RSA Cryptography Specifications
Version 2.1", RFC 3447, February 2003. Version 2.1", RFC 3447, DOI 10.17487/RFC3447, February
2003, <http://www.rfc-editor.org/info/rfc3447>.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008. DOI 10.17487/RFC5226, May 2008,
<http://www.rfc-editor.org/info/rfc5226>.
[RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric
Key Container (PSKC)", RFC 6030, October 2010. Key Container (PSKC)", RFC 6030, DOI 10.17487/RFC6030,
October 2010, <http://www.rfc-editor.org/info/rfc6030>.
[RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type [RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type
Specifications and Registration Procedures", BCP 13, Specifications and Registration Procedures", BCP 13,
RFC 6838, January 2013. RFC 6838, DOI 10.17487/RFC6838, January 2013,
<http://www.rfc-editor.org/info/rfc6838>.
[W3C.CR-WebCryptoAPI-20141211] [W3C.CR-WebCryptoAPI-20141211]
Sleevi, R. and M. Watson, "Web Cryptography API", World Sleevi, R. and M. Watson, "Web Cryptography API", World
Wide Web Consortium Candidate Recommendation CR- Wide Web Consortium Candidate Recommendation
WebCryptoAPI-20141211, December 2014, CR-WebCryptoAPI-20141211, December 2014,
<http://www.w3.org/TR/2014/CR-WebCryptoAPI-20141211/>. <http://www.w3.org/TR/2014/CR-WebCryptoAPI-20141211/>.
[W3C.NOTE-xmldsig-core2-20130411] [W3C.NOTE-xmldsig-core2-20130411]
Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Roessler, Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Roessler,
T., Yiu, K., Datta, P., and S. Cantor, "XML Signature T., Yiu, K., Datta, P., and S. Cantor, "XML Signature
Syntax and Processing Version 2.0", World Wide Web Syntax and Processing Version 2.0", World Wide Web
Consortium Note NOTE-xmldsig-core2-20130411, April 2013, Consortium Note NOTE-xmldsig-core2-20130411, April 2013,
<http://www.w3.org/TR/2013/NOTE-xmldsig-core2-20130411/>. <http://www.w3.org/TR/2013/NOTE-xmldsig-core2-20130411/>.
Appendix A. Example JSON Web Key Sets Appendix A. Example JSON Web Key Sets
A.1. Example Public Keys A.1. Example Public Keys
The following example JWK Set contains two public keys represented as The following example JWK Set contains two public keys represented as
JWKs: one using an Elliptic Curve algorithm and a second one using an JWKs: one using an Elliptic Curve algorithm and a second one using an
RSA algorithm. The first specifies that the key is to be used for RSA algorithm. The first specifies that the key is to be used for
encryption. The second specifies that the key is to be used with the encryption. The second specifies that the key is to be used with the
"RS256" algorithm. Both provide a Key ID for key matching purposes. "RS256" algorithm. Both provide a key ID for key matching purposes.
In both cases, integers are represented using the base64url encoding In both cases, integers are represented using the base64url encoding
of their big endian representations. (Line breaks within values are of their big-endian representations. (Line breaks within values are
for display purposes only.) for display purposes only.)
{"keys": {"keys":
[ [
{"kty":"EC", {"kty":"EC",
"crv":"P-256", "crv":"P-256",
"x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
"y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
"use":"enc", "use":"enc",
"kid":"1"}, "kid":"1"},
skipping to change at page 27, line 21 skipping to change at page 27, line 21
{"keys": {"keys":
[ [
{"kty":"oct", {"kty":"oct",
"alg":"A128KW", "alg":"A128KW",
"k":"GawgguFyGrWKav7AX4VKUg"}, "k":"GawgguFyGrWKav7AX4VKUg"},
{"kty":"oct", {"kty":"oct",
"k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75 "k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75
aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow", aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow",
"kid":"HMAC key used in JWS A.1 example"} "kid":"HMAC key used in JWS spec Appendix A.1 example"}
] ]
} }
Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter Appendix B. Example Use of "x5c" (X.509 Certificate Chain) Parameter
The following is an example of a JWK with a RSA signing key The following is an example of a JWK with a RSA signing key
represented both as an RSA public key and as an X.509 certificate represented both as an RSA public key and as an X.509 certificate
using the "x5c" parameter (with line breaks within values for display using the "x5c" parameter (with line breaks within values for display
purposes only): purposes only):
{"kty":"RSA", {"kty":"RSA",
"use":"sig", "use":"sig",
"kid":"1b94c", "kid":"1b94c",
"n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08 "n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08
PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q
skipping to change at page 29, line 45 skipping to change at page 29, line 45
tbEo3ZIcohbDtt6SbfmWzggabpQxNxuBpoOOf_a_HgMXK_lhqigI4y_kqS1w tbEo3ZIcohbDtt6SbfmWzggabpQxNxuBpoOOf_a_HgMXK_lhqigI4y_kqS1w
Y52IwjUn5rgRrJ-yYo1h41KR-vz2pYhEAeYrhttWtxVqLCRViD6c", Y52IwjUn5rgRrJ-yYo1h41KR-vz2pYhEAeYrhttWtxVqLCRViD6c",
"dq":"AvfS0-gRxvn0bwJoMSnFxYcK1WnuEjQFluMGfwGitQBWtfZ1Er7t1xDkbN9 "dq":"AvfS0-gRxvn0bwJoMSnFxYcK1WnuEjQFluMGfwGitQBWtfZ1Er7t1xDkbN9
GQTB9yqpDoYaN06H7CFtrkxhJIBQaj6nkF5KKS3TQtQ5qCzkOkmxIe3KRbBy GQTB9yqpDoYaN06H7CFtrkxhJIBQaj6nkF5KKS3TQtQ5qCzkOkmxIe3KRbBy
mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu_lRFCOJ3xDea-ots", mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu_lRFCOJ3xDea-ots",
"qi":"lSQi-w9CpyUReMErP1RsBLk7wNtOvs5EQpPqmuMvqW57NBUczScEoPwmUqq "qi":"lSQi-w9CpyUReMErP1RsBLk7wNtOvs5EQpPqmuMvqW57NBUczScEoPwmUqq
abu9V0-Py4dQ57_bapoKRu1R90bvuFnU63SHWEFglZQvJDMeAvmj4sm-Fp0o abu9V0-Py4dQ57_bapoKRu1R90bvuFnU63SHWEFglZQvJDMeAvmj4sm-Fp0o
Yu_neotgQ0hzbI5gry7ajdYy9-2lNx_76aBZoOUu9HCJ-UsfSOI8" Yu_neotgQ0hzbI5gry7ajdYy9-2lNx_76aBZoOUu9HCJ-UsfSOI8"
} }
The octets representing the Plaintext used in this example (using The octets representing the plaintext used in this example (using
JSON array notation) are: JSON array notation) are:
[123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107, [123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107,
105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112, 105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112,
117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34, 117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34,
58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56, 58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56,
80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78, 80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78,
89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87, 89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87,
101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49, 101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49,
103, 80, 78, 113, 70, 77, 83, 81, 82, 121, 79, 49, 50, 53, 71, 112, 103, 80, 78, 113, 70, 77, 83, 81, 82, 121, 79, 49, 50, 53, 71, 112,
skipping to change at page 32, line 22 skipping to change at page 32, line 22
The following example JWE Protected Header declares that: The following example JWE Protected Header declares that:
o the Content Encryption Key is encrypted to the recipient using the o the Content Encryption Key is encrypted to the recipient using the
PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key, PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key,
o the Salt Input ("p2s") value is [217, 96, 147, 112, 150, 117, 70, o the Salt Input ("p2s") value is [217, 96, 147, 112, 150, 117, 70,
247, 127, 8, 155, 137, 174, 42, 80, 215], 247, 127, 8, 155, 137, 174, 42, 80, 215],
o the Iteration Count ("p2c") value is 4096, o the Iteration Count ("p2c") value is 4096,
o authenticated encryption is performed on the Plaintext using the o authenticated encryption is performed on the plaintext using the
AES_128_CBC_HMAC_SHA_256 algorithm to produce the Ciphertext and AES_128_CBC_HMAC_SHA_256 algorithm to produce the ciphertext and
the Authentication Tag, and the Authentication Tag, and
o the content type is application/jwk+json. o the content type is application/jwk+json.
{ {
"alg":"PBES2-HS256+A128KW", "alg":"PBES2-HS256+A128KW",
"p2s":"2WCTcJZ1Rvd_CJuJripQ1w", "p2s":"2WCTcJZ1Rvd_CJuJripQ1w",
"p2c":4096, "p2c":4096,
"enc":"A128CBC-HS256", "enc":"A128CBC-HS256",
"cty":"jwk+json" "cty":"jwk+json"
skipping to change at page 32, line 46 skipping to change at page 32, line 46
Encoding this JWE Protected Header as BASE64URL(UTF8(JWE Protected Encoding this JWE Protected Header as BASE64URL(UTF8(JWE Protected
Header)) gives this value (with line breaks for display purposes Header)) gives this value (with line breaks for display purposes
only): only):
eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn
VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi
andrK2pzb24ifQ andrK2pzb24ifQ
C.3. Content Encryption Key (CEK) C.3. Content Encryption Key (CEK)
Generate a 256 bit random Content Encryption Key (CEK). In this Generate a 256-bit random Content Encryption Key (CEK). In this
example, the value (using JSON array notation) is: example, the value (using JSON array notation) is:
[111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 112, [111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 112,
161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 48, 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 48,
253, 182] 253, 182]
C.4. Key Derivation C.4. Key Derivation
Derive a key from a shared passphrase using the PBKDF2 algorithm with Derive a key from a shared passphrase using the PBKDF2 algorithm with
HMAC SHA-256 and the specified Salt and Iteration Count values and a HMAC SHA-256 and the specified Salt and Iteration Count values and a
128 bit requested output key size to produce the PBKDF2 Derived Key. 128-bit requested output key size to produce the PBKDF2 Derived Key.
This example uses the following passphrase: This example uses the following passphrase:
Thus from my lips, by yours, my sin is purged. Thus from my lips, by yours, my sin is purged.
The octets representing the passphrase are: The octets representing the passphrase are:
[84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108, [84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108,
105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, 105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32,
109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103, 109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103,
101, 100, 46] 101, 100, 46]
skipping to change at page 33, line 36 skipping to change at page 33, line 35
42, 80, 215]. 42, 80, 215].
The resulting PBKDF2 Derived Key value is: The resulting PBKDF2 Derived Key value is:
[110, 171, 169, 92, 129, 92, 109, 117, 233, 242, 116, 233, 170, 14, [110, 171, 169, 92, 129, 92, 109, 117, 233, 242, 116, 233, 170, 14,
24, 75] 24, 75]
C.5. Key Encryption C.5. Key Encryption
Encrypt the CEK with the "A128KW" algorithm using the PBKDF2 Derived Encrypt the CEK with the "A128KW" algorithm using the PBKDF2 Derived
Key. The resulting JWE Encrypted Key value is: Key. The resulting JWE Encrypted Key value is:
[78, 186, 151, 59, 11, 141, 81, 240, 213, 245, 83, 211, 53, 188, 134, [78, 186, 151, 59, 11, 141, 81, 240, 213, 245, 83, 211, 53, 188, 134,
188, 66, 125, 36, 200, 222, 124, 5, 103, 249, 52, 117, 184, 140, 81, 188, 66, 125, 36, 200, 222, 124, 5, 103, 249, 52, 117, 184, 140, 81,
246, 158, 161, 177, 20, 33, 245, 57, 59, 4] 246, 158, 161, 177, 20, 33, 245, 57, 59, 4]
Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives Encoding this JWE Encrypted Key as BASE64URL(JWE Encrypted Key) gives
this value: this value:
TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA
C.6. Initialization Vector C.6. Initialization Vector
Generate a random 128 bit JWE Initialization Vector. In this Generate a random 128-bit JWE Initialization Vector. In this
example, the value is: example, the value is:
[97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149, [97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149,
156] 156]
Encoding this JWE Initialization Vector as BASE64URL(JWE Encoding this JWE Initialization Vector as BASE64URL(JWE
Initialization Vector) gives this value: Initialization Vector) gives this value:
Ye9j1qs22DmRSAddIh-VnA Ye9j1qs22DmRSAddIh-VnA
C.7. Additional Authenticated Data C.7. Additional Authenticated Data
Let the Additional Authenticated Data encryption parameter be Let the Additional Authenticated Data encryption parameter be
ASCII(BASE64URL(UTF8(JWE Protected Header))). This value is: ASCII(BASE64URL(UTF8(JWE Protected Header))). This value is:
skipping to change at page 34, line 28 skipping to change at page 34, line 24
[123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, [123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83,
50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, 50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34,
58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, 58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74,
117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, 117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58,
52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, 52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67,
66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, 66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34,
106, 119, 107, 43, 106, 115, 111, 110, 34, 125] 106, 119, 107, 43, 106, 115, 111, 110, 34, 125]
C.8. Content Encryption C.8. Content Encryption
Perform authenticated encryption on the Plaintext with the Perform authenticated encryption on the plaintext with the
AES_128_CBC_HMAC_SHA_256 algorithm using the CEK as the encryption AES_128_CBC_HMAC_SHA_256 algorithm using the CEK as the encryption
key, the JWE Initialization Vector, and the Additional Authenticated key, the JWE Initialization Vector, and the Additional Authenticated
Data value above. The resulting Ciphertext is: Data value above. The resulting ciphertext is:
[3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, [3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42,
131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, 131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98,
112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, 112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38,
157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, 157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11,
129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60, 129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60,
60, 47, 233, 132, 121, 13, 35, 188, 53, 19, 172, 77, 59, 54, 211, 60, 47, 233, 132, 121, 13, 35, 188, 53, 19, 172, 77, 59, 54, 211,
158, 172, 25, 60, 111, 0, 80, 201, 158, 160, 210, 68, 55, 12, 67, 158, 172, 25, 60, 111, 0, 80, 201, 158, 160, 210, 68, 55, 12, 67,
136, 130, 87, 216, 197, 95, 62, 20, 155, 205, 5, 140, 27, 168, 221, 136, 130, 87, 216, 197, 95, 62, 20, 155, 205, 5, 140, 27, 168, 221,
65, 114, 78, 157, 254, 46, 206, 182, 52, 135, 87, 239, 3, 34, 186, 65, 114, 78, 157, 254, 46, 206, 182, 52, 135, 87, 239, 3, 34, 186,
skipping to change at page 39, line 5 skipping to change at page 40, line 5
SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA
D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8 D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8
H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4 H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4
r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp- r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp-
7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO 7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO
v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl
88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD 88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD
IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg. IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg.
0HFmhOzsQ98nNWJjIHkR7A 0HFmhOzsQ98nNWJjIHkR7A
Appendix D. Acknowledgements Acknowledgements
A JSON representation for RSA public keys was previously introduced A JSON representation for RSA public keys was previously introduced
by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures by John Panzer, Ben Laurie, and Dirk Balfanz in Magic Signatures
[MagicSignatures]. [MagicSignatures].
Thanks to Matt Miller for creating the encrypted key example and to Thanks to Matt Miller for creating the encrypted key example and to
Edmund Jay and Brian Campbell for validating the example. Edmund Jay and Brian Campbell for validating the example.
This specification is the work of the JOSE Working Group, which This specification is the work of the JOSE working group, which
includes dozens of active and dedicated participants. In particular, includes dozens of active and dedicated participants. In particular,
the following individuals contributed ideas, feedback, and wording the following individuals contributed ideas, feedback, and wording
that influenced this specification: that influenced this specification:
Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de Dirk Balfanz, Richard Barnes, John Bradley, Brian Campbell, Breno de
Medeiros, Stephen Farrell, Joe Hildebrand, Edmund Jay, Stephen Kent, Medeiros, Stephen Farrell, Joe Hildebrand, Edmund Jay, Stephen Kent,
Ben Laurie, James Manger, Matt Miller, Kathleen Moriarty, Chuck Ben Laurie, James Manger, Matt Miller, Kathleen Moriarty, Chuck
Mortimore, Tony Nadalin, Axel Nennker, John Panzer, Eric Rescorla, Mortimore, Tony Nadalin, Axel Nennker, John Panzer, Eric Rescorla,
Pete Resnick, Nat Sakimura, Jim Schaad, Ryan Sleevi, Paul Tarjan, Pete Resnick, Nat Sakimura, Jim Schaad, Ryan Sleevi, Paul Tarjan,
Hannes Tschofenig, and Sean Turner. Hannes Tschofenig, and Sean Turner.
Jim Schaad and Karen O'Donoghue chaired the JOSE working group and Jim Schaad and Karen O'Donoghue chaired the JOSE working group and
Sean Turner, Stephen Farrell, and Kathleen Moriarty served as Sean Turner, Stephen Farrell, and Kathleen Moriarty served as
Security area directors during the creation of this specification. Security Area Directors during the creation of this specification.
Appendix E. Document History
[[ to be removed by the RFC Editor before publication as an RFC ]]
-41
o Added Security Considerations text about binding attributes to
keys.
o Incorporated additional terms defined in the JWE spec by
reference.
-40
o Clarified the definitions of UTF8(STRING) and ASCII(STRING).
o Stated that line breaks are for display purposes only in places
where this disclaimer was needed and missing.
o Updated the WebCrypto reference to refer to the W3C Candidate
Recommendation.
-39
o No changes were made, other than to the version number and date.
-38
o Replaced uses of the phrase "JWK object" with "JWK".
-37
o Updated the TLS requirements language to only require
implementations to support TLS when they support features using
TLS.
o Restricted algorithm names to using only ASCII characters.
o Updated the example IANA registration request subject line.
-36
o Stated that if both "use" and "key_ops" are used, the information
they convey MUST be consistent.
o Clarified where white space and line breaks may occur in JSON
objects by referencing Section 2 of RFC 7159.
o Specified that registration reviews occur on the
jose-reg-review@ietf.org mailing list.
-35
o Used real values for examples in the IANA Registration Templates.
-34
o Addressed IESG review comments by Pete Resnick, Stephen Farrell,
and Richard Barnes.
o Referenced RFC 4945 for PEM certificate delimiter syntax.
-33
o Addressed secdir review comments by Stephen Kent for which
resolutions had mistakenly been omitted in the previous draft.
o Acknowledged additional contributors.
-32
o Addressed Gen-ART review comments by Russ Housley.
o Addressed secdir review comments by Stephen Kent.
-31
o No changes were made, other than to the version number and date.
-30
o Added references and cleaned up the reference syntax in a few
places.
o Applied minor wording changes to the Security Considerations
section.
-29
o Replaced the terms JWS Header, JWE Header, and JWT Header with a
single JOSE Header term defined in the JWS specification. This
also enabled a single Header Parameter definition to be used and
reduced other areas of duplication between specifications.
-28
o Revised the introduction to the Security Considerations section.
o Refined the text about when applications using encrypted JWKs and
JWK Sets would not need to use the "cty" header parameter.
-27
o Added an example JWK early in the draft.
o Described additional security considerations.
o Added the "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) JWK
member.
o Addressed a few editorial issues.
-26
o Referenced Section 6 of RFC 6125 for TLS server certificate
identity validation.
o Deleted misleading non-normative phrase from the "use"
description.
o Noted that octet sequences are depicted using JSON array notation.
o Updated references, including to W3C specifications.
-25
o Updated WebCrypto reference to refer to W3C Last Call draft.
-24
o Corrected the authentication tag value in the encrypted key
example.
o Updated the JSON reference to RFC 7159.
-23
o No changes were made, other than to the version number and date.
-22
o Corrected RFC 2119 terminology usage.
o Replaced references to draft-ietf-json-rfc4627bis with RFC 7158.
-21
o Replaced the "key_ops" values "wrap" and "unwrap" with "wrapKey"
and "unwrapKey" to match the "KeyUsage" values defined in the
current Web Cryptography API editor's draft.
o Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt
Input), where the "p2s" Header Parameter encodes the Salt Input
value and Alg is the "alg" Header Parameter value.
o Changed some references from being normative to informative,
addressing issue #90.
-20
o Renamed "use_details" to "key_ops" (key operations).
o Clarified that "use" is meant for public key use cases, "key_ops"
is meant for use cases in which public, private, or symmetric keys
may be present, and that "use" and "key_ops" should not be used
together.
o Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis,
addressing issue #90.
-19
o Added optional "use_details" (key use details) JWK member.
o Reordered the key selection parameters.
-18
o Changes to address editorial and minor issues #68, #69, #73, #74,
#76, #77, #78, #79, #82, #85, #89, and #135.
o Added and used Description registry fields.
-17
o Refined the "typ" and "cty" definitions to always be MIME Media
Types, with the omission of "application/" prefixes recommended
for brevity, addressing issue #50.
o Added an example encrypting an RSA private key with
"PBES2-HS256+A128KW" and "A128CBC-HS256". Thanks to Matt Miller
for producing this!
o Processing rules occurring in both JWS and JWK are now referenced
in JWS by JWK, rather than duplicated, addressing issue #57.
o Terms used in multiple documents are now defined in one place and
incorporated by reference. Some lightly used or obvious terms
were also removed. This addresses issue #58.
-16
o Changes to address editorial and minor issues #41, #42, #43, #47,
#51, #67, #71, #76, #80, #83, #84, #85, #86, #87, and #88.
-15
o Changes to address editorial issues #48, #64, #65, #66, and #91.
-14
o Relaxed language introducing key parameters since some parameters
are applicable to multiple, but not all, key types.
-13
o Applied spelling and grammar corrections.
-12
o Stated that recipients MUST either reject JWKs and JWK Sets with
duplicate member names or use a JSON parser that returns only the
lexically last duplicate member name.
-11
o Stated that when "kid" values are used within a JWK Set, different
keys within the JWK Set SHOULD use distinct "kid" values.
o Added optional "x5u" (X.509 URL), "x5t" (X.509 Certificate
Thumbprint), and "x5c" (X.509 Certificate Chain) JWK parameters.
o Added section on Encrypted JWK and Encrypted JWK Set Formats.
o Added a Parameter Information Class value to the JSON Web Key
Parameters registry, which registers whether the parameter conveys
public or private information.
o Registered "application/jwk+json" and "application/jwk-set+json"
MIME types and "JWK" and "JWK-SET" typ header parameter values,
addressing issue #21.
-10
o No changes were made, other than to the version number and date.
-09
o Expanded the scope of the JWK specification to include private and
symmetric key representations, as specified by
draft-jones-jose-json-private-and-symmetric-key-00.
o Defined that members that are not understood must be ignored.
-08
o Changed the name of the JWK key type parameter from "alg" to "kty"
to enable use of "alg" to indicate the particular algorithm that
the key is intended to be used with.
o Clarified statements of the form "This member is OPTIONAL" to "Use
of this member is OPTIONAL".
o Referenced String Comparison Rules in JWS.
o Added seriesInfo information to Internet Draft references.
-07
o Changed the name of the JWK RSA modulus parameter from "mod" to
"n" and the name of the JWK RSA exponent parameter from "xpo" to
"e", so that the identifiers are the same as those used in RFC
3447.
-06
o Changed the name of the JWK RSA exponent parameter from "exp" to
"xpo" so as to allow the potential use of the name "exp" for a
future extension that might define an expiration parameter for
keys. (The "exp" name is already used for this purpose in the JWT
specification.)
o Clarify that the "alg" (algorithm family) member is REQUIRED.
o Correct an instance of "JWK" that should have been "JWK Set".
o Applied changes made by the RFC Editor to RFC 6749's registry
language to this specification.
-05
o Indented artwork elements to better distinguish them from the body
text.
-04
o Refer to the registries as the primary sources of defined values
and then secondarily reference the sections defining the initial
contents of the registries.
o Normatively reference XML DSIG 2.0 for its security
considerations.
o Added this language to Registration Templates: "This name is case
sensitive. Names that match other registered names in a case
insensitive manner SHOULD NOT be accepted."
o Described additional open issues.
o Applied editorial suggestions.
-03
o Clarified that "kid" values need not be unique within a JWK Set.
o Moved JSON Web Key Parameters registry to the JWK specification.
o Added "Collision Resistant Namespace" to the terminology section.
o Changed registration requirements from RFC Required to
Specification Required with Expert Review.
o Added Registration Template sections for defined registries.
o Added Registry Contents sections to populate registry values.
o Numerous editorial improvements.
-02
o Simplified JWK terminology to get replace the "JWK Key Object" and
"JWK Container Object" terms with simply "JSON Web Key (JWK)" and
"JSON Web Key Set (JWK Set)" and to eliminate potential confusion
between single keys and sets of keys. As part of this change, the
top-level member name for a set of keys was changed from "jwk" to
"keys".
o Clarified that values with duplicate member names MUST be
rejected.
o Established JSON Web Key Set Parameters registry.
o Explicitly listed non-goals in the introduction.
o Moved algorithm-specific definitions from JWK to JWA.
o Reformatted to give each member definition its own section
heading.
-01
o Corrected the Magic Signatures reference.
-00
o Created the initial IETF draft based upon
draft-jones-json-web-key-03 with no normative changes.
Author's Address Author's Address
Michael B. Jones Michael B. Jones
Microsoft Microsoft
Email: mbj@microsoft.com EMail: mbj@microsoft.com
URI: http://self-issued.info/ URI: http://self-issued.info/
 End of changes. 160 change blocks. 
769 lines changed or deleted 408 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/