One document matched: draft-ietf-jose-cookbook-00.xml
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
]>
<rfc ipr="trust200902" docName="draft-ietf-jose-cookbook-00" category="info">
<?rfc toc="yes"?>
<?rfc sortrefs="yes"?>
<?rfc symrefs="yes"?>
<front>
<title abbrev="JOSE Cookbook">Examples of Protecting Content using JavaScript Object Signing and Encryption (JOSE)</title>
<author initials="M." surname="Miller" fullname="Matthew Miller">
<organization>Cisco Systems, Inc.</organization>
<address>
<postal>
<street>1899 Wynkoop Street, Suite 600</street>
<city>Denver</city>
<region>CO</region>
<code>80202</code>
<country>USA</country>
</postal>
<phone>+1-303-308-3204</phone>
<email>mamille2@cisco.com</email>
</address>
</author>
<date year="2013" month="December" day="04"/>
<area>Security</area>
<workgroup>JOSE Working Group</workgroup>
<keyword>Internet-Draft</keyword>
<abstract>
<t>A set of examples of using JavaScript Object Signing and Encryption (JOSE) to protect data. This document illustrates a representative sampling of various JSON Web Signature (JWS) and JSON Web Encryption (JWE) results given similar inputs.</t>
</abstract>
</front>
<middle>
<section anchor="intro" title="Introduction">
<t>The JavaScript Object Signing and Encryption (JOSE) technologies – JSON Web Key (JWK) <xref target="I-D.ietf-jose-json-web-key"/>, JSON Web Signature (JWS) <xref target="I-D.ietf-jose-json-web-signature"/>, JSON Web Encryption (JWE) <xref target="I-D.ietf-jose-json-web-encryption"/>, and JSON Web Algorithms (JWA) <xref target="I-D.ietf-jose-json-web-algorithms"/> – collectively can be used to protect content in a myriad of ways. The full set of permutations is extremely large, and might be daunting to some.</t>
<t>This document provides a number of examples of signing or encrypting content using JOSE. While not exhaustive, it does compile together a representative sample of JOSE features. As much as possible, the same signature payload or encryption plaintext content is used to illustrate differences in various signing and encryption results.</t>
<section anchor="intro-conventions" title="Conventions Used in this Document">
<t>All instances of binary octet strings are represented using <xref target="RFC4648"/> base64url encoding.</t>
<t>Wherever possible, the examples include both the Compact and JSON serializations.</t>
<t>All of the examples in this document have whitespace added to improve formatting and readability. Except for plaintext or payload content, whitespace is not part of the cryptographic operations. Plaintext or payload content does include whitespace (unless otherwise noted), although line breaks (U+000A LINE FEED) have replaced spaces (U+0020 SPACE) is some cases to improve readability.</t>
</section>
</section>
<section anchor="terms" title="Terminology">
<t>This document inherits terminology regarding JSON Web Key (JWK) technology from <xref target="I-D.ietf-jose-json-web-key"/>, terminology regarding JSON Web Signature (JWS) technology from <xref target="I-D.ietf-jose-json-web-signature"/>, terminology regarding JSON Web Encryption (JWE) technology from <xref target="I-D.ietf-jose-json-web-encryption"/>, and terminology regarding algorithms from <xref target="I-D.ietf-jose-json-web-algorithms"/>.</t>
</section>
<section anchor="jws" title="JSON Web Signature Examples">
<t>The following sections demonstrate how to generate various JWS objects.</t>
<t>All of the succeeding examples use the following payload plaintext, serialized as UTF-8, with line breaks (U+000A LINE FEED) replacing some “ “ (U+0020 SPACE) characters to improve formatting:</t>
<figure title="Payload content plaintext" anchor="jws-payload"><artwork><![CDATA[
It's a dangerous business, Frodo, going out your door. You
step onto the road, and if you don't keep your feet, there's
no knowing where you might be swept off to.
]]></artwork></figure>
<t>The Payload – with line breaks (U+000A LINE FEED) replaced with “ “ (U+0020 SPACE) – encoded as <xref target="RFC4648"/> base64url:</t>
<figure title="Payload content, base64url-encoded" anchor="jws-payload_b64u"><artwork><![CDATA[
SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91dCB5b3
VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZiB5b3UgZG9u
J3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2luZyB3aGVyZSB5b3
UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg
]]></artwork></figure>
<section anchor="jws-rsa" title="RSA v1.5 Signature">
<t>This example illustrates signing content using the “RS256” (RSASSA-PKCS1-v1_5 with SHA-256) algorithm.</t>
<section anchor="jws-rsa-input" title="Input Factors">
<t>The following are supplied before beginning the signing operation:</t>
<t><list style='symbols'>
<t>Payload content; this example uses the content from <xref target="jws-payload"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-payload_b64u"/>.</t>
<t>RSA private key; this example uses the key from <xref target="jws-rsa-key"/>.</t>
<t>“alg” parameter of “RS256”.</t>
</list></t>
<figure title="RSA 2048-bit Private Key, in JWK format" anchor="jws-rsa-key"><artwork><![CDATA[
{
"kty": "RSA",
"kid": "bilbo.baggins@hobbiton.example",
"use": "sig",
"n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rH
VTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRB
SFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqk
HHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD
1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0F
Vbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_
qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw",
"e": "AQAB",
"d": "bWUC9B-EFRIo8kpGfh0ZuyGPvMNKvYWNtB_ikiH9k20eT-O1q_
I78eiZkpXxXQ0UTEs2LsNRS-8uJbvQ-A1irkwMSMkK1J3XTGgd
rhCku9gRldY7sNA_AKZGh-Q661_42rINLRCe8W-nZ34ui_qOfk
LnK9QWDDqpaIsA-bMwWWSDFu2MUBYwkHTMEzLYGqOe04noqeq1
hExBTHBOBdkMXiuFhUq1BU6l-DqEiWxqg82sXt2h-LMnT3046A
OYJoRioz75tSUQfGCshWTBnP5uDjd18kKhyv07lhfSJdrPdM5P
lyl21hsFf4L_mHCuoFau7gdsPfHPxxjVOcOpBrQzwQ",
"p": "3Slxg_DwTXJcb6095RoXygQCAZ5RnAvZlno1yhHtnUex_fp7AZ
_9nRaO7HX_-SFfGQeutao2TDjDAWU4Vupk8rw9JR0AzZ0N2fvu
IAmr_WCsmGpeNqQnev1T7IyEsnh8UMt-n5CafhkikzhEsrmndH
6LxOrvRJlsPp6Zv8bUq0k",
"q": "uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs
6grT8bR_cu0Dm1MZwWmtdqDyI95HrUeq3MP15vMMON8lHTeZu2
lmKvwqW7anV5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxH
lSqAZ192zB3pVFJ0s7pFc",
"dp": "B8PVvXkvJrj2L-GYQ7v3y9r6Kw5g9SahXBwsWUzp19TVlgI-YV
85q1NIb1rxQtD-IsXXR3-TanevuRPRt5OBOdiMGQp8pbt26glj
YfKU_E9xn-RULHz0-ed9E9gXLKD4VGngpz-PfQ_q29pk5xWHoJ
p009Qf1HvChixRX59ehik",
"dq": "CLDmDGduhylc9o7r84rEUVn7pzQ6PF83Y-iBZx5NT-TpnOZKF1
pErAMVeKzFEl41DlHHqqBLSM0W1sOFbwTxYWZDm6sI6og5iTbw
QGIC3gnJKbi_7k_vJgGHwHxgPaX2PnvP-zyEkDERuf-ry4c_Z1
1Cq9AqC2yeL6kdKT1cYF8",
"qi": "3PiqvXQN0zwMeE-sBvZgi289XP9XCQF3VWqPzMKnIgQp7_Tugo
6-NZBKCQsMf3HaEGBjTVJs_jcK8-TRXvaKe-7ZMaQj8VfBdYks
sbu0NKDDhjJ-GtiseaDVWt7dcH0cfwxgFUHpQh7FoCrjFJ6h6Z
EpMF6xmujs4qMpPz8aaI4"
}
]]></artwork></figure>
</section>
<section anchor="jws-rsa-op" title="Signing Operation">
<t>The following are generated to complete the signing operation:</t>
<t><list style='symbols'>
<t>Protected JWS Header; this example uses the header from <xref target="jws-rsa-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-rsa-protected_b64u"/>.</t>
</list></t>
<figure title="Protected JWS Header JSON" anchor="jws-rsa-protected"><artwork><![CDATA[
{
"alg": "RS256",
"kid": "bilbo.baggins@hobbiton.example"
}
]]></artwork></figure>
<figure title="Protected JWS Header, base64url-encoded" anchor="jws-rsa-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
]]></artwork></figure>
<t>Performing the signature operation over the combined protected JWS header (<xref target="jws-rsa-protected_b64u"/>) and Payload content (<xref target="jws-payload_b64u"/>) produces the following signature:</t>
<figure title="Signature, base64url-encoded" anchor="jws-rsa-sig"><artwork><![CDATA[
jYc0gEV3V-RogN63dfD39ubQDvRFpqT0pYN2zmDfhxzLEqvWNFmINxPHuBZyNb
8FDgfU7oFPgLMdbzWP8dzebwCAQH1j_MV98HMMoaQweDy8L_6XBy6JjcxGne_o
GDyMM-gBm6VyW_xqK03pLEvmUrUlFLAVWuMpkd675wX8lPtiiEmswOqph6aCtA
LnBDMTUOlFzPpOb6B6OXctf4AG1cTfzcbyLWIGhGjqnPdqmoHldn-57eRT-G-R
-UR_XcxxvQ1b7gYAhh5_367tNnlnhIvv0RNr2UaqtnSG50B3TUVdDuJ0eHmPxW
dD6kVwiEIYeHPT4uhaRe2XgbTSx2pTQg
]]></artwork></figure>
</section>
<section anchor="jws-rsa-output" title="Output Results">
<t>The following compose the resulting JWS object:</t>
<t><list style='symbols'>
<t>Protected JWS header (<xref target="jws-rsa-protected"/>)</t>
<t>Payload content (<xref target="jws-payload_b64u"/>)</t>
<t>Signature (<xref target="jws-rsa-sig"/>)</t>
</list></t>
<t>The resulting JWS object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jws-rsa-compact"><artwork><![CDATA[
eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91dCB5b3
VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZiB5b3UgZG9u
J3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2luZyB3aGVyZSB5b3
UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg
.
jYc0gEV3V-RogN63dfD39ubQDvRFpqT0pYN2zmDfhxzLEqvWNFmINxPHuBZyNb
8FDgfU7oFPgLMdbzWP8dzebwCAQH1j_MV98HMMoaQweDy8L_6XBy6JjcxGne_o
GDyMM-gBm6VyW_xqK03pLEvmUrUlFLAVWuMpkd675wX8lPtiiEmswOqph6aCtA
LnBDMTUOlFzPpOb6B6OXctf4AG1cTfzcbyLWIGhGjqnPdqmoHldn-57eRT-G-R
-UR_XcxxvQ1b7gYAhh5_367tNnlnhIvv0RNr2UaqtnSG50B3TUVdDuJ0eHmPxW
dD6kVwiEIYeHPT4uhaRe2XgbTSx2pTQg
]]></artwork></figure>
<t>The resulting JWS object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jws-rsa-json"><artwork><![CDATA[
{
"payload":
"SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91d
CB5b3VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZi
B5b3UgZG9uJ3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2l
uZyB3aGVyZSB5b3UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg",
"signatures": [
{
"protected":
"eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iY
ml0b24uZXhhbXBsZSJ9",
"signature":
"jYc0gEV3V-RogN63dfD39ubQDvRFpqT0pYN2zmDfhxzLEqvWNFmIN
xPHuBZyNb8FDgfU7oFPgLMdbzWP8dzebwCAQH1j_MV98HMMoaQweD
y8L_6XBy6JjcxGne_oGDyMM-gBm6VyW_xqK03pLEvmUrUlFLAVWuM
pkd675wX8lPtiiEmswOqph6aCtALnBDMTUOlFzPpOb6B6OXctf4AG
1cTfzcbyLWIGhGjqnPdqmoHldn-57eRT-G-R-UR_XcxxvQ1b7gYAh
h5_367tNnlnhIvv0RNr2UaqtnSG50B3TUVdDuJ0eHmPxWdD6kVwiE
IYeHPT4uhaRe2XgbTSx2pTQg"
}
]
}
]]></artwork></figure>
</section>
</section>
<section anchor="jws-rsapss" title="RSA-PSS Signature">
<t>This example illustrates signing content using the “PS256” (RSASSA-PSS with SHA-256) algorithm.</t>
<section anchor="jws-rsapss-input" title="Input Factors">
<t>The following are supplied before beginning the signing operation:</t>
<t><list style='symbols'>
<t>Payload content; this example uses the content from <xref target="jws-payload"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-payload_b64u"/>.</t>
<t>RSA private key; this example uses the key from <xref target="jws-rsa-key"/>.</t>
<t>“alg” parameter of “RS256”.</t>
</list></t>
</section>
<section anchor="jws-rsapss-op" title="Signing Operation">
<t>The following are generated to complete the signing operation:</t>
<t><list style='symbols'>
<t>Protected JWS Header; this example uses the header from <xref target="jws-rsapss-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-rsapss-protected_b64u"/>.</t>
</list></t>
<figure title="Protected JWS Header JSON" anchor="jws-rsapss-protected"><artwork><![CDATA[
{
"alg": "PS384",
"kid": "bilbo.baggins@hobbiton.example"
}
]]></artwork></figure>
<figure title="Protected JWS Header, base64url-encoded" anchor="jws-rsapss-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
]]></artwork></figure>
<t>Performing the signature operation over the combined protected JWS header (<xref target="jws-rsapss-protected_b64u"/>) and Payload content (<xref target="jws-payload_b64u"/>) produces the following signature:</t>
<figure title="Signature, base64url-encoded" anchor="jws-rsapss-sig"><artwork><![CDATA[
kmV2DSGzAWL3qq4fZOpOfW1Jn-qFa0OyEOtaL-XiDt_JQVnhurpQlT698iBkiy
wXRzcvwyY-UgeTrCDT6kPAZHN3Tj6l_bsPwHt7B1AaphZObG94tYCdyQlwdrCy
lBBaDMwwjQuSvL9MP40KLAlV5BGmnps-2rAUK9VL_HmKRcjo2dQ_VRfbaCSmmI
-aohWvcdptMyI6kZhHL_zLCOWO5RoY5YWV42u46ZdW-e06QgBZkzdHEmS2Aimx
EIy6PamU6FKvRLR3s8tiagdmBEwqiXUoRq5i3VL-XRvGMtk6jUonloTOii-nsU
6jN1AwrFGwe7kd33X6AX9CaMtOJaUZVw
]]></artwork></figure>
</section>
<section anchor="jws-rsapss-output" title="Output Results">
<t>The following compose the resulting JWS object:</t>
<t><list style='symbols'>
<t>Protected JWS header (<xref target="jws-rsapss-protected_b64u"/>)</t>
<t>Payload content (<xref target="jws-payload_b64u"/>)</t>
<t>Signature (<xref target="jws-rsapss-sig"/>)</t>
</list></t>
<t>The resulting JWS object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jws-rsapss-compact"><artwork><![CDATA[
eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91dCB5b3
VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZiB5b3UgZG9u
J3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2luZyB3aGVyZSB5b3
UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg
.
kmV2DSGzAWL3qq4fZOpOfW1Jn-qFa0OyEOtaL-XiDt_JQVnhurpQlT698iBkiy
wXRzcvwyY-UgeTrCDT6kPAZHN3Tj6l_bsPwHt7B1AaphZObG94tYCdyQlwdrCy
lBBaDMwwjQuSvL9MP40KLAlV5BGmnps-2rAUK9VL_HmKRcjo2dQ_VRfbaCSmmI
-aohWvcdptMyI6kZhHL_zLCOWO5RoY5YWV42u46ZdW-e06QgBZkzdHEmS2Aimx
EIy6PamU6FKvRLR3s8tiagdmBEwqiXUoRq5i3VL-XRvGMtk6jUonloTOii-nsU
6jN1AwrFGwe7kd33X6AX9CaMtOJaUZVw
]]></artwork></figure>
<t>The resulting JWS object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jws-rsapss-json"><artwork><![CDATA[
{
"payload":
"SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91d
CB5b3VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZi
B5b3UgZG9uJ3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2l
uZyB3aGVyZSB5b3UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg",
"signatures": [
{
"protected":
"eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iY
ml0b24uZXhhbXBsZSJ9",
"signature":
"kmV2DSGzAWL3qq4fZOpOfW1Jn-qFa0OyEOtaL-XiDt_JQVnhurpQl
T698iBkiywXRzcvwyY-UgeTrCDT6kPAZHN3Tj6l_bsPwHt7B1Aaph
ZObG94tYCdyQlwdrCylBBaDMwwjQuSvL9MP40KLAlV5BGmnps-2rA
UK9VL_HmKRcjo2dQ_VRfbaCSmmI-aohWvcdptMyI6kZhHL_zLCOWO
5RoY5YWV42u46ZdW-e06QgBZkzdHEmS2AimxEIy6PamU6FKvRLR3s
8tiagdmBEwqiXUoRq5i3VL-XRvGMtk6jUonloTOii-nsU6jN1AwrF
Gwe7kd33X6AX9CaMtOJaUZVw"
}
]
}
]]></artwork></figure>
</section>
</section>
<section anchor="jws-ecdsa" title="ECDSA Signature">
<t>This example illustrates signing content using the “ES512” (ECDSA with curve P-521 and SHA-512) algorithm.</t>
<section anchor="jws-ecdsa-input" title="Input Factors">
<t>The following are supplied before beginning the signing operation:</t>
<t><list style='symbols'>
<t>Payload content; this example uses the content from <xref target="jws-payload"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-payload_b64u"/>.</t>
<t>EC private key on the curve P-521; this example uses the key from <xref target="jws-ecdsa-key"/>.</t>
<t>“alg” parameter of “ES512”</t>
</list></t>
<figure title="Elliptic Curve P-521 Private Key" anchor="jws-ecdsa-key"><artwork><![CDATA[
{
"kty": "EC",
"kid": "bilbo.baggins@hobbiton.example",
"use": "sig",
"crv": "P-521",
"x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJX
u9A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
"y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHira
VySsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1",
"d": "CFE43av1ypdfWGD5GgjpHW1fmnatQBh2akdmgLVc0znoq2xytfrN
sqKlCsJb0IZkfdPi5umehMosNgn98Xf-sm0"
}
]]></artwork></figure>
</section>
<section anchor="jws-ecdsa-op" title="Signing Operation">
<t>The following are generated before beginning the signature process:</t>
<t><list style='symbols'>
<t>Protected JWS Header; this example uses the header from <xref target="jws-ecdsa-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-ecdsa-protected_b64u"/>.</t>
</list></t>
<figure title="Protected JWS Header JSON" anchor="jws-ecdsa-protected"><artwork><![CDATA[
{
"alg": "ES512",
"kid": "bilbo.baggins@hobbiton.example"
}
]]></artwork></figure>
<figure title="Protected JWS Header, base64url-encoded" anchor="jws-ecdsa-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
]]></artwork></figure>
<t>Performing the signature operation over the combined protected JWS header (<xref target="jws-ecdsa-protected_b64u"/>) and Payload content ({{jws-payload_b64u) produces the following signature:</t>
<figure title="Signature, base64url-encoded" anchor="jws-ecdsa-sig"><artwork><![CDATA[
GU4icJRWWqP0nDHX2HqiIZGueMWosZnx-RHjbNkkuJuVtW6ylbiHAHuOIuH9RD
dnildrg7VGvnjVK2Jv_47gyLQc8kweURgG5Zg6vauw6TyH7feCxMpfZ8BEqLSL
cLa_UUwYNLAFMB3FwQMIgSJJi7u510k1B6Nh-KcNJmViDeD2gA
]]></artwork></figure>
</section>
<section anchor="jws-ecdsa-output" title="Output Results">
<t>The following compose the resulting JWS object:</t>
<t><list style='symbols'>
<t>Protected JWS header (<xref target="jws-ecdsa-protected_b64u"/>)</t>
<t>Payload content (<xref target="jws-payload_b64u"/>)</t>
<t>Signature (<xref target="jws-ecdsa-sig"/>)</t>
</list></t>
<t>The resulting JWS object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jws-ecdsa-compact"><artwork><![CDATA[
eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91dCB5b3V
yIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZiB5b3UgZG9uJ3
Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2luZyB3aGVyZSB5b3Ugb
WlnaHQgYmUgc3dlcHQgb2ZmIHRvLg
.
GU4icJRWWqP0nDHX2HqiIZGueMWosZnx-RHjbNkkuJuVtW6ylbiHAHuOIuH9RD
dnildrg7VGvnjVK2Jv_47gyLQc8kweURgG5Zg6vauw6TyH7feCxMpfZ8BEqLSL
cLa_UUwYNLAFMB3FwQMIgSJJi7u510k1B6Nh-KcNJmViDeD2gA
]]></artwork></figure>
<t>The resulting JWS object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jws-ecdsa-json"><artwork><![CDATA[
{
"payload":
"SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91d
CB5b3VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZi
B5b3UgZG9uJ3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2l
uZyB3aGVyZSB5b3UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg",
"signatures": [
{
"protected":
"eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iY
ml0b24uZXhhbXBsZSJ9",
"signature":
"GU4icJRWWqP0nDHX2HqiIZGueMWosZnx-RHjbNkkuJuVtW6ylbiHA
HuOIuH9RDdnildrg7VGvnjVK2Jv_47gyLQc8kweURgG5Zg6vauw6T
yH7feCxMpfZ8BEqLSLcLa_UUwYNLAFMB3FwQMIgSJJi7u510k1B6N
h-KcNJmViDeD2gA"
}
]
}
]]></artwork></figure>
</section>
</section>
<section anchor="jws-hmac" title="HMAC-SHA2 Integrity Protection">
<t>This example illustrates integrity protecting content using the “HS256” (HMAC-SHA-256) algorithm.</t>
<section anchor="jws-hmac-input" title="Input Factors">
<t>The following are supplied before beginning the signing operation:</t>
<t><list style='symbols'>
<t>Payload content; this example uses the content from <xref target="jws-payload"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-payload_b64u"/>.</t>
<t>AES symmetric key; this example uses the key from <xref target="jws-hmac-key"/>.</t>
<t>“alg” parameter of “HS256”.</t>
</list></t>
<figure title="AES 256-bit symmetric key" anchor="jws-hmac-key"><artwork><![CDATA[
{
"kty": "oct",
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037",
"use": "sig",
"k": "hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"
}
]]></artwork></figure>
</section>
<section anchor="jws-hmac-op" title="Signing Operation">
<t>The following are generated before completing the signing operation:</t>
<t><list style='symbols'>
<t>Protected JWS Header; this example uses the header from <xref target="jws-hmac-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-hmac-protected_b64u"/>.</t>
</list></t>
<figure title="Protected JWS Header JSON" anchor="jws-hmac-protected"><artwork><![CDATA[
{
"alg": "HS256",
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
]]></artwork></figure>
<figure title="Protected JWS Header, base64url-encoded" anchor="jws-hmac-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
]]></artwork></figure>
<t>Performing the signature operation over the combined protected JWS header (<xref target="jws-hmac-protected_b64u"/>) and Payload content (<xref target="jws-payload_b64u"/>) produces the following signature:</t>
<figure title="Signature, base64url-encoded" anchor="jws-hmac-sig"><artwork><![CDATA[
BC8xgQaFNKeZieRI0z7wDzbpRyG_ombR9gDU22IBJEM
]]></artwork></figure>
</section>
<section anchor="jws-hmac-output" title="Output Results">
<t>The following compose the resulting JWS object:</t>
<t><list style='symbols'>
<t>Protected JWS header (<xref target="jws-hmac-protected_b64u"/>)</t>
<t>Payload content (<xref target="jws-payload_b64u"/>)</t>
<t>Signature (<xref target="jws-hmac-sig"/>)</t>
</list></t>
<t>The resulting JWS object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jws-hmac-compact"><artwork><![CDATA[
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
.
SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91dCB5b3
VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZiB5b3UgZG9u
J3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2luZyB3aGVyZSB5b3
UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg
.
BC8xgQaFNKeZieRI0z7wDzbpRyG_ombR9gDU22IBJEM
]]></artwork></figure>
<t>The resulting JWS object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jws-hmac-json"><artwork><![CDATA[
{
"payload":
"SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91d
CB5b3VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZi
B5b3UgZG9uJ3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2l
uZyB3aGVyZSB5b3UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg",
"signatures": [
{
"protected":
"eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxY
i1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
"signature":
"BC8xgQaFNKeZieRI0z7wDzbpRyG_ombR9gDU22IBJEM"
}
]
}
]]></artwork></figure>
</section>
</section>
<section anchor="jws-detached" title="Detached Signature">
<t>This example illustrates a detached signature. This example is identical others, except the resulting JWS objects do not include the Payload content. Instead, the application is expected to locate it elsewhere. For example, the signature might be in a meta-data section, with the payload being the content.</t>
<section anchor="jws-detached-input" title="Input Factors">
<t>The following are supplied before beginning the signing operation:</t>
<t><list style='symbols'>
<t>Payload content; this example uses the content from <xref target="jws-payload"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-payload_b64u"/>.</t>
<t>Signing key; this example uses the AES symmetric key from <xref target="jws-hmac-key"/>.</t>
<t>Signing algorithm; this example uses “RS256”.</t>
</list></t>
</section>
<section anchor="jws-detached-op" title="Signing Operation">
<t>The following are generated before completing the signing operation:</t>
<t><list style='symbols'>
<t>Protected JWS Header; this example uses the header from <xref target="jws-detached-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-detached-protected_b64u"/>.</t>
</list></t>
<t>The protected JWS header parameters:</t>
<figure title="Protected JWS Header JSON" anchor="jws-detached-protected"><artwork><![CDATA[
{
"alg": "HS256",
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
]]></artwork></figure>
<figure title="Protected JWS Header, base64url-encoded" anchor="jws-detached-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
]]></artwork></figure>
<t>Performing the signature operation over the combined protected JWS header (<xref target="jws-detached-protected_b64u"/>) and Payload content (<xref target="jws-payload_b64u"/>) produces the following signature:</t>
<figure title="Signature, base64url-encoded" anchor="jws-detached-sig"><artwork><![CDATA[
ns-fxWMR0YjG5KJK5VAVdE9c9zEHL4SlnjJvw2yiRQw
]]></artwork></figure>
</section>
<section anchor="jws-detached-output" title="Output Results">
<t>The following compose the resulting JWS object:</t>
<t><list style='symbols'>
<t>Protected JWS header (<xref target="jws-detached-protected_b64u"/>)</t>
<t>Signature (<xref target="jws-detached-sig"/>)</t>
</list></t>
<t>The resulting JWS object using the Compact serialization:</t>
<figure title="JSON Serialization" anchor="jws-detached-compact"><artwork><![CDATA[
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
.
.
ns-fxWMR0YjG5KJK5VAVdE9c9zEHL4SlnjJvw2yiRQw
]]></artwork></figure>
<t>The resulting JWS object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jws-detached-json"><artwork><![CDATA[
{
"signatures": [
{
"protected":
"eyJhbGciOiJIUzI1NiJ9",
"header": {
"kid":
"018c0ae5-4d9b-471b-bfd6-eef314bc7037"
},
"signature":
"LHbXRdr8vWfAWIPsViW2RDE5edTLiChP_6fRTDbwHBM"
}
]
}
]]></artwork></figure>
</section>
</section>
<section anchor="jws-somefields" title="Protecting Specific Header Fields">
<t>This example illustrates a signature where only certain header parameters are protected. Since this example contains both unprotected and protected header parameters, only the JSON serialization is possible.</t>
<section anchor="jws-somefields-input" title="Input Factors">
<t>The following are supplied before beginning the signing operation:</t>
<t><list style='symbols'>
<t>Payload content; this example uses the content from <xref target="jws-payload"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-payload_b64u"/>.</t>
<t>Signing key; this example uses the AES symmetric key from <xref target="jws-hmac-key"/>.</t>
<t>Signing algorithm; this example uses “RS256”.</t>
</list></t>
</section>
<section anchor="jws-somefields-op" title="Signing Operation">
<t>The following are generated before completing the signing operation:</t>
<t><list style='symbols'>
<t>Protected JWS Header; this example uses the header from <xref target="jws-somefields-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-somefields-protected_b64u"/>.</t>
<t>Unprotected JWS Header; this example uses the header from <xref target="jws-somefields-unprotected"/>.</t>
</list></t>
<t>The protected JWS header parameters:</t>
<figure title="Protected JWS Header JSON" anchor="jws-somefields-protected"><artwork><![CDATA[
{
"alg": "HS256"
}
]]></artwork></figure>
<figure title="Protected JWS Header, base64url-encoded" anchor="jws-somefields-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJIUzI1NiJ9
]]></artwork></figure>
<figure title="Unprotected JWS Header JSON" anchor="jws-somefields-unprotected"><artwork><![CDATA[
{
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
]]></artwork></figure>
<t>Performing the signature operation over the combined protected JWS header (<xref target="jws-somefields-protected_b64u"/>) and Payload content (<xref target="jws-payload_b64u"/>) produces the following signature:</t>
<figure title="Signature, base64url-encoded" anchor="jws-somefields-sig"><artwork><![CDATA[
LHbXRdr8vWfAWIPsViW2RDE5edTLiChP_6fRTDbwHBM
]]></artwork></figure>
</section>
<section anchor="jws-somefields-output" title="Output Results">
<t>The following compose the resulting JWS object:</t>
<t><list style='symbols'>
<t>Protected JWS header (<xref target="jws-somefields-protected_b64u"/>)</t>
<t>Unprotected JWS header (<xref target="jws-somefields-unprotected"/>)</t>
<t>Payload content (<xref target="jws-payload_b64u"/>)</t>
<t>Signature (<xref target="jws-somefields-sig"/>)</t>
</list></t>
<t>The resulting JWS object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jws-somefields-json"><artwork><![CDATA[
{
"payload":
"SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91d
CB5b3VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZi
B5b3UgZG9uJ3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2l
uZyB3aGVyZSB5b3UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg",
"signatures": [
{
"protected":
"eyJhbGciOiJIUzI1NiJ9",
"header": {
"kid":
"018c0ae5-4d9b-471b-bfd6-eef314bc7037"
},
"signature":
"LHbXRdr8vWfAWIPsViW2RDE5edTLiChP_6fRTDbwHBM"
}
]
}
]]></artwork></figure>
</section>
</section>
<section anchor="jws-nofields" title="Protecting Content Only">
<t>This example illustrates a signature where none of the header parameters are protected. Since this example contains only unprotected header parameters, only the JSON serialization is possible.</t>
<section anchor="jws-nofields-input" title="Input Factors">
<t>The following are supplied before beginning the signing operation:</t>
<t><list style='symbols'>
<t>Payload content; this example uses the content from <xref target="jws-payload"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-payload_b64u"/>.</t>
<t>Signing key; this example uses the AES key from <xref target="jws-hmac-key"/>.</t>
<t>Signing algorithm; this example uses “RS256”</t>
</list></t>
</section>
<section anchor="jws-nofields-op" title="Signing Operation">
<t>The following are generated before completing the signing operation:</t>
<t><list style='symbols'>
<t>Unprotected JWS Header; this example uses the header from <xref target="jws-nofields-unprotected"/>.</t>
</list></t>
<figure title="Unprotected JWS Header JSON" anchor="jws-nofields-unprotected"><artwork><![CDATA[
{
"alg": "HS256",
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
]]></artwork></figure>
<t>Performing the signature operation over the combined empty string (as there is no protected JWS header) and Payload content (<xref target="jws-payload_b64u"/>) produces the following signature:</t>
<figure title="Signature, base64url-encoded" anchor="jws-nofields-sig"><artwork><![CDATA[
RDrY7zngV8Mi0agUZpWOyS2WSIziPslf9tQllQYXC08
]]></artwork></figure>
</section>
<section anchor="jws-nofields-output" title="Output Results">
<t>The following compose the resulting JWS object:</t>
<t><list style='symbols'>
<t>Unprotected JWS header (<xref target="jws-nofields-unprotected"/>)</t>
<t>Payload content (<xref target="jws-payload_b64u"/>)</t>
<t>Signature (<xref target="jws-nofields-sig"/>)</t>
</list></t>
<t>The resulting JWS object using the JSON serialization:</t>
<figure title="JSON Serialization"><artwork><![CDATA[
{
"payload":
"SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91d
CB5b3VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZi
B5b3UgZG9uJ3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2l
uZyB3aGVyZSB5b3UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg",
"signatures": [
{
"header": {
"alg":
"HS256",
"kid":
"018c0ae5-4d9b-471b-bfd6-eef314bc7037"
},
"signature":
"RDrY7zngV8Mi0agUZpWOyS2WSIziPslf9tQllQYXC08"
}
]
}
]]></artwork></figure>
</section>
</section>
<section anchor="jws-multi" title="Multiple Signatures">
<t>This example illustrates multiple signatures applied to the same payload. Since this example contains more than one signature, only the JSON serialization is possible.</t>
<section anchor="jws-multi-input" title="Input Factors">
<t>The following are supplied before beginning the signing operation:</t>
<t><list style='symbols'>
<t>Payload content; this example uses the content from <xref target="jws-payload"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-payload_b64u"/>.</t>
<t>Signing keys; this example uses the following: <list style='symbols'>
<t>RSA private key from <xref target="jws-rsa-key"/> for the first signature</t>
<t>EC private key from <xref target="jws-ecdsa-key"/> for the second signature</t>
<t>AES symmetric key from <xref target="jws-hmac-key"/> for the third signature</t>
</list></t>
<t>Signing algorithms; this example uses the following: <list style='symbols'>
<t>“RS256” for the first signature</t>
<t>“ES512” for the second signature</t>
<t>“HS256” for the third signature</t>
</list></t>
</list></t>
</section>
<section anchor="jws-multi-op_1" title="First Signing Operation">
<t>The following are generated before completing the first signing operation:</t>
<t><list style='symbols'>
<t>Protected JWS Header; this example uses the header from <xref target="jws-multi-protected_1"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-multi-protected_b64u_1"/>.</t>
<t>Unprotected JWS Header; this example uses the header from <xref target="jws-multi-unprotected_1"/>.</t>
</list></t>
<figure title="Signature #1 Protected JWS Header JSON" anchor="jws-multi-protected_1"><artwork><![CDATA[
{
"alg": "RS256"
}
]]></artwork></figure>
<figure title="Signature #1 Protected JWS Header, base64url-encoded" anchor="jws-multi-protected_b64u_1"><artwork><![CDATA[
eyJhbGciOiJSUzI1NiJ9
]]></artwork></figure>
<figure title="Signature #1 JWS Header JSON" anchor="jws-multi-unprotected_1"><artwork><![CDATA[
{
"kid": "bilbo.baggins@hobbiton.example"
}
]]></artwork></figure>
<t>Performing the first signature operation over the combined protected JWS header (<xref target="jws-multi-protected_b64u_1"/>) and the Payload content (<xref target="jws-payload_b64u"/>) produces the following signature:</t>
<figure title="Signature #1, base64url-encoded" anchor="jws-multi-sig_1"><artwork><![CDATA[
B4yWtHdhlWkVAB7hYEczTe4fNixKRbOV6XnTZ_LMIRabj3WLZe61BgWsaE_tXI
LGjS_hxIkY1YluKOOmC80vmGF-0j5T6mGKqcHxApoXbhTls9utFReQgg7OpXNB
r9F1-Dn4K1kTEiVWZMJqSEJljrGcznKj3bJTcEQOoZPf16YigOl39Vifani_qY
Qr0FLzSd0WTdO7M3b4WRCRYHGZQ9ssZXvFQ2A2C73zDARzKj3YBuUvgzKkTB_H
_aoCUH8tOhjE6XU5A6Uil508sldyYo-sYIe9waWWchM4snN_uWCAMecr4WmRIO
sb8rz7cRXK9MeH_6w8YntuDtgkCScdxQ
]]></artwork></figure>
<t>The following is the assembled first signature serialized as JSON:</t>
<figure title="Signature #1 JSON" anchor="jws-multi-sig_sig_1"><artwork><![CDATA[
{
"protected": "eyJhbGciOiJSUzI1NiJ9",
"header": {
"kid": "bilbo.baggins@hobbiton.example"
},
"signature":
"B4yWtHdhlWkVAB7hYEczTe4fNixKRbOV6XnTZ_LMIRabj3WLZe61BgWsa
E_tXILGjS_hxIkY1YluKOOmC80vmGF-0j5T6mGKqcHxApoXbhTls9utFR
eQgg7OpXNBr9F1-Dn4K1kTEiVWZMJqSEJljrGcznKj3bJTcEQOoZPf16Y
igOl39Vifani_qYQr0FLzSd0WTdO7M3b4WRCRYHGZQ9ssZXvFQ2A2C73z
DARzKj3YBuUvgzKkTB_H_aoCUH8tOhjE6XU5A6Uil508sldyYo-sYIe9w
aWWchM4snN_uWCAMecr4WmRIOsb8rz7cRXK9MeH_6w8YntuDtgkCScdxQ"
}
]]></artwork></figure>
</section>
<section anchor="jws-multi-op_2" title="Second Signing Operation">
<t>The following are generated before completing the second signing operation:</t>
<t><list style='symbols'>
<t>Unprotected JWS Header; this example uses the header from <xref target="jws-multi-unprotected_2"/>.</t>
</list></t>
<figure title="Signature #2 JWS Header JSON" anchor="jws-multi-unprotected_2"><artwork><![CDATA[
{
"alg": "ES512",
"kid": "bilbo.baggins@hobbiton.example"
}
]]></artwork></figure>
<t>Performing the second signature operation over the combined empty string (as there is no protected JWS header) and Payload content (<xref target="jws-payload_b64u"/>) produces the following signature:</t>
<figure title="Signature #2, base64url-encoded" anchor="jws-multi-sig_2"><artwork><![CDATA[
GliCVJY7BmN6pRTLfpWIKBjczIXDJjFlXluppc24eYWPCJCNP8z1YRp9mBn7wq
UkU0xPaSzcq-GppxhQTUq27TsORK11Ab3i74DiNmsy_usLDyzlSh2UCW-jF6WA
H1jq0fCa32H4zxnTIJV_uwMDyLuuXdwgHLfDoA1hEyUoqeY50A
]]></artwork></figure>
<t>The following is the assembled second signature serialized as JSON:</t>
<figure title="Signature #2 JSON" anchor="jws-multi-sig_sig_2"><artwork><![CDATA[
{
"header": {
"alg": "ES512",
"kid": "bilbo.baggins@hobbiton.example"
},
"signature":
"GliCVJY7BmN6pRTLfpWIKBjczIXDJjFlXluppc24eYWPCJCNP8z1YRp9m
Bn7wqUkU0xPaSzcq-GppxhQTUq27TsORK11Ab3i74DiNmsy_usLDyzlSh
2UCW-jF6WAH1jq0fCa32H4zxnTIJV_uwMDyLuuXdwgHLfDoA1hEyUoqeY
50A"
}
]]></artwork></figure>
</section>
<section anchor="jws-multi-op_3" title="Third Signing Operation">
<t>The following are generated before completing the third signing operation:</t>
<t><list style='symbols'>
<t>Protected JWS Header; this example uses the header from <xref target="jws-multi-protected_3"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-multi-protected_b64u_3"/>.</t>
</list></t>
<figure title="Signature #3 Protected JWS Header JSON" anchor="jws-multi-protected_3"><artwork><![CDATA[
{
"alg": "HS256",
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
]]></artwork></figure>
<figure title="Signature #3 Protected JWS Header, base64url-encoded" anchor="jws-multi-protected_b64u_3"><artwork><![CDATA[
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
]]></artwork></figure>
<t>Performing the third signature operation over the combined protected JWS header (<xref target="jws-multi-protected_b64u_3"/>) and Payload content (<xref target="jws-payload_b64u"/>) produces the following signature:</t>
<figure title="Signature #3, base64url-encoded" anchor="jws-multi-sig_3"><artwork><![CDATA[
RDrY7zngV8Mi0agUZpWOyS2WSIziPslf9tQllQYXC08
]]></artwork></figure>
<t>The following is the assembled third signature serialized as JSON:</t>
<figure title="Signature #3 JSON" anchor="jws-multi-sig_sig_3"><artwork><![CDATA[
{
"protected":
"eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZm
Q2LWVlZjMxNGJjNzAzNyJ9",
"signature":
"BC8xgQaFNKeZieRI0z7wDzbpRyG_ombR9gDU22IBJEM"
}
]]></artwork></figure>
</section>
<section anchor="jws-multi-output" title="Output Results">
<t>The following compose the resulting JWS object:</t>
<t><list style='symbols'>
<t>Payload content (<xref target="jws-payload_b64u"/>)</t>
<t>Signature #1 JSON (<xref target="jws-multi-sig_sig_1"/>)</t>
<t>Signature #2 JSON (<xref target="jws-multi-sig_sig_2"/>)</t>
<t>Signature #3 JSON (<xref target="jws-multi-sig_sig_3"/>)</t>
</list></t>
<t>The resulting JWS object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jws-multi-json"><artwork><![CDATA[
{
"payload":
"SXQncyBhIGRhbmdlcm91cyBidXNpbmVzcywgRnJvZG8sIGdvaW5nIG91d
CB5b3VyIGRvb3IuIFlvdSBzdGVwIG9udG8gdGhlIHJvYWQsIGFuZCBpZi
B5b3UgZG9uJ3Qga2VlcCB5b3VyIGZlZXQsIHRoZXJlJ3Mgbm8ga25vd2l
uZyB3aGVyZSB5b3UgbWlnaHQgYmUgc3dlcHQgb2ZmIHRvLg",
"signatures": [
{
"protected": "eyJhbGciOiJSUzI1NiJ9",
"header": {
"kid": "bilbo.baggins@hobbiton.example"
},
"signature":
"B4yWtHdhlWkVAB7hYEczTe4fNixKRbOV6XnTZ_LMIRabj3WLZe61B
gWsaE_tXILGjS_hxIkY1YluKOOmC80vmGF-0j5T6mGKqcHxApoXbh
Tls9utFReQgg7OpXNBr9F1-Dn4K1kTEiVWZMJqSEJljrGcznKj3bJ
TcEQOoZPf16YigOl39Vifani_qYQr0FLzSd0WTdO7M3b4WRCRYHGZ
Q9ssZXvFQ2A2C73zDARzKj3YBuUvgzKkTB_H_aoCUH8tOhjE6XU5A
6Uil508sldyYo-sYIe9waWWchM4snN_uWCAMecr4WmRIOsb8rz7cR
XK9MeH_6w8YntuDtgkCScdxQ"
},
{
"header": {
"alg": "ES512",
"kid": "bilbo.baggins@hobbiton.example"
},
"signature":
"GliCVJY7BmN6pRTLfpWIKBjczIXDJjFlXluppc24eYWPCJCNP8z1Y
Rp9mBn7wqUkU0xPaSzcq-GppxhQTUq27TsORK11Ab3i74DiNmsy_u
sLDyzlSh2UCW-jF6WAH1jq0fCa32H4zxnTIJV_uwMDyLuuXdwgHLf
DoA1hEyUoqeY50A"
},
{
"protected":
"eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi
1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
"signature":
"BC8xgQaFNKeZieRI0z7wDzbpRyG_ombR9gDU22IBJEM"
}
]
}
]]></artwork></figure>
</section>
</section>
</section>
<section anchor="jwe" title="JSON Web Encryption Examples">
<t>The following sections demonstrate how to generate various JWE objects.</t>
<t>All of the succeeding examples (unless otherwise noted) use the following plaintext content, serialized as UTF-8, with line breaks (U+000A LINE FEED) replacing some “ “ (U+0020 SPACE) characters to improve formatting:</t>
<figure title="Plaintext content" anchor="jwe-plaintext"><artwork><![CDATA[
You can trust us to stick with you through thick and thin--to
the bitter end. And you can trust us to keep any secret of
yours--closer than you keep it yourself. But you cannot trust
us to let you face trouble alone, and go off without a word.
We are your friends, Frodo.
]]></artwork></figure>
<section anchor="jwe-rsa15" title="Key Encryption using RSA v1.5 and AES-HMAC-SHA2">
<t>This example illustrates encrypting content using the “RSA1_5” (RSAES-PKCS1-v1_5) key encryption algorithm and the “A128CBC-HS256” (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.</t>
<section anchor="jwe-rsa15-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style='symbols'>
<t>Plaintext content; this example uses the content from <xref target="jwe-plaintext"/>.</t>
<t>RSA public key; this example uses the key from <xref target="jwe-rsa15-key"/>.</t>
<t>“alg” parameter of “RSA1_5”.</t>
<t>“enc” parameter of “A128CBC-HS256”.</t>
</list></t>
<figure title="RSA 2048-bit Key, in JWK format" anchor="jwe-rsa15-key"><artwork><![CDATA[
{
"kty": "RSA",
"kid": "frodo.baggins@hobbiton.example",
"use": "enc",
"n": "maxhbsmBtdQ3CNrKvprUE6n9lYcregDMLYNeTAWcLj8NnPU9XIYe
gTHVHQjxKDSHP2l-F5jS7sppG1wgdAqZyhnWvXhYNvcM7RfgKxqN
x_xAHx6f3yy7s-M9PSNCwPC2lh6UAkR4I00EhV9lrypM9Pi4lBUo
p9t5fS9W5UNwaAllhrd-osQGPjIeI1deHTwx-ZTHu3C60Pu_LJIl
6hKn9wbwaUmA4cR5Bd2pgbaY7ASgsjCUbtYJaNIHSoHXprUdJZKU
MAzV0WOKPfA6OPI4oypBadjvMZ4ZAj3BnXaSYsEZhaueTXvZB4eZ
OAjIyh2e_VOIKVMsnDrJYAVotGlvMQ",
"e": "AQAB",
"d": "Kn9tgoHfiTVi8uPu5b9TnwyHwG5dK6RE0uFdlpCGnJN7ZEi963R7
wybQ1PLAHmpIbNTztfrheoAniRV1NCIqXaW_qS461xiDTp4ntEPn
qcKsyO5jMAji7-CL8vhpYYowNFvIesgMoVaPRYMYT9TW63hNM0aW
s7USZ_hLg6Oe1mY0vHTI3FucjSM86Nff4oIENt43r2fspgEPGRrd
E6fpLc9Oaq-qeP1GFULimrRdndm-P8q8kvN3KHlNAtEgrQAgTTgz
80S-3VD0FgWfgnb1PNmiuPUxO8OpI9KDIfu_acc6fg14nsNaJqXe
6RESvhGPH2afjHqSy_Fd2vpzj85bQQ",
"p": "2DwQmZ43FoTnQ8IkUj3BmKRf5Eh2mizZA5xEJ2MinUE3sdTYKSL
taEoekX9vbBZuWxHdVhM6UnKCJ_2iNk8Z0ayLYHL0_G21aXf9-un
ynEpUsH7HHTklLpYAzOOx1ZgVljoxAdWNn3hiEFrjZLZGS7lOH-a
3QQlDDQoJOJ2VFmU",
"q": "te8LY4-W7IyaqH1ExujjMqkTAlTeRbv0VLQnfLY2xINnrWdwiQ93
_VF099aP1ESeLja2nw-6iKIe-qT7mtCPozKfVtUYfz5HrJ_XY2kf
exJINb9lhZHMv5p1skZpeIS-GPHCC6gRlKo1q-idn_qxyusfWv7W
AxlSVfQfk8d6Et0",
"dp": "UfYKcL_or492vVc0PzwLSplbg4L3-Z5wL48mwiswbpzOyIgd2xHT
HQmjJpFAIZ8q-zf9RmgJXkDrFs9rkdxPtAsL1WYdeCT5c125Fkdg
317JVRDo1inX7x2Kdh8ERCreW8_4zXItuTl_KiXZNU5lvMQjWbIw
2eTx1lpsflo0rYU",
"dq": "iEgcO-QfpepdH8FWd7mUFyrXdnOkXJBCogChY6YKuIHGc_p8Le9M
bpFKESzEaLlN1Ehf3B6oGBl5Iz_ayUlZj2IoQZ82znoUrpa9fVYN
ot87ACfzIG7q9Mv7RiPAderZi03tkVXAdaBau_9vs5rS-7HMtxkV
rxSUvJY14TkXlHE",
"qi": "kC-lzZOqoFaZCr5l0tOVtREKoVqaAYhQiqIRGL-MzS4sCmRkxm5v
ZlXYx6RtE1n_AagjqajlkjieGlxTTThHD8Iga6foGBMaAr5uR1hG
QpSc7Gl7CF1DZkBJMTQN6EshYzZfxW08mIO8M6Rzuh0beL6fG9mk
DcIyPrBXx2bQ_mM"
}
]]></artwork></figure>
<t>(<spanx style='strong'>NOTE</spanx>: While the key includes the private parameters, only the public parameters “e” and “n” are necessary for the encryption operation.)</t>
</section>
<section anchor="jwe-rsa15-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style='symbols'>
<t>AES symmetric key as the Content Encryption Key (CEK); this example uses the key from <xref target="jwe-rsa15-cek"/></t>
<t>Initialization vector/nonce; this example uses the initialization vector from <xref target="jwe-rsa15-iv"/></t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-rsa15-cek"><artwork><![CDATA[
vQ6_Pof-pnIBBB_qhAxzuusbc25hFCB1pJuBIN7yMNU
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-rsa15-iv"><artwork><![CDATA[
mR-7lneQlGq9vxe_udL4LA
]]></artwork></figure>
</section>
<section anchor="jwe-rsa15-keyenc" title="Encrypting the Key">
<t>Performing the key encryption operation over the CEK (<xref target="jwe-rsa15-cek"/>) with the RSA key (<xref target="jwe-rsa15-key"/>) results in the following encrypted key:</t>
<figure title="Encrypted Key, base64url-encoded" anchor="jwe-rsa15-encdkey"><artwork><![CDATA[
IDNYysyXa21oifTY_cy7sB7vAa9oHkE4RZZ78r88TdrGlKWbzltMJw4sJ7xpNo
vR8KZDHLeJUwiaQKIjWBFs2Dytdk4gHhVDc2rx9F2vHN2S1vQuC_TYslbSDLHx
nnZkH2_ymlJz2saY5RJAjh-9OHCMcTJI-j7hJpMEJmvWt_XrDp9tBby0xyjdwd
teAtwyJxD5nyzBUGTsfaCzfqZTF_3BJu2AKyuE10KEMbBo8EJVf1PP1JSS73qy
UqEt8oo0OHlYTicOwwwwhyiNshdrA4zQSeC2M0yxzDcQvXswQHQs1bXA8K-KJa
B-u6qkDMAwA1tJEch4R58z9WsYKyrhAw
]]></artwork></figure>
</section>
<section anchor="jwe-rsa15-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the plaintext:</t>
<t><list style='symbols'>
<t>Protected JWE Header; this example uses the header from <xref target="jwe-rsa15-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jwe-rsa15-protected_b64u"/>.</t>
</list></t>
<figure title="Protected JWE Header JSON" anchor="jwe-rsa15-protected"><artwork><![CDATA[
{
"alg": "RSA1_5",
"kid": "frodo.baggins@hobbiton.example",
"enc": "A128CBC-HS256"
}
]]></artwork></figure>
<figure title="Protected JWE Header, base64url-encoded" anchor="jwe-rsa15-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm
V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0
]]></artwork></figure>
<t>Performing the content encryption operation on the Plaintext (<xref target="jwe-plaintext"/>) using the following:</t>
<t><list style='symbols'>
<t>CEK (<xref target="jwe-rsa15-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-rsa15-iv"/>); and</t>
<t>Protected JWE header (<xref target="jwe-rsa15-protected"/>) as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style='symbols'>
<t>Ciphertext from <xref target="jwe-rsa15-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-rsa15-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-rsa15-ciphertext"><artwork><![CDATA[
LecEGK89HoOzWbbh97km04mExBgZp0kO8LMFTJgfTqNjHW5VSPh0QMww7zqSkl
a_8ZPoWIzm1Y6xGtKLA9enpRFTrHZxZxTH9eG9P9PjsIC20NsGVweYeYc_l7m2
vyC_E1BzTQ9jb3wS1DxrqSX6YRjJ5mqx8ZX3tJW-wWVZfW8-PSEXb4GlBi22iQ
goXfx8yHYfv-lXWlaQ2HjDWl21Mab41aW4ZYKt8maWZiglK4XckGv7-whchA42
VB4pNOQMY7e9BTyvm-DwVSS3Ul2bX3jz9kB--aTLxGtl9sR7z1ZgAyfRqoSs0S
op9J35heE89JveLIAjnuXH2ShsF0lW6T4HEYXFh9QsAF4TRdnpRs4
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-rsa15-tag"><artwork><![CDATA[
3AIdtJkgAkWuhBdFo8iL8A
]]></artwork></figure>
</section>
<section anchor="jwe-rsa15-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style='symbols'>
<t>Protected JWE header (<xref target="jwe-rsa15-protected_b64u"/>).</t>
<t>Encrypted Key (<xref target="jwe-rsa15-encdkey"/>).</t>
<t>Initialization vector/nonce (<xref target="jwe-rsa15-iv"/>).</t>
<t>Ciphertext (<xref target="jwe-rsa15-ciphertext"/>).</t>
<t>Authentication Tag (<xref target="jwe-rsa15-tag"/>).</t>
</list></t>
<t>The resulting JWE object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jwe-rsa15-compact"><artwork><![CDATA[
eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm
V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0
.
IDNYysyXa21oifTY_cy7sB7vAa9oHkE4RZZ78r88TdrGlKWbzltMJw4sJ7xpNo
vR8KZDHLeJUwiaQKIjWBFs2Dytdk4gHhVDc2rx9F2vHN2S1vQuC_TYslbSDLHx
nnZkH2_ymlJz2saY5RJAjh-9OHCMcTJI-j7hJpMEJmvWt_XrDp9tBby0xyjdwd
teAtwyJxD5nyzBUGTsfaCzfqZTF_3BJu2AKyuE10KEMbBo8EJVf1PP1JSS73qy
UqEt8oo0OHlYTicOwwwwhyiNshdrA4zQSeC2M0yxzDcQvXswQHQs1bXA8K-KJa
B-u6qkDMAwA1tJEch4R58z9WsYKyrhAw
.
mR-7lneQlGq9vxe_udL4LA
.
LecEGK89HoOzWbbh97km04mExBgZp0kO8LMFTJgfTqNjHW5VSPh0QMww7zqSkl
a_8ZPoWIzm1Y6xGtKLA9enpRFTrHZxZxTH9eG9P9PjsIC20NsGVweYeYc_l7m2
vyC_E1BzTQ9jb3wS1DxrqSX6YRjJ5mqx8ZX3tJW-wWVZfW8-PSEXb4GlBi22iQ
goXfx8yHYfv-lXWlaQ2HjDWl21Mab41aW4ZYKt8maWZiglK4XckGv7-whchA42
VB4pNOQMY7e9BTyvm-DwVSS3Ul2bX3jz9kB--aTLxGtl9sR7z1ZgAyfRqoSs0S
op9J35heE89JveLIAjnuXH2ShsF0lW6T4HEYXFh9QsAF4TRdnpRs4
.
3AIdtJkgAkWuhBdFo8iL8A
]]></artwork></figure>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-rsa15-json"><artwork><![CDATA[
{
"recipients": {
"encrypted_key":
"IDNYysyXa21oifTY_cy7sB7vAa9oHkE4RZZ78r88TdrGlKWbzltMJw4
sJ7xpNovR8KZDHLeJUwiaQKIjWBFs2Dytdk4gHhVDc2rx9F2vHN2S1v
QuC_TYslbSDLHxnnZkH2_ymlJz2saY5RJAjh-9OHCMcTJI-j7hJpMEJ
mvWt_XrDp9tBby0xyjdwdteAtwyJxD5nyzBUGTsfaCzfqZTF_3BJu2A
KyuE10KEMbBo8EJVf1PP1JSS73qyUqEt8oo0OHlYTicOwwwwhyiNshd
rA4zQSeC2M0yxzDcQvXswQHQs1bXA8K-KJaB-u6qkDMAwA1tJEch4R5
8z9WsYKyrhAw"
},
"protected":
"eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpd
G9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
"iv":
"mR-7lneQlGq9vxe_udL4LA",
"ciphertext":
"LecEGK89HoOzWbbh97km04mExBgZp0kO8LMFTJgfTqNjHW5VSPh0QMww7
zqSkla_8ZPoWIzm1Y6xGtKLA9enpRFTrHZxZxTH9eG9P9PjsIC20NsGVw
eYeYc_l7m2vyC_E1BzTQ9jb3wS1DxrqSX6YRjJ5mqx8ZX3tJW-wWVZfW8
-PSEXb4GlBi22iQgoXfx8yHYfv-lXWlaQ2HjDWl21Mab41aW4ZYKt8maW
ZiglK4XckGv7-whchA42VB4pNOQMY7e9BTyvm-DwVSS3Ul2bX3jz9kB--
aTLxGtl9sR7z1ZgAyfRqoSs0Sop9J35heE89JveLIAjnuXH2ShsF0lW6T
4HEYXFh9QsAF4TRdnpRs4",
"tag":
"3AIdtJkgAkWuhBdFo8iL8A"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-rsa_oaep" title="Key Encryption using RSA-OAEP with A256GCM">
<t>This example illustrates encrypting content using the “RSA-OAEP” (RSAES-OAEP) key encryption algorithm and the “A256GCM” (AES-GCM) content encryption algorithm.</t>
<section anchor="jwe-rsa_oaep-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style='symbols'>
<t>Plaintext content; this example uses the plaintext from <xref target="jwe-plaintext"/>.</t>
<t>RSA public key; this example uses the key from <xref target="jwe-rsa_oaep-key"/>.</t>
<t>“alg” parameter of “RSA-OAEP”</t>
<t>“enc” parameter of “A256GCM”</t>
</list></t>
<figure title="RSA 4096-bit Key" anchor="jwe-rsa_oaep-key"><artwork><![CDATA[
{
"kty": "RSA",
"kid": "samwise.gamgee@hobbiton.example",
"use": "enc",
"alg": "RSA-OAEP",
"n": "wbdxI55VaanZXPY29Lg5hdmv2XhvqAhoxUkanfzf2-5zVUxa6prH
RrI4pP1AhoqJRlZfYtWWd5mmHRG2pAHIlh0ySJ9wi0BioZBl1XP2
e-C-FyXJGcTy0HdKQWlrfhTm42EW7Vv04r4gfao6uxjLGwfpGrZL
arohiWCPnkNrg71S2CuNZSQBIPGjXfkmIy2tl_VWgGnL22GplyXj
5YlBLdxXp3XeStsqo571utNfoUTU8E4qdzJ3U1DItoVkPGsMwlmm
nJiwA7sXRItBCivR4M5qnZtdw-7v4WuR4779ubDuJ5nalMv2S66-
RPcnFAzWSKxtBDnFJJDGIUe7Tzizjg1nms0Xq_yPub_UOlWn0ec8
5FCft1hACpWG8schrOBeNqHBODFskYpUc2LC5JA2TaPF2dA67dg1
TTsC_FupfQ2kNGcE1LgprxKHcVWYQb86B-HozjHZcqtauBzFNV5t
bTuB-TpkcvJfNcFLlH3b8mb-H_ox35FjqBSAjLKyoeqfKTpVjvXh
d09knwgJf6VKq6UC418_TOljMVfFTWXUxlnfhOOnzW6HSSzD1c9W
rCuVzsUMv54szidQ9wf1cYWf3g5qFDxDQKis99gcDaiCAwM3yEBI
zuNeeCa5dartHDb1xEB_HcHSeYbghbMjGfasvKn0aZRsnTyC0xhW
BlsolZE",
"e": "AQAB",
"d": "n7fzJc3_WG59VEOBTkayzuSMM780OJQuZjN_KbH8lOZG25ZoA7T4
Bxcc0xQn5oZE5uSCIwg91oCt0JvxPcpmqzaJZg1nirjcWZ-oBtVk
7gCAWq-B3qhfF3izlbkosrzjHajIcY33HBhsy4_WerrXg4MDNE4H
Yojy68TcxT2LYQRxUOCf5TtJXvM8olexlSGtVnQnDRutxEUCwiew
fmmrfveEogLx9EA-KMgAjTiISXxqIXQhWUQX1G7v_mV_Hr2YuImY
cNcHkRvp9E7ook0876DhkO8v4UOZLwA1OlUX98mkoqwc58A_Y2lB
YbVx1_s5lpPsEqbbH-nqIjh1fL0gdNfihLxnclWtW7pCztLnImZA
yeCWAG7ZIfv-Rn9fLIv9jZ6r7r-MSH9sqbuziHN2grGjD_jfRluM
Ha0l84fFKl6bcqN1JWxPVhzNZo01yDF-1LiQnqUYSepPf6X3a2SO
dkqBRiquE6EvLuSYIDpJq3jDIsgoL8Mo1LoomgiJxUwL_GWEOGu2
8gplyzm-9Q0U0nyhEf1uhSR8aJAQWAiFImWH5W_IQT9I7-yrindr
_2fWQ_i1UgMsGzA7aOGzZfPljRy6z-tY_KuBG00-28S_aWvjyUc-
Alp8AUyKjBZ-7CWH32fGWK48j1t-zomrwjL_mnhsPbGs0c9WsWgR
zI-K8gE",
"p": "7_2v3OQZzlPFcHyYfLABQ3XP85Es4hCdwCkbDeltaUXgVy9l9etK
ghvM4hRkOvbb01kYVuLFmxIkCDtpi-zLCYAdXKrAK3PtSbtzld_X
Z9nlsYa_QZWpXB_IrtFjVfdKUdMz94pHUhFGFj7nr6NNxfpiHSHW
FE1zD_AC3mY46J961Y2LRnreVwAGNw53p07Db8yD_92pDa97vqcZ
OdgtybH9q6uma-RFNhO1AoiJhYZj69hjmMRXx-x56HO9cnXNbmzN
SCFCKnQmn4GQLmRj9sfbZRqL94bbtE4_e0Zrpo8RNo8vxRLqQNwI
y85fc6BRgBJomt8QdQvIgPgWCv5HoQ",
"q": "zqOHk1P6WN_rHuM7ZF1cXH0x6RuOHq67WuHiSknqQeefGBA9PWs6
ZyKQCO-O6mKXtcgE8_Q_hA2kMRcKOcvHil1hqMCNSXlflM7WPRPZ
u2qCDcqssd_uMbP-DqYthH_EzwL9KnYoH7JQFxxmcv5An8oXUtTw
k4knKjkIYGRuUwfQTus0w1NfjFAyxOOiAQ37ussIcE6C6ZSsM3n4
1UlbJ7TCqewzVJaPJN5cxjySPZPD3Vp01a9YgAD6a3IIaKJdIxJS
1ImnfPevSJQBE79-EXe2kSwVgOzvt-gsmM29QQ8veHy4uAqca5dZ
zMs7hkkHtw1z0jHV90epQJJlXXnH8Q",
"dp": "19oDkBh1AXelMIxQFm2zZTqUhAzCIr4xNIGEPNoDt1jK83_FJA-x
nx5kA7-1erdHdms_Ef67HsONNv5A60JaR7w8LHnDiBGnjdaUmmuO
8XAxQJ_ia5mxjxNjS6E2yD44USo2JmHvzeeNczq25elqbTPLhUpG
o1IZuG72FZQ5gTjXoTXC2-xtCDEUZfaUNh4IeAipfLugbpe0JAFl
FfrTDAMUFpC3iXjxqzbEanflwPvj6V9iDSgjj8SozSM0dLtxvu0L
IeIQAeEgT_yXcrKGmpKdSO08kLBx8VUjkbv_3Pn20Gyu2YEuwpFl
M_H1NikuxJNKFGmnAq9LcnwwT0jvoQ",
"dq": "S6p59KrlmzGzaQYQM3o0XfHCGvfqHLYjCO557HYQf72O9kLMCfd_
1VBEqeD-1jjwELKDjck8kOBl5UvohK1oDfSP1DleAy-cnmL29DqW
mhgwM1ip0CCNmkmsmDSlqkUXDi6sAaZuntyukyflI-qSQ3C_BafP
yFaKrt1fgdyEwYa08pESKwwWisy7KnmoUvaJ3SaHmohFS78TJ25c
fc10wZ9hQNOrIChZlkiOdFCtxDqdmCqNacnhgE3bZQjGp3n83ODS
z9zwJcSUvODlXBPc2AycH6Ci5yjbxt4Ppox_5pjm6xnQkiPgj01G
psUssMmBN7iHVsrE7N2iznBNCeOUIQ",
"qi": "FZhClBMywVVjnuUud-05qd5CYU0dK79akAgy9oX6RX6I3IIIPckC
ciRrokxglZn-omAY5CnCe4KdrnjFOT5YUZE7G_Pg44XgCXaarLQf
4hl80oPEf6-jJ5Iy6wPRx7G2e8qLxnh9cOdf-kRqgOS3F48Ucvw3
ma5V6KGMwQqWFeV31XtZ8l5cVI-I3NzBS7qltpUVgz2Ju021eyc7
IlqgzR98qKONl27DuEES0aK0WE97jnsyO27Yp88Wa2RiBrEocM89
QZI1seJiGDizHRUP4UZxw9zsXww46wy0P6f9grnYp7t8LkyDDk8e
oI4KX6SNMNVcyVS9IWjlq8EzqZEKIA"
}
]]></artwork></figure>
<t>(<spanx style='strong'>NOTE</spanx>: While the key includes the private parameters, only the public parameters “e” and “n” are necessary for the encryption operation.)</t>
</section>
<section anchor="jwe-rsa_oaep-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style='symbols'>
<t>AES symmetric key as the Content Encryption CEK (CEK); this example uses the key from <xref target="jwe-rsa_oaep-cek"/>.</t>
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jwe-rsa_oaep-iv"/>.</t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-rsa_oaep-cek"><artwork><![CDATA[
09EnDWfdf6KCP09QbQQdhhoyFE5GoGAjdShgLGLol8k
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-rsa_oaep-iv"><artwork><![CDATA[
MKccO3TLKaMB67zj
]]></artwork></figure>
</section>
<section anchor="jwe-rsa_oaep-keyenc" title="Encrypting the Key">
<t>Performing the key encryption operation over the CEK (<xref target="jwe-rsa_oaep-cek"/>)) with the RSA key (<xref target="jwe-rsa_oaep-key"/>) produces the following encrypted key:</t>
<figure title="Encrypted Key, base64url-encoded" anchor="jwe-rsa_oaep-encdkey"><artwork><![CDATA[
WaQnEArx6u7NRlv6o08qNgsMpo-UFVXs_ALqEbAhQJVOXMyNqacRhYoujIOFlt
i0u_ofz6Yh93Pu83iTZYIGk0fFD4C62-kSiX5Enl-UyORiMca925XxPItbOE6v
8sbzwzTBC-rzPXN9qrfPvKCdrlWbJv6oQAUbtreKpG8yD17YYyKw9qedx7BrSc
9TCvNH8ahrC93O1Qp_rZIPdkt92A8yhAje_cxMMaMHZ4YmlN_u05120iJhp6bg
5S_zPlpqmd5-BrpUIGmH0hwuBk2Z5Djbm47YlosNZUWIB69JBFazaDhGGRhsfM
eceRRhhGaG94gP2uZS42h1fZjYDH9zNxvXXHJ-4zqj8sM-LHLH16uDTVkvYaUw
ZPTUAj55fBKBs-o8o7rLCce8AWXEDBuqm-8rTnakLss5_Hc7l61RC8K4IJWnWB
zGLFlM1jRApbEwA5HZO61ku45WLGC64NLDdnyGahFxW9EikKXcE21Jc716oRfF
EeiOXaZGtJhYTjsuPr5IYJr8fWX_NC1y1xqYW1JnfLKklIemtznHTXvq7de6Vx
eSucwBklB24oafBFSeMEGBqKFQPhCBaAqCdJL1NkMhA9D6gqJkjluT1Aj0_Dq8
ikwSP2dG3grGlrl6EtTuhA-j_ArrqLzvSoJU51Nu_1k3usrvgIWLZ89i8Zt05S
A
]]></artwork></figure>
</section>
<section anchor="jwe-rsa_oaep-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the plaintext:</t>
<t><list style='symbols'>
<t>Protected JWE Header; this example uses the the header from <xref target="jwe-rsa_oaep-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jwe-rsa_oaep-protected_b64u"/>.</t>
</list></t>
<figure title="Protected JWE Header JSON" anchor="jwe-rsa_oaep-protected"><artwork><![CDATA[
{
"alg": "RSA-OAEP",
"kid": "samwise.gamgee@hobbiton.example",
"enc": "A256GCM"
}
]]></artwork></figure>
<figure title="Protected JWE Header, base64url-encoded" anchor="jwe-rsa_oaep-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG
9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0
]]></artwork></figure>
<t>Performing the content encryption operation over the Plaintext (<xref target="jwe-plaintext"/>) with the following:</t>
<t><list style='symbols'>
<t>CEK (<xref target="jwe-rsa_oaep-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-rsa_oaep-iv"/>); and</t>
<t>Protected JWE Header (<xref target="jwe-rsa_oaep-protected_b64u"/>) as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style='symbols'>
<t>Ciphertext from <xref target="jwe-rsa_oaep-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-rsa_oaep-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-rsa_oaep-ciphertext"><artwork><![CDATA[
dLMYOKvvtY8Adfc8Tg4lSKElvvzBi2MJcSKDssll-jj0S_NIjI3P956z_qhZgJ
3bVLTVPr1p8JcThDcqTZtrA4ShYpyyTrBnEzOOyyzv4h6WWiuoCJTfI1Gxzm-J
PJNdPYifgOS0E5RKk5L64yDtotBP9AMTZZ4WjatyAlRcgD5hVhP2HrqIVG0j1S
b5g5tz4fi5vmSwIhGOeOxwgLvuryjn-8ECi_5LkdUiC3wQP53pZRtqmwmACyq_
uXvTpbUWSGna1LKaup-UC1PkOUGvHFa83WgkarkJbSkA0ZoVtebBJ_XvwNlfe1
VRDk8hxh0AmPvvsMiantgQ4oE6LCjOWKj6C4UNSWgla8zhousjSQ
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-rsa_oaep-tag"><artwork><![CDATA[
vCmVSWBtadRAKUhtizP5tw
]]></artwork></figure>
</section>
<section anchor="jwe-rsa_oaep-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style='symbols'>
<t>Protected JWE header (<xref target="jwe-rsa_oaep-protected_b64u"/>)</t>
<t>Encrypted key (<xref target="jwe-rsa_oaep-encdkey"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-rsa_oaep-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-rsa_oaep-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-rsa_oaep-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jwe-rsa_oaep-compact"><artwork><![CDATA[
eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG
9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0
.
WaQnEArx6u7NRlv6o08qNgsMpo-UFVXs_ALqEbAhQJVOXMyNqacRhYoujIOFlt
i0u_ofz6Yh93Pu83iTZYIGk0fFD4C62-kSiX5Enl-UyORiMca925XxPItbOE6v
8sbzwzTBC-rzPXN9qrfPvKCdrlWbJv6oQAUbtreKpG8yD17YYyKw9qedx7BrSc
9TCvNH8ahrC93O1Qp_rZIPdkt92A8yhAje_cxMMaMHZ4YmlN_u05120iJhp6bg
5S_zPlpqmd5-BrpUIGmH0hwuBk2Z5Djbm47YlosNZUWIB69JBFazaDhGGRhsfM
eceRRhhGaG94gP2uZS42h1fZjYDH9zNxvXXHJ-4zqj8sM-LHLH16uDTVkvYaUw
ZPTUAj55fBKBs-o8o7rLCce8AWXEDBuqm-8rTnakLss5_Hc7l61RC8K4IJWnWB
zGLFlM1jRApbEwA5HZO61ku45WLGC64NLDdnyGahFxW9EikKXcE21Jc716oRfF
EeiOXaZGtJhYTjsuPr5IYJr8fWX_NC1y1xqYW1JnfLKklIemtznHTXvq7de6Vx
eSucwBklB24oafBFSeMEGBqKFQPhCBaAqCdJL1NkMhA9D6gqJkjluT1Aj0_Dq8
ikwSP2dG3grGlrl6EtTuhA-j_ArrqLzvSoJU51Nu_1k3usrvgIWLZ89i8Zt05S
A
.
MKccO3TLKaMB67zj
.
dLMYOKvvtY8Adfc8Tg4lSKElvvzBi2MJcSKDssll-jj0S_NIjI3P956z_qhZgJ
3bVLTVPr1p8JcThDcqTZtrA4ShYpyyTrBnEzOOyyzv4h6WWiuoCJTfI1Gxzm-J
PJNdPYifgOS0E5RKk5L64yDtotBP9AMTZZ4WjatyAlRcgD5hVhP2HrqIVG0j1S
b5g5tz4fi5vmSwIhGOeOxwgLvuryjn-8ECi_5LkdUiC3wQP53pZRtqmwmACyq_
uXvTpbUWSGna1LKaup-UC1PkOUGvHFa83WgkarkJbSkA0ZoVtebBJ_XvwNlfe1
VRDk8hxh0AmPvvsMiantgQ4oE6LCjOWKj6C4UNSWgla8zhousjSQ
.
vCmVSWBtadRAKUhtizP5tw
]]></artwork></figure>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-rsa_oaep-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key":
"WaQnEArx6u7NRlv6o08qNgsMpo-UFVXs_ALqEbAhQJVOXMyNqacRh
YoujIOFlti0u_ofz6Yh93Pu83iTZYIGk0fFD4C62-kSiX5Enl-UyO
RiMca925XxPItbOE6v8sbzwzTBC-rzPXN9qrfPvKCdrlWbJv6oQAU
btreKpG8yD17YYyKw9qedx7BrSc9TCvNH8ahrC93O1Qp_rZIPdkt9
2A8yhAje_cxMMaMHZ4YmlN_u05120iJhp6bg5S_zPlpqmd5-BrpUI
GmH0hwuBk2Z5Djbm47YlosNZUWIB69JBFazaDhGGRhsfMeceRRhhG
aG94gP2uZS42h1fZjYDH9zNxvXXHJ-4zqj8sM-LHLH16uDTVkvYaU
wZPTUAj55fBKBs-o8o7rLCce8AWXEDBuqm-8rTnakLss5_Hc7l61R
C8K4IJWnWBzGLFlM1jRApbEwA5HZO61ku45WLGC64NLDdnyGahFxW
9EikKXcE21Jc716oRfFEeiOXaZGtJhYTjsuPr5IYJr8fWX_NC1y1x
qYW1JnfLKklIemtznHTXvq7de6VxeSucwBklB24oafBFSeMEGBqKF
QPhCBaAqCdJL1NkMhA9D6gqJkjluT1Aj0_Dq8ikwSP2dG3grGlrl6
EtTuhA-j_ArrqLzvSoJU51Nu_1k3usrvgIWLZ89i8Zt05SA"
}
],
"protected":
"eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvY
mJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0",
"iv":
"MKccO3TLKaMB67zj",
"ciphertext":
"dLMYOKvvtY8Adfc8Tg4lSKElvvzBi2MJcSKDssll-jj0S_NIjI3P956z_
qhZgJ3bVLTVPr1p8JcThDcqTZtrA4ShYpyyTrBnEzOOyyzv4h6WWiuoCJ
TfI1Gxzm-JPJNdPYifgOS0E5RKk5L64yDtotBP9AMTZZ4WjatyAlRcgD5
hVhP2HrqIVG0j1Sb5g5tz4fi5vmSwIhGOeOxwgLvuryjn-8ECi_5LkdUi
C3wQP53pZRtqmwmACyq_uXvTpbUWSGna1LKaup-UC1PkOUGvHFa83Wgka
rkJbSkA0ZoVtebBJ_XvwNlfe1VRDk8hxh0AmPvvsMiantgQ4oE6LCjOWK
j6C4UNSWgla8zhousjSQ",
"tag":
"vCmVSWBtadRAKUhtizP5tw"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-pbes2" title="Key Wrap using PBES2-AES-KeyWrap with AES-CBC-HMAC-SHA2">
<t>The example illustrates encrypting content using the “PBES2-HS512+A256KW” (PBES2 Password-based Encryption using HMAC-SHA-512 and AES-256-KeyWrap) key encryption algorithm with the “A128CBC-HS256” (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.</t>
<section anchor="jwe-pbes2-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style='symbols'>
<t>Plaintext content; this example uses the plaintext from <xref target="jwe-pbes2-plaintext"/> (<spanx style='strong'>NOTE</spanx> all whitespace added for readability)</t>
<t>Password; this example uses the password from <xref target="jwe-pbes2-pwd"/></t>
<t>“alg” parameter of “PBES2-HS512+A256KW”</t>
<t>“enc” parameter of “A128CBC-HS256”</t>
</list></t>
<figure title="Plaintext Content" anchor="jwe-pbes2-plaintext"><artwork><![CDATA[
{
"keys": [
{
"kty": "oct",
"kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
"use": "enc",
"alg": "A128GCM",
"k": "XctOhJAkA-pD9Lh7ZgW_2A"
},
{
"kty": "oct",
"kid": "81b20965-8332-43d9-a468-82160ad91ac8",
"use": "enc",
"alg": "A128KW",
"k": "GZy6sIZ6wl9NJOKB-jnmVQ"
},
{
"kty": "oct",
"kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
"use": "enc",
"alg": "A256GCMKW",
"k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8"
}
]
}
]]></artwork></figure>
<figure title="Password" anchor="jwe-pbes2-pwd"><artwork><![CDATA[
entrap_o_peter_long_credit_tun
]]></artwork></figure>
</section>
<section anchor="jwe-pbes2-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style='symbols'>
<t>AES symmetric key as the Content Encryption Key (CEK); this example uses the key from <xref target="jwe-pbes2-cek"/>.</t>
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jwe-pbes2-iv"/>.</t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-pbes2-cek"><artwork><![CDATA[
LbIgtUgy3OYW-gpNaXZro-2naGkhnyw9NnXDrijI4EI
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-pbes2-iv"><artwork><![CDATA[
HnJqms6_fz9N6mpsML9NHA
]]></artwork></figure>
</section>
<section anchor="jwe-pbes2-keyenc" title="Encrypting the Key">
<t>The following are generated before encrypting the CEK:</t>
<t><list style='symbols'>
<t>Salt; this example uses the salt from <xref target="jwe-pbes2-p2s"/>.</t>
<t>Iteration count; this example uses the interaction count 8192.</t>
</list></t>
<figure title="Salt, base64url-encoded" anchor="jwe-pbes2-p2s"><artwork><![CDATA[
8Q1SzinasR3xchYz6ZZcHA
]]></artwork></figure>
<t>Performing the key encryption operation over the CEK (<xref target="jwe-pbes2-cek"/>)) with the following:</t>
<t><list style='symbols'>
<t>Password (<xref target="jwe-pbes2-pwd"/>;</t>
<t>Salt (<xref target="jwe-pbes2-p2s"/>), encoded as an octet string; and</t>
<t>Iteration count (8192)</t>
</list></t>
<t>produces the following encrypted key:</t>
<figure title="Encrypted Key, base64url-encoded" anchor="jwe-pbes2-encdkey"><artwork><![CDATA[
WY1x1MsMrbQogWOeXDasyESSjYi-3iS4p8UjlWMwNJOS0j7_KFQE0w
]]></artwork></figure>
</section>
<section anchor="jwe-pbes2-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the content:</t>
<t><list style='symbols'>
<t>Protected JWE Header; this example uses the header from <xref target="jwe-pbes2-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jwe-pbes2-protected_b64u"/>.</t>
</list></t>
<figure title="Protected JWE Header JSON" anchor="jwe-pbes2-protected"><artwork><![CDATA[
{
"p2s": "8Q1SzinasR3xchYz6ZZcHA",
"p2c": 8192,
"alg": "PBES2-HS256+A128KW",
"cty": "JWK-SET+JSON",
"enc": "A128CBC-HS256"
}
]]></artwork></figure>
<figure title="Protected JWE Header, base64url-encoded" anchor="jwe-pbes2-protected_b64u"><artwork><![CDATA[
eyJwMnMiOiI4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJhbG
ciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJKV0stU0VUK0pTT04iLCJl
bmMiOiJBMTI4Q0JDLUhTMjU2In0
]]></artwork></figure>
<t>Performing the content encryption operation over the Plaintext (<xref target="jwe-pbes2-plaintext"/>) with the the following:</t>
<t><list style='symbols'>
<t>CEK (<xref target="jwe-pbes2-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-pbes2-iv"/>); and</t>
<t>Protected JWE header (<xref target="jwe-pbes2-protected_b64u"/>) as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style='symbols'>
<t>Ciphertext from <xref target="jwe-pbes2-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-pbes2-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-pbes2-ciphertext"><artwork><![CDATA[
B39o2LfmeYhS_FiszP560P1VkHWNS6vukmQrUL2DdoQgzwz8debUcWgo1A9JXE
BUk4rr4ALHcn8wA1yRuzWOUlpk0LNBmBfrvdRpgItUQiknWa5U1KY_PqWIZKpJ
J-Gq0QTaBTsfnffUbk3BD7eillUdg3poI7EFHLsE7GN3nyuJKaCCdIkFngEekt
jM2WMUPPMuXracPftXsxJDPnUAwtCAEsShnHozPEUpMIIgWnnlM8dlofYaDewX
WySoYn321leWpLGCZVaJIEEgAttFH2iZpbb3MNV1UifDMgMCUS-Xbq4ohDcgu3
dv9xWg81PNib-GyXoFU93HN9HEblg8iZ6CfKVZ_KKvNS1oCVaoMKqPIf6Jgo-i
G4S_bblOma9esofjwIp-RU9h3fpx-taoMRvjb2pLEm1FQrYXkx5i3hfN0ESsHR
BW1WyCWnVK8M7mHJUHQqBL0FWZMKjpgWa00uZOnpZteZO4eyQKYSsBgyMRSuhF
6tceKFfxIWtclIno
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-pbes2-tag"><artwork><![CDATA[
YLeY6UpSeM3dUNqg5lEu0Q
]]></artwork></figure>
</section>
<section anchor="jwe-pbes2-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style='symbols'>
<t>Protected JWE header (<xref target="jwe-pbes2-protected_b64u"/>)</t>
<t>Encrypted key (<xref target="jwe-pbes2-encdkey"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-pbes2-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-pbes2-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-pbes2-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jwe-pbes2-compact"><artwork><![CDATA[
eyJwMnMiOiI4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJhbG
ciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJKV0stU0VUK0pTT04iLCJl
bmMiOiJBMTI4Q0JDLUhTMjU2In0
.
WY1x1MsMrbQogWOeXDasyESSjYi-3iS4p8UjlWMwNJOS0j7_KFQE0w
.
HnJqms6_fz9N6mpsML9NHA
.
B39o2LfmeYhS_FiszP560P1VkHWNS6vukmQrUL2DdoQgzwz8debUcWgo1A9JXE
BUk4rr4ALHcn8wA1yRuzWOUlpk0LNBmBfrvdRpgItUQiknWa5U1KY_PqWIZKpJ
J-Gq0QTaBTsfnffUbk3BD7eillUdg3poI7EFHLsE7GN3nyuJKaCCdIkFngEekt
jM2WMUPPMuXracPftXsxJDPnUAwtCAEsShnHozPEUpMIIgWnnlM8dlofYaDewX
WySoYn321leWpLGCZVaJIEEgAttFH2iZpbb3MNV1UifDMgMCUS-Xbq4ohDcgu3
dv9xWg81PNib-GyXoFU93HN9HEblg8iZ6CfKVZ_KKvNS1oCVaoMKqPIf6Jgo-i
G4S_bblOma9esofjwIp-RU9h3fpx-taoMRvjb2pLEm1FQrYXkx5i3hfN0ESsHR
BW1WyCWnVK8M7mHJUHQqBL0FWZMKjpgWa00uZOnpZteZO4eyQKYSsBgyMRSuhF
6tceKFfxIWtclIno
.
YLeY6UpSeM3dUNqg5lEu0Q
]]></artwork></figure>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-pbes2-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key":
"WY1x1MsMrbQogWOeXDasyESSjYi-3iS4p8UjlWMwNJOS0j7_KFQE0
w"
}
],
"protected":
"eyJwMnMiOiI4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyL
CJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJKV0stU0VUK0
pTT04iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
"iv":
"HnJqms6_fz9N6mpsML9NHA",
"ciphertext":
"B39o2LfmeYhS_FiszP560P1VkHWNS6vukmQrUL2DdoQgzwz8debUcWgo1
A9JXEBUk4rr4ALHcn8wA1yRuzWOUlpk0LNBmBfrvdRpgItUQiknWa5U1K
Y_PqWIZKpJJ-Gq0QTaBTsfnffUbk3BD7eillUdg3poI7EFHLsE7GN3nyu
JKaCCdIkFngEektjM2WMUPPMuXracPftXsxJDPnUAwtCAEsShnHozPEUp
MIIgWnnlM8dlofYaDewXWySoYn321leWpLGCZVaJIEEgAttFH2iZpbb3M
NV1UifDMgMCUS-Xbq4ohDcgu3dv9xWg81PNib-GyXoFU93HN9HEblg8iZ
6CfKVZ_KKvNS1oCVaoMKqPIf6Jgo-iG4S_bblOma9esofjwIp-RU9h3fp
x-taoMRvjb2pLEm1FQrYXkx5i3hfN0ESsHRBW1WyCWnVK8M7mHJUHQqBL
0FWZMKjpgWa00uZOnpZteZO4eyQKYSsBgyMRSuhF6tceKFfxIWtclIno",
"tag":
"YLeY6UpSeM3dUNqg5lEu0Q"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-ecdh_aeskw" title="Key Agreement with Key Wrapping using ECDH-ES and AES-KeyWrap with AES-GCM">
<t>This example illustrates encrypting content using the “ECDH-ES+A128KW” (Elliptic Curve Diffie-Hellman Ephemeral-Static with AES-128-KeyWrap) key encryption algorithm and the “A128GCM” (AES-GCM) content encryption algorithm.</t>
<section anchor="jwe-ecdh_aeskw-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style='symbols'>
<t>Plaintext content; this example uses the content from <xref target="jwe-plaintext"/></t>
<t>EC public key; this example uses the public key from <xref target="jwe-ecdh_aeskw-key"/></t>
<t>“alg” parameter of “ECDH-ES+A128KW”</t>
<t>“enc” parameter of “A128GCM”</t>
</list></t>
<figure title="Elliptic Curve P-384 Key, in JWK format" anchor="jwe-ecdh_aeskw-key"><artwork><![CDATA[
{
"kty": "EC",
"kid": "peregrin.took@tuckborough.example",
"use": "enc",
"crv": "P-384",
"x": "YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGa
QLpe2FpxBmu2",
"y": "A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D
5-SkgaFL1ETP",
"d": "iTx2pk7wW-GqJkHcEkFQb2EFyYcO7RugmaW3mRrQVAOUiPommT0I
dnYK2xDlZh-j"
}
]]></artwork></figure>
<t>(<spanx style='strong'>NOTE</spanx>: While the key includes the private parameters, only the public parameters “crv”, “x”, and “y” are necessary for the encryption operation.)</t>
</section>
<section anchor="jwe-ecdh_aeskw-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style='symbols'>
<t>Symmetric AES key as the Content Encryption Key (CEK); this example uses the key from <xref target="jwe-ecdh_aeskw-cek"/>.</t>
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jwe-ecdh_aeskw-iv"/></t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-ecdh_aeskw-cek"><artwork><![CDATA[
C3eS2iNXmSTA7W8tBpjs3w
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-ecdh_aeskw-iv"><artwork><![CDATA[
ubzqaTluloMJR8Ec
]]></artwork></figure>
</section>
<section anchor="jwe-ecdh_aeskw-keyenc" title="Encrypting the Key">
<t>To encrypt the Content Encryption Key, the following are generated:</t>
<t><list style='symbols'>
<t>Ephemeral EC private key on the same curve as the EC public key; this example uses the private key that matches the public key from <xref target="jwe-ecdh_aeskw-epk"/>.</t>
</list></t>
<figure title="Ephemeral Elliptic Curve P-384 Key, in JWK format" anchor="jwe-ecdh_aeskw-epk"><artwork><![CDATA[
{
"kty": "EC",
"crv": "P-384",
"x": "qMz7Lgb3Bc1GNuVn4ZSxLDeDpihGWRwqA2fA1-2IJwDQtKMdpKY0
XjNqBbjigcL-",
"y": "Ygt6Bc_o29f-DJ_5O3YCMoX2tXXz1ysj9MFRnucByIQoR0y3SVmq
BBwQISq9grWe"
}
]]></artwork></figure>
<t>Performing the key encryption operation over the CEK (<xref target="jwe-ecdh_aeskw-cek"/>) with the following:</t>
<t><list style='symbols'>
<t>The static Elliptic Curve public key (<xref target="jwe-ecdh_aeskw-key"/>); and</t>
<t>The ephemeral Elliptic Curve private key (<xref target="jwe-ecdh_aeskw-epk"/>);</t>
</list></t>
<t>produces the following JWE encrypted key:</t>
<figure title="Encrypted Key, base64url-encoded" anchor="jwe-ecdh_aeskw-encdkey"><artwork><![CDATA[
zPCB2OMxJSGs6zA7zIYO2cUE4Yz5p7TY
]]></artwork></figure>
</section>
<section anchor="jwe-ecdh_aeskw-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the content:</t>
<t><list style='symbols'>
<t>Protected JWE header; this example uses the header from <xref target="jwe-ecdh_aeskw-protected"/>, encoded to <xref target="RFC4648"/> base64url as <xref target="jwe-ecdh_aeskw-protected_b64u"/>.</t>
</list></t>
<figure title="Protected JWE Header JSON" anchor="jwe-ecdh_aeskw-protected"><artwork><![CDATA[
{
"alg": "ECDH-ES+A128KW",
"kid": "peregrin.took@tuckborough.example",
"epk": {
"kty": "EC",
"crv": "P-384",
"x": "qMz7Lgb3Bc1GNuVn4ZSxLDeDpihGWRwqA2fA1-2IJwDQtKMdpK
Y0XjNqBbjigcL-",
"y": "Ygt6Bc_o29f-DJ_5O3YCMoX2tXXz1ysj9MFRnucByIQoR0y3SV
mqBBwQISq9grWe"
},
"enc": "A128GCM"
}
]]></artwork></figure>
<figure title="Protected JWE Header, base64url-encoded" anchor="jwe-ecdh_aeskw-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdH
Vja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAt
Mzg0IiwieCI6InFNejdMZ2IzQmMxR051Vm40WlN4TERlRHBpaEdXUndxQTJmQT
EtMklKd0RRdEtNZHBLWTBYak5xQmJqaWdjTC0iLCJ5IjoiWWd0NkJjX28yOWYt
REpfNU8zWUNNb1gydFhYejF5c2o5TUZSbnVjQnlJUW9SMHkzU1ZtcUJCd1FJU3
E5Z3JXZSJ9LCJlbmMiOiJBMTI4R0NNIn0
]]></artwork></figure>
<t>Performing the content encryption operation on the Plaintext (<xref target="jwe-plaintext"/>) using the following:</t>
<t><list style='symbols'>
<t>CEK (<xref target="jwe-ecdh_aeskw-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-ecdh_aeskw-iv"/>); and</t>
<t>Protected JWE header (<xref target="jwe-ecdh_aeskw-protected_b64u"/>) as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style='symbols'>
<t>Ciphertext from <xref target="jwe-ecdh_aeskw-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-ecdh_aeskw-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-ecdh_aeskw-ciphertext"><artwork><![CDATA[
zQVvyDdwBRvUVkPxQCHD0YtCihhKu462TdE4s4U8VDsCEvJ2t24YRChqKa-xC2
Ai-l1AvpPIYpwWYgwk3r9QBDTXsHbyn7FVhoVes0YAMthhmnLgbgf0_TQqG9PK
vFOki83X3aZ2PIHGcjSifIT6OQqxXE9YhdXwD0bXpkXUlq-JlnQ3pssAqQLpUV
_-4Ne6lZj4gFLunBEDGVcfhLiviyAF2BjlJG7mhToPq57d2Q99N10WfPmXVQ38
htg8thQ2qcenxi5Axd2PJXNjDsDroleU-ObLE3Bb8IJ1a04LzqB4Xmp_wgbwHC
VR-bqTKgth3h_NoDLqCxQ0QcG9E78i36iPJuLAzVgS0ChHzo5ULw
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-ecdh_aeskw-tag"><artwork><![CDATA[
5cJTRUT3kQRrw_UGwtMtDQ
]]></artwork></figure>
</section>
<section anchor="jwe-ecdh_aeskw-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style='symbols'>
<t>Protected JWE header (<xref target="jwe-ecdh_aeskw-protected_b64u"/>)</t>
<t>Encrypted key (<xref target="jwe-ecdh_aeskw-encdkey"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-ecdh_aeskw-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-ecdh_aeskw-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-ecdh_aeskw-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jwe-ecdh_aeskw-compact"><artwork><![CDATA[
eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdH
Vja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAt
Mzg0IiwieCI6InFNejdMZ2IzQmMxR051Vm40WlN4TERlRHBpaEdXUndxQTJmQT
EtMklKd0RRdEtNZHBLWTBYak5xQmJqaWdjTC0iLCJ5IjoiWWd0NkJjX28yOWYt
REpfNU8zWUNNb1gydFhYejF5c2o5TUZSbnVjQnlJUW9SMHkzU1ZtcUJCd1FJU3
E5Z3JXZSJ9LCJlbmMiOiJBMTI4R0NNIn0
.
zPCB2OMxJSGs6zA7zIYO2cUE4Yz5p7TY
.
ubzqaTluloMJR8Ec
.
zQVvyDdwBRvUVkPxQCHD0YtCihhKu462TdE4s4U8VDsCEvJ2t24YRChqKa-xC2
Ai-l1AvpPIYpwWYgwk3r9QBDTXsHbyn7FVhoVes0YAMthhmnLgbgf0_TQqG9PK
vFOki83X3aZ2PIHGcjSifIT6OQqxXE9YhdXwD0bXpkXUlq-JlnQ3pssAqQLpUV
_-4Ne6lZj4gFLunBEDGVcfhLiviyAF2BjlJG7mhToPq57d2Q99N10WfPmXVQ38
htg8thQ2qcenxi5Axd2PJXNjDsDroleU-ObLE3Bb8IJ1a04LzqB4Xmp_wgbwHC
VR-bqTKgth3h_NoDLqCxQ0QcG9E78i36iPJuLAzVgS0ChHzo5ULw
.
5cJTRUT3kQRrw_UGwtMtDQ
]]></artwork></figure>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-ecdh_aeskw-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key":
"zPCB2OMxJSGs6zA7zIYO2cUE4Yz5p7TY"
}
],
"protected":
"eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb
2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsIm
NydiI6IlAtMzg0IiwieCI6InFNejdMZ2IzQmMxR051Vm40WlN4TERlRHB
paEdXUndxQTJmQTEtMklKd0RRdEtNZHBLWTBYak5xQmJqaWdjTC0iLCJ5
IjoiWWd0NkJjX28yOWYtREpfNU8zWUNNb1gydFhYejF5c2o5TUZSbnVjQ
nlJUW9SMHkzU1ZtcUJCd1FJU3E5Z3JXZSJ9LCJlbmMiOiJBMTI4R0NNIn
0",
"iv":
"ubzqaTluloMJR8Ec",
"ciphertext":
"zQVvyDdwBRvUVkPxQCHD0YtCihhKu462TdE4s4U8VDsCEvJ2t24YRChqK
a-xC2Ai-l1AvpPIYpwWYgwk3r9QBDTXsHbyn7FVhoVes0YAMthhmnLgbg
f0_TQqG9PKvFOki83X3aZ2PIHGcjSifIT6OQqxXE9YhdXwD0bXpkXUlq-
JlnQ3pssAqQLpUV_-4Ne6lZj4gFLunBEDGVcfhLiviyAF2BjlJG7mhToP
q57d2Q99N10WfPmXVQ38htg8thQ2qcenxi5Axd2PJXNjDsDroleU-ObLE
3Bb8IJ1a04LzqB4Xmp_wgbwHCVR-bqTKgth3h_NoDLqCxQ0QcG9E78i36
iPJuLAzVgS0ChHzo5ULw",
"tag":
"5cJTRUT3kQRrw_UGwtMtDQ"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-ecdh" title="Key Agreement using ECDH-ES with AES-CBC-HMAC-SHA2">
<t>This example illustrates encrypting content using the “ECDH-ES” (Elliptic Curve Diffie-Hellman Ephemeral-Static) key agreement algorithm and the “A128CBC-HS256” (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.</t>
<section anchor="jwe-ecdh-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style='symbols'>
<t>Plaintext content; this example uses the content from <xref target="jwe-plaintext"/>.</t>
<t>EC public key; this example uses the public key from <xref target="jwe-ecdh-key"/>.</t>
<t>“alg” parameter of “ECDH-ES”</t>
<t>“enc” parameter of “A128CBC-HS256”</t>
</list></t>
<figure title="Elliptic Curve P-256 Key" anchor="jwe-ecdh-key"><artwork><![CDATA[
{
"kty": "EC",
"kid": "meriadoc.brandybuck@buckland.example",
"use": "enc",
"crv": "P-256",
"x": "XnXXKEsaUU4hPZza_zSHIbt02UA505B1rDWc7JNlcDE",
"y": "Md5NqzfiXCytoaMglA-9MstvgOBdMSroXA2Hb6vR6dQ",
"d": "44eY-VRWsn1zdz3VaWS6idEpOGt1ErydBARq7Iyh9pY"
}
]]></artwork></figure>
<t>(<spanx style='strong'>NOTE</spanx>: While the key includes the private parameters, only the public parameters “crv”, “x”, and “y” are necessary for the encryption operation.)</t>
</section>
<section anchor="jwe-ecdh-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style='symbols'>
<t>Initialization vector/nonce; this examples uses the initialization vector/nonce from <xref target="jwe-ecdh-iv"/>.</t>
</list></t>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-ecdh-iv"><artwork><![CDATA[
BMbSNYW2uC7RX3xql1gbQw
]]></artwork></figure>
<t><spanx style='strong'>NOTE</spanx>: The Content Encryption Key (CEK) is not randomly generated; instead it is determined using key agreement.</t>
</section>
<section anchor="jwe-ecdh-enckey" title="Key Agreement">
<t>The following are generated to agree on a CEK:</t>
<t><list style='symbols'>
<t>Ephemeral private key; this example uses the private that matches the public key from <xref target="jwe-ecdh-epk"/>.</t>
</list></t>
<figure title="Ephemeral public key, in JWK format" anchor="jwe-ecdh-epk"><artwork><![CDATA[
{
"kty": "EC",
"crv": "P-256",
"x": "h_ImuH3OW5JxZNQZWIWCFTYAIigZYs1-QzsQR9tCEQ4",
"y": "4ZWJVVrTOWdEVbH266nb4Wy2QiwH_9XAcdpNh4S2oX0"
}
]]></artwork></figure>
<t>Performing the ECDH operation using the static EC public key (<xref target="jwe-ecdh-key"/>) over the ephemeral private key <xref target="jwe-ecdh-epk"/>) produces the following CEK:</t>
<figure title="Agreed-to Content Encryption Key, base64url-encoded" anchor="jwe-ecdh-cek"><artwork><![CDATA[
W7j3XePj-Id6Zn71dv1b_QUQaNqJSMuxWhutlLqxLFE
]]></artwork></figure>
</section>
<section anchor="jwe-ecdh-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the content:</t>
<t><list style='symbols'>
<t>Protected JWE Header; this example uses the header from <xref target="jwe-ecdh-protected"/>, encoded to <xref target="RFC4648"/> as <xref target="jwe-ecdh-protected_b64u"/>.</t>
</list></t>
<figure title="Protected JWE Header JSON" anchor="jwe-ecdh-protected"><artwork><![CDATA[
{
"alg": "ECDH-ES",
"kid": "meriadoc.brandybuck@buckland.example",
"epk": {
"kty": "EC",
"crv": "P-256",
"x": "h_ImuH3OW5JxZNQZWIWCFTYAIigZYs1-QzsQR9tCEQ4",
"y": "4ZWJVVrTOWdEVbH266nb4Wy2QiwH_9XAcdpNh4S2oX0"
},
"enc": "A128CBC-HS256"
}
]]></artwork></figure>
<figure title="Protected JWE Header, base64url-encoded" anchor="jwe-ecdh-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidW
NrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYi
LCJ4IjoiaF9JbXVIM09XNUp4Wk5RWldJV0NGVFlBSWlnWllzMS1RenNRUjl0Q0
VRNCIsInkiOiI0WldKVlZyVE9XZEVWYkgyNjZuYjRXeTJRaXdIXzlYQWNkcE5o
NFMyb1gwIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ
]]></artwork></figure>
<t>Performing the content encryption operation on the Plaintext (<xref target="jwe-plaintext"/>) using the following:</t>
<t><list style='symbols'>
<t>CEK (<xref target="jwe-ecdh-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-ecdh-iv"/>); and</t>
<t>Protected JWE header (<xref target="jwe-ecdh-protected_b64u"/>) as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style='symbols'>
<t>Ciphertext from <xref target="jwe-ecdh-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-ecdh-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-ecdh-ciphertext"><artwork><![CDATA[
mwSOHtsJDtD1R4Y4r0Ads9Bc8nTgk_Y4wVe_4pJsb7RERAgnfFRYRmlgjSaGPM
M7PytxfLss6clZI7YW366xh8DiqOWUavR7VFGLZIOHkrMsTPaehWlQZrQz77Ie
dSM20wSGVj-E4T0KRtX3CrZsEPjtXqNbm_EmDPgxVYTaTthGdWbyDnPMvp6eGL
T6gsMkctSLIHgaGvI2VWB0oNYdKnCRU-p2JFkLu5XQfOww4E5zKW9Xycx3mkh_
gA1dFU28Zs_boX-mm4UYseIJfaZAX_eqs7NDMpbrb29frJCFI-rYfahoVz6QhN
QXQMNmzL93pDo5QE_i9pIzR4KJu-uaItKTKNAdBKgSa9JZfc21dSw
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-ecdh-tag"><artwork><![CDATA[
kqeubaGyskAjcj8mDymY6A
]]></artwork></figure>
</section>
<section anchor="jwe-ecdh-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style='symbols'>
<t>Protected JWE header (<xref target="jwe-ecdh_aeskw-protected_b64u"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-ecdh_aeskw-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-ecdh_aeskw-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-ecdh_aeskw-tag"/>)</t>
</list></t>
<t>the resulting JWE object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jwe-ecdh-compact"><artwork><![CDATA[
eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidW
NrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYi
LCJ4IjoiaF9JbXVIM09XNUp4Wk5RWldJV0NGVFlBSWlnWllzMS1RenNRUjl0Q0
VRNCIsInkiOiI0WldKVlZyVE9XZEVWYkgyNjZuYjRXeTJRaXdIXzlYQWNkcE5o
NFMyb1gwIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ
.
.
BMbSNYW2uC7RX3xql1gbQw
.
mwSOHtsJDtD1R4Y4r0Ads9Bc8nTgk_Y4wVe_4pJsb7RERAgnfFRYRmlgjSaGPM
M7PytxfLss6clZI7YW366xh8DiqOWUavR7VFGLZIOHkrMsTPaehWlQZrQz77Ie
dSM20wSGVj-E4T0KRtX3CrZsEPjtXqNbm_EmDPgxVYTaTthGdWbyDnPMvp6eGL
T6gsMkctSLIHgaGvI2VWB0oNYdKnCRU-p2JFkLu5XQfOww4E5zKW9Xycx3mkh_
gA1dFU28Zs_boX-mm4UYseIJfaZAX_eqs7NDMpbrb29frJCFI-rYfahoVz6QhN
QXQMNmzL93pDo5QE_i9pIzR4KJu-uaItKTKNAdBKgSa9JZfc21dSw
.
kqeubaGyskAjcj8mDymY6A
]]></artwork></figure>
<t>the resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-ecdh-json"><artwork><![CDATA[
{
"protected":
"eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja
0BidWNrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2Ij
oiUC0yNTYiLCJ4IjoiaF9JbXVIM09XNUp4Wk5RWldJV0NGVFlBSWlnWll
zMS1RenNRUjl0Q0VRNCIsInkiOiI0WldKVlZyVE9XZEVWYkgyNjZuYjRX
eTJRaXdIXzlYQWNkcE5oNFMyb1gwIn0sImVuYyI6IkExMjhDQkMtSFMyN
TYifQ",
"iv":
"BMbSNYW2uC7RX3xql1gbQw",
"ciphertext":
"mwSOHtsJDtD1R4Y4r0Ads9Bc8nTgk_Y4wVe_4pJsb7RERAgnfFRYRmlgj
SaGPMM7PytxfLss6clZI7YW366xh8DiqOWUavR7VFGLZIOHkrMsTPaehWl
QZrQz77IedSM20wSGVj-E4T0KRtX3CrZsEPjtXqNbm_EmDPgxVYTaTthGd
WbyDnPMvp6eGLT6gsMkctSLIHgaGvI2VWB0oNYdKnCRU-p2JFkLu5XQfOw
w4E5zKW9Xycx3mkh_gA1dFU28Zs_boX-mm4UYseIJfaZAX_eqs7NDMpbrb
29frJCFI-rYfahoVz6QhNQXQMNmzL93pDo5QE_i9pIzR4KJu-uaItKTKNA
dBKgSa9JZfc21dSw",
"tag":
"kqeubaGyskAjcj8mDymY6A"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-dir_gcm" title="Direct Encryption using AES-GCM">
<t>This example illustrates encrypting content using a previously exchanged key directly and the “A128GCM” (AES-GCM) content encryption algorithm.</t>
<section anchor="jwe-dir_gcm-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style='symbols'>
<t>Plaintext content; this example uses the content from <xref target="jwe-plaintext"/>.</t>
<t>AES symmetric key as the Content Encryption Key (CEK); this example uses the key from <xref target="jwe-dir_gcm-key"/>.</t>
<t>“alg” parameter of “dir”</t>
<t>“enc” parameter of “A128GCM”</t>
</list></t>
<figure title="AES 128-bit key, in JWK format" anchor="jwe-dir_gcm-key"><artwork><![CDATA[
{
"kty": "oct",
"kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
"use": "enc",
"alg": "A128GCM",
"k": "XctOhJAkA-pD9Lh7ZgW_2A"
}
]]></artwork></figure>
</section>
<section anchor="jwe-dir_gcm-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style='symbols'>
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jwe-dir_gcm-iv"/>.</t>
</list></t>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-dir_gcm-iv"><artwork><![CDATA[
OI-fESJKbHHk1-rA
]]></artwork></figure>
</section>
<section anchor="jwe-dir_gcm-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the content:</t>
<t><list style='symbols'>
<t>Protected JWE Header; this example uses the header from <xref target="jwe-dir_gcm-protected"/>, encoded as <xref target="RFC4648"/> base64url to produce <xref target="jwe-dir_gcm-protected_b64u"/>.</t>
</list></t>
<figure title="Protected JWE Header JSON" anchor="jwe-dir_gcm-protected"><artwork><![CDATA[
{
"alg": "dir",
"kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
"enc": "A128GCM"
}
]]></artwork></figure>
<t>Encoded as <xref target="RFC4648"/> base64url:</t>
<figure title="Protected JWE Header, base64url-encoded" anchor="jwe-dir_gcm-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MT
diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0
]]></artwork></figure>
<t>Performing the encryption operation on the Plaintext (<xref target="jwe-plaintext"/>) using the following:</t>
<t><list style='symbols'>
<t>CEK (<xref target="jwe-dir_gcm-key"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-dir_gcm-iv"/>); and</t>
<t>Protected JWE header (<xref target="jwe-dir_gcm-protected_b64u"/>) as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style='symbols'>
<t>Ciphertext from <xref target="jwe-dir_gcm-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-dir_gcm-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-dir_gcm-ciphertext"><artwork><![CDATA[
18KNUnRDhesDLn7Ec4ui6q0aptYFNkbx6Vf64wWItX7hMQe2XgbNTt-GVG_3Dz
-5mscM9bKe0TkgEecWAovlTFkuwhL-TZhbcnYdMXtaNtqYe2TEZ5fFlRiEr9is
8gBeJ7YOwazxwtE8O6FwwqeAOnR-PI8M30ODcq9B8UVzEISWu3Pf4yugvVMpLR
DxJEbyVDVr5MjiXsXpOkEdc7uUisJ0H0ygoP_mjSjUHROjh2_QVqpTUwzx2qto
3KVDj-MZehUb2FivjT7FecB3Yz-m-KhYXvXR5l5XnoqCT0ioaFzeW9zbiAMj_o
1gvWgPLv8HRD9OxMERTCwbJt4O3baG9Roz-5We10hx-sb2EKtN0g
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-dir_gcm-tag"><artwork><![CDATA[
mBCmmmn0W0j4BS7ln3nxVA
]]></artwork></figure>
</section>
<section anchor="jwe-dir_gcm-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style='symbols'>
<t>Protected JWE header (<xref target="jwe-dir_gcm-protected_b64u"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-dir_gcm-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-dir_gcm-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-dir_gcm-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jwe-dir_gcm-compact"><artwork><![CDATA[
eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MT
diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0
.
.
OI-fESJKbHHk1-rA
.
18KNUnRDhesDLn7Ec4ui6q0aptYFNkbx6Vf64wWItX7hMQe2XgbNTt-GVG_3Dz
-5mscM9bKe0TkgEecWAovlTFkuwhL-TZhbcnYdMXtaNtqYe2TEZ5fFlRiEr9is
8gBeJ7YOwazxwtE8O6FwwqeAOnR-PI8M30ODcq9B8UVzEISWu3Pf4yugvVMpLR
DxJEbyVDVr5MjiXsXpOkEdc7uUisJ0H0ygoP_mjSjUHROjh2_QVqpTUwzx2qto
3KVDj-MZehUb2FivjT7FecB3Yz-m-KhYXvXR5l5XnoqCT0ioaFzeW9zbiAMj_o
1gvWgPLv8HRD9OxMERTCwbJt4O3baG9Roz-5We10hx-sb2EKtN0g
.
mBCmmmn0W0j4BS7ln3nxVA
]]></artwork></figure>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-dir_gcm-json"><artwork><![CDATA[
{
"protected":
"eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3M
i02MTdiNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0",
"iv":
"OI-fESJKbHHk1-rA",
"ciphertext":
"18KNUnRDhesDLn7Ec4ui6q0aptYFNkbx6Vf64wWItX7hMQe2XgbNTt-GV
G_3Dz-5mscM9bKe0TkgEecWAovlTFkuwhL-TZhbcnYdMXtaNtqYe2TEZ5
fFlRiEr9is8gBeJ7YOwazxwtE8O6FwwqeAOnR-PI8M30ODcq9B8UVzEIS
Wu3Pf4yugvVMpLRDxJEbyVDVr5MjiXsXpOkEdc7uUisJ0H0ygoP_mjSjU
HROjh2_QVqpTUwzx2qto3KVDj-MZehUb2FivjT7FecB3Yz-m-KhYXvXR5
l5XnoqCT0ioaFzeW9zbiAMj_o1gvWgPLv8HRD9OxMERTCwbJt4O3baG9R
oz-5We10hx-sb2EKtN0g",
"tag":
"mBCmmmn0W0j4BS7ln3nxVA"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-aesgcmkw" title="Key Wrap using AES-GCM KeyWrap with AES-CBC-HMAC-SHA2">
<t>This example illustrates encrypting content using the “A256GCMKW” (AES-256-GCM-KeyWrap) key encryption algorithm with the “A128CBC-HS256” (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.</t>
<section anchor="jwe-aesgcmkw-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style='symbols'>
<t>Plaintext content; this example uses the content from <xref target="jwe-plaintext"/>.</t>
<t>AES symmetric key; this example uses the key from <xref target="jwe-aesgcmkw-key"/>.</t>
<t>“alg” parameter of “A256GCMKW”</t>
<t>“enc” parameter of “A128CBC-HS256”</t>
</list></t>
<figure title="AES 256-bit Key" anchor="jwe-aesgcmkw-key"><artwork><![CDATA[
{
"kty": "oct",
"kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
"use": "enc",
"alg": "A256GCMKW",
"k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8"
}
]]></artwork></figure>
</section>
<section anchor="jwe-aesgcmkw-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style='symbols'>
<t>AES symmetric key as the Content Encryption Key (CEK); this example uses the key from <xref target="jwe-aesgcmkw-cek"/>.</t>
<t>Initialization vector/nonce for content encryption; this example uses the initilization vector/nonce from <xref target="jwe-aesgcmkw-iv"/>.</t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-aesgcmkw-cek"><artwork><![CDATA[
a2gN8ASDdVKI86lMJC8rKI8RV8U8OltRlVzygIo48NA
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-aesgcmkw-iv"><artwork><![CDATA[
Z3wPFyzW8czy88sUmzcnlg
]]></artwork></figure>
</section>
<section anchor="jwe-aesgcmkw-keyenc" title="Encrypting the Key">
<t>The following are generated before encrypting the CEK:</t>
<t><list style='symbols'>
<t>Initialization vector/nonce for key wrapping; this example uses the initialization vector/nonce from <xref target="jwe-aesgcmkw-kwiv"/>.</t>
</list></t>
<figure title="Key Wrap Initialization Vector, base64url-encoded" anchor="jwe-aesgcmkw-kwiv"><artwork><![CDATA[
3llIgu3y7Vu5dZW7
]]></artwork></figure>
<t>Performing the key encryption operation over the CEK (<xref target="jwe-aesgcmkw-cek"/>) with the following:</t>
<t><list style='symbols'>
<t>AES symmetric key (<xref target="jwe-aesgcmkw-key"/>); </t>
<t>Key wrap initialization vector/nonce (<xref target="jwe-aesgcmkw-kwiv"/>); and</t>
<t>The empty string as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style='symbols'>
<t>Encrypted Key from <xref target="jwe-aesgcmkw-encdkey"/>.</t>
<t>Key wrap authentication tag from <xref target="jwe-aesgcmkw-kwtag"/>.</t>
</list></t>
<figure title="Encrypted Key, base64url-encoded" anchor="jwe-aesgcmkw-encdkey"><artwork><![CDATA[
cfBkmK29hCy31FM6VhHHgqbGa2DQvXZgnqSSl8zcOsE
]]></artwork></figure>
<figure title="Key Wrap Authentication Tag, base64url-encoded" anchor="jwe-aesgcmkw-kwtag"><artwork><![CDATA[
7qiY1gOLorD7ro67FZqYRw
]]></artwork></figure>
</section>
<section anchor="jwe-aesgcmkw-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the content:</t>
<t><list style='symbols'>
<t>Protected JWE Header; this example uses the header from <xref target="jwe-aesgcmkw-protected"/>, encoded to <xref target="RFC4648"/> base64url as <xref target="jwe-aesgcmkw-protected_b64u"/>.</t>
</list></t>
<figure title="Protected JWE Header JSON" anchor="jwe-aesgcmkw-protected"><artwork><![CDATA[
{
"alg": "A256GCMKW",
"kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
"tag": "7qiY1gOLorD7ro67FZqYRw",
"iv": "3llIgu3y7Vu5dZW7",
"enc": "A128CBC-HS256"
}
]]></artwork></figure>
<figure title="Protected JWE Header, base64url-encoded" anchor="jwe-aesgcmkw-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYj
IwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiI3cWlZMWdPTG9yRDdybzY3RlpxWVJ3
IiwiaXYiOiIzbGxJZ3UzeTdWdTVkWlc3IiwiZW5jIjoiQTEyOENCQy1IUzI1Ni
J9
]]></artwork></figure>
<t>Performing the content encryption operation over the Plaintext (<xref target="jwe-plaintext"/>) with the following:</t>
<t><list style='symbols'>
<t>CEK (<xref target="jwe-aesgcmkw-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-aesgcmkw-iv"/>); and</t>
<t>Protected JWE header (<xref target="jwe-aesgcmkw-protected_b64u"/>) as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style='symbols'>
<t>Ciphertext from <xref target="jwe-aesgcmkw-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-aesgcmkw-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-aesgcmkw-ciphertext"><artwork><![CDATA[
YSoJLPEGGMUoFM7zbKAwZivdakcAZWsyoQycpRG-4haDdLdXXGtLCev_HEs-Tu
5xRlK-4FFIQJ8l6bfSTR9glEa2FaVS8tgkZO1X9BbPAY9_4SCuLLO4n5LFK0mI
TQ8WOgpa0FTfG_1ml76MWGVtgADHGzvqSib9xoW39YsIdOu3Evj2GmvvPIm1WZ
K3HjQhQkvfKbpSFLFRkH3xsHyYYkKiH2PEOCZOzHNzc8PRMavtkBO64zmpWTfy
tMshzm0sgbroEBFU-vCHWzt5fVx_A9oUn5szL7RlkXU12fOCc7VJ2X5TtYPPr_
bM4z6KB5FBLS3hVVfHZee83e9IDrk0k7AIcf3KpfzapJmZ3kdZgOg
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-aesgcmkw-tag"><artwork><![CDATA[
d7dahIDc06hrpWqDiQzaXQ
]]></artwork></figure>
</section>
<section anchor="jwe-aesgcmkw-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style='symbols'>
<t>Protected JWE header (<xref target="jwe-aesgcmkw-protected_b64u"/>)</t>
<t>encrypted key (<xref target="jwe-aesgcmkw-encdkey"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-aesgcmkw-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-aesgcmkw-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-aesgcmkw-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jwe-aesgcmkw-compact"><artwork><![CDATA[
eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYj
IwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiI3cWlZMWdPTG9yRDdybzY3RlpxWVJ3
IiwiaXYiOiIzbGxJZ3UzeTdWdTVkWlc3IiwiZW5jIjoiQTEyOENCQy1IUzI1Ni
J9
.
cfBkmK29hCy31FM6VhHHgqbGa2DQvXZgnqSSl8zcOsE
.
Z3wPFyzW8czy88sUmzcnlg
.
YSoJLPEGGMUoFM7zbKAwZivdakcAZWsyoQycpRG-4haDdLdXXGtLCev_HEs-Tu
5xRlK-4FFIQJ8l6bfSTR9glEa2FaVS8tgkZO1X9BbPAY9_4SCuLLO4n5LFK0mI
TQ8WOgpa0FTfG_1ml76MWGVtgADHGzvqSib9xoW39YsIdOu3Evj2GmvvPIm1WZ
K3HjQhQkvfKbpSFLFRkH3xsHyYYkKiH2PEOCZOzHNzc8PRMavtkBO64zmpWTfy
tMshzm0sgbroEBFU-vCHWzt5fVx_A9oUn5szL7RlkXU12fOCc7VJ2X5TtYPPr_
bM4z6KB5FBLS3hVVfHZee83e9IDrk0k7AIcf3KpfzapJmZ3kdZgOg
.
W7cYYn27uUYttxShJ2yYhQ
]]></artwork></figure>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-aesgcmkw-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key":
"cfBkmK29hCy31FM6VhHHgqbGa2DQvXZgnqSSl8zcOsE"
}
],
"protected":
"eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkO
TUtYjIwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiI3cWlZMWdPTG9yRDdybz
Y3RlpxWVJ3IiwiaXYiOiIzbGxJZ3UzeTdWdTVkWlc3IiwiZW5jIjoiQTE
yOENCQy1IUzI1NiJ9",
"iv":
"Z3wPFyzW8czy88sUmzcnlg",
"ciphertext":
"YSoJLPEGGMUoFM7zbKAwZivdakcAZWsyoQycpRG-4haDdLdXXGtLCev_H
Es-Tu5xRlK-4FFIQJ8l6bfSTR9glEa2FaVS8tgkZO1X9BbPAY9_4SCuLL
O4n5LFK0mITQ8WOgpa0FTfG_1ml76MWGVtgADHGzvqSib9xoW39YsIdOu
3Evj2GmvvPIm1WZK3HjQhQkvfKbpSFLFRkH3xsHyYYkKiH2PEOCZOzHNz
c8PRMavtkBO64zmpWTfytMshzm0sgbroEBFU-vCHWzt5fVx_A9oUn5szL
7RlkXU12fOCc7VJ2X5TtYPPr_bM4z6KB5FBLS3hVVfHZee83e9IDrk0k7
AIcf3KpfzapJmZ3kdZgOg",
"tag":
"W7cYYn27uUYttxShJ2yYhQ"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-aeskw" title="Key Wrap using AES-KeyWrap with AES-GCM">
<t>The following example illustrates content encryption using the “A128KW” (AES-128-KeyWrap) key encryption algorithm and the “A128GCM” (AES-128-GCM) content encryption algorithm.</t>
<section anchor="jwe-aeskw-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style='symbols'>
<t>Plaintext content; this example uses the content from <xref target="jwe-plaintext"/>.</t>
<t>AES symmetric key; this example uses the key from <xref target="jwe-aeskw-key"/>.</t>
<t>“alg” parameter of “A128KW”</t>
<t>“enc” parameter of “A128GCM”</t>
</list></t>
<figure title="AES 128-Bit Key" anchor="jwe-aeskw-key"><artwork><![CDATA[
{
"kty": "oct",
"kid": "81b20965-8332-43d9-a468-82160ad91ac8",
"use": "enc",
"alg": "A128KW",
"k": "GZy6sIZ6wl9NJOKB-jnmVQ"
}
]]></artwork></figure>
</section>
<section anchor="jwe-aeskw-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style='symbols'>
<t>AES symmetric key as the Content Encryption Key; this example uses the key from <xref target="jwe-aeskw-cek"/>.</t>
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jwe-aeskw-iv"/>.</t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-aeskw-cek"><artwork><![CDATA[
'Hv3Kmjt7vR2in57dLm-Pfw
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-aeskw-iv"><artwork><![CDATA[
wxdDTG0-QnGvBZew
]]></artwork></figure>
</section>
<section anchor="jwe-aeskw-keyenc" title="Encrypting the Key">
<t>Performing the key encryption operation over the CEK (<xref target="jwe-aeskw-cek"/>) with the AES key (<xref target="jwe-aeskw-key"/>) produces the following encrypted key:</t>
<figure title="Encrypted Key, base64url-encoded" anchor="jwe-aeskw-encdkey"><artwork><![CDATA[
RMMWwegPo5GY-5DeqC51gevcIOQpc4CH
]]></artwork></figure>
</section>
<section anchor="jwe-aeskw-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the content:</t>
<t><list style='symbols'>
<t>Protected JWE Header; this example uses the header from <xref target="jwe-aeskw-protected"/>, encoded to <xref target="RFC4648"/> base64url as <xref target="jwe-aeskw-protected_b64u"/>.</t>
</list></t>
<figure title="Protected JWE Header JSON" anchor="jwe-aeskw-protected"><artwork><![CDATA[
{
"alg": "A128KW",
"kid": "81b20965-8332-43d9-a468-82160ad91ac8",
"enc": "A128GCM"
}
]]></artwork></figure>
<figure title="Protected JWE Header, base64url-encoded" anchor="jwe-aeskw-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0
]]></artwork></figure>
<t>Performing the content encryption over the Plaintext (<xref target="jwe-plaintext"/>) with the following:</t>
<t><list style='symbols'>
<t>CEK (<xref target="jwe-aeskw-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-aeskw-iv"/>); and</t>
<t>Protected JWE header (<xref target="jwe-aeskw-protected_b64u"/>) as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style='symbols'>
<t>Ciphertext from <xref target="jwe-aeskw-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-aeskw-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-aeskw-ciphertext"><artwork><![CDATA[
DoM1vi13RWus_t3EsvGWk4gDH3F8TGRnBo4p3uImtmboRrT1pniDLDQTipfOin
86hMl343jhxcRObGyiKgIyPI-tG8M9E92VkHeOE8O77-s6wRj9XxxEs8zw9YPX
baILJYTbR5aWyRLpTwlEhAf5_DVL2b5vnvTNctEp5JaojvqXF5F3jkZAaJwa4u
IjhqGd7gJvf7zKbwF7Is_GbSm9rf9Z0dacH5LQQn2P_VYEb8ptUWmgz4Gg1YFF
tGg16H5JAutG9a6GqFUdkSZ-mKSothgDEHv9gnAqYnWKLaE3E2hzhxcgtNwNKf
lLSfmV247xbRYZhR8NeJ_GoKCjrH7isFvUM0Uzx43cPpPDypyiGA
]]></artwork></figure>
<t>And authentication tag:</t>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-aeskw-tag"><artwork><![CDATA[
N7CDBxgruPcQozgqPeihlw
]]></artwork></figure>
</section>
<section anchor="jwe-aeskw-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style='symbols'>
<t>Protected JWE header (<xref target="jwe-aeskw-protected_b64u"/>)</t>
<t>encrypted key (<xref target="jwe-aeskw-encdkey"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-aeskw-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-aeskw-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-aeskw-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jwe-aeskw-compact"><artwork><![CDATA[
eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0
.
RMMWwegPo5GY-5DeqC51gevcIOQpc4CH
.
wxdDTG0-QnGvBZew
.
DoM1vi13RWus_t3EsvGWk4gDH3F8TGRnBo4p3uImtmboRrT1pniDLDQTipfOin
86hMl343jhxcRObGyiKgIyPI-tG8M9E92VkHeOE8O77-s6wRj9XxxEs8zw9YPX
baILJYTbR5aWyRLpTwlEhAf5_DVL2b5vnvTNctEp5JaojvqXF5F3jkZAaJwa4u
IjhqGd7gJvf7zKbwF7Is_GbSm9rf9Z0dacH5LQQn2P_VYEb8ptUWmgz4Gg1YFF
tGg16H5JAutG9a6GqFUdkSZ-mKSothgDEHv9gnAqYnWKLaE3E2hzhxcgtNwNKf
lLSfmV247xbRYZhR8NeJ_GoKCjrH7isFvUM0Uzx43cPpPDypyiGA
.
N7CDBxgruPcQozgqPeihlw
]]></artwork></figure>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-aeskw-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key":
"RMMWwegPo5GY-5DeqC51gevcIOQpc4CH"
}
],
"protected":
"eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktY
TQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0",
"iv":
"wxdDTG0-QnGvBZew",
"ciphertext":
"DoM1vi13RWus_t3EsvGWk4gDH3F8TGRnBo4p3uImtmboRrT1pniDLDQTi
pfOin86hMl343jhxcRObGyiKgIyPI-tG8M9E92VkHeOE8O77-s6wRj9Xx
xEs8zw9YPXbaILJYTbR5aWyRLpTwlEhAf5_DVL2b5vnvTNctEp5Jaojvq
XF5F3jkZAaJwa4uIjhqGd7gJvf7zKbwF7Is_GbSm9rf9Z0dacH5LQQn2P
_VYEb8ptUWmgz4Gg1YFFtGg16H5JAutG9a6GqFUdkSZ-mKSothgDEHv9g
nAqYnWKLaE3E2hzhxcgtNwNKflLSfmV247xbRYZhR8NeJ_GoKCjrH7isF
vUM0Uzx43cPpPDypyiGA",
"tag":
"N7CDBxgruPcQozgqPeihlw"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-compressed" title="Compressed Content">
<t>This example illustrates encrypting content that is first compressed. It reuses the AES key, key encryption algorithm, and content encryption algorithm from <xref target="jwe-aeskw"/>.</t>
<section anchor="jwe-compressed-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style='symbols'>
<t>Plaintext content; this example uses the content from <xref target="jwe-plaintext"/>.</t>
<t>Recipient encryption key; this example uses the key from <xref target="jwe-aeskw-key"/>.</t>
<t>Key encryption algorithm; this example uses “A128KW”.</t>
<t>Content encryption algorithm; this example uses “A128GCM”.</t>
<t>“zip” parameter as “DEF”.</t>
</list></t>
</section>
<section anchor="jwe-compressed-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style='symbols'>
<t>Compressed plaintext from the original plaintext content; compressing <xref target="jwe-plaintext"/> using the DEFLATE <xref target="RFC1951"/> algorithm produces the compressed plaintext from <xref target="jwe-compressed-plaintext_c"/>.</t>
<t>AES symmetric key as the Content Encryption Key (CEK); this example uses the key from <xref target="jwe-compressed-cek"/>.</t>
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jwe-compressed-iv"/>.</t>
</list></t>
<figure title="Compressed Plaintext, base64url-encoded" anchor="jwe-compressed-plaintext_c"><artwork><![CDATA[
eJxtj0EOwyAMBL-yD0jyh_bQL1Q9EmICCsKVMYry-zpEPVTqycizu15e3OBdgU
qrilahjKrJb9iTRhyGNQq3Ndo8164s56uMoyk1EuakSgIqy4SbweNP4kb0NueB
Sl5IweGUSR1Hn7maW6M5TmdXJr0w5TDh3vSbWVh_YjNdKDhPBrjNmeAyFxp6z5
XtUug_YUtx2Fms5dNEQv0EgiRrXgc8hBeePt1uYQ0
]]></artwork></figure>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-compressed-cek"><artwork><![CDATA[
03x4Y5d1Lk0K2VbMmePmMw
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-compressed-iv"><artwork><![CDATA[
9UnGd0z8-Yx3BFV3
]]></artwork></figure>
</section>
<section anchor="jwe-compressed-keyenc" title="Encrypting the Key">
<t>Performing the key encryption operation over the CEK (<xref target="jwe-compressed-cek"/>) with the AES key ({{jwe-aeskw-key) produces the following encrypted key:</t>
<figure title="Encrypted Key, base64url-encoded" anchor="jwe-compressed-encdkey"><artwork><![CDATA[
fUGYywsd6dWWr5JpNP0EMMN2XkXk8_h5
]]></artwork></figure>
</section>
<section anchor="jwe-compressed-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the content:</t>
<t><list style='symbols'>
<t>Protected JWE Header; this example uses the header from <xref target="jwe-compressed-protected"/>, encoded as <xref target="RFC4648"/> base64url as <xref target="jwe-compressed-protected_b64u"/>.</t>
</list></t>
<figure title="Protected JWE Header JSON" anchor="jwe-compressed-protected"><artwork><![CDATA[
{
"alg": "A128KW",
"kid": "81b20965-8332-43d9-a468-82160ad91ac8",
"enc": "A128GCM",
"zip": "DEF"
}
]]></artwork></figure>
<figure title="Protected JWE Header, base64url-encoded" anchor="jwe-compressed-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0
]]></artwork></figure>
<t>Performing the content encryption operation over the compressed Plaintext (<xref target="jwe-compressed-plaintext_c"/>, encoded as an octet string) with the following:</t>
<t><list style='symbols'>
<t>CEK (<xref target="jwe-compressed-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-compressed-iv"/>); and</t>
<t>Protected JWE header (<xref target="jwe-compressed-protected_b64u"/>) as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style='symbols'>
<t>Ciphertext from <xref target="jwe-compressed-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-compressed-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-compressed-ciphertext"><artwork><![CDATA[
b962BmHXeA9iYY8u9GnpxtXnme1MNm7vhhBqcxJHof08hGn1ltC7Mpf0dnlB0y
ZqAlqBWDJrGs3eVseTlFEFm0pDHDlIven74xwZPdJdEylDKPTeZLaCf6TjK46C
UfWJBajPZ2wiupjQJb5FYz_1KsWYCXAE4k6xt9v5wkwm_FHpYevNXuE7hokcim
LRiCi1R_xjnG7sHCTWKb56L0ZsqacWn_52jkO9B3Q
]]></artwork></figure>
<t>And authentication tag:</t>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-compressed-tag"><artwork><![CDATA[
Im5q_DU2ZafibIuj5GNI5Q
]]></artwork></figure>
</section>
<section anchor="jwe-compressed-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style='symbols'>
<t>Protected JWE header (<xref target="jwe-compressed-protected_b64u"/>)</t>
<t>encrypted key (<xref target="jwe-compressed-encdkey"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-compressed-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-compressed-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-compressed-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jwe-compressed-compact"><artwork><![CDATA[
eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0
.
fUGYywsd6dWWr5JpNP0EMMN2XkXk8_h5
.
9UnGd0z8-Yx3BFV3
.
b962BmHXeA9iYY8u9GnpxtXnme1MNm7vhhBqcxJHof08hGn1ltC7Mpf0dnlB0y
ZqAlqBWDJrGs3eVseTlFEFm0pDHDlIven74xwZPdJdEylDKPTeZLaCf6TjK46C
UfWJBajPZ2wiupjQJb5FYz_1KsWYCXAE4k6xt9v5wkwm_FHpYevNXuE7hokcim
LRiCi1R_xjnG7sHCTWKb56L0ZsqacWn_52jkO9B3Q
.
Im5q_DU2ZafibIuj5GNI5Q
]]></artwork></figure>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-compressed-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key":
"fUGYywsd6dWWr5JpNP0EMMN2XkXk8_h5"
}
],
"protected":
"eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktY
TQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiRE
VGIn0",
"iv":
"9UnGd0z8-Yx3BFV3",
"ciphertext":
"b962BmHXeA9iYY8u9GnpxtXnme1MNm7vhhBqcxJHof08hGn1ltC7Mpf0d
nlB0yZqAlqBWDJrGs3eVseTlFEFm0pDHDlIven74xwZPdJdEylDKPTeZL
aCf6TjK46CUfWJBajPZ2wiupjQJb5FYz_1KsWYCXAE4k6xt9v5wkwm_FH
pYevNXuE7hokcimLRiCi1R_xjnG7sHCTWKb56L0ZsqacWn_52jkO9B3Q",
"tag":
"Im5q_DU2ZafibIuj5GNI5Q"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-aad" title="Including Additional Authenticated Data">
<t>This example illustrates encrypting content that includes additional authenticated data. As this example includes an additional top-level property not present in the Compact serialization, only the JSON serialization is possible.</t>
<section anchor="jwe-aad-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style='symbols'>
<t>Plaintext content; this example uses the content from <xref target="jwe-plaintext"/>.</t>
<t>Recipient encryption key; this example uses the key from <xref target="jwe-aeskw-key"/>.</t>
<t>Key encryption algorithm; this example uses “A128KW”.</t>
<t>Content encryption algorithm; this example uses “A128GCM”.</t>
<t>Additional authenticated data; this example uses a <xref target="I-D.ietf-jcardcal-jcard"/> vCard from <xref target="jwe-aad-data"/>, serialized to UTF-8.</t>
</list></t>
<figure title="Additional Authenticated Data, in JSON format" anchor="jwe-aad-data"><artwork><![CDATA[
[
"vcard",
[
[ "version", {}, "text", "4.0" ],
[ "fn", {}, "text", "Meriadoc Brandybuck" ],
[ "n", {},
"text", [
"Brandybuck", "Meriadoc", "Mr.", ""
]
],
[ "bday", {}, "text", "TA 2982" ],
[ "gender", {}, "text", "M" ]
]
]
]]></artwork></figure>
<t><spanx style='strong'>NOTE</spanx> whitespace between JSON values added for readability.</t>
</section>
<section anchor="jwe-aad-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style='symbols'>
<t>AES symmetric key as the Content Encryption Key (CEK); this example uses the key from <xref target="jwe-aad-cek"/>.</t>
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jwe-aad-iv"/>.</t>
<t>Encoded additional authenticated data (AAD); this example uses the additional authenticated data from <xref target="jwe-aad-data"/>, encoded to <xref target="RFC4648"/> base64url as <xref target="jwe-aad-data_b64u"/>.</t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-aad-cek"><artwork><![CDATA[
uGL3QU7R3HMR3ik-oTW82w
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-aad-iv"><artwork><![CDATA[
HorZstLCLfNNC7TN
]]></artwork></figure>
<figure title="Additional Authenticated Data, base64url-encoded" anchor="jwe-aad-data_b64u"><artwork><![CDATA[
WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuIix7fS
widGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4iLHt9LCJ0ZXh0Iixb
IkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbImJkYXkiLHt9LC
J0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV4dCIsIk0iXV1d
]]></artwork></figure>
</section>
<section anchor="jwe-aad-keyenc" title="Encrypting the Key">
<t>Performing the key encryption operation over the CEK (<xref target="jwe-aad-cek"/>) with the AES key (<xref target="jwe-aeskw-key"/>) produces the following encrypted key:</t>
<figure title="Encrypted Key, base64url-encoded" anchor="jwe-aad-encdkey"><artwork><![CDATA[
MJjYoJ6DKa__0KTJP5PT8pR0T_tybLRc
]]></artwork></figure>
</section>
<section anchor="jwe-aad-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the content:</t>
<t><list style='symbols'>
<t>Protected JWE Header; this example uses the header from <xref target="jwe-aad-protected"/>, encoded to <xref target="RFC4648"/> base64url as <xref target="jwe-aad-protected_b64u"/>.</t>
</list></t>
<figure title="Protected JWE Header JSON" anchor="jwe-aad-protected"><artwork><![CDATA[
{
"alg": "A128KW",
"kid": "81b20965-8332-43d9-a468-82160ad91ac8",
"enc": "A128GCM"
}
]]></artwork></figure>
<figure title="Protected JWE Header, base64url-encoded" anchor="jwe-aad-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0
]]></artwork></figure>
<t>Performing the content encryption operation over the Plaintext with the following:</t>
<t><list style='symbols'>
<t>CEK (<xref target="jwe-aad-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-aad-iv"/>); and</t>
<t>Concatenation of the protected JWE header (<xref target="jwe-aad-protected_b64u"/>), “.”, and the <xref target="RFC4648"/> base64url encoding of <xref target="jwe-aad-data"/> as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style='symbols'>
<t>Ciphertext from <xref target="jwe-aad-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-aad-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-aad-ciphertext"><artwork><![CDATA[
36qblaXJa6XlM7EHkAWVcrAvUA-w0zUsaSiK9ajj1CsPp-oHpElk7bktsA2u9p
b_T0yeXpjeaGKc0tWO6VKMIpIEJed-reIzaHva_JrHKt63tKWRmGDtQ9EHDCgw
Vv_0EwUoVW_RzfugR-71IsoTSYeziVi2XL_nsHpcVGFQOgD2C-nvwqo4_8f9pZ
_bmK_kj0eAc54qp2laNG7odWGOSpOvW4Vr2ujW8QnHQlaKUNUqh0ODvCu0hFWN
pzxEgja4X6UlSkY6uTQR-mBBpwlA4rAnjP-pn0zuq0T13vkCplokt2GKhRLysE
6UqLjnyfexHGjC349nzsBHoCXk2tKJwrqPpssCnsqPaffU
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-aad-tag"><artwork><![CDATA[
tp_Idm6BMHn3iJQ86T4sRA
]]></artwork></figure>
</section>
<section anchor="jwe-aad-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style='symbols'>
<t>Protected JWE header (<xref target="jwe-aad-protected_b64u"/>)</t>
<t>encrypted key (<xref target="jwe-aad-encdkey"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-aad-iv"/>)</t>
<t>Additional authenticated data (<xref target="jwe-aad-data_b64u"/>)</t>
<t>Ciphertext (<xref target="jwe-aad-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-aad-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-aad-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key":
"Aa2ArPkcYIHxdlA3lsGWtcC9sBkqTYHr"
}
],
"protected":
"eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktY
TQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0",
"iv":
"HorZstLCLfNNC7TN",
"aad":
"WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuI
ix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4iLHt9LCJ
0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbI
mJkYXkiLHt9LCJ0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV
4dCIsIk0iXV1d",
"ciphertext":
"36qblaXJa6XlM7EHkAWVcrAvUA-w0zUsaSiK9ajj1CsPp-oHpElk7bkts
A2u9pb_T0yeXpjeaGKc0tWO6VKMIpIEJed-reIzaHva_JrHKt63tKWRmG
DtQ9EHDCgwVv_0EwUoVW_RzfugR-71IsoTSYeziVi2XL_nsHpcVGFQOgD
2C-nvwqo4_8f9pZ_bmK_kj0eAc54qp2laNG7odWGOSpOvW4Vr2ujW8QnH
QlaKUNUqh0ODvCu0hFWNpzxEgja4X6UlSkY6uTQR-mBBpwlA4rAnjP-pn
0zuq0T13vkCplokt2GKhRLysE6UqLjnyfexHGjC349nzsBHoCXk2tKJwr
qPpssCnsqPaffU",
"tag":
"tp_Idm6BMHn3iJQ86T4sRA"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-somefields" title="Protecting Specific Header Fields">
<t>This example illustrates encrypting content where only certain JWE header parameters are protected. As this example includes unprotected JWE header parameters, only the JSON serialization is possible.</t>
<section anchor="jwe-somefields-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style='symbols'>
<t>Plaintext content; this example uses the content from <xref target="jwe-plaintext"/>.</t>
<t>Recipient encryption key; this example uses the key from <xref target="jwe-aeskw-key"/>.</t>
<t>Key encryption algorithm; this example uses “A128KW”.</t>
<t>Content encryption algorithm; this example uses “A128GCM”.</t>
</list></t>
</section>
<section anchor="jwe-somefields-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style='symbols'>
<t>AES symmetric key as the Content Encryption Key (CEK); this example uses the key from <xref target="jwe-somefields-cek"/>.</t>
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jwe-somefields-iv"/>.</t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-somefields-cek"><artwork><![CDATA[
uGL3QU7R3HMR3ik-oTW82w
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-somefields-iv"><artwork><![CDATA[
HorZstLCLfNNC7TN
]]></artwork></figure>
</section>
<section anchor="jwe-somefields-keyenc" title="Encrypting the Key">
<t>Performing the key encryption operation over the CEK (<xref target="jwe-somefields-cek"/>) with the AES key (<xref target="jwe-aeskw-key"/>) produces the following encrypted key:</t>
<figure title="Encrypted Key, base64url-encoded" anchor="jwe-somefields-encdkey"><artwork><![CDATA[
MJjYoJ6DKa__0KTJP5PT8pR0T_tybLRc
]]></artwork></figure>
</section>
<section anchor="jwe-somefields-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the content:</t>
<t><list style='symbols'>
<t>Protected JWE Header; this example uses the header from <xref target="jwe-somefields-protected"/>, encoded to <xref target="RFC4648"/> base64url as <xref target="jwe-somefields-protected_b64u"/>.</t>
</list></t>
<figure title="Protected JWE Header JSON" anchor="jwe-somefields-protected"><artwork><![CDATA[
{
"enc": "A128GCM"
}
]]></artwork></figure>
<figure title="Protected JWE Header, base64url-encoded" anchor="jwe-somefields-protected_b64u"><artwork><![CDATA[
eyJlbmMiOiJBMTI4R0NNIn0
]]></artwork></figure>
<t>Performing the content encryption operation over the Plaintext with the following:</t>
<t><list style='symbols'>
<t>CEK (<xref target="jwe-somefields-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-somefields-iv"/>); and</t>
<t>Protected JWE header (<xref target="jwe-somefields-protected_b64u"/>) as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style='symbols'>
<t>Ciphertext from <xref target="jwe-somefields-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-somefields-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-somefields-ciphertext"><artwork><![CDATA[
XR98Or5bnT-qBoQ0-K8WbR6hphUsSoJZdE6W0c3CYJ2kSk-6NuycqF4ZrKy6YC
-Gs3jfCwkCmW955kmDgTIlc-fSQ-w__kwrM8wepy1h61OeY2HCM8-vJpK3yHcW
HrbJhuqJExRWlnR6l9y9kcAzc3F1YWBJ5B5uY0PvbbbiQnRL5d9VFxKZFjF8qT
a6T1OsXR22bKkb-oG8JWSiefhxZlGQCpqRUfmYDRMZhfakIa1hXVDaLZIapkka
gpw510A5yt0E5W8qkcCrezJZtCSFeHTJFqspCcnTvdfDqkGVQwo1cxKr0Wu-2K
wb3dP8TlZJ2dMSOxXyMQav1nqZcfKn2qg4xI87D5mhfCrW
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-somefields-tag"><artwork><![CDATA[
Hjccc2tFAQi12LH6FF-jFA
]]></artwork></figure>
</section>
<section anchor="jwe-somefields-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style='symbols'>
<t>Unprotected JWE header (<xref target="jwe-somefields-unprotected"/>)</t>
<t>Protected JWE header (<xref target="jwe-somefields-protected_b64u"/>)</t>
<t>encrypted key (<xref target="jwe-somefields-encdkey"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-somefields-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-somefields-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-somefields-tag"/>)</t>
</list></t>
<t>The following unprotected JWE header is generated before assembling the output results:</t>
<figure title="Unprotected JWE Header JSON" anchor="jwe-somefields-unprotected"><artwork><![CDATA[
{
"alg": "A128KW",
"kid": "81b20965-8332-43d9-a468-82160ad91ac8"
}
]]></artwork></figure>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-somefields-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key":
"MJjYoJ6DKa__0KTJP5PT8pR0T_tybLRc"
}
],
"unprotected": {
"alg": "A128KW",
"kid": "81b20965-8332-43d9-a468-82160ad91ac8"
},
"protected":
"eyJlbmMiOiJBMTI4R0NNIn0",
"iv":
"HorZstLCLfNNC7TN",
"ciphertext":
"XR98Or5bnT-qBoQ0-K8WbR6hphUsSoJZdE6W0c3CYJ2kSk-6NuycqF4Zr
Ky6YC-Gs3jfCwkCmW955kmDgTIlc-fSQ-w__kwrM8wepy1h61OeY2HCM8
-vJpK3yHcWHrbJhuqJExRWlnR6l9y9kcAzc3F1YWBJ5B5uY0PvbbbiQnR
L5d9VFxKZFjF8qTa6T1OsXR22bKkb-oG8JWSiefhxZlGQCpqRUfmYDRMZ
hfakIa1hXVDaLZIapkkagpw510A5yt0E5W8qkcCrezJZtCSFeHTJFqspC
cnTvdfDqkGVQwo1cxKr0Wu-2Kwb3dP8TlZJ2dMSOxXyMQav1nqZcfKn2q
g4xI87D5mhfCrW",
"tag":
"Hjccc2tFAQi12LH6FF-jFA"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-nofields" title="Protecting Content Only">
<t>This example illustrates encrypting content where none of the JWE header parameters are protected. As this example includes only unprotected JWE header parameters, only the JSON serialization is possible.</t>
<section anchor="jwe-nofields-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style='symbols'>
<t>Plaintext content; this example uses the content from <xref target="jwe-plaintext"/>.</t>
<t>Recipient encryption key; this example uses the key from <xref target="jwe-aeskw-key"/>.</t>
<t>Key encryption algorithm; this example uses “A128KW”.</t>
<t>Content encryption algorithm; this example uses “A128GCM”.</t>
</list></t>
</section>
<section anchor="jwe-nofields-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style='symbols'>
<t>AES symmetric key as the Content Encryption Key; this example the key from <xref target="jwe-nofields-cek"/>.</t>
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jwe-nofields-iv"/>.</t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-nofields-cek"><artwork><![CDATA[
5UVirgqilMhbWpSnM3alUQ
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-nofields-iv"><artwork><![CDATA[
zdbIl4BrrziYK55_
]]></artwork></figure>
</section>
<section anchor="jwe-nofields-keyenc" title="Encrypting the Key">
<t>Performing the key encryption operation over the CEK (<xref target="jwe-nofields-cek"/> with the AES key (<xref target="jwe-aeskw-key"/> produces the following encrypted key:</t>
<figure title="Encrypted Key, base64url-encoded" anchor="jwe-nofields-encdkey"><artwork><![CDATA[
yyuirCy7Hd_nY0gL5Jfq6sJ7RXRR0DtF
]]></artwork></figure>
</section>
<section anchor="jwe-nofields-contentenc" title="Encrypting the Content">
<t>Performing the content encryption operation over the Plaintext (<xref target="jwe-plaintext"/>) using the following:</t>
<t><list style='symbols'>
<t>CEK (<xref target="jwe-nofields-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-nofields-iv"/>); and</t>
<t>Empty string as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style='symbols'>
<t>Ciphertext from <xref target="jwe-nofields-ciphertext"/>.</t>
<t>Authenticated data from <xref target="jwe-nofields-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-nofields-ciphertext"><artwork><![CDATA[
3MtsMr7GhYafTv6KNiWMEg5vl4tE2FHfmvfxhTJnioynNBD7G6LEEI6uLDHK-p
A2vINROgEAEiN9srAPN2qxl1kxJs4FBBin21pErXalJF_yqotv5OX-sXpyMSd2
X4peV29PRKVI2gaeVH8QjhuV5ar1UYaFW9qTqxwsN_NrbN8x709Exvhl3LoX6H
5XH9KFAc0nEk_AXvAvtYbq3GpWu3OONrXQuq6Oy7LCvBwCjlSKUEMR094sPim5
GVB7p_CX_xDuWGkPiaCTru0qJOfPjIbzzAjnf5m4Nw9kB1bMmYl4k_nvBSbUa1
-ybdYyGcK1ldGbWzYsCYZFII4DmK8rXHYDHRA1jR8StGEo
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-nofields-tag"><artwork><![CDATA[
0qbCArWBoY_iqVMwfjNC4Q
]]></artwork></figure>
</section>
<section anchor="jwe-nofields-output" title="Output Results">
<t>The following unprotected JWE header is generated before assembling the output results:</t>
<figure title="Unprotected JWE Header JSON" anchor="jwe-nofields-unprotected"><artwork><![CDATA[
{
"alg": "A128KW",
"kid": "81b20965-8332-43d9-a468-82160ad91ac8",
"enc": "A128GCM"
}
]]></artwork></figure>
<t>The following compose the resulting JWE object:</t>
<t><list style='symbols'>
<t>Unprotected JWE header (<xref target="jwe-nofields-unprotected"/>)</t>
<t>encrypted key (<xref target="jwe-nofields-encdkey"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-nofields-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-nofields-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-nofields-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-nofields-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key":
"yyuirCy7Hd_nY0gL5Jfq6sJ7RXRR0DtF"
}
],
"unprotected": {
"alg": "A128KW",
"kid": "81b20965-8332-43d9-a468-82160ad91ac8",
"enc": "A128GCM"
},
"iv":
"zdbIl4BrrziYK55_",
"ciphertext":
"3MtsMr7GhYafTv6KNiWMEg5vl4tE2FHfmvfxhTJnioynNBD7G6LEEI6uL
DHK-pA2vINROgEAEiN9srAPN2qxl1kxJs4FBBin21pErXalJF_yqotv5O
X-sXpyMSd2X4peV29PRKVI2gaeVH8QjhuV5ar1UYaFW9qTqxwsN_NrbN8
x709Exvhl3LoX6H5XH9KFAc0nEk_AXvAvtYbq3GpWu3OONrXQuq6Oy7LC
vBwCjlSKUEMR094sPim5GVB7p_CX_xDuWGkPiaCTru0qJOfPjIbzzAjnf
5m4Nw9kB1bMmYl4k_nvBSbUa1-ybdYyGcK1ldGbWzYsCYZFII4DmK8rXH
YDHRA1jR8StGEo",
"tag":
"0qbCArWBoY_iqVMwfjNC4Q"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-multi" title="Encrypting to Multiple Recipients">
<t>This example illustrates encryption content for multiple recipients. As this example has multiple recipients, only the JSON serialization is possible.</t>
<section anchor="jwe-multi-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style='symbols'>
<t>Plaintext content; this example uses the plaintext from <xref target="jwe-plaintext"/>.</t>
<t>Recipient keys; this example uses the following: <list style='symbols'>
<t>The RSA public key from <xref target="jwe-rsa15-key"/> for the first recipient.</t>
<t>The EC public key from <xref target="jwe-ecdh_aeskw-key"/> for the second recipient.</t>
<t>The AES symmetric key from <xref target="jwe-aesgcmkw-key"/> for the third recipient.</t>
</list></t>
<t>Key encryption algorithms; this example uses the following: <list style='symbols'>
<t>“RSA1_5” for the first recipient.</t>
<t>“ECDH-ES+A256KW” for the second recipient.</t>
<t>“A256GCMKW” for the third recipient.</t>
</list></t>
<t>Content encryption algorithm; this example uses “A128CBC-HS256”</t>
</list></t>
</section>
<section anchor="jwe-multi-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style='symbols'>
<t>AES symmetric key as the Content Encryption Key (CEK); this example uses the key from <xref target="jwe-multi-cek"/>.</t>
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jwe-multi-iv"/>.</t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-multi-cek"><artwork><![CDATA[
OYs79m0f3LEuMZzmWBCywRn4u8B09BVidJb9j0ojDsY
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-multi-iv"><artwork><![CDATA[
nY-xFgdef1LrsU7u
]]></artwork></figure>
</section>
<section anchor="jwe-multi-keyenc_1" title="Encrypting the Key to the First Recipient">
<t>Performing the “RSA1_5” key encryption operation over the CEK (<xref target="jwe-multi-cek"/> with the first recipient’s RSA key (<xref target="jwe-rsa15-key"/> produces the following encrypted key:</t>
<figure title="Recipient #1 Encrypted Key, base64url-encoded" anchor="jwe-multi-encdkey_1"><artwork><![CDATA[
EBbDunXtz-j0Gn0q4c9vtueHlb0E-oBkSMno9PUg8eR7Y5T71aU9t0JkvxtKiO
xibNkeeUSYPLPGvxslWAYgmqYW--uP_R64hQFp2fcB5MnyQ69GBkMU6Poie-Ct
Q2y9Z3Mv9-NMbT7LO99A_2EUEXuxzGnHYSftk7KKjyw38LBuvSOVdokkHWMP4p
VLeUJB1ovbT4M1j3pxUzyM2426sD6LfjorQhY8vsChyDaFST0Oe8uBvcRyA5ma
bEyRYlUet8PRH_CjINMipv7LCDRsKVnr3oHwZEfCJFGNC-w_-Qn4xcmkmxyaz1
-kZEpS_t2kWJsFqx3mg7QAXJBxdGmy6A
]]></artwork></figure>
<t>The following are generated after encrypting the CEK for the first recipient:</t>
<t><list style='symbols'>
<t>Recipient JWE header from <xref target="jwe-multi-rcpt_header_1"/></t>
</list></t>
<figure title="Recipient #1 JWE Header JSON" anchor="jwe-multi-rcpt_header_1"><artwork><![CDATA[
{
"alg": "RSA1_5",
"kid": "frodo.baggins@hobbiton.example"
}
]]></artwork></figure>
<t>The following is the assembled first recipient JSON:</t>
<figure title="Recipient #1 JSON" anchor="jwe-multi-rcpt_1"><artwork><![CDATA[
{
"encrypted_key":
"EBbDunXtz-j0Gn0q4c9vtueHlb0E-oBkSMno9PUg8eR7Y5T71aU9t0Jkv
xtKiOxibNkeeUSYPLPGvxslWAYgmqYW--uP_R64hQFp2fcB5MnyQ69GBk
MU6Poie-CtQ2y9Z3Mv9-NMbT7LO99A_2EUEXuxzGnHYSftk7KKjyw38LB
uvSOVdokkHWMP4pVLeUJB1ovbT4M1j3pxUzyM2426sD6LfjorQhY8vsCh
yDaFST0Oe8uBvcRyA5mabEyRYlUet8PRH_CjINMipv7LCDRsKVnr3oHwZ
EfCJFGNC-w_-Qn4xcmkmxyaz1-kZEpS_t2kWJsFqx3mg7QAXJBxdGmy6A",
"header": {
"alg": "RSA1_5",
"kid": "frodo.baggins@hobbiton.example"
}
}
]]></artwork></figure>
</section>
<section anchor="jwe-multi-keyenc_2" title="Encrypting the Key to the Second Recipient">
<t>The following are generated before encrypting the CEK for the second recipient:</t>
<t><list style='symbols'>
<t>Ephemeral EC private key on the same curve as the EC public key; this example uses the private key that matches the public key from <xref target="jwe-multi-epk_2"/>.</t>
</list></t>
<figure title="Ephemeral public key for Recipient #2, in JWK format" anchor="jwe-multi-epk_2"><artwork><![CDATA[
{
"kty": "EC",
"crv": "P-384",
"x": "-fcIsKguXqJTTsWdHbJ4iRY_xARz9O_JdAxVEJnrxo7sJRbkwH
mwlMi4AxCVzG_I",
"y": "JcuN_3pD0dbTjry07BoFoJ-_W-SumUHH9XIAvXkKeFkJV4s5GM
CwXwxtgkNeZ32T"
}
]]></artwork></figure>
<t>Performing the “ECDH-ES+A256KW” key encryption operation over the CEK (<xref target="jwe-multi-cek"/> with the following:</t>
<t><list style='symbols'>
<t>Static Elliptic Curve public key (<xref target="jwe-ecdh_aeskw-key"/>).</t>
<t>Ephemeral Elliptic Curve private key (<xref target="jwe-multi-epk_2"/>.</t>
</list></t>
<t>produces the following encrypted key:</t>
<figure title="Recipient #2 Encrypted Key, base64url-encoded" anchor="jwe-multi-encdkey_2"><artwork><![CDATA[
Dd1kQYNhhSIlKEAyE9UYhjtUBGahteiYVnRUg_tWf8S9VJZKL_8YOw
]]></artwork></figure>
<t>The following are generated after encrypting the CEK for the second recipient:</t>
<t><list style='symbols'>
<t>Recipient JWE Header from <xref target="jwe-multi-rcpt_header_2"/>.</t>
</list></t>
<figure title="Recipient #2 JWE Header JSON" anchor="jwe-multi-rcpt_header_2"><artwork><![CDATA[
{
"alg": "ECDH-ES+A256KW",
"kid": "peregrin.took@tuckborough.example",
"epk": {
"kty": "EC",
"crv": "P-384",
"x": "-fcIsKguXqJTTsWdHbJ4iRY_xARz9O_JdAxVEJnrxo7sJRbkwH
mwlMi4AxCVzG_I",
"y": "JcuN_3pD0dbTjry07BoFoJ-_W-SumUHH9XIAvXkKeFkJV4s5GM
CwXwxtgkNeZ32T"
}
}
]]></artwork></figure>
<t>The following is the assembled second recipient JSON:</t>
<figure title="Recipient #2 JSON" anchor="jwe-multi-rcpt_2"><artwork><![CDATA[
{
"encrypted_key":
"Dd1kQYNhhSIlKEAyE9UYhjtUBGahteiYVnRUg_tWf8S9VJZKL_8YOw",
"header": {
"alg": "ECDH-ES+A256KW",
"kid": "peregrin.took@tuckborough.example",
"epk": {
"kty": "EC",
"crv": "P-384",
"x": "-fcIsKguXqJTTsWdHbJ4iRY_xARz9O_JdAxVEJnrxo7sJRbk
wHmwlMi4AxCVzG_I",
"y": "JcuN_3pD0dbTjry07BoFoJ-_W-SumUHH9XIAvXkKeFkJV4s5
GMCwXwxtgkNeZ32T"
}
}
}
]]></artwork></figure>
</section>
<section anchor="jwe-multi-keyenc_3" title="Encrypting the Key to the Third Recipient">
<t>The following are generated before encrypting the CEK for the third recipient:</t>
<t><list style='symbols'>
<t>Initialization vector/nonce for key wrapping; this example uses the initialization vector/nonce from {{jwe-multi-kwiv_3}</t>
</list></t>
<figure anchor="jwe-multi-kwiv_3"><artwork><![CDATA[
kZtitxRDXfzCS6ZK
]]></artwork></figure>
<t>Performing the “A256GCMKW” key encryption operation over the CEK (<xref target="jwe-multi-cek"/>) with the following:</t>
<t><list style='symbols'>
<t>AES symmetric key (<xref target="jwe-aesgcmkw-key"/>; and</t>
<t>Initialization vector/nonce ((<xref target="jwe-multi-kwiv_3"/></t>
</list></t>
<t>produces the following:</t>
<t><list style='symbols'>
<t>Encrypted key from <xref target="jwe-multi-encdkey_3"/>.</t>
<t>Key wrap authentication tag from <xref target="jwe-multi-kwtag_3"/></t>
</list></t>
<figure title="Recipient #3 Encrypted Key, base64url-encoded" anchor="jwe-multi-encdkey_3"><artwork><![CDATA[
iiVL4XCDCnsWCSZCTysGxl41vdnJqIThbumNa9wSQBo
]]></artwork></figure>
<figure title="Recipient #3 Encrypted Key, base64url-encoded" anchor="jwe-multi-kwtag_3"><artwork><![CDATA[
DOVpODvbotRWOHEqTRcXkg
]]></artwork></figure>
<t>The following are generated after encrypting the CEK for the third recipient:</t>
<t><list style='symbols'>
<t>Recipient JWE header; this example uses the header from <xref target="jwe-multi-rcpt_header_3"/>.</t>
</list></t>
<figure title="Recipient #3 JWE Header JSON" anchor="jwe-multi-rcpt_header_3"><artwork><![CDATA[
{
"alg": "A256GCMKW",
"kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
"tag": "DOVpODvbotRWOHEqTRcXkg",
"iv": "kZtitxRDXfzCS6ZK"
}
]]></artwork></figure>
<t>The following is the assembled third recipient JSON:</t>
<figure title="Recipient #3 JSON" anchor="jwe-multi-rcpt_3"><artwork><![CDATA[
{
"encrypted_key":
"DOVpODvbotRWOHEqTRcXkg",
"header": {
"alg": "A256GCMKW",
"kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
"tag": "DOVpODvbotRWOHEqTRcXkg",
"iv": "kZtitxRDXfzCS6ZK"
}
]]></artwork></figure>
</section>
<section anchor="jwe-multi-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the content:</t>
<t><list style='symbols'>
<t>Protected JWE Header; this example uses the header from <xref target="jwe-multi-protected"/>, encoded to <xref target="RFC4648"/> base64url as <xref target="jwe-multi-protected_b64u"/>.</t>
</list></t>
<figure title="Protected JWE Header JSON" anchor="jwe-multi-protected"><artwork><![CDATA[
{
"enc": "A128GCM"
}
]]></artwork></figure>
<figure title="Protected JWE Header, base64url-encoded" anchor="jwe-multi-protected_b64u"><artwork><![CDATA[
eyJlbmMiOiJBMTI4R0NNIn0
]]></artwork></figure>
<t>Performing the content encryption operation over the Plaintext (<xref target="jwe-plaintext"/>) with the following:</t>
<t><list style='symbols'>
<t>CEK (<xref target="jwe-multi-cek"/>),</t>
<t>Initialization vector/nonce (<xref target="jwe-multi-iv"/>), and</t>
<t>Protected JWE header (<xref target="jwe-multi-protected_b64u"/>) as the authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style='symbols'>
<t>Ciphertext from <xref target="jwe-multi-ciphertext"/></t>
<t>Authentication tag from <xref target="jwe-multi-tag"/></t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-multi-ciphertext"><artwork><![CDATA[
aG6vvrUIPIE5AunujYfPvgO1ypah6leCfYeW721swK9Nr8ERrKJn-HFkEkcx2r
HnLgp33hKX6jPBWlSwilwGl2e2xg3SxQiA9OYncXBkpUcUK4KoIg7qCvtTsVFp
sVRJYTBDqpGuecYdYOeZPWUuB1vX4jrCFIpHh3BIraAE6iTxdmxhHP-OXGZQpU
N4Y2qcromUQP2jSreVGp2Gn9b4bWELfLny4WqRVmB_bySnyUxdglzGAQEse7s_
o1s_6i1fOZnB5WzcoNo2aTZIKWLjJ347XL95KcF9aYwMAZSi7N4n41Zs2Yaa8-
u07LpV9fQ7ubDQj1fQ4clpxPv_IDbHJ3tgdlH2lWSHwZADwgpIOA
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-multi-tag"><artwork><![CDATA[
ESZx8edqbU4osp8P8H0a5Q
]]></artwork></figure>
<t>The following is generated after encrypting the plaintext:</t>
<t><list style='symbols'>
<t>Unprotected JWE header parameters; this example uses the header from <xref target="jwe-multi-unprotected"/>.</t>
</list></t>
<figure title="Unprotected JWE Header JSON" anchor="jwe-multi-unprotected"><artwork><![CDATA[
{
"cty": "text/plain"
}
]]></artwork></figure>
</section>
<section anchor="jwe-multi-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style='symbols'>
<t>Recipient #1 JSON (<xref target="jwe-multi-rcpt_1"/>)</t>
<t>Recipient #2 JSON (<xref target="jwe-multi-rcpt_2"/>)</t>
<t>Recipient #3 JSON (<xref target="jwe-multi-rcpt_3"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-multi-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-multi-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-multi-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-multi-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key":
"EBbDunXtz-j0Gn0q4c9vtueHlb0E-oBkSMno9PUg8eR7Y5T71aU9t
0JkvxtKiOxibNkeeUSYPLPGvxslWAYgmqYW--uP_R64hQFp2fcB5M
nyQ69GBkMU6Poie-CtQ2y9Z3Mv9-NMbT7LO99A_2EUEXuxzGnHYSf
tk7KKjyw38LBuvSOVdokkHWMP4pVLeUJB1ovbT4M1j3pxUzyM2426
sD6LfjorQhY8vsChyDaFST0Oe8uBvcRyA5mabEyRYlUet8PRH_CjI
NMipv7LCDRsKVnr3oHwZEfCJFGNC-w_-Qn4xcmkmxyaz1-kZEpS_t
2kWJsFqx3mg7QAXJBxdGmy6A",
"header": {
"alg": "RSA1_5",
"kid": "frodo.baggins@hobbiton.example"
}
},
{
"encrypted_key":
"Dd1kQYNhhSIlKEAyE9UYhjtUBGahteiYVnRUg_tWf8S9VJZKL_8YO
w",
"header": {
"alg": "ECDH-ES+A256KW",
"kid": "peregrin.took@tuckborough.example",
"epk": {
"kty": "EC",
"crv": "P-384",
"x":
"-fcIsKguXqJTTsWdHbJ4iRY_xARz9O_JdAxVEJnrxo7sJRbkw
HmwlMi4AxCVzG_I",
"y":
"JcuN_3pD0dbTjry07BoFoJ-_W-SumUHH9XIAvXkKeFkJV4s5G
MCwXwxtgkNeZ32T"
}
}
},
{
"encrypted_key":
"iiVL4XCDCnsWCSZCTysGxl41vdnJqIThbumNa9wSQBo",
"header": {
"alg": "A256GCMKW",
"kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
"tag": "DOVpODvbotRWOHEqTRcXkg",
"iv": "kZtitxRDXfzCS6ZK"
}
}
],
"protected": "eyJlbmMiOiJBMTI4R0NNIn0",
"unprotected": {
"cty": "text/plain"
},
"iv":
"nY-xFgdef1LrsU7u",
"ciphertext":
"aG6vvrUIPIE5AunujYfPvgO1ypah6leCfYeW721swK9Nr8ERrKJn-HFkE
kcx2rHnLgp33hKX6jPBWlSwilwGl2e2xg3SxQiA9OYncXBkpUcUK4KoIg
7qCvtTsVFpsVRJYTBDqpGuecYdYOeZPWUuB1vX4jrCFIpHh3BIraAE6iT
xdmxhHP-OXGZQpUN4Y2qcromUQP2jSreVGp2Gn9b4bWELfLny4WqRVmB_
bySnyUxdglzGAQEse7s_o1s_6i1fOZnB5WzcoNo2aTZIKWLjJ347XL95K
cF9aYwMAZSi7N4n41Zs2Yaa8-u07LpV9fQ7ubDQj1fQ4clpxPv_IDbHJ3
tgdlH2lWSHwZADwgpIOA",
"tag":
"ESZx8edqbU4osp8P8H0a5Q"
}
]]></artwork></figure>
</section>
</section>
</section>
<section anchor="security" title="Security Considerations">
<t>This document introduces no new security considerations over those stated in <xref target="I-D.ietf-jose-json-web-algorithms"/>, <xref target="I-D.ietf-jose-json-web-encryption"/>, <xref target="I-D.ietf-jose-json-web-key"/>, and <xref target="I-D.ietf-jose-json-web-signature"/>.</t>
</section>
<section anchor="iana" title="IANA Considerations">
<t>This document has no actions for IANA.</t>
</section>
</middle>
<back>
<references title='Informative References'>
<reference anchor='I-D.ietf-jose-json-web-algorithms'>
<front>
<title>JSON Web Algorithms (JWA)</title>
<author initials='M' surname='Jones' fullname='Michael Jones'>
<organization />
</author>
<date month='November' day='12' year='2013' />
<abstract><t>The JSON Web Algorithms (JWA) specification registers cryptographic algorithms and identifiers to be used with the JSON Web Signature (JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK) specifications. It defines several IANA registries for these identifiers.</t></abstract>
</front>
<seriesInfo name='Internet-Draft' value='draft-ietf-jose-json-web-algorithms-18' />
<format type='TXT'
target='http://www.ietf.org/internet-drafts/draft-ietf-jose-json-web-algorithms-18.txt' />
<format type='PDF'
target='http://www.ietf.org/internet-drafts/draft-ietf-jose-json-web-algorithms-18.pdf' />
</reference>
<reference anchor='I-D.ietf-jose-json-web-encryption'>
<front>
<title>JSON Web Encryption (JWE)</title>
<author initials='M' surname='Jones' fullname='Michael Jones'>
<organization />
</author>
<author initials='E' surname='Rescorla' fullname='Eric Rescorla'>
<organization />
</author>
<author initials='J' surname='Hildebrand' fullname='Joe Hildebrand'>
<organization />
</author>
<date month='November' day='12' year='2013' />
<abstract><t>JSON Web Encryption (JWE) represents encrypted content using JavaScript Object Notation (JSON) based data structures. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and IANA registries defined by that specification. Related digital signature and MAC capabilities are described in the separate JSON Web Signature (JWS) specification.</t></abstract>
</front>
<seriesInfo name='Internet-Draft' value='draft-ietf-jose-json-web-encryption-18' />
<format type='TXT'
target='http://www.ietf.org/internet-drafts/draft-ietf-jose-json-web-encryption-18.txt' />
<format type='PDF'
target='http://www.ietf.org/internet-drafts/draft-ietf-jose-json-web-encryption-18.pdf' />
</reference>
<reference anchor='I-D.ietf-jose-json-web-key'>
<front>
<title>JSON Web Key (JWK)</title>
<author initials='M' surname='Jones' fullname='Michael Jones'>
<organization />
</author>
<date month='November' day='12' year='2013' />
<abstract><t>A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This specification also defines a JSON Web Key Set (JWK Set) JSON data structure for representing a set of JWKs. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and IANA registries defined by that specification.</t></abstract>
</front>
<seriesInfo name='Internet-Draft' value='draft-ietf-jose-json-web-key-18' />
<format type='TXT'
target='http://www.ietf.org/internet-drafts/draft-ietf-jose-json-web-key-18.txt' />
<format type='PDF'
target='http://www.ietf.org/internet-drafts/draft-ietf-jose-json-web-key-18.pdf' />
</reference>
<reference anchor='I-D.ietf-jose-json-web-signature'>
<front>
<title>JSON Web Signature (JWS)</title>
<author initials='M' surname='Jones' fullname='Michael Jones'>
<organization />
</author>
<author initials='J' surname='Bradley' fullname='John Bradley'>
<organization />
</author>
<author initials='N' surname='Sakimura' fullname='Nat Sakimura'>
<organization />
</author>
<date month='November' day='12' year='2013' />
<abstract><t>JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JavaScript Object Notation (JSON) based data structures. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and an IANA registry defined by that specification. Related encryption capabilities are described in the separate JSON Web Encryption (JWE) specification.</t></abstract>
</front>
<seriesInfo name='Internet-Draft' value='draft-ietf-jose-json-web-signature-18' />
<format type='TXT'
target='http://www.ietf.org/internet-drafts/draft-ietf-jose-json-web-signature-18.txt' />
<format type='PDF'
target='http://www.ietf.org/internet-drafts/draft-ietf-jose-json-web-signature-18.pdf' />
</reference>
<reference anchor='I-D.ietf-jcardcal-jcard'>
<front>
<title>jCard: The JSON format for vCard</title>
<author initials='P' surname='Kewisch' fullname='Philipp Kewisch'>
<organization />
</author>
<date month='October' day='15' year='2013' />
<abstract><t>This specification defines "jCard", a JSON format for vCard data. The vCard data format is a text format for representing and exchanging information about individuals and other entities, for example telephone numbers, email addresses, structured names and delivery addresses. JSON is a lightweight, text-based, language- independent data interchange format commonly used in internet applications.</t></abstract>
</front>
<seriesInfo name='Internet-Draft' value='draft-ietf-jcardcal-jcard-07' />
<format type='TXT'
target='http://www.ietf.org/internet-drafts/draft-ietf-jcardcal-jcard-07.txt' />
</reference>
<reference anchor='RFC1951'>
<front>
<title>DEFLATE Compressed Data Format Specification version 1.3</title>
<author initials='P.' surname='Deutsch' fullname='L. Peter Deutsch'>
<organization>Aladdin Enterprises</organization>
<address>
<postal>
<street>203 Santa Margarita Ave.</street>
<city>Menlo Park</city>
<region>CA</region>
<code>94025</code>
<country>US</country></postal>
<phone>+1 415 322 0103</phone>
<facsimile>+1 415 322 1734</facsimile>
<email>ghost@aladdin.com</email></address></author>
<date year='1996' month='May' />
<abstract>
<t>This specification defines a lossless compressed data format that compresses data using a combination of the LZ77 algorithm and Huffman coding, with efficiency comparable to the best currently available general-purpose compression methods. The data can be produced or consumed, even for an arbitrarily long sequentially presented input data stream, using only an a priori bounded amount of intermediate storage. The format can be implemented readily in a manner not covered by patents.</t></abstract></front>
<seriesInfo name='RFC' value='1951' />
<format type='TXT' octets='36944' target='http://www.rfc-editor.org/rfc/rfc1951.txt' />
<format type='PS' octets='57408' target='http://www.rfc-editor.org/rfc/rfc1951.ps' />
<format type='PDF' octets='56620' target='http://www.rfc-editor.org/rfc/rfc1951.pdf' />
</reference>
<reference anchor='RFC4648'>
<front>
<title>The Base16, Base32, and Base64 Data Encodings</title>
<author initials='S.' surname='Josefsson' fullname='S. Josefsson'>
<organization /></author>
<date year='2006' month='October' />
<abstract>
<t>This document describes the commonly used base 64, base 32, and base 16 encoding schemes. It also discusses the use of line-feeds in encoded data, use of padding in encoded data, use of non-alphabet characters in encoded data, use of different encoding alphabets, and canonical encodings. [STANDARDS-TRACK]</t></abstract></front>
<seriesInfo name='RFC' value='4648' />
<format type='TXT' octets='35491' target='http://www.rfc-editor.org/rfc/rfc4648.txt' />
</reference>
</references>
<section anchor="acknowledgements" title="Acknowledgements">
<t>All of the examples herein use quotes and character names found in the novels “The Hobbit”; “The Fellowship of the Ring”; “The Two Towers”; and “Return of the King”, written by J. R. R. Tolkien.</t>
<t>Thanks to Richard Barnes and Jim Schaad for providing for their input on the outline for this document.</t>
</section>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-23 13:55:08 |