One document matched: draft-ietf-jose-cookbook-05.xml
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
]>
<rfc ipr="trust200902" docName="draft-ietf-jose-cookbook-05" category="info">
<?rfc toc="yes"?>
<?rfc sortrefs="yes"?>
<?rfc symrefs="yes"?>
<front>
<title abbrev="JOSE Cookbook">Examples of Protecting Content using JavaScript Object Signing and Encryption (JOSE)</title>
<author initials="M." surname="Miller" fullname="Matthew Miller">
<organization>Cisco Systems, Inc.</organization>
<address>
<email>mamille2@cisco.com</email>
</address>
</author>
<date year="2014" month="October" day="24"/>
<area>Security</area>
<workgroup>JOSE Working Group</workgroup>
<keyword>Internet-Draft</keyword>
<abstract>
<t>This document contains a set of examples using JavaScript Object Signing and Encryption (JOSE) technology to protect data. These examples present a representative sampling JSON Web Key (JWK) objects, as well as various JSON Web Signature (JWS) and JSON Web Encryption (JWE) results given similar inputs.</t>
</abstract>
</front>
<middle>
<section anchor="intro" title="Introduction">
<t>The JavaScript Object Signing and Encryption (JOSE) technologies – JSON Web Signature (JWS) <xref target="I-D.ietf-jose-json-web-signature"/>, JSON Web Encryption (JWE) <xref target="I-D.ietf-jose-json-web-encryption"/>, JSON Web Key (JWK) <xref target="I-D.ietf-jose-json-web-key"/>, and JSON Web Algorithms (JWA) <xref target="I-D.ietf-jose-json-web-algorithms"/> – collectively can be used to encrypt and/or sign content using a variety of algorithms. While the full set of permutations is extremely large, and might be daunting to some, it is expected that most applications will only use a small set of algorithms to meet their needs.</t>
<t>This document provides a number of examples of signing or encrypting content using JOSE. While not exhaustive, it does compile a representative sample of JOSE features. As much as possible, the same signature payload or encryption plaintext content is used to illustrate differences in various signing and encryption results.</t>
<t>This document also provides a number of example JWK objects. These examples illustrate the distinguishing properties of various key types, and emphasize important characteristics. Most of the JWK examples are then used in the signature or encryption examples that follow.</t>
<section anchor="intro-conventions" title="Conventions Used in this Document">
<t>This document separates data that are expected to be input to an implementation of JOSE from data that are expected to be generated by an implementation of JOSE. Each example, wherever possible, provides enough information to both replicate the results of this document or to validate the results by running its inverse operation (e.g., signature results can be validated by performing the JWS verify). However, some algorithms inherently use random data and therefore computations employing them cannot be exactly replicated; such cases are explicitly stated in the relevant sections.</t>
<t>All instances of binary octet strings are represented using <xref target="RFC4648"/> base64url encoding.</t>
<t>Wherever possible, the examples include both the Compact and JSON serializations.</t>
<t>All of the examples in this document have whitespace added to improve formatting and readability. Except for JWE plaintext or JWS payload content, whitespace is not part of the cryptographic operations nor the exchange results.</t>
<t>Unless otherwise noted, the JWE plaintext or JWS payload content does include “ “ (U+0020 SPACE) characters. Line breaks (U+000A LINE FEED) replace “ “ (U+0020 SPACE) characters to improve readability but are not present in the JWE plaintext or JWS payload.</t>
</section>
</section>
<section anchor="terms" title="Terminology">
<t>This document inherits terminology regarding JSON Web Signature (JWS) technology from <xref target="I-D.ietf-jose-json-web-signature"/>, terminology regarding JSON Web Encryption (JWE) technology from <xref target="I-D.ietf-jose-json-web-encryption"/>, terminology regarding JSON Web Key (JWK) technology from <xref target="I-D.ietf-jose-json-web-key"/>, and terminology regarding algorithms from <xref target="I-D.ietf-jose-json-web-algorithms"/>.</t>
</section>
<section anchor="jwk" title="JSON Web Key Examples">
<t>The following sections demonstrate how to represent various JWK and JWK-set objects.</t>
<section anchor="jwk-ec-public" title="EC Public Key">
<t>This example illustrates an Elliptic Curve public key. This example is the corollary to <xref target="jwk-ec-private-key"/>.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<figure title="Elliptic Curve P-521 Public Key" anchor="jwk-ec-public-key"><artwork><![CDATA[
{
"kty": "EC",
"kid": "bilbo.baggins@hobbiton.example",
"use": "sig",
"crv": "P-521",
"x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9
A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
"y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVy
SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1"
}
]]></artwork></figure>
<t>The field “kty” value of “EC” identifies this as an elliptic curve key. The field “crv” identifies the curve, which is curve P-521 for this example. The fields “x” and “y” values are the base64url-encoded X and Y coordinates (respectively).</t>
<t>The values of the fields “x” and “y” decoded are the octets necessary to represent each full coordinate to the order of the curve. For a key over curve P-521, the values of the fields “x” and “y” are exactly 66 octets in length when decoded, padded with leading zero (0x00) octets to reach the expected length.</t>
</section>
<section anchor="jwk-ec-private" title="EC Private Key">
<t>This example illustrates an Elliptic Curve private key. This example is the progenitor to <xref target="jwk-ec-public-key"/>.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<figure title="Elliptic Curve P-521 Private Key" anchor="jwk-ec-private-key"><artwork><![CDATA[
{
"kty": "EC",
"kid": "bilbo.baggins@hobbiton.example",
"use": "sig",
"crv": "P-521",
"x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9
A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
"y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVy
SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1",
"d": "AAhRON2r9cqXX1hg-RoI6R1tX5p2rUAYdmpHZoC1XNM56KtscrX6zb
KipQrCW9CGZH3T4ubpnoTKLDYJ_fF3_rJt"
}
]]></artwork></figure>
<t>The field “kty” value of “EC” identifies this as an elliptic curve key. The field “crv” identifies the curve, which is curve P-521 (also known as SECG curve secp521r1) for this example. The fields “x” and “y” values are the base64url-encoded X and Y coordiates (respectively). The field “d” value is the base64url-encoded private key.</t>
<t>The values of the fields “d”, “x”, and “y” decoded are the octets necessary to represent the private key or each full coordinate (respectively) to the order of the curve. For a key over curve “P-521”, the values of the “d”, “x”, and “y” fields are each exactly 66 octets in length when decoded, padded with leading zero (0x00) octets to reach the expected length.</t>
</section>
<section anchor="jwk-rsa-public" title="RSA Public Key">
<t>This example illustrates an RSA private key. This example is the corollary to <xref target="jwk-rsa-private-key"/>.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<figure title="RSA 2048-bit Public Key" anchor="jwk-rsa-public-key"><artwork><![CDATA[
{
"kty": "RSA",
"kid": "bilbo.baggins@hobbiton.example",
"use": "sig",
"n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT
-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqV
wGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-
oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde
3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuC
LqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5g
HdrNP5zw",
"e": "AQAB"
}
]]></artwork></figure>
<t>The field “kty” value of “RSA” identifies this as a RSA key. The fields “n” and “e” values are the modulus and (public) exponent (respectively) using the minimum octets necessary.</t>
<t>For a 2048-bit key, the field “n” value is 256 octets in length when decoded.</t>
</section>
<section anchor="jwk-rsa-private" title="RSA Private Key">
<t>This example illustrates an RSA private key. This example is the progenitor to <xref target="jwk-rsa-public-key"/>.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<figure title="RSA 2048-bit Private Key" anchor="jwk-rsa-private-key"><artwork><![CDATA[
{
"kty": "RSA",
"kid": "bilbo.baggins@hobbiton.example",
"use": "sig",
"n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT
-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqV
wGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-
oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde
3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuC
LqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5g
HdrNP5zw",
"e": "AQAB",
"d": "bWUC9B-EFRIo8kpGfh0ZuyGPvMNKvYWNtB_ikiH9k20eT-O1q_I78e
iZkpXxXQ0UTEs2LsNRS-8uJbvQ-A1irkwMSMkK1J3XTGgdrhCku9gRld
Y7sNA_AKZGh-Q661_42rINLRCe8W-nZ34ui_qOfkLnK9QWDDqpaIsA-b
MwWWSDFu2MUBYwkHTMEzLYGqOe04noqeq1hExBTHBOBdkMXiuFhUq1BU
6l-DqEiWxqg82sXt2h-LMnT3046AOYJoRioz75tSUQfGCshWTBnP5uDj
d18kKhyv07lhfSJdrPdM5Plyl21hsFf4L_mHCuoFau7gdsPfHPxxjVOc
OpBrQzwQ",
"p": "3Slxg_DwTXJcb6095RoXygQCAZ5RnAvZlno1yhHtnUex_fp7AZ_9nR
aO7HX_-SFfGQeutao2TDjDAWU4Vupk8rw9JR0AzZ0N2fvuIAmr_WCsmG
peNqQnev1T7IyEsnh8UMt-n5CafhkikzhEsrmndH6LxOrvRJlsPp6Zv8
bUq0k",
"q": "uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs6grT
8bR_cu0Dm1MZwWmtdqDyI95HrUeq3MP15vMMON8lHTeZu2lmKvwqW7an
V5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxHlSqAZ192zB3pVFJ0
s7pFc",
"dp": "B8PVvXkvJrj2L-GYQ7v3y9r6Kw5g9SahXBwsWUzp19TVlgI-YV85q
1NIb1rxQtD-IsXXR3-TanevuRPRt5OBOdiMGQp8pbt26gljYfKU_E9xn
-RULHz0-ed9E9gXLKD4VGngpz-PfQ_q29pk5xWHoJp009Qf1HvChixRX
59ehik",
"dq": "CLDmDGduhylc9o7r84rEUVn7pzQ6PF83Y-iBZx5NT-TpnOZKF1pEr
AMVeKzFEl41DlHHqqBLSM0W1sOFbwTxYWZDm6sI6og5iTbwQGIC3gnJK
bi_7k_vJgGHwHxgPaX2PnvP-zyEkDERuf-ry4c_Z11Cq9AqC2yeL6kdK
T1cYF8",
"qi": "3PiqvXQN0zwMeE-sBvZgi289XP9XCQF3VWqPzMKnIgQp7_Tugo6-N
ZBKCQsMf3HaEGBjTVJs_jcK8-TRXvaKe-7ZMaQj8VfBdYkssbu0NKDDh
jJ-GtiseaDVWt7dcH0cfwxgFUHpQh7FoCrjFJ6h6ZEpMF6xmujs4qMpP
z8aaI4"
}
]]></artwork></figure>
<t>The field “kty” value of “RSA” identifies this as a RSA key. The fields “n” and “e” values are the base64url-encoded modulus and (public) exponent (respectively) using the minimum number of octets necessary. The field “d” value is the base64url-encoded private exponent using the minimum number of octets necessary. The fields “p”, “q”, “dp”, “dq”, and “qi” are the base64url-encoded additional private information using the minimum number of octets necessary.</t>
<t>For a 2048-bit key, the fields “n” and “d” values are 256 octets in length when decoded.</t>
</section>
<section anchor="jwk-oct-sig" title="Octet Key (MAC Computation)">
<t>This example illustrates a symmetric octet key used for computing MACs.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<figure title="AES 256-bit symmetric signing key" anchor="jwk-oct-sig-key"><artwork><![CDATA[
{
"kty": "oct",
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037",
"use": "sig",
"alg": "HS256",
"k": "hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"
}
]]></artwork></figure>
<t>The field “kty” value of “oct” identifies this as a symmetric key. The field “k” value is the symmetric key.</t>
<t>When used for the signing algorithm “HS256” (HMAC-SHA256), the field “k” value is 32 octets (or more) in length when decoded, padded with leading zero (0x00) octets to reach the minimum expected length.</t>
</section>
<section anchor="jwk-oct-enc" title="Octet Key (Encryption)">
<t>This example illustrates a symmetric octet key used for encryption.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<figure title="AES 256-bit symmetric encryption key" anchor="jwk-oct-enc-key"><artwork><![CDATA[
{
"kty": "oct",
"kid": "1e571774-2e08-40da-8308-e8d68773842d",
"use": "enc",
"alg": "A256GCM",
"k": "AAPapAv4LbFbiVawEjagUBluYqN5rhna-8nuldDvOx8"
}
]]></artwork></figure>
<t>The field “kty” value of “oct” identifies this as a symmetric key. The field “k” value is the symmetric key.</t>
<t>For the content encryption algorithm “A256GCM”, the field “k” value is exactly 32 octets in length when decoded, padded with leading zero (0x00) octets to reach the expected length.</t>
</section>
</section>
<section anchor="jws" title="JSON Web Signature Examples">
<t>The following sections demonstrate how to generate various JWS objects.</t>
<t>All of the succeeding examples use the following payload plaintext, serialized as UTF-8. The sequence “\xe2\x80\x99” is substituted for (U+2019 RIGHT SINGLE QUOTATION MARK), and line breaks (U+000A LINE FEED) replace some instances “ “ (U+0020 SPACE) to improve readability:</t>
<figure title="Payload content plaintext" anchor="jws-payload"><artwork><![CDATA[
It\xe2\x80\x99s a dangerous business, Frodo, going out your
door. You step onto the road, and if you don't keep your feet,
there\xe2\x80\x99s no knowing where you might be swept off
to.
]]></artwork></figure>
<t>The Payload – with the sequence “\xe2\x80\x99” replaced with (U+2019 RIGHT SINGLE QUOTATION MARK) and line breaks (U+000A LINE FEED) replaced with “ “ (U+0020 SPACE) – encoded as UTF-8 then as <xref target="RFC4648"/> base64url:</t>
<figure title="Payload content, base64url-encoded" anchor="jws-payload_b64u"><artwork><![CDATA[
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
]]></artwork></figure>
<section anchor="jws-rsa" title="RSA v1.5 Signature">
<t>This example illustrates signing content using the “RS256” (RSASSA-PKCS1-v1_5 with SHA-256) algorithm.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jws-rsa-input" title="Input Factors">
<t>The following are supplied before beginning the signing operation:</t>
<t><list style="symbols">
<t>Payload content; this example uses the content from <xref target="jws-payload"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-payload_b64u"/>.</t>
<t>RSA private key; this example uses the key from <xref target="jwk-rsa-private-key"/>.</t>
<t>“alg” parameter of “RS256”.</t>
</list></t>
</section>
<section anchor="jws-rsa-op" title="Signing Operation">
<t>The following are generated to complete the signing operation:</t>
<t><list style="symbols">
<t>JWS Protected Header; this example uses the header from <xref target="jws-rsa-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-rsa-protected_b64u"/>.</t>
</list></t>
<figure title="JWS Protected Header JSON" anchor="jws-rsa-protected"><artwork><![CDATA[
{
"alg": "RS256",
"kid": "bilbo.baggins@hobbiton.example"
}
]]></artwork></figure>
<figure title="JWS Protected Header, base64url-encoded" anchor="jws-rsa-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
]]></artwork></figure>
<t>The JWS Protected Header (<xref target="jws-rsa-protected_b64u"/>) and Payload content (<xref target="jws-payload_b64u"/>) are combined as described in section 5.1 of <xref target="I-D.ietf-jose-json-web-signature"/> to produce the JWS Signing Input <xref target="jws-rsa-sig-input"/>.</t>
<figure title="JWS Signing Input" anchor="jws-rsa-sig-input"><artwork><![CDATA[
eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
]]></artwork></figure>
<t>Performing the signature operation over the JWS Signing Input (<xref target="jws-rsa-sig-input"/>) produces the JWS Signature (<xref target="jws-rsa-sig"/>).</t>
<figure title="JWS Signature, base64url-encoded" anchor="jws-rsa-sig"><artwork><![CDATA[
MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmK
ZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4J
IwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8w
W1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluP
xUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_f
cIe8u9ipH84ogoree7vjbU5y18kDquDg
]]></artwork></figure>
</section>
<section anchor="jws-rsa-output" title="Output Results">
<t>The following compose the resulting JWS object:</t>
<t><list style="symbols">
<t>JWS Protected Header (<xref target="jws-rsa-protected"/>)</t>
<t>Payload content (<xref target="jws-payload_b64u"/>)</t>
<t>Signature (<xref target="jws-rsa-sig"/>)</t>
</list></t>
<t>The resulting JWS object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jws-rsa-compact"><artwork><![CDATA[
eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
.
MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmK
ZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4J
IwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8w
W1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluP
xUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_f
cIe8u9ipH84ogoree7vjbU5y18kDquDg
]]></artwork></figure>
<t>The resulting JWS object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jws-rsa-json"><artwork><![CDATA[
{
"payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
ZiB0by4",
"signatures": [
{
"protected": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2
dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
"signature": "MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHo
xnW2e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII
7PNDi84wnB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0Rnlt
uYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPo
cSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxU
Ahb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJush
Z41Axf_fcIe8u9ipH84ogoree7vjbU5y18kDquDg"
}
]
}
]]></artwork></figure>
</section>
</section>
<section anchor="jws-rsapss" title="RSA-PSS Signature">
<t>This example illustrates signing content using the “PS256” (RSASSA-PSS with SHA-256) algorithm.</t>
<t>Note that RSASSA-PSS uses random data to generate the signature; it might not be possible to exactly replicate the results in this section.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jws-rsapss-input" title="Input Factors">
<t>The following are supplied before beginning the signing operation:</t>
<t><list style="symbols">
<t>Payload content; this example uses the content from <xref target="jws-payload"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-payload_b64u"/>.</t>
<t>RSA private key; this example uses the key from <xref target="jwk-rsa-private-key"/>.</t>
<t>“alg” parameter of “PS384”.</t>
</list></t>
</section>
<section anchor="jws-rsapss-op" title="Signing Operation">
<t>The following are generated to complete the signing operation:</t>
<t><list style="symbols">
<t>JWS Protected Header; this example uses the header from <xref target="jws-rsapss-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-rsapss-protected_b64u"/>.</t>
</list></t>
<figure title="JWS Protected Header JSON" anchor="jws-rsapss-protected"><artwork><![CDATA[
{
"alg": "PS384",
"kid": "bilbo.baggins@hobbiton.example"
}
]]></artwork></figure>
<figure title="JWS Protected Header, base64url-encoded" anchor="jws-rsapss-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
]]></artwork></figure>
<t>The JWS Protected Header (<xref target="jws-rsapss-protected_b64u"/>) and Payload content (<xref target="jws-payload_b64u"/>) are combined as described in <xref target="I-D.ietf-jose-json-web-signature"/> to produce the JWS Signing Input <xref target="jws-rsapss-sig-input"/>.</t>
<figure title="JWS Signing Input" anchor="jws-rsapss-sig-input"><artwork><![CDATA[
eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
]]></artwork></figure>
<t>Performing the signature operation over the JWS Signing Input (<xref target="jws-rsapss-sig-input"/>) produces the JWS Signature (<xref target="jws-rsapss-sig"/>).</t>
<figure title="JWS Signature, base64url-encoded" anchor="jws-rsapss-sig"><artwork><![CDATA[
cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2I
pN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXU
vdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRX
e8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT
0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a
6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw
]]></artwork></figure>
</section>
<section anchor="jws-rsapss-output" title="Output Results">
<t>The following compose the resulting JWS object:</t>
<t><list style="symbols">
<t>JWS Protected Header (<xref target="jws-rsapss-protected_b64u"/>)</t>
<t>Payload content (<xref target="jws-payload_b64u"/>)</t>
<t>Signature (<xref target="jws-rsapss-sig"/>)</t>
</list></t>
<t>The resulting JWS object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jws-rsapss-compact"><artwork><![CDATA[
eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
.
cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2I
pN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXU
vdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRX
e8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT
0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a
6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw
]]></artwork></figure>
<t>The resulting JWS object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jws-rsapss-json"><artwork><![CDATA[
{
"payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
ZiB0by4",
"signatures": [
{
"protected": "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2
dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
"signature": "cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy
42miAh2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5
dDDItllVo6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz2
8zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vd
z0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0q
I0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uT
OcbH510a6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw"
}
]
}
]]></artwork></figure>
</section>
</section>
<section anchor="jws-ecdsa" title="ECDSA Signature">
<t>This example illustrates signing content using the “ES512” (ECDSA with curve P-521 and SHA-512) algorithm.</t>
<t>Note that ECDSA uses random data to generate the signature; it might not be possible to exactly replicate the results in this section.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jws-ecdsa-input" title="Input Factors">
<t>The following are supplied before beginning the signing operation:</t>
<t><list style="symbols">
<t>Payload content; this example uses the content from <xref target="jws-payload"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-payload_b64u"/>.</t>
<t>EC private key on the curve P-521; this example uses the key from <xref target="jwk-ec-private-key"/>.</t>
<t>“alg” parameter of “ES512”</t>
</list></t>
</section>
<section anchor="jws-ecdsa-op" title="Signing Operation">
<t>The following are generated before beginning the signature process:</t>
<t><list style="symbols">
<t>JWS Protected Header; this example uses the header from <xref target="jws-ecdsa-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-ecdsa-protected_b64u"/>.</t>
</list></t>
<figure title="JWS Protected Header JSON" anchor="jws-ecdsa-protected"><artwork><![CDATA[
{
"alg": "ES512",
"kid": "bilbo.baggins@hobbiton.example"
}
]]></artwork></figure>
<figure title="JWS Protected Header, base64url-encoded" anchor="jws-ecdsa-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
]]></artwork></figure>
<t>The JWS Protected Header (<xref target="jws-ecdsa-protected_b64u"/>) and Payload content (<xref target="jws-payload_b64u"/>) are combined as described in <xref target="I-D.ietf-jose-json-web-signature"/> to produce the JWS Signing Input <xref target="jws-ecdsa-sig-input"/>.</t>
<figure title="JWS Signing Input" anchor="jws-ecdsa-sig-input"><artwork><![CDATA[
eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
]]></artwork></figure>
<t>Performing the signature operation over the JWS Signing Input (<xref target="jws-ecdsa-sig-input"/>) produces the JWS Signature (<xref target="jws-ecdsa-sig"/>).</t>
<figure title="JWS Signature, base64url-encoded" anchor="jws-ecdsa-sig"><artwork><![CDATA[
AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb
u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv
AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2
]]></artwork></figure>
</section>
<section anchor="jws-ecdsa-output" title="Output Results">
<t>The following compose the resulting JWS object:</t>
<t><list style="symbols">
<t>JWS Protected Header (<xref target="jws-ecdsa-protected_b64u"/>)</t>
<t>Payload content (<xref target="jws-payload_b64u"/>)</t>
<t>Signature (<xref target="jws-ecdsa-sig"/>)</t>
</list></t>
<t>The resulting JWS object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jws-ecdsa-compact"><artwork><![CDATA[
eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
.
AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb
u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv
AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2
]]></artwork></figure>
<t>The resulting JWS object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jws-ecdsa-json"><artwork><![CDATA[
{
"payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
ZiB0by4",
"signatures": [
{
"protected": "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2
dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
"signature": "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNl
aAjP2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mt
PBu_u_sDDyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBp
HABlsbEPX6sFY8OcGDqoRuBomu9xQ2"
}
]
}
]]></artwork></figure>
</section>
</section>
<section anchor="jws-hmac" title="HMAC-SHA2 Integrity Protection">
<t>This example illustrates integrity protecting content using the “HS256” (HMAC-SHA-256) algorithm.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jws-hmac-input" title="Input Factors">
<t>The following are supplied before beginning the signing operation:</t>
<t><list style="symbols">
<t>Payload content; this example uses the content from <xref target="jws-payload"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-payload_b64u"/>.</t>
<t>HMAC symmetric key; this example uses the key from <xref target="jwk-oct-sig-key"/>.</t>
<t>“alg” parameter of “HS256”.</t>
</list></t>
</section>
<section anchor="jws-hmac-op" title="Signing Operation">
<t>The following are generated before completing the signing operation:</t>
<t><list style="symbols">
<t>JWS Protected Header; this example uses the header from <xref target="jws-hmac-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-hmac-protected_b64u"/>.</t>
</list></t>
<figure title="JWS Protected Header JSON" anchor="jws-hmac-protected"><artwork><![CDATA[
{
"alg": "HS256",
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
]]></artwork></figure>
<figure title="JWS Protected Header, base64url-encoded" anchor="jws-hmac-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
]]></artwork></figure>
<t>The JWS Protected Header (<xref target="jws-hmac-protected_b64u"/>) and Payload content (<xref target="jws-payload_b64u"/>) are combined as described in <xref target="I-D.ietf-jose-json-web-signature"/> to produce the JWS Signing Input <xref target="jws-hmac-sig-input"/>.</t>
<figure title="JWS Signing Input" anchor="jws-hmac-sig-input"><artwork><![CDATA[
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
]]></artwork></figure>
<t>Performing the signature operation over the JWS Signing Input (<xref target="jws-hmac-sig-input"/>) produces the JWS Signature (<xref target="jws-hmac-sig"/>).</t>
<figure title="JWS Signature, base64url-encoded" anchor="jws-hmac-sig"><artwork><![CDATA[
s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
]]></artwork></figure>
</section>
<section anchor="jws-hmac-output" title="Output Results">
<t>The following compose the resulting JWS object:</t>
<t><list style="symbols">
<t>JWS Protected Header (<xref target="jws-hmac-protected_b64u"/>)</t>
<t>Payload content (<xref target="jws-payload_b64u"/>)</t>
<t>Signature (<xref target="jws-hmac-sig"/>)</t>
</list></t>
<t>The resulting JWS object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jws-hmac-compact"><artwork><![CDATA[
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
.
s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
]]></artwork></figure>
<t>The resulting JWS object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jws-hmac-json"><artwork><![CDATA[
{
"payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
ZiB0by4",
"signatures": [
{
"protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
"signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
0"
}
]
}
]]></artwork></figure>
</section>
</section>
<section anchor="jws-detached" title="Detached Signature">
<t>This example illustrates a detached signature. This example is identical others, except the resulting JWS objects do not include the Payload content. Instead, the application is expected to locate it elsewhere. For example, the signature might be in a meta-data section, with the payload being the content.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jws-detached-input" title="Input Factors">
<t>The following are supplied before beginning the signing operation:</t>
<t><list style="symbols">
<t>Payload content; this example uses the content from <xref target="jws-payload"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-payload_b64u"/>.</t>
<t>Signing key; this example uses the AES symmetric key from <xref target="jwk-oct-sig-key"/>.</t>
<t>Signing algorithm; this example uses “HS256”.</t>
</list></t>
</section>
<section anchor="jws-detached-op" title="Signing Operation">
<t>The following are generated before completing the signing operation:</t>
<t><list style="symbols">
<t>JWS Protected Header; this example uses the header from <xref target="jws-detached-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-detached-protected_b64u"/>.</t>
</list></t>
<t>The JWS Protected Header parameters:</t>
<figure title="JWS Protected Header JSON" anchor="jws-detached-protected"><artwork><![CDATA[
{
"alg": "HS256",
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
]]></artwork></figure>
<figure title="JWS Protected Header, base64url-encoded" anchor="jws-detached-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
]]></artwork></figure>
<t>The JWS Protected Header (<xref target="jws-detached-protected_b64u"/>) and Payload content (<xref target="jws-payload_b64u"/>) are combined as described in <xref target="I-D.ietf-jose-json-web-signature"/> to produce the JWS Signing Input <xref target="jws-detached-sig-input"/>.</t>
<figure title="JWS Signing Input" anchor="jws-detached-sig-input"><artwork><![CDATA[
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
]]></artwork></figure>
<t>Performing the signature operation over the JWS Signing Input (<xref target="jws-detached-sig-input"/>) produces the JWS Signature (<xref target="jws-detached-sig"/>).</t>
<figure title="JWS Signature, base64url-encoded" anchor="jws-detached-sig"><artwork><![CDATA[
s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
]]></artwork></figure>
</section>
<section anchor="jws-detached-output" title="Output Results">
<t>The following compose the resulting JWS object:</t>
<t><list style="symbols">
<t>JWS Protected Header (<xref target="jws-detached-protected_b64u"/>)</t>
<t>Signature (<xref target="jws-detached-sig"/>)</t>
</list></t>
<t>The resulting JWS object using the Compact serialization:</t>
<figure title="JSON Serialization" anchor="jws-detached-compact"><artwork><![CDATA[
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
.
.
s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
]]></artwork></figure>
<t>The resulting JWS object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jws-detached-json"><artwork><![CDATA[
{
"signatures": [
{
"protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
"signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
0"
}
]
}
]]></artwork></figure>
</section>
</section>
<section anchor="jws-somefields" title="Protecting Specific Header Fields">
<t>This example illustrates a signature where only certain header parameters are protected. Since this example contains both unprotected and protected header parameters, only the JSON serialization is possible.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jws-somefields-input" title="Input Factors">
<t>The following are supplied before beginning the signing operation:</t>
<t><list style="symbols">
<t>Payload content; this example uses the content from <xref target="jws-payload"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-payload_b64u"/>.</t>
<t>Signing key; this example uses the AES symmetric key from <xref target="jwk-oct-sig-key"/>.</t>
<t>Signing algorithm; this example uses “HS256”.</t>
</list></t>
</section>
<section anchor="jws-somefields-op" title="Signing Operation">
<t>The following are generated before completing the signing operation:</t>
<t><list style="symbols">
<t>JWS Protected Header; this example uses the header from <xref target="jws-somefields-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-somefields-protected_b64u"/>.</t>
<t>JWS unprotected Header; this example uses the header from <xref target="jws-somefields-unprotected"/>.</t>
</list></t>
<t>The JWS Protected Header parameters:</t>
<figure title="JWS Protected Header JSON" anchor="jws-somefields-protected"><artwork><![CDATA[
{
"alg": "HS256"
}
]]></artwork></figure>
<figure title="JWS Protected Header, base64url-encoded" anchor="jws-somefields-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJIUzI1NiJ9
]]></artwork></figure>
<figure title="JWS Unprotected Header JSON" anchor="jws-somefields-unprotected"><artwork><![CDATA[
{
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
]]></artwork></figure>
<t>The JWS Protected Header (<xref target="jws-somefields-protected_b64u"/>) and Payload content (<xref target="jws-payload_b64u"/>) are combined as described in <xref target="I-D.ietf-jose-json-web-signature"/> to produce the JWS Signing Input <xref target="jws-somefields-sig-input"/>.</t>
<figure title="JWS Signing Input" anchor="jws-somefields-sig-input"><artwork><![CDATA[
eyJhbGciOiJIUzI1NiJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
]]></artwork></figure>
<t>Performing the signature operation over the JWS Signing Input (<xref target="jws-somefields-sig-input"/>) produces the JWS Signature (<xref target="jws-somefields-sig"/>).</t>
<figure title="JWS Signature, base64url-encoded" anchor="jws-somefields-sig"><artwork><![CDATA[
bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr20
]]></artwork></figure>
</section>
<section anchor="jws-somefields-output" title="Output Results">
<t>The following compose the resulting JWS object:</t>
<t><list style="symbols">
<t>JWS Protected Header (<xref target="jws-somefields-protected_b64u"/>)</t>
<t>JWS Unprotected Header (<xref target="jws-somefields-unprotected"/>)</t>
<t>Payload content (<xref target="jws-payload_b64u"/>)</t>
<t>Signature (<xref target="jws-somefields-sig"/>)</t>
</list></t>
<t>The compact serialization is not presented because it does not support this use case.</t>
<t>The resulting JWS object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jws-somefields-json"><artwork><![CDATA[
{
"payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
ZiB0by4",
"signatures": [
{
"protected": "eyJhbGciOiJIUzI1NiJ9",
"header": {
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
},
"signature": "bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr2
0"
}
]
}
]]></artwork></figure>
</section>
</section>
<section anchor="jws-nofields" title="Protecting Content Only">
<t>This example illustrates a signature where none of the header parameters are protected. Since this example contains only unprotected header parameters, only the JSON serialization is possible.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jws-nofields-input" title="Input Factors">
<t>The following are supplied before beginning the signing operation:</t>
<t><list style="symbols">
<t>Payload content; this example uses the content from <xref target="jws-payload"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-payload_b64u"/>.</t>
<t>Signing key; this example uses the AES key from <xref target="jwk-oct-sig-key"/>.</t>
<t>Signing algorithm; this example uses “HS256”</t>
</list></t>
</section>
<section anchor="jws-nofields-op" title="Signing Operation">
<t>The following are generated before completing the signing operation:</t>
<t><list style="symbols">
<t>JWS Unprotected Header; this example uses the header from <xref target="jws-nofields-unprotected"/>.</t>
</list></t>
<figure title="JWS Unprotected Header JSON" anchor="jws-nofields-unprotected"><artwork><![CDATA[
{
"alg": "HS256",
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
]]></artwork></figure>
<t>The empty string (as there is no JWS Protected Header) and Payload content (<xref target="jws-payload_b64u"/>) are combined as described in <xref target="I-D.ietf-jose-json-web-signature"/> to produce the JWS Signing Input <xref target="jws-nofields-sig-input"/>.</t>
<figure title="JWS Signing Input" anchor="jws-nofields-sig-input"><artwork><![CDATA[
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
]]></artwork></figure>
<t>Performing the signature operation over the JWS Signing Input (<xref target="jws-nofields-sig-input"/>) produces the JWS Signature (<xref target="jws-nofields-sig"/>).</t>
<figure title="JWS Signature, base64url-encoded" anchor="jws-nofields-sig"><artwork><![CDATA[
xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZuk
]]></artwork></figure>
</section>
<section anchor="jws-nofields-output" title="Output Results">
<t>The following compose the resulting JWS object:</t>
<t><list style="symbols">
<t>JWS Unprotected Header (<xref target="jws-nofields-unprotected"/>)</t>
<t>Payload content (<xref target="jws-payload_b64u"/>)</t>
<t>Signature (<xref target="jws-nofields-sig"/>)</t>
</list></t>
<t>The compact serialization is not presented because it does not support this use case.</t>
<t>The resulting JWS object using the JSON serialization:</t>
<figure title="JSON Serialization"><artwork><![CDATA[
{
"payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
ZiB0by4",
"signatures": [
{
"header": {
"alg": "HS256",
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
},
"signature": "xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZu
k"
}
]
}
]]></artwork></figure>
</section>
</section>
<section anchor="jws-multi" title="Multiple Signatures">
<t>This example illustrates multiple signatures applied to the same payload. Since this example contains more than one signature, only the JSON serialization is possible.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jws-multi-input" title="Input Factors">
<t>The following are supplied before beginning the signing operation:</t>
<t><list style="symbols">
<t>Payload content; this example uses the content from <xref target="jws-payload"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-payload_b64u"/>.</t>
<t>Signing keys; this example uses the following: <list style="symbols">
<t>RSA private key from <xref target="jwk-rsa-private-key"/> for the first signature</t>
<t>EC private key from <xref target="jwk-ec-private-key"/> for the second signature</t>
<t>AES symmetric key from <xref target="jwk-oct-sig-key"/> for the third signature</t>
</list></t>
<t>Signing algorithms; this example uses the following: <list style="symbols">
<t>“RS256” for the first signature</t>
<t>“ES512” for the second signature</t>
<t>“HS256” for the third signature</t>
</list></t>
</list></t>
</section>
<section anchor="jws-multi-s1-op" title="First Signing Operation">
<t>The following are generated before completing the first signing operation:</t>
<t><list style="symbols">
<t>JWS Protected Header; this example uses the header from <xref target="jws-multi-s1-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-multi-s1-protected_b64u"/>.</t>
<t>JWS Unprotected Header; this example uses the header from <xref target="jws-multi-s1-unprotected"/>.</t>
</list></t>
<figure title="Signature #1 JWS Protected Header JSON" anchor="jws-multi-s1-protected"><artwork><![CDATA[
{
"alg": "RS256"
}
]]></artwork></figure>
<figure title="Signature #1 JWS Protected Header, base64url-encoded" anchor="jws-multi-s1-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJSUzI1NiJ9
]]></artwork></figure>
<figure title="Signature #1 JWS Unprotected Header JSON" anchor="jws-multi-s1-unprotected"><artwork><![CDATA[
{
"kid": "bilbo.baggins@hobbiton.example"
}
]]></artwork></figure>
<t>The JWS Protected Header (<xref target="jws-multi-s1-protected_b64u"/>) and Payload content (<xref target="jws-payload_b64u"/>) are combined as described in <xref target="I-D.ietf-jose-json-web-signature"/> to produce the JWS Signing Input <xref target="jws-multi-s1-sig-input"/>.</t>
<figure title="JWS Signing Input" anchor="jws-multi-s1-sig-input"><artwork><![CDATA[
eyJhbGciOiJSUzI1NiJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
]]></artwork></figure>
<t>Performing the signature operation over the JWS Signing Input (<xref target="jws-multi-s1-sig-input"/>) produces the JWS Signature (<xref target="jws-multi-s1-sig"/>).</t>
<figure title="JWS Signature #1, base64url-encoded" anchor="jws-multi-s1-sig"><artwork><![CDATA[
MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5NvyG53uoimic1tcMdSg-qpt
rzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFcryNFiHkSw129EghGpwkpxaTn_THJTC
glNbADko1MZBCdwzJxwqZc-1RlpO2HibUYyXSwO97BSe0_evZKdjvvKSgsIqjy
tKSeAMbhMBdMma622_BG5t4sdbuCHtFjp9iJmkio47AIwqkZV1aIZsv33uPUqB
BCXbYoQJwt7mxPftHmNlGoOSMxR_3thmXTCm4US-xiNOyhbm8afKK64jU6_TPt
QHiJeQJxz9G3Tx-083B745_AfYOnlC9w
]]></artwork></figure>
<t>The following is the assembled first signature serialized as JSON:</t>
<figure title="Signature #1 JSON" anchor="jws-multi-s1-sig_sig"><artwork><![CDATA[
{
"protected": "eyJhbGciOiJSUzI1NiJ9",
"header": {
"kid": "bilbo.baggins@hobbiton.example"
},
"signature": "MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5NvyG53u
oimic1tcMdSg-qptrzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFcryNFiHkS
w129EghGpwkpxaTn_THJTCglNbADko1MZBCdwzJxwqZc-1RlpO2HibUY
yXSwO97BSe0_evZKdjvvKSgsIqjytKSeAMbhMBdMma622_BG5t4sdbuC
HtFjp9iJmkio47AIwqkZV1aIZsv33uPUqBBCXbYoQJwt7mxPftHmNlGo
OSMxR_3thmXTCm4US-xiNOyhbm8afKK64jU6_TPtQHiJeQJxz9G3Tx-0
83B745_AfYOnlC9w"
}
]]></artwork></figure>
</section>
<section anchor="jws-multi-s2-op" title="Second Signing Operation">
<t>The following are generated before completing the second signing operation:</t>
<t><list style="symbols">
<t>JWS Unprotected Header; this example uses the header from <xref target="jws-multi-s2-unprotected"/>.</t>
</list></t>
<figure title="Signature #2 JWS Unprotected Header JSON" anchor="jws-multi-s2-unprotected"><artwork><![CDATA[
{
"alg": "ES512",
"kid": "bilbo.baggins@hobbiton.example"
}
]]></artwork></figure>
<t>The empty string (as there is no JWS Protected Header) and Payload content (<xref target="jws-payload_b64u"/>) are combined as described in <xref target="I-D.ietf-jose-json-web-signature"/> to produce the JWS Signing Input <xref target="jws-multi-s2-sig-input"/>.</t>
<figure title="JWS Signing Input" anchor="jws-multi-s2-sig-input"><artwork><![CDATA[
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
]]></artwork></figure>
<t>Performing the signature operation over the JWS Signing Input (<xref target="jws-multi-s2-sig-input"/>) produces the JWS Signature (<xref target="jws-multi-s2-sig"/>).</t>
<figure title="JWS Signature #2, base64url-encoded" anchor="jws-multi-s2-sig"><artwork><![CDATA[
ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhcdCoFZFFjfISu0Cdkn9Yb
dlmi54ho0x924DUz8sK7ZXkhc7AFM8ObLfTvNCrqcI3Jkl2U5IX3utNhODH6v7
xgy1Qahsn0fyb4zSAkje8bAWz4vIfj5pCMYxxm4fgV3q7ZYhm5eD
]]></artwork></figure>
<t>The following is the assembled second signature serialized as JSON:</t>
<figure title="Signature #2 JSON" anchor="jws-multi-s2-sig_sig"><artwork><![CDATA[
{
"header": {
"alg": "ES512",
"kid": "bilbo.baggins@hobbiton.example"
},
"signature": "ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhcdCoF
ZFFjfISu0Cdkn9Ybdlmi54ho0x924DUz8sK7ZXkhc7AFM8ObLfTvNCrq
cI3Jkl2U5IX3utNhODH6v7xgy1Qahsn0fyb4zSAkje8bAWz4vIfj5pCM
Yxxm4fgV3q7ZYhm5eD"
}
]]></artwork></figure>
</section>
<section anchor="jws-multi-s3-op" title="Third Signing Operation">
<t>The following are generated before completing the third signing operation:</t>
<t><list style="symbols">
<t>JWS Protected Header; this example uses the header from <xref target="jws-multi-s3-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jws-multi-s3-protected_b64u"/>.</t>
</list></t>
<figure title="Signature #3 JWS Protected Header JSON" anchor="jws-multi-s3-protected"><artwork><![CDATA[
{
"alg": "HS256",
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
]]></artwork></figure>
<figure title="Signature #3 JWS Protected Header, base64url-encoded" anchor="jws-multi-s3-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
]]></artwork></figure>
<t>The JWS Protected Header (<xref target="jws-multi-s3-protected_b64u"/>) and Payload content (<xref target="jws-payload_b64u"/>) are combined as described in <xref target="I-D.ietf-jose-json-web-signature"/> to produce the JWS Signing Input <xref target="jws-multi-s3-sig-input"/>.</t>
<figure title="JWS Signing Input" anchor="jws-multi-s3-sig-input"><artwork><![CDATA[
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
]]></artwork></figure>
<t>Performing the signature operation over the JWS Signing Input (<xref target="jws-multi-s3-sig-input"/>) produces the JWS Signature (<xref target="jws-multi-s3-sig"/>).</t>
<figure title="JWS Signature #3, base64url-encoded" anchor="jws-multi-s3-sig"><artwork><![CDATA[
s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
]]></artwork></figure>
<t>The following is the assembled third signature serialized as JSON:</t>
<figure title="Signature #3 JSON" anchor="jws-multi-s3-sig_sig"><artwork><![CDATA[
{
"protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW
ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
"signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"
}
]]></artwork></figure>
</section>
<section anchor="jws-multi-output" title="Output Results">
<t>The following compose the resulting JWS object:</t>
<t><list style="symbols">
<t>Payload content (<xref target="jws-payload_b64u"/>)</t>
<t>Signature #1 JSON (<xref target="jws-multi-s1-sig_sig"/>)</t>
<t>Signature #2 JSON (<xref target="jws-multi-s2-sig_sig"/>)</t>
<t>Signature #3 JSON (<xref target="jws-multi-s3-sig_sig"/>)</t>
</list></t>
<t>The compact serialization is not presented because it does not support this use case.</t>
<t>The resulting JWS object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jws-multi-json"><artwork><![CDATA[
{
"payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
ZiB0by4",
"signatures": [
{
"protected": "eyJhbGciOiJSUzI1NiJ9",
"header": {
"kid": "bilbo.baggins@hobbiton.example"
},
"signature": "MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5Nvy
G53uoimic1tcMdSg-qptrzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFc
ryNFiHkSw129EghGpwkpxaTn_THJTCglNbADko1MZBCdwzJxwqZc
-1RlpO2HibUYyXSwO97BSe0_evZKdjvvKSgsIqjytKSeAMbhMBdM
ma622_BG5t4sdbuCHtFjp9iJmkio47AIwqkZV1aIZsv33uPUqBBC
XbYoQJwt7mxPftHmNlGoOSMxR_3thmXTCm4US-xiNOyhbm8afKK6
4jU6_TPtQHiJeQJxz9G3Tx-083B745_AfYOnlC9w"
},
{
"header": {
"alg": "ES512",
"kid": "bilbo.baggins@hobbiton.example"
},
"signature": "ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhc
dCoFZFFjfISu0Cdkn9Ybdlmi54ho0x924DUz8sK7ZXkhc7AFM8Ob
LfTvNCrqcI3Jkl2U5IX3utNhODH6v7xgy1Qahsn0fyb4zSAkje8b
AWz4vIfj5pCMYxxm4fgV3q7ZYhm5eD"
},
{
"protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
"signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
0"
}
]
}
]]></artwork></figure>
</section>
</section>
</section>
<section anchor="jwe" title="JSON Web Encryption Examples">
<t>The following sections demonstrate how to generate various JWE objects.</t>
<t>All of the succeeding examples (unless otherwise noted) use the following plaintext content, serialized as UTF-8. The sequence “\xe2\x80\x93” is substituted for (U+2013 EN DASH), and line breaks (U+000A LINE FEED) replace some instances of “ “ (U+0020 SPACE) characters to improve formatting:</t>
<figure title="Plaintext content" anchor="jwe-plaintext"><artwork><![CDATA[
You can trust us to stick with you through thick and
thin\xe2\x80\x93to the bitter end. And you can trust us to
keep any secret of yours\xe2\x80\x93closer than you keep it
yourself. But you cannot trust us to let you face trouble
alone, and go off without a word. We are your friends, Frodo.
]]></artwork></figure>
<section anchor="jwe-rsa15" title="Key Encryption using RSA v1.5 and AES-HMAC-SHA2">
<t>This example illustrates encrypting content using the “RSA1_5” (RSAES-PKCS1-v1_5) key encryption algorithm and the “A128CBC-HS256” (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.</t>
<t>Note that RSAES-PKCS1-v1_5 uses random data to generate the ciphertext; it might not be possible to exactly replicate the results in this section.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jwe-rsa15-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style="symbols">
<t>Plaintext content; this example uses the content from <xref target="jwe-plaintext"/>.</t>
<t>RSA public key; this example uses the key from <xref target="jwe-rsa15-key"/>.</t>
<t>“alg” parameter of “RSA1_5”.</t>
<t>“enc” parameter of “A128CBC-HS256”.</t>
</list></t>
<figure title="RSA 2048-bit Key, in JWK format" anchor="jwe-rsa15-key"><artwork><![CDATA[
{
"kty": "RSA",
"kid": "frodo.baggins@hobbiton.example",
"use": "enc",
"n": "maxhbsmBtdQ3CNrKvprUE6n9lYcregDMLYNeTAWcLj8NnPU9XIYegT
HVHQjxKDSHP2l-F5jS7sppG1wgdAqZyhnWvXhYNvcM7RfgKxqNx_xAHx
6f3yy7s-M9PSNCwPC2lh6UAkR4I00EhV9lrypM9Pi4lBUop9t5fS9W5U
NwaAllhrd-osQGPjIeI1deHTwx-ZTHu3C60Pu_LJIl6hKn9wbwaUmA4c
R5Bd2pgbaY7ASgsjCUbtYJaNIHSoHXprUdJZKUMAzV0WOKPfA6OPI4oy
pBadjvMZ4ZAj3BnXaSYsEZhaueTXvZB4eZOAjIyh2e_VOIKVMsnDrJYA
VotGlvMQ",
"e": "AQAB",
"d": "Kn9tgoHfiTVi8uPu5b9TnwyHwG5dK6RE0uFdlpCGnJN7ZEi963R7wy
bQ1PLAHmpIbNTztfrheoAniRV1NCIqXaW_qS461xiDTp4ntEPnqcKsyO
5jMAji7-CL8vhpYYowNFvIesgMoVaPRYMYT9TW63hNM0aWs7USZ_hLg6
Oe1mY0vHTI3FucjSM86Nff4oIENt43r2fspgEPGRrdE6fpLc9Oaq-qeP
1GFULimrRdndm-P8q8kvN3KHlNAtEgrQAgTTgz80S-3VD0FgWfgnb1PN
miuPUxO8OpI9KDIfu_acc6fg14nsNaJqXe6RESvhGPH2afjHqSy_Fd2v
pzj85bQQ",
"p": "2DwQmZ43FoTnQ8IkUj3BmKRf5Eh2mizZA5xEJ2MinUE3sdTYKSLtaE
oekX9vbBZuWxHdVhM6UnKCJ_2iNk8Z0ayLYHL0_G21aXf9-unynEpUsH
7HHTklLpYAzOOx1ZgVljoxAdWNn3hiEFrjZLZGS7lOH-a3QQlDDQoJOJ
2VFmU",
"q": "te8LY4-W7IyaqH1ExujjMqkTAlTeRbv0VLQnfLY2xINnrWdwiQ93_V
F099aP1ESeLja2nw-6iKIe-qT7mtCPozKfVtUYfz5HrJ_XY2kfexJINb
9lhZHMv5p1skZpeIS-GPHCC6gRlKo1q-idn_qxyusfWv7WAxlSVfQfk8
d6Et0",
"dp": "UfYKcL_or492vVc0PzwLSplbg4L3-Z5wL48mwiswbpzOyIgd2xHTH
QmjJpFAIZ8q-zf9RmgJXkDrFs9rkdxPtAsL1WYdeCT5c125Fkdg317JV
RDo1inX7x2Kdh8ERCreW8_4zXItuTl_KiXZNU5lvMQjWbIw2eTx1lpsf
lo0rYU",
"dq": "iEgcO-QfpepdH8FWd7mUFyrXdnOkXJBCogChY6YKuIHGc_p8Le9Mb
pFKESzEaLlN1Ehf3B6oGBl5Iz_ayUlZj2IoQZ82znoUrpa9fVYNot87A
CfzIG7q9Mv7RiPAderZi03tkVXAdaBau_9vs5rS-7HMtxkVrxSUvJY14
TkXlHE",
"qi": "kC-lzZOqoFaZCr5l0tOVtREKoVqaAYhQiqIRGL-MzS4sCmRkxm5vZ
lXYx6RtE1n_AagjqajlkjieGlxTTThHD8Iga6foGBMaAr5uR1hGQpSc7
Gl7CF1DZkBJMTQN6EshYzZfxW08mIO8M6Rzuh0beL6fG9mkDcIyPrBXx
2bQ_mM"
}
]]></artwork></figure>
<t>(<spanx style="strong">NOTE</spanx>: While the key includes the private parameters, only the public parameters “e” and “n” are necessary for the encryption operation.)</t>
</section>
<section anchor="jwe-rsa15-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style="symbols">
<t>AES symmetric key as the Content Encryption Key (CEK); this example uses the key from <xref target="jwe-rsa15-cek"/></t>
<t>Initialization vector/nonce; this example uses the initialization vector from <xref target="jwe-rsa15-iv"/></t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-rsa15-cek"><artwork><![CDATA[
3qyTVhIWt5juqZUCpfRqpvauwB956MEJL2Rt-8qXKSo
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-rsa15-iv"><artwork><![CDATA[
bbd5sTkYwhAIqfHsx8DayA
]]></artwork></figure>
</section>
<section anchor="jwe-rsa15-keyenc" title="Encrypting the Key">
<t>Performing the key encryption operation over the CEK (<xref target="jwe-rsa15-cek"/>) with the RSA key (<xref target="jwe-rsa15-key"/>) results in the following encrypted key:</t>
<figure title="Encrypted Key, base64url-encoded" anchor="jwe-rsa15-encdkey"><artwork><![CDATA[
laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePF
vG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2G
Xfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcG
TSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8Vl
zNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOh
MBs9M8XL223Fg47xlGsMXdfuY-4jaqVw
]]></artwork></figure>
</section>
<section anchor="jwe-rsa15-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the plaintext:</t>
<t><list style="symbols">
<t>JWE Protected Header; this example uses the header from <xref target="jwe-rsa15-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jwe-rsa15-protected_b64u"/>.</t>
</list></t>
<figure title="JWE Protected Header JSON" anchor="jwe-rsa15-protected"><artwork><![CDATA[
{
"alg": "RSA1_5",
"kid": "frodo.baggins@hobbiton.example",
"enc": "A128CBC-HS256"
}
]]></artwork></figure>
<figure title="JWE Protected Header, base64url-encoded" anchor="jwe-rsa15-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm
V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0
]]></artwork></figure>
<t>Performing the content encryption operation on the Plaintext (<xref target="jwe-plaintext"/>) using the following:</t>
<t><list style="symbols">
<t>CEK (<xref target="jwe-rsa15-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-rsa15-iv"/>); and</t>
<t>JWE Protected Header (<xref target="jwe-rsa15-protected"/>) as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style="symbols">
<t>Ciphertext from <xref target="jwe-rsa15-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-rsa15-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-rsa15-ciphertext"><artwork><![CDATA[
0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_r
aa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8O
WzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZV
yeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0
zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2
O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VW
i7lzA6BP430m
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-rsa15-tag"><artwork><![CDATA[
kvKuFBXHe5mQr4lqgobAUg
]]></artwork></figure>
</section>
<section anchor="jwe-rsa15-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style="symbols">
<t>JWE Protected Header (<xref target="jwe-rsa15-protected_b64u"/>).</t>
<t>Encrypted Key (<xref target="jwe-rsa15-encdkey"/>).</t>
<t>Initialization vector/nonce (<xref target="jwe-rsa15-iv"/>).</t>
<t>Ciphertext (<xref target="jwe-rsa15-ciphertext"/>).</t>
<t>Authentication Tag (<xref target="jwe-rsa15-tag"/>).</t>
</list></t>
<t>The resulting JWE object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jwe-rsa15-compact"><artwork><![CDATA[
eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm
V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0
.
laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePF
vG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2G
Xfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcG
TSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8Vl
zNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOh
MBs9M8XL223Fg47xlGsMXdfuY-4jaqVw
.
bbd5sTkYwhAIqfHsx8DayA
.
0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_r
aa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8O
WzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZV
yeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0
zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2
O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VW
i7lzA6BP430m
.
kvKuFBXHe5mQr4lqgobAUg
]]></artwork></figure>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-rsa15-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key": "laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzf
TihJBuuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai_
_3TDON395H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WX
C2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt
36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8
VlzNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx
1BpyIfgvfjOhMBs9M8XL223Fg47xlGsMXdfuY-4jaqVw"
}
],
"protected": "eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW
5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In
0",
"iv": "bbd5sTkYwhAIqfHsx8DayA",
"ciphertext": "0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62
JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wn
I3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc
2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtm
RdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0y
KVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4c
tHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP4
30m",
"tag": "kvKuFBXHe5mQr4lqgobAUg"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-rsa_oaep" title="Key Encryption using RSA-OAEP with A256GCM">
<t>This example illustrates encrypting content using the “RSA-OAEP” (RSAES-OAEP) key encryption algorithm and the “A256GCM” (AES-GCM) content encryption algorithm.</t>
<t>Note that RSAES-OAEP uses random data to generate the ciphertext; it might not be possible to exactly replicate the results in this section.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jwe-rsa_oaep-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style="symbols">
<t>Plaintext content; this example uses the plaintext from <xref target="jwe-plaintext"/>.</t>
<t>RSA public key; this example uses the key from <xref target="jwe-rsa_oaep-key"/>.</t>
<t>“alg” parameter of “RSA-OAEP”</t>
<t>“enc” parameter of “A256GCM”</t>
</list></t>
<figure title="RSA 4096-bit Key" anchor="jwe-rsa_oaep-key"><artwork><![CDATA[
{
"kty": "RSA",
"kid": "samwise.gamgee@hobbiton.example",
"use": "enc",
"n": "wbdxI55VaanZXPY29Lg5hdmv2XhvqAhoxUkanfzf2-5zVUxa6prHRr
I4pP1AhoqJRlZfYtWWd5mmHRG2pAHIlh0ySJ9wi0BioZBl1XP2e-C-Fy
XJGcTy0HdKQWlrfhTm42EW7Vv04r4gfao6uxjLGwfpGrZLarohiWCPnk
Nrg71S2CuNZSQBIPGjXfkmIy2tl_VWgGnL22GplyXj5YlBLdxXp3XeSt
sqo571utNfoUTU8E4qdzJ3U1DItoVkPGsMwlmmnJiwA7sXRItBCivR4M
5qnZtdw-7v4WuR4779ubDuJ5nalMv2S66-RPcnFAzWSKxtBDnFJJDGIU
e7Tzizjg1nms0Xq_yPub_UOlWn0ec85FCft1hACpWG8schrOBeNqHBOD
FskYpUc2LC5JA2TaPF2dA67dg1TTsC_FupfQ2kNGcE1LgprxKHcVWYQb
86B-HozjHZcqtauBzFNV5tbTuB-TpkcvJfNcFLlH3b8mb-H_ox35FjqB
SAjLKyoeqfKTpVjvXhd09knwgJf6VKq6UC418_TOljMVfFTWXUxlnfhO
OnzW6HSSzD1c9WrCuVzsUMv54szidQ9wf1cYWf3g5qFDxDQKis99gcDa
iCAwM3yEBIzuNeeCa5dartHDb1xEB_HcHSeYbghbMjGfasvKn0aZRsnT
yC0xhWBlsolZE",
"e": "AQAB",
"alg": "RSA-OAEP",
"d": "n7fzJc3_WG59VEOBTkayzuSMM780OJQuZjN_KbH8lOZG25ZoA7T4Bx
cc0xQn5oZE5uSCIwg91oCt0JvxPcpmqzaJZg1nirjcWZ-oBtVk7gCAWq
-B3qhfF3izlbkosrzjHajIcY33HBhsy4_WerrXg4MDNE4HYojy68TcxT
2LYQRxUOCf5TtJXvM8olexlSGtVnQnDRutxEUCwiewfmmrfveEogLx9E
A-KMgAjTiISXxqIXQhWUQX1G7v_mV_Hr2YuImYcNcHkRvp9E7ook0876
DhkO8v4UOZLwA1OlUX98mkoqwc58A_Y2lBYbVx1_s5lpPsEqbbH-nqIj
h1fL0gdNfihLxnclWtW7pCztLnImZAyeCWAG7ZIfv-Rn9fLIv9jZ6r7r
-MSH9sqbuziHN2grGjD_jfRluMHa0l84fFKl6bcqN1JWxPVhzNZo01yD
F-1LiQnqUYSepPf6X3a2SOdkqBRiquE6EvLuSYIDpJq3jDIsgoL8Mo1L
oomgiJxUwL_GWEOGu28gplyzm-9Q0U0nyhEf1uhSR8aJAQWAiFImWH5W
_IQT9I7-yrindr_2fWQ_i1UgMsGzA7aOGzZfPljRy6z-tY_KuBG00-28
S_aWvjyUc-Alp8AUyKjBZ-7CWH32fGWK48j1t-zomrwjL_mnhsPbGs0c
9WsWgRzI-K8gE",
"p": "7_2v3OQZzlPFcHyYfLABQ3XP85Es4hCdwCkbDeltaUXgVy9l9etKgh
vM4hRkOvbb01kYVuLFmxIkCDtpi-zLCYAdXKrAK3PtSbtzld_XZ9nlsY
a_QZWpXB_IrtFjVfdKUdMz94pHUhFGFj7nr6NNxfpiHSHWFE1zD_AC3m
Y46J961Y2LRnreVwAGNw53p07Db8yD_92pDa97vqcZOdgtybH9q6uma-
RFNhO1AoiJhYZj69hjmMRXx-x56HO9cnXNbmzNSCFCKnQmn4GQLmRj9s
fbZRqL94bbtE4_e0Zrpo8RNo8vxRLqQNwIy85fc6BRgBJomt8QdQvIgP
gWCv5HoQ",
"q": "zqOHk1P6WN_rHuM7ZF1cXH0x6RuOHq67WuHiSknqQeefGBA9PWs6Zy
KQCO-O6mKXtcgE8_Q_hA2kMRcKOcvHil1hqMCNSXlflM7WPRPZu2qCDc
qssd_uMbP-DqYthH_EzwL9KnYoH7JQFxxmcv5An8oXUtTwk4knKjkIYG
RuUwfQTus0w1NfjFAyxOOiAQ37ussIcE6C6ZSsM3n41UlbJ7TCqewzVJ
aPJN5cxjySPZPD3Vp01a9YgAD6a3IIaKJdIxJS1ImnfPevSJQBE79-EX
e2kSwVgOzvt-gsmM29QQ8veHy4uAqca5dZzMs7hkkHtw1z0jHV90epQJ
JlXXnH8Q",
"dp": "19oDkBh1AXelMIxQFm2zZTqUhAzCIr4xNIGEPNoDt1jK83_FJA-xn
x5kA7-1erdHdms_Ef67HsONNv5A60JaR7w8LHnDiBGnjdaUmmuO8XAxQ
J_ia5mxjxNjS6E2yD44USo2JmHvzeeNczq25elqbTPLhUpGo1IZuG72F
ZQ5gTjXoTXC2-xtCDEUZfaUNh4IeAipfLugbpe0JAFlFfrTDAMUFpC3i
XjxqzbEanflwPvj6V9iDSgjj8SozSM0dLtxvu0LIeIQAeEgT_yXcrKGm
pKdSO08kLBx8VUjkbv_3Pn20Gyu2YEuwpFlM_H1NikuxJNKFGmnAq9Lc
nwwT0jvoQ",
"dq": "S6p59KrlmzGzaQYQM3o0XfHCGvfqHLYjCO557HYQf72O9kLMCfd_1
VBEqeD-1jjwELKDjck8kOBl5UvohK1oDfSP1DleAy-cnmL29DqWmhgwM
1ip0CCNmkmsmDSlqkUXDi6sAaZuntyukyflI-qSQ3C_BafPyFaKrt1fg
dyEwYa08pESKwwWisy7KnmoUvaJ3SaHmohFS78TJ25cfc10wZ9hQNOrI
ChZlkiOdFCtxDqdmCqNacnhgE3bZQjGp3n83ODSz9zwJcSUvODlXBPc2
AycH6Ci5yjbxt4Ppox_5pjm6xnQkiPgj01GpsUssMmBN7iHVsrE7N2iz
nBNCeOUIQ",
"qi": "FZhClBMywVVjnuUud-05qd5CYU0dK79akAgy9oX6RX6I3IIIPckCc
iRrokxglZn-omAY5CnCe4KdrnjFOT5YUZE7G_Pg44XgCXaarLQf4hl80
oPEf6-jJ5Iy6wPRx7G2e8qLxnh9cOdf-kRqgOS3F48Ucvw3ma5V6KGMw
QqWFeV31XtZ8l5cVI-I3NzBS7qltpUVgz2Ju021eyc7IlqgzR98qKONl
27DuEES0aK0WE97jnsyO27Yp88Wa2RiBrEocM89QZI1seJiGDizHRUP4
UZxw9zsXww46wy0P6f9grnYp7t8LkyDDk8eoI4KX6SNMNVcyVS9IWjlq
8EzqZEKIA"
}
]]></artwork></figure>
<t>(<spanx style="strong">NOTE</spanx>: While the key includes the private parameters, only the public parameters “e” and “n” are necessary for the encryption operation.)</t>
</section>
<section anchor="jwe-rsa_oaep-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style="symbols">
<t>AES symmetric key as the Content Encryption CEK (CEK); this example uses the key from <xref target="jwe-rsa_oaep-cek"/>.</t>
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jwe-rsa_oaep-iv"/>.</t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-rsa_oaep-cek"><artwork><![CDATA[
mYMfsggkTAm0TbvtlFh2hyoXnbEzJQjMxmgLN3d8xXA
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-rsa_oaep-iv"><artwork><![CDATA[
-nBoKLH0YkLZPSI9
]]></artwork></figure>
</section>
<section anchor="jwe-rsa_oaep-keyenc" title="Encrypting the Key">
<t>Performing the key encryption operation over the CEK (<xref target="jwe-rsa_oaep-cek"/>)) with the RSA key (<xref target="jwe-rsa_oaep-key"/>) produces the following encrypted key:</t>
<figure title="Encrypted Key, base64url-encoded" anchor="jwe-rsa_oaep-encdkey"><artwork><![CDATA[
rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQi
beYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyu
cvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58
-Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8Bpx
KdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pK
IIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7
pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ
fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe3
8UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU
06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5
Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDR
s
]]></artwork></figure>
</section>
<section anchor="jwe-rsa_oaep-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the plaintext:</t>
<t><list style="symbols">
<t>JWE Protected Header; this example uses the the header from <xref target="jwe-rsa_oaep-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jwe-rsa_oaep-protected_b64u"/>.</t>
</list></t>
<figure title="JWE Protected Header JSON" anchor="jwe-rsa_oaep-protected"><artwork><![CDATA[
{
"alg": "RSA-OAEP",
"kid": "samwise.gamgee@hobbiton.example",
"enc": "A256GCM"
}
]]></artwork></figure>
<figure title="JWE Protected Header, base64url-encoded" anchor="jwe-rsa_oaep-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG
9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0
]]></artwork></figure>
<t>Performing the content encryption operation over the Plaintext (<xref target="jwe-plaintext"/>) with the following:</t>
<t><list style="symbols">
<t>CEK (<xref target="jwe-rsa_oaep-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-rsa_oaep-iv"/>); and</t>
<t>JWE Protected Header (<xref target="jwe-rsa_oaep-protected_b64u"/>) as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style="symbols">
<t>Ciphertext from <xref target="jwe-rsa_oaep-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-rsa_oaep-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-rsa_oaep-ciphertext"><artwork><![CDATA[
o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgR
L-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEw
P7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8
iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML
7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSV
maPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-rsa_oaep-tag"><artwork><![CDATA[
UCGiqJxhBI3IFVdPalHHvA
]]></artwork></figure>
</section>
<section anchor="jwe-rsa_oaep-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style="symbols">
<t>JWE Protected Header (<xref target="jwe-rsa_oaep-protected_b64u"/>)</t>
<t>Encrypted key (<xref target="jwe-rsa_oaep-encdkey"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-rsa_oaep-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-rsa_oaep-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-rsa_oaep-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jwe-rsa_oaep-compact"><artwork><![CDATA[
eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG
9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0
.
rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQi
beYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyu
cvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58
-Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8Bpx
KdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pK
IIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7
pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ
fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe3
8UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU
06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5
Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDR
s
.
-nBoKLH0YkLZPSI9
.
o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgR
L-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEw
P7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8
iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML
7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSV
maPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw
.
UCGiqJxhBI3IFVdPalHHvA
]]></artwork></figure>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-rsa_oaep-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key": "rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNu
h7lCiud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-Bb
tsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4
v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzM
uo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8B
pxKdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1
asnuHtVMt2pKIIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq
5pGqFmW2k8zpO878TRlZx7pZfPYDSXZyS0CfKKkMozT_qiCwZTSz
4duYnt8hS4Z9sGthXn9uDqd6wycMagnQfOTs_lycTWmY-aqWVDKh
jYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe38UjQb0lvXn
1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU
06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8a
KaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xD
EdHAVCGRzN3woEI2ozDRs"
}
],
"protected": "eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2
FtZ2VlQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0",
"iv": "-nBoKLH0YkLZPSI9",
"ciphertext": "o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6
UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYx
rXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lh
hNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz
6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7a
CflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525Dx
DfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw",
"tag": "UCGiqJxhBI3IFVdPalHHvA"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-pbes2" title="Key Wrap using PBES2-AES-KeyWrap with AES-CBC-HMAC-SHA2">
<t>The example illustrates encrypting content using the “PBES2-HS512+A256KW” (PBES2 Password-based Encryption using HMAC-SHA-512 and AES-256-KeyWrap) key encryption algorithm with the “A128CBC-HS256” (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jwe-pbes2-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style="symbols">
<t>Plaintext content; this example uses the plaintext from <xref target="jwe-pbes2-plaintext"/> (<spanx style="strong">NOTE</spanx> all whitespace added for readability)</t>
<t>Password; this example uses the password from <xref target="jwe-pbes2-pwd"/> – with the sequence “\xe2\x80\x93” replaced with (U+2013 EN DASH)</t>
<t>“alg” parameter of “PBES2-HS512+A256KW”</t>
<t>“enc” parameter of “A128CBC-HS256”</t>
</list></t>
<figure title="Plaintext Content" anchor="jwe-pbes2-plaintext"><artwork><![CDATA[
{
"keys": [
{
"kty": "oct",
"kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
"use": "enc",
"alg": "A128GCM",
"k": "XctOhJAkA-pD9Lh7ZgW_2A"
},
{
"kty": "oct",
"kid": "81b20965-8332-43d9-a468-82160ad91ac8",
"use": "enc",
"alg": "A128KW",
"k": "GZy6sIZ6wl9NJOKB-jnmVQ"
},
{
"kty": "oct",
"kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
"use": "enc",
"alg": "A256GCMKW",
"k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8"
}
]
}
]]></artwork></figure>
<figure title="Password" anchor="jwe-pbes2-pwd"><artwork><![CDATA[
entrap_o\xe2\x80\x93peter_long\xe2\x80\x93credit_tun
]]></artwork></figure>
</section>
<section anchor="jwe-pbes2-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style="symbols">
<t>AES symmetric key as the Content Encryption Key (CEK); this example uses the key from <xref target="jwe-pbes2-cek"/>.</t>
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jwe-pbes2-iv"/>.</t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-pbes2-cek"><artwork><![CDATA[
uwsjJXaBK407Qaf0_zpcpmr1Cs0CC50hIUEyGNEt3m0
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-pbes2-iv"><artwork><![CDATA[
VBiCzVHNoLiR3F4V82uoTQ
]]></artwork></figure>
</section>
<section anchor="jwe-pbes2-keyenc" title="Encrypting the Key">
<t>The following are generated before encrypting the CEK:</t>
<t><list style="symbols">
<t>Salt; this example uses the salt from <xref target="jwe-pbes2-p2s"/>.</t>
<t>Iteration count; this example uses the iteration count 8192.</t>
</list></t>
<figure title="Salt, base64url-encoded" anchor="jwe-pbes2-p2s"><artwork><![CDATA[
8Q1SzinasR3xchYz6ZZcHA
]]></artwork></figure>
<t>Performing the key encryption operation over the CEK (<xref target="jwe-pbes2-cek"/>)) with the following:</t>
<t><list style="symbols">
<t>Password (<xref target="jwe-pbes2-pwd"/>;</t>
<t>Salt (<xref target="jwe-pbes2-p2s"/>), encoded as an octet string; and</t>
<t>Iteration count (8192)</t>
</list></t>
<t>produces the following encrypted key:</t>
<figure title="Encrypted Key, base64url-encoded" anchor="jwe-pbes2-encdkey"><artwork><![CDATA[
d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g
]]></artwork></figure>
</section>
<section anchor="jwe-pbes2-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the content:</t>
<t><list style="symbols">
<t>JWE Protected Header; this example uses the header from <xref target="jwe-pbes2-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jwe-pbes2-protected_b64u"/>.</t>
</list></t>
<figure title="JWE Protected Header JSON" anchor="jwe-pbes2-protected"><artwork><![CDATA[
{
"alg": "PBES2-HS512+A256KW",
"p2s": "8Q1SzinasR3xchYz6ZZcHA",
"p2c": 8192,
"cty": "jwk-set+json",
"enc": "A128CBC-HS256"
}
]]></artwork></figure>
<figure title="JWE Protected Header, base64url-encoded" anchor="jwe-pbes2-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3
hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJl
bmMiOiJBMTI4Q0JDLUhTMjU2In0
]]></artwork></figure>
<t>Performing the content encryption operation over the Plaintext (<xref target="jwe-pbes2-plaintext"/>) with the the following:</t>
<t><list style="symbols">
<t>CEK (<xref target="jwe-pbes2-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-pbes2-iv"/>); and</t>
<t>JWE Protected Header (<xref target="jwe-pbes2-protected_b64u"/>) as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style="symbols">
<t>Ciphertext from <xref target="jwe-pbes2-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-pbes2-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-pbes2-ciphertext"><artwork><![CDATA[
23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IR
sfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6l
TF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb
6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL
_SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKd
PQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrok
AKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-
zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V
3kobXZ77ulMwDs4p
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-pbes2-tag"><artwork><![CDATA[
0HlwodAhOCILG5SQ2LQ9dg
]]></artwork></figure>
</section>
<section anchor="jwe-pbes2-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style="symbols">
<t>JWE Protected Header (<xref target="jwe-pbes2-protected_b64u"/>)</t>
<t>Encrypted key (<xref target="jwe-pbes2-encdkey"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-pbes2-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-pbes2-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-pbes2-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jwe-pbes2-compact"><artwork><![CDATA[
eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3
hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJl
bmMiOiJBMTI4Q0JDLUhTMjU2In0
.
d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g
.
VBiCzVHNoLiR3F4V82uoTQ
.
23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IR
sfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6l
TF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb
6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL
_SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKd
PQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrok
AKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-
zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V
3kobXZ77ulMwDs4p
.
0HlwodAhOCILG5SQ2LQ9dg
]]></artwork></figure>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-pbes2-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key": "pmKVzwf89K3dfkQqbERUTC0F2jGXD6tTQVmtnV
puKUK2J4Xx2RkkLw"
}
],
"protected": "eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOi
I4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOi
Jqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
"iv": "VBiCzVHNoLiR3F4V82uoTQ",
"ciphertext": "23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2
nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpD
jEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_
hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz42
4givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ
7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru
5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUe
RdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5
tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdT
w8V3kobXZ77ulMwDs4p",
"tag": "0HlwodAhOCILG5SQ2LQ9dg"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-ecdh_aeskw" title="Key Agreement with Key Wrapping using ECDH-ES and AES-KeyWrap with AES-GCM">
<t>This example illustrates encrypting content using the “ECDH-ES+A128KW” (Elliptic Curve Diffie-Hellman Ephemeral-Static with AES-128-KeyWrap) key encryption algorithm and the “A128GCM” (AES-GCM) content encryption algorithm.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jwe-ecdh_aeskw-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style="symbols">
<t>Plaintext content; this example uses the content from <xref target="jwe-plaintext"/></t>
<t>EC public key; this example uses the public key from <xref target="jwe-ecdh_aeskw-key"/></t>
<t>“alg” parameter of “ECDH-ES+A128KW”</t>
<t>“enc” parameter of “A128GCM”</t>
</list></t>
<figure title="Elliptic Curve P-384 Key, in JWK format" anchor="jwe-ecdh_aeskw-key"><artwork><![CDATA[
{
"kty": "EC",
"kid": "peregrin.took@tuckborough.example",
"use": "enc",
"crv": "P-384",
"x": "YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGaQL
pe2FpxBmu2",
"y": "A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D5-
SkgaFL1ETP",
"d": "iTx2pk7wW-GqJkHcEkFQb2EFyYcO7RugmaW3mRrQVAOUiPommT0Idn
YK2xDlZh-j"
}
]]></artwork></figure>
<t>(<spanx style="strong">NOTE</spanx>: While the key includes the private parameters, only the public parameters “crv”, “x”, and “y” are necessary for the encryption operation.)</t>
</section>
<section anchor="jwe-ecdh_aeskw-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style="symbols">
<t>Symmetric AES key as the Content Encryption Key (CEK); this example uses the key from <xref target="jwe-ecdh_aeskw-cek"/>.</t>
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jwe-ecdh_aeskw-iv"/></t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-ecdh_aeskw-cek"><artwork><![CDATA[
Nou2ueKlP70ZXDbq9UrRwg
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-ecdh_aeskw-iv"><artwork><![CDATA[
mH-G2zVqgztUtnW_
]]></artwork></figure>
</section>
<section anchor="jwe-ecdh_aeskw-keyenc" title="Encrypting the Key">
<t>To encrypt the Content Encryption Key, the following are generated:</t>
<t><list style="symbols">
<t>Ephemeral EC private key on the same curve as the EC public key; this example uses the private key from <xref target="jwe-ecdh_aeskw-epk"/>.</t>
</list></t>
<figure title="Ephemeral Elliptic Curve P-384 Key, in JWK format" anchor="jwe-ecdh_aeskw-epk"><artwork><![CDATA[
{
"kty": "EC",
"crv": "P-384",
"x": "uBo4kHPw6kbjx5l0xowrd_oYzBmaz-GKFZu4xAFFkbYiWgutEK6iuE
DsQ6wNdNg3",
"y": "sp3p5SGhZVC2faXumI-e9JU2Mo8KpoYrFDr5yPNVtW4PgEwZOyQTA-
JdaY8tb7E0",
"d": "D5H4Y_5PSKZvhfVFbcCYJOtcGZygRgfZkpsBr59Icmmhe9sW6nkZ8W
fwhinUfWJg"
}
]]></artwork></figure>
<t>Performing the key encryption operation over the CEK (<xref target="jwe-ecdh_aeskw-cek"/>) with the following:</t>
<t><list style="symbols">
<t>The static Elliptic Curve public key (<xref target="jwe-ecdh_aeskw-key"/>); and</t>
<t>The ephemeral Elliptic Curve private key (<xref target="jwe-ecdh_aeskw-epk"/>);</t>
</list></t>
<t>produces the following JWE encrypted key:</t>
<figure title="Encrypted Key, base64url-encoded" anchor="jwe-ecdh_aeskw-encdkey"><artwork><![CDATA[
0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2
]]></artwork></figure>
</section>
<section anchor="jwe-ecdh_aeskw-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the content:</t>
<t><list style="symbols">
<t>JWE Protected Header; this example uses the header from <xref target="jwe-ecdh_aeskw-protected"/>, encoded to <xref target="RFC4648"/> base64url as <xref target="jwe-ecdh_aeskw-protected_b64u"/>.</t>
</list></t>
<figure title="JWE Protected Header JSON" anchor="jwe-ecdh_aeskw-protected"><artwork><![CDATA[
{
"alg": "ECDH-ES+A128KW",
"kid": "peregrin.took@tuckborough.example",
"epk": {
"kty": "EC",
"crv": "P-384",
"x": "uBo4kHPw6kbjx5l0xowrd_oYzBmaz-GKFZu4xAFFkbYiWgutEK6i
uEDsQ6wNdNg3",
"y": "sp3p5SGhZVC2faXumI-e9JU2Mo8KpoYrFDr5yPNVtW4PgEwZOyQT
A-JdaY8tb7E0"
},
"enc": "A128GCM"
}
]]></artwork></figure>
<figure title="JWE Protected Header, base64url-encoded" anchor="jwe-ecdh_aeskw-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdH
Vja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAt
Mzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NH
hBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMy
ZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWT
h0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0
]]></artwork></figure>
<t>Performing the content encryption operation on the Plaintext (<xref target="jwe-plaintext"/>) using the following:</t>
<t><list style="symbols">
<t>CEK (<xref target="jwe-ecdh_aeskw-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-ecdh_aeskw-iv"/>); and</t>
<t>JWE Protected Header (<xref target="jwe-ecdh_aeskw-protected_b64u"/>) as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style="symbols">
<t>Ciphertext from <xref target="jwe-ecdh_aeskw-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-ecdh_aeskw-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-ecdh_aeskw-ciphertext"><artwork><![CDATA[
tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cP
WJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0
IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkc
Y9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w0
3XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu
07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-ecdh_aeskw-tag"><artwork><![CDATA[
WuGzxmcreYjpHGJoa17EBg
]]></artwork></figure>
</section>
<section anchor="jwe-ecdh_aeskw-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style="symbols">
<t>JWE Protected Header (<xref target="jwe-ecdh_aeskw-protected_b64u"/>)</t>
<t>Encrypted key (<xref target="jwe-ecdh_aeskw-encdkey"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-ecdh_aeskw-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-ecdh_aeskw-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-ecdh_aeskw-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jwe-ecdh_aeskw-compact"><artwork><![CDATA[
eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdH
Vja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAt
Mzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NH
hBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMy
ZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWT
h0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0
.
0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2
.
mH-G2zVqgztUtnW_
.
tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cP
WJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0
IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkc
Y9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w0
3XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu
07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ
.
WuGzxmcreYjpHGJoa17EBg
]]></artwork></figure>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-ecdh_aeskw-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key": "0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2"
}
],
"protected": "eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcm
VncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdH
kiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bD
B4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUT
Z3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3
BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbm
MiOiJBMTI4R0NNIn0",
"iv": "mH-G2zVqgztUtnW_",
"ciphertext": "tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz
5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzs
XaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05
jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93Y
cdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkU
ZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVn
tRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ",
"tag": "WuGzxmcreYjpHGJoa17EBg"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-ecdh" title="Key Agreement using ECDH-ES with AES-CBC-HMAC-SHA2">
<t>This example illustrates encrypting content using the “ECDH-ES” (Elliptic Curve Diffie-Hellman Ephemeral-Static) key agreement algorithm and the “A128CBC-HS256” (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jwe-ecdh-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style="symbols">
<t>Plaintext content; this example uses the content from <xref target="jwe-plaintext"/>.</t>
<t>EC public key; this example uses the public key from <xref target="jwe-ecdh-key"/>.</t>
<t>“alg” parameter of “ECDH-ES”</t>
<t>“enc” parameter of “A128CBC-HS256”</t>
</list></t>
<figure title="Elliptic Curve P-256 Key" anchor="jwe-ecdh-key"><artwork><![CDATA[
{
"kty": "EC",
"kid": "meriadoc.brandybuck@buckland.example",
"use": "enc",
"crv": "P-256",
"x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
"d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8"
}
]]></artwork></figure>
<t>(<spanx style="strong">NOTE</spanx>: While the key includes the private parameters, only the public parameters “crv”, “x”, and “y” are necessary for the encryption operation.)</t>
</section>
<section anchor="jwe-ecdh-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style="symbols">
<t>Initialization vector/nonce; this examples uses the initialization vector/nonce from <xref target="jwe-ecdh-iv"/>.</t>
</list></t>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-ecdh-iv"><artwork><![CDATA[
yc9N8v5sYyv3iGQT926IUg
]]></artwork></figure>
<t><spanx style="strong">NOTE</spanx>: The Content Encryption Key (CEK) is not randomly generated; instead it is determined using key agreement.</t>
</section>
<section anchor="jwe-ecdh-enckey" title="Key Agreement">
<t>The following are generated to agree on a CEK:</t>
<t><list style="symbols">
<t>Ephemeral private key; this example uses the private key from <xref target="jwe-ecdh-epk"/>.</t>
</list></t>
<figure title="Ephemeral public key, in JWK format" anchor="jwe-ecdh-epk"><artwork><![CDATA[
{
"kty": "EC",
"crv": "P-256",
"x": "mPUKT_bAWGHIhg0TpjjqVsP1rXWQu_vwVOHHtNkdYoA",
"y": "8BQAsImGeAS46fyWw5MhYfGTT0IjBpFw2SS34Dv4Irs",
"d": "AtH35vJsQ9SGjYfOsjUxYXQKrPH3FjZHmEtSKoSN8cM"
}
]]></artwork></figure>
<t>Performing the ECDH operation using the static EC public key (<xref target="jwe-ecdh-key"/>) over the ephemeral private key <xref target="jwe-ecdh-epk"/>) produces the following CEK:</t>
<figure title="Agreed to Content Encryption Key, base64url-encoded" anchor="jwe-ecdh-cek"><artwork><![CDATA[
hzHdlfQIAEehb8Hrd_mFRhKsKLEzPfshfXs9l6areCc
]]></artwork></figure>
</section>
<section anchor="jwe-ecdh-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the content:</t>
<t><list style="symbols">
<t>JWE Protected Header; this example uses the header from <xref target="jwe-ecdh-protected"/>, encoded to <xref target="RFC4648"/> as <xref target="jwe-ecdh-protected_b64u"/>.</t>
</list></t>
<figure title="JWE Protected Header JSON" anchor="jwe-ecdh-protected"><artwork><![CDATA[
{
"alg": "ECDH-ES",
"kid": "meriadoc.brandybuck@buckland.example",
"epk": {
"kty": "EC",
"crv": "P-256",
"x": "mPUKT_bAWGHIhg0TpjjqVsP1rXWQu_vwVOHHtNkdYoA",
"y": "8BQAsImGeAS46fyWw5MhYfGTT0IjBpFw2SS34Dv4Irs"
},
"enc": "A128CBC-HS256"
}
]]></artwork></figure>
<figure title="JWE Protected Header, base64url-encoded" anchor="jwe-ecdh-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidW
NrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYi
LCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqanFWc1AxclhXUXVfdndWT0hIdE5rZF
lvQSIsInkiOiI4QlFBc0ltR2VBUzQ2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0
RHY0SXJzIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ
]]></artwork></figure>
<t>Performing the content encryption operation on the Plaintext (<xref target="jwe-plaintext"/>) using the following:</t>
<t><list style="symbols">
<t>CEK (<xref target="jwe-ecdh-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-ecdh-iv"/>); and</t>
<t>JWE Protected Header (<xref target="jwe-ecdh-protected_b64u"/>) as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style="symbols">
<t>Ciphertext from <xref target="jwe-ecdh-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-ecdh-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-ecdh-ciphertext"><artwork><![CDATA[
BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9
IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_e
vAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7-
IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI
-sD5PZ3l4NDCCei9XkoIAfsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7
MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ61
95_JGG2m9Csg
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-ecdh-tag"><artwork><![CDATA[
WCCkNa-x4BeB9hIDIfFuhg
]]></artwork></figure>
</section>
<section anchor="jwe-ecdh-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style="symbols">
<t>JWE Protected Header (<xref target="jwe-ecdh_aeskw-protected_b64u"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-ecdh_aeskw-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-ecdh_aeskw-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-ecdh_aeskw-tag"/>)</t>
</list></t>
<t>the resulting JWE object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jwe-ecdh-compact"><artwork><![CDATA[
eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidW
NrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYi
LCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqanFWc1AxclhXUXVfdndWT0hIdE5rZF
lvQSIsInkiOiI4QlFBc0ltR2VBUzQ2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0
RHY0SXJzIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ
.
.
yc9N8v5sYyv3iGQT926IUg
.
BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9
IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_e
vAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7-
IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI
-sD5PZ3l4NDCCei9XkoIAfsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7
MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ61
95_JGG2m9Csg
.
WCCkNa-x4BeB9hIDIfFuhg
]]></artwork></figure>
<t>the resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-ecdh-json"><artwork><![CDATA[
{
"protected": "eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYn
JhbmR5YnVja0BidWNrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6Ik
VDIiwiY3J2IjoiUC0yNTYiLCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqan
FWc1AxclhXUXVfdndWT0hIdE5rZFlvQSIsInkiOiI4QlFBc0ltR2VBUz
Q2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0RHY0SXJzIn0sImVuYyI6Ik
ExMjhDQkMtSFMyNTYifQ",
"iv": "yc9N8v5sYyv3iGQT926IUg",
"ciphertext": "BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4O
PKbWE1zSTEFjDfhU9IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEs
DIqAYtskTTmzmzNa-_q4F_evAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolq
ZSF3xGNNkpOMQKF1Cl8i8wjzRli7-IXgyirlKQsbhhqRzkv8IcY6aHl2
4j03C-AR2le1r7URUhArM79BY8soZU0lzwI-sD5PZ3l4NDCCei9XkoIA
fsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7MsFfI_K767G9C9A
zp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ6195_JGG2m9
Csg",
"tag": "WCCkNa-x4BeB9hIDIfFuhg"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-dir_gcm" title="Direct Encryption using AES-GCM">
<t>This example illustrates encrypting content using a previously exchanged key directly and the “A128GCM” (AES-GCM) content encryption algorithm.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jwe-dir_gcm-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style="symbols">
<t>Plaintext content; this example uses the content from <xref target="jwe-plaintext"/>.</t>
<t>AES symmetric key as the Content Encryption Key (CEK); this example uses the key from <xref target="jwe-dir_gcm-key"/>.</t>
<t>“alg” parameter of “dir”</t>
<t>“enc” parameter of “A128GCM”</t>
</list></t>
<figure title="AES 128-bit key, in JWK format" anchor="jwe-dir_gcm-key"><artwork><![CDATA[
{
"kty": "oct",
"kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
"use": "enc",
"alg": "A128GCM",
"k": "XctOhJAkA-pD9Lh7ZgW_2A"
}
]]></artwork></figure>
</section>
<section anchor="jwe-dir_gcm-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style="symbols">
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jwe-dir_gcm-iv"/>.</t>
</list></t>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-dir_gcm-iv"><artwork><![CDATA[
refa467QzzKx6QAB
]]></artwork></figure>
</section>
<section anchor="jwe-dir_gcm-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the content:</t>
<t><list style="symbols">
<t>JWE Protected Header; this example uses the header from <xref target="jwe-dir_gcm-protected"/>, encoded as <xref target="RFC4648"/> base64url to produce <xref target="jwe-dir_gcm-protected_b64u"/>.</t>
</list></t>
<figure title="JWE Protected Header JSON" anchor="jwe-dir_gcm-protected"><artwork><![CDATA[
{
"alg": "dir",
"kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
"enc": "A128GCM"
}
]]></artwork></figure>
<t>Encoded as <xref target="RFC4648"/> base64url:</t>
<figure title="JWE Protected Header, base64url-encoded" anchor="jwe-dir_gcm-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MT
diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0
]]></artwork></figure>
<t>Performing the encryption operation on the Plaintext (<xref target="jwe-plaintext"/>) using the following:</t>
<t><list style="symbols">
<t>CEK (<xref target="jwe-dir_gcm-key"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-dir_gcm-iv"/>); and</t>
<t>JWE Protected Header (<xref target="jwe-dir_gcm-protected_b64u"/>) as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style="symbols">
<t>Ciphertext from <xref target="jwe-dir_gcm-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-dir_gcm-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-dir_gcm-ciphertext"><artwork><![CDATA[
JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJoBcW29rHP8yZOZG7Y
hLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zM
DB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_
BIwCPTjb9o0SbdcdREEMJMyZBH8ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5
g-NJsUPbjk29-s7LJAGb15wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSIn
ZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-dir_gcm-tag"><artwork><![CDATA[
vbb32Xvllea2OtmHAdccRQ
]]></artwork></figure>
</section>
<section anchor="jwe-dir_gcm-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style="symbols">
<t>JWE Protected Header (<xref target="jwe-dir_gcm-protected_b64u"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-dir_gcm-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-dir_gcm-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-dir_gcm-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jwe-dir_gcm-compact"><artwork><![CDATA[
eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MT
diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0
.
.
refa467QzzKx6QAB
.
JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJoBcW29rHP8yZOZG7Y
hLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zM
DB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_
BIwCPTjb9o0SbdcdREEMJMyZBH8ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5
g-NJsUPbjk29-s7LJAGb15wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSIn
ZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp
.
vbb32Xvllea2OtmHAdccRQ
]]></artwork></figure>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-dir_gcm-json"><artwork><![CDATA[
{
"protected": "eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLT
Q1Y2YtODY3Mi02MTdiNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0",
"iv": "refa467QzzKx6QAB",
"ciphertext": "JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJ
oBcW29rHP8yZOZG7YhLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9
HRUYkshtrMmIUAyGmUnd9zMDB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdc
qMyiBoCO-FBdE-Nceb4h3-FtBP-c_BIwCPTjb9o0SbdcdREEMJMyZBH8
ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5g-NJsUPbjk29-s7LJAGb1
5wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSInZI-wjsY0yu3cT4_
aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp",
"tag": "vbb32Xvllea2OtmHAdccRQ"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-aesgcmkw" title="Key Wrap using AES-GCM KeyWrap with AES-CBC-HMAC-SHA2">
<t>This example illustrates encrypting content using the “A256GCMKW” (AES-256-GCM-KeyWrap) key encryption algorithm with the “A128CBC-HS256” (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jwe-aesgcmkw-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style="symbols">
<t>Plaintext content; this example uses the content from <xref target="jwe-plaintext"/>.</t>
<t>AES symmetric key; this example uses the key from <xref target="jwe-aesgcmkw-key"/>.</t>
<t>“alg” parameter of “A256GCMKW”</t>
<t>“enc” parameter of “A128CBC-HS256”</t>
</list></t>
<figure title="AES 256-bit Key" anchor="jwe-aesgcmkw-key"><artwork><![CDATA[
{
"kty": "oct",
"kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
"use": "enc",
"alg": "A256GCMKW",
"k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8"
}
]]></artwork></figure>
</section>
<section anchor="jwe-aesgcmkw-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style="symbols">
<t>AES symmetric key as the Content Encryption Key (CEK); this example uses the key from <xref target="jwe-aesgcmkw-cek"/>.</t>
<t>Initialization vector/nonce for content encryption; this example uses the initialization vector/nonce from <xref target="jwe-aesgcmkw-iv"/>.</t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-aesgcmkw-cek"><artwork><![CDATA[
UWxARpat23nL9ReIj4WG3D1ee9I4r-Mv5QLuFXdy_rE
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-aesgcmkw-iv"><artwork><![CDATA[
gz6NjyEFNm_vm8Gj6FwoFQ
]]></artwork></figure>
</section>
<section anchor="jwe-aesgcmkw-keyenc" title="Encrypting the Key">
<t>The following are generated before encrypting the CEK:</t>
<t><list style="symbols">
<t>Initialization vector/nonce for key wrapping; this example uses the initialization vector/nonce from <xref target="jwe-aesgcmkw-kwiv"/>.</t>
</list></t>
<figure title="Key Wrap Initialization Vector, base64url-encoded" anchor="jwe-aesgcmkw-kwiv"><artwork><![CDATA[
KkYT0GX_2jHlfqN_
]]></artwork></figure>
<t>Performing the key encryption operation over the CEK (<xref target="jwe-aesgcmkw-cek"/>) with the following:</t>
<t><list style="symbols">
<t>AES symmetric key (<xref target="jwe-aesgcmkw-key"/>);</t>
<t>Key wrap initialization vector/nonce (<xref target="jwe-aesgcmkw-kwiv"/>); and</t>
<t>The empty string as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style="symbols">
<t>Encrypted Key from <xref target="jwe-aesgcmkw-encdkey"/>.</t>
<t>Key wrap authentication tag from <xref target="jwe-aesgcmkw-kwtag"/>.</t>
</list></t>
<figure title="Encrypted Key, base64url-encoded" anchor="jwe-aesgcmkw-encdkey"><artwork><![CDATA[
lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok
]]></artwork></figure>
<figure title="Key Wrap Authentication Tag, base64url-encoded" anchor="jwe-aesgcmkw-kwtag"><artwork><![CDATA[
kfPduVQ3T3H6vnewt--ksw
]]></artwork></figure>
</section>
<section anchor="jwe-aesgcmkw-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the content:</t>
<t><list style="symbols">
<t>JWE Protected Header; this example uses the header from <xref target="jwe-aesgcmkw-protected"/>, encoded to <xref target="RFC4648"/> base64url as <xref target="jwe-aesgcmkw-protected_b64u"/>.</t>
</list></t>
<figure title="JWE Protected Header JSON" anchor="jwe-aesgcmkw-protected"><artwork><![CDATA[
{
"alg": "A256GCMKW",
"kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
"tag": "kfPduVQ3T3H6vnewt--ksw",
"iv": "KkYT0GX_2jHlfqN_",
"enc": "A128CBC-HS256"
}
]]></artwork></figure>
<figure title="JWE Protected Header, base64url-encoded" anchor="jwe-aesgcmkw-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYj
IwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3
IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIiwiZW5jIjoiQTEyOENCQy1IUzI1Ni
J9
]]></artwork></figure>
<t>Performing the content encryption operation over the Plaintext (<xref target="jwe-plaintext"/>) with the following:</t>
<t><list style="symbols">
<t>CEK (<xref target="jwe-aesgcmkw-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-aesgcmkw-iv"/>); and</t>
<t>JWE Protected Header (<xref target="jwe-aesgcmkw-protected_b64u"/>) as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style="symbols">
<t>Ciphertext from <xref target="jwe-aesgcmkw-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-aesgcmkw-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-aesgcmkw-ciphertext"><artwork><![CDATA[
Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8EqoDZHyFKFBupS8iaE
eVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyWtZKX0gxKdy6HgLvqoGNbZCz
LjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQHLcqAHxy51449xkjZ7ewzZaGV3eFq
hpco8o4DijXaG5_7kp3h2cajRfDgymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hde
b6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0Jtj
xAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR
1B-gxpNk3xWU
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-aesgcmkw-tag"><artwork><![CDATA[
DKW7jrb4WaRSNfbXVPlT5g
]]></artwork></figure>
</section>
<section anchor="jwe-aesgcmkw-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style="symbols">
<t>JWE Protected Header (<xref target="jwe-aesgcmkw-protected_b64u"/>)</t>
<t>encrypted key (<xref target="jwe-aesgcmkw-encdkey"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-aesgcmkw-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-aesgcmkw-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-aesgcmkw-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jwe-aesgcmkw-compact"><artwork><![CDATA[
eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYj
IwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3
IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIiwiZW5jIjoiQTEyOENCQy1IUzI1Ni
J9
.
lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok
.
gz6NjyEFNm_vm8Gj6FwoFQ
.
Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8EqoDZHyFKFBupS8iaE
eVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyWtZKX0gxKdy6HgLvqoGNbZCz
LjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQHLcqAHxy51449xkjZ7ewzZaGV3eFq
hpco8o4DijXaG5_7kp3h2cajRfDgymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hde
b6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0Jtj
xAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR
1B-gxpNk3xWU
.
DKW7jrb4WaRSNfbXVPlT5g
]]></artwork></figure>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-aesgcmkw-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key": "lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElL
vYNok"
}
],
"protected": "eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS
1iZmE5LTRkOTUtYjIwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdV
ZRM1QzSDZ2bmV3dC0ta3N3IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIi
wiZW5jIjoiQTEyOENCQy1IUzI1NiJ9",
"iv": "gz6NjyEFNm_vm8Gj6FwoFQ",
"ciphertext": "Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8E
qoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyW
tZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQ
HLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfD
gymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec
4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7z
zFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3
xWU",
"tag": "DKW7jrb4WaRSNfbXVPlT5g"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-aeskw" title="Key Wrap using AES-KeyWrap with AES-GCM">
<t>The following example illustrates content encryption using the “A128KW” (AES-128-KeyWrap) key encryption algorithm and the “A128GCM” (AES-128-GCM) content encryption algorithm.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jwe-aeskw-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style="symbols">
<t>Plaintext content; this example uses the content from <xref target="jwe-plaintext"/>.</t>
<t>AES symmetric key; this example uses the key from <xref target="jwe-aeskw-key"/>.</t>
<t>“alg” parameter of “A128KW”</t>
<t>“enc” parameter of “A128GCM”</t>
</list></t>
<figure title="AES 128-Bit Key" anchor="jwe-aeskw-key"><artwork><![CDATA[
{
"kty": "oct",
"kid": "81b20965-8332-43d9-a468-82160ad91ac8",
"use": "enc",
"alg": "A128KW",
"k": "GZy6sIZ6wl9NJOKB-jnmVQ"
}
]]></artwork></figure>
</section>
<section anchor="jwe-aeskw-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style="symbols">
<t>AES symmetric key as the Content Encryption Key; this example uses the key from <xref target="jwe-aeskw-cek"/>.</t>
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jwe-aeskw-iv"/>.</t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-aeskw-cek"><artwork><![CDATA[
aY5_Ghmk9KxWPBLu_glx1w
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-aeskw-iv"><artwork><![CDATA[
Qx0pmsDa8KnJc9Jo
]]></artwork></figure>
</section>
<section anchor="jwe-aeskw-keyenc" title="Encrypting the Key">
<t>Performing the key encryption operation over the CEK (<xref target="jwe-aeskw-cek"/>) with the AES key (<xref target="jwe-aeskw-key"/>) produces the following encrypted key:</t>
<figure title="Encrypted Key, base64url-encoded" anchor="jwe-aeskw-encdkey"><artwork><![CDATA[
CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx
]]></artwork></figure>
</section>
<section anchor="jwe-aeskw-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the content:</t>
<t><list style="symbols">
<t>JWE Protected Header; this example uses the header from <xref target="jwe-aeskw-protected"/>, encoded to <xref target="RFC4648"/> base64url as <xref target="jwe-aeskw-protected_b64u"/>.</t>
</list></t>
<figure title="JWE Protected Header JSON" anchor="jwe-aeskw-protected"><artwork><![CDATA[
{
"alg": "A128KW",
"kid": "81b20965-8332-43d9-a468-82160ad91ac8",
"enc": "A128GCM"
}
]]></artwork></figure>
<figure title="JWE Protected Header, base64url-encoded" anchor="jwe-aeskw-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0
]]></artwork></figure>
<t>Performing the content encryption over the Plaintext (<xref target="jwe-plaintext"/>) with the following:</t>
<t><list style="symbols">
<t>CEK (<xref target="jwe-aeskw-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-aeskw-iv"/>); and</t>
<t>JWE Protected Header (<xref target="jwe-aeskw-protected_b64u"/>) as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style="symbols">
<t>Ciphertext from <xref target="jwe-aeskw-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-aeskw-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-aeskw-ciphertext"><artwork><![CDATA[
AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD6
1A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfe
F0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8RE
wOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-p
uQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRa
a8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF
]]></artwork></figure>
<t>And authentication tag:</t>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-aeskw-tag"><artwork><![CDATA[
ER7MWJZ1FBI_NKvn7Zb1Lw
]]></artwork></figure>
</section>
<section anchor="jwe-aeskw-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style="symbols">
<t>JWE Protected Header (<xref target="jwe-aeskw-protected_b64u"/>)</t>
<t>encrypted key (<xref target="jwe-aeskw-encdkey"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-aeskw-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-aeskw-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-aeskw-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jwe-aeskw-compact"><artwork><![CDATA[
eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0
.
CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx
.
Qx0pmsDa8KnJc9Jo
.
AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD6
1A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfe
F0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8RE
wOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-p
uQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRa
a8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF
.
ER7MWJZ1FBI_NKvn7Zb1Lw
]]></artwork></figure>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-aeskw-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key": "CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx"
}
],
"protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn
0",
"iv": "Qx0pmsDa8KnJc9Jo",
"ciphertext": "AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1b
TdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGk
d3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiY
SoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7
PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvE
TUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMv
EmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF",
"tag": "ER7MWJZ1FBI_NKvn7Zb1Lw"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-compressed" title="Compressed Content">
<t>This example illustrates encrypting content that is first compressed. It reuses the AES key, key encryption algorithm, and content encryption algorithm from <xref target="jwe-aeskw"/>.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jwe-compressed-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style="symbols">
<t>Plaintext content; this example uses the content from <xref target="jwe-plaintext"/>.</t>
<t>Recipient encryption key; this example uses the key from <xref target="jwe-aeskw-key"/>.</t>
<t>Key encryption algorithm; this example uses “A128KW”.</t>
<t>Content encryption algorithm; this example uses “A128GCM”.</t>
<t>“zip” parameter as “DEF”.</t>
</list></t>
</section>
<section anchor="jwe-compressed-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style="symbols">
<t>Compressed plaintext from the original plaintext content; compressing <xref target="jwe-plaintext"/> using the DEFLATE <xref target="RFC1951"/> algorithm produces the compressed plaintext from <xref target="jwe-compressed-plaintext_c"/>.</t>
<t>AES symmetric key as the Content Encryption Key (CEK); this example uses the key from <xref target="jwe-compressed-cek"/>.</t>
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jwe-compressed-iv"/>.</t>
</list></t>
<figure title="Compressed Plaintext, base64url-encoded" anchor="jwe-compressed-plaintext_c"><artwork><![CDATA[
bY_BDcIwDEVX-QNU3QEOrIA4pqlDokYxchxVvbEDGzIJbioOSJwc-f___HPjBu
8KVFpVtAplVE1-wZo0YjNZo3C7R5v72pV5f5X382VWjYQpqZKAyjziZOr2B7kQ
PSy6oZIXUnDYbVKN4jNXi2u0yB7t1qSHTjmMODf9QgvrDzfTIQXnyQRuUya4zI
WG3vTOdir0v7BRHFYWq3k1k1A_gSDJqtcBF-GZxw8
]]></artwork></figure>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-compressed-cek"><artwork><![CDATA[
hC-MpLZSuwWv8sexS6ydfw
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-compressed-iv"><artwork><![CDATA[
p9pUq6XHY0jfEZIl
]]></artwork></figure>
</section>
<section anchor="jwe-compressed-keyenc" title="Encrypting the Key">
<t>Performing the key encryption operation over the CEK (<xref target="jwe-compressed-cek"/>) with the AES key (<xref target="jwe-aeskw-key"/>) produces the following encrypted key:</t>
<figure title="Encrypted Key, base64url-encoded" anchor="jwe-compressed-encdkey"><artwork><![CDATA[
5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi
]]></artwork></figure>
</section>
<section anchor="jwe-compressed-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the content:</t>
<t><list style="symbols">
<t>JWE Protected Header; this example uses the header from <xref target="jwe-compressed-protected"/>, encoded as <xref target="RFC4648"/> base64url as <xref target="jwe-compressed-protected_b64u"/>.</t>
</list></t>
<figure title="JWE Protected Header JSON" anchor="jwe-compressed-protected"><artwork><![CDATA[
{
"alg": "A128KW",
"kid": "81b20965-8332-43d9-a468-82160ad91ac8",
"enc": "A128GCM",
"zip": "DEF"
}
]]></artwork></figure>
<figure title="JWE Protected Header, base64url-encoded" anchor="jwe-compressed-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0
]]></artwork></figure>
<t>Performing the content encryption operation over the compressed Plaintext (<xref target="jwe-compressed-plaintext_c"/>, encoded as an octet string) with the following:</t>
<t><list style="symbols">
<t>CEK (<xref target="jwe-compressed-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-compressed-iv"/>); and</t>
<t>JWE Protected Header (<xref target="jwe-compressed-protected_b64u"/>) as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style="symbols">
<t>Ciphertext from <xref target="jwe-compressed-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-compressed-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-compressed-ciphertext"><artwork><![CDATA[
HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6VB8hry57tDZ61jXyez
SPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0
m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDHj0aBMG6152PsM-w5E_o2B3jDbrYBK
hpYA7qi3AyijnCJ7BP9rr3U8kxExCpG3mK420TjOw
]]></artwork></figure>
<t>And authentication tag:</t>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-compressed-tag"><artwork><![CDATA[
VILuUwuIxaLVmh5X-T7kmA
]]></artwork></figure>
</section>
<section anchor="jwe-compressed-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style="symbols">
<t>JWE Protected Header (<xref target="jwe-compressed-protected_b64u"/>)</t>
<t>encrypted key (<xref target="jwe-compressed-encdkey"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-compressed-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-compressed-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-compressed-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jwe-compressed-compact"><artwork><![CDATA[
eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0
.
5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi
.
p9pUq6XHY0jfEZIl
.
HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6VB8hry57tDZ61jXyez
SPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0
m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDHj0aBMG6152PsM-w5E_o2B3jDbrYBK
hpYA7qi3AyijnCJ7BP9rr3U8kxExCpG3mK420TjOw
.
VILuUwuIxaLVmh5X-T7kmA
]]></artwork></figure>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-compressed-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key": "5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi"
}
],
"protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIi
wiemlwIjoiREVGIn0",
"iv": "p9pUq6XHY0jfEZIl",
"ciphertext": "HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6V
B8hry57tDZ61jXyezSPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWG
ml8blyiMQmOn9J--XhhlYg0m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDH
j0aBMG6152PsM-w5E_o2B3jDbrYBKhpYA7qi3AyijnCJ7BP9rr3U8kxE
xCpG3mK420TjOw",
"tag": "VILuUwuIxaLVmh5X-T7kmA"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-aad" title="Including Additional Authenticated Data">
<t>This example illustrates encrypting content that includes additional authenticated data. As this example includes an additional top-level property not present in the Compact serialization, only the JSON serialization is possible.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jwe-aad-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style="symbols">
<t>Plaintext content; this example uses the content from <xref target="jwe-plaintext"/>.</t>
<t>Recipient encryption key; this example uses the key from <xref target="jwe-aeskw-key"/>.</t>
<t>Key encryption algorithm; this example uses “A128KW”.</t>
<t>Content encryption algorithm; this example uses “A128GCM”.</t>
<t>Additional authenticated data; this example uses a <xref target="RFC7095"/> vCard from <xref target="jwe-aad-data"/>, serialized to UTF-8.</t>
</list></t>
<figure title="Additional Authenticated Data, in JSON format" anchor="jwe-aad-data"><artwork><![CDATA[
[
"vcard",
[
[ "version", {}, "text", "4.0" ],
[ "fn", {}, "text", "Meriadoc Brandybuck" ],
[ "n", {},
"text", [
"Brandybuck", "Meriadoc", "Mr.", ""
]
],
[ "bday", {}, "text", "TA 2982" ],
[ "gender", {}, "text", "M" ]
]
]
]]></artwork></figure>
<t><spanx style="strong">NOTE</spanx> whitespace between JSON values added for readability.</t>
</section>
<section anchor="jwe-aad-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style="symbols">
<t>AES symmetric key as the Content Encryption Key (CEK); this example uses the key from <xref target="jwe-aad-cek"/>.</t>
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jwe-aad-iv"/>.</t>
<t>Encoded additional authenticated data (AAD); this example uses the additional authenticated data from <xref target="jwe-aad-data"/>, encoded to <xref target="RFC4648"/> base64url as <xref target="jwe-aad-data_b64u"/>.</t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-aad-cek"><artwork><![CDATA[
75m1ALsYv10pZTKPWrsqdg
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-aad-iv"><artwork><![CDATA[
veCx9ece2orS7c_N
]]></artwork></figure>
<figure title="Additional Authenticated Data, base64url-encoded" anchor="jwe-aad-data_b64u"><artwork><![CDATA[
WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuIix7fS
widGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4iLHt9LCJ0ZXh0Iixb
IkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbImJkYXkiLHt9LC
J0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV4dCIsIk0iXV1d
]]></artwork></figure>
</section>
<section anchor="jwe-aad-keyenc" title="Encrypting the Key">
<t>Performing the key encryption operation over the CEK (<xref target="jwe-aad-cek"/>) with the AES key (<xref target="jwe-aeskw-key"/>) produces the following encrypted key:</t>
<figure title="Encrypted Key, base64url-encoded" anchor="jwe-aad-encdkey"><artwork><![CDATA[
4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X
]]></artwork></figure>
</section>
<section anchor="jwe-aad-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the content:</t>
<t><list style="symbols">
<t>JWE Protected Header; this example uses the header from <xref target="jwe-aad-protected"/>, encoded to <xref target="RFC4648"/> base64url as <xref target="jwe-aad-protected_b64u"/>.</t>
</list></t>
<figure title="JWE Protected Header JSON" anchor="jwe-aad-protected"><artwork><![CDATA[
{
"alg": "A128KW",
"kid": "81b20965-8332-43d9-a468-82160ad91ac8",
"enc": "A128GCM"
}
]]></artwork></figure>
<figure title="JWE Protected Header, base64url-encoded" anchor="jwe-aad-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0
]]></artwork></figure>
<t>Performing the content encryption operation over the Plaintext with the following:</t>
<t><list style="symbols">
<t>CEK (<xref target="jwe-aad-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-aad-iv"/>); and</t>
<t>Concatenation of the JWE Protected Header (<xref target="jwe-aad-protected_b64u"/>), “.”, and the <xref target="RFC4648"/> base64url encoding of <xref target="jwe-aad-data"/> as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style="symbols">
<t>Ciphertext from <xref target="jwe-aad-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-aad-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-aad-ciphertext"><artwork><![CDATA[
Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0Ui8p74SchQP8xygM1
oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14T_4NFqF-p2Mx8zkbKxI7oPK
8KNarFbyxIDvICNqBLba-v3uzXBdB89fzOI-Lv4PjOFAQGHrgv1rjXAmKbgkft
9cB4WeyZw8MldbBhc-V_KWZslrsLNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4a
q3FXBxOxCys35PhCdaggy2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHr
RDQeHyMRoBljoV3X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-aad-tag"><artwork><![CDATA[
vOaH_Rajnpy_3hOtqvZHRA
]]></artwork></figure>
</section>
<section anchor="jwe-aad-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style="symbols">
<t>JWE Protected Header (<xref target="jwe-aad-protected_b64u"/>)</t>
<t>encrypted key (<xref target="jwe-aad-encdkey"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-aad-iv"/>)</t>
<t>Additional authenticated data (<xref target="jwe-aad-data_b64u"/>)</t>
<t>Ciphertext (<xref target="jwe-aad-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-aad-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-aad-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key": "4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X"
}
],
"protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn
0",
"iv": "veCx9ece2orS7c_N",
"aad": "WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxb
ImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4i
LHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIs
IiJdXSxbImJkYXkiLHt9LCJ0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVy
Iix7fSwidGV4dCIsIk0iXV1d",
"ciphertext": "Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0
Ui8p74SchQP8xygM1oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14
T_4NFqF-p2Mx8zkbKxI7oPK8KNarFbyxIDvICNqBLba-v3uzXBdB89fz
OI-Lv4PjOFAQGHrgv1rjXAmKbgkft9cB4WeyZw8MldbBhc-V_KWZslrs
LNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4aq3FXBxOxCys35PhCdaggy
2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHrRDQeHyMRoBljoV3
X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV",
"tag": "vOaH_Rajnpy_3hOtqvZHRA"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-somefields" title="Protecting Specific Header Fields">
<t>This example illustrates encrypting content where only certain JOSE header parameters are protected. As this example includes parameters in the JWE Shared Unprotected Header, only the JSON serialization is possible.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jwe-somefields-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style="symbols">
<t>Plaintext content; this example uses the content from <xref target="jwe-plaintext"/>.</t>
<t>Recipient encryption key; this example uses the key from <xref target="jwe-aeskw-key"/>.</t>
<t>Key encryption algorithm; this example uses “A128KW”.</t>
<t>Content encryption algorithm; this example uses “A128GCM”.</t>
</list></t>
</section>
<section anchor="jwe-somefields-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style="symbols">
<t>AES symmetric key as the Content Encryption Key (CEK); this example uses the key from <xref target="jwe-somefields-cek"/>.</t>
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jwe-somefields-iv"/>.</t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-somefields-cek"><artwork><![CDATA[
WDgEptBmQs9ouUvArz6x6g
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-somefields-iv"><artwork><![CDATA[
WgEJsDS9bkoXQ3nR
]]></artwork></figure>
</section>
<section anchor="jwe-somefields-keyenc" title="Encrypting the Key">
<t>Performing the key encryption operation over the CEK (<xref target="jwe-somefields-cek"/>) with the AES key (<xref target="jwe-aeskw-key"/>) produces the following encrypted key:</t>
<figure title="Encrypted Key, base64url-encoded" anchor="jwe-somefields-encdkey"><artwork><![CDATA[
jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H
]]></artwork></figure>
</section>
<section anchor="jwe-somefields-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the content:</t>
<t><list style="symbols">
<t>JWE Protected Header; this example uses the header from <xref target="jwe-somefields-protected"/>, encoded to <xref target="RFC4648"/> base64url as <xref target="jwe-somefields-protected_b64u"/>.</t>
</list></t>
<figure title="JWE Protected Header JSON" anchor="jwe-somefields-protected"><artwork><![CDATA[
{
"enc": "A128GCM"
}
]]></artwork></figure>
<figure title="JWE Protected Header, base64url-encoded" anchor="jwe-somefields-protected_b64u"><artwork><![CDATA[
eyJlbmMiOiJBMTI4R0NNIn0
]]></artwork></figure>
<t>Performing the content encryption operation over the Plaintext with the following:</t>
<t><list style="symbols">
<t>CEK (<xref target="jwe-somefields-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-somefields-iv"/>); and</t>
<t>JWE Protected Header (<xref target="jwe-somefields-protected_b64u"/>) as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style="symbols">
<t>Ciphertext from <xref target="jwe-somefields-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jwe-somefields-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-somefields-ciphertext"><artwork><![CDATA[
lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2DM3swKkjOwQyZtWsFL
YMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9OCCJ1IHAolUv4MyOt80MoPb8
fZYbNKqplzYJgIL58g8N2v46OgyG637d6uuKPwhAnTGm_zWhqc_srOvgiLkzyF
XPq1hBAURbc3-8BqeRb48iR1-_5g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nO
WL4teUPS8yHLbWeL83olU4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWL
Hs1NqBbre0dEwK3HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-somefields-tag"><artwork><![CDATA[
fNYLqpUe84KD45lvDiaBAQ
]]></artwork></figure>
</section>
<section anchor="jwe-somefields-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style="symbols">
<t>JWE Shared Unprotected Header (<xref target="jwe-somefields-unprotected"/>)</t>
<t>JWE Protected Header (<xref target="jwe-somefields-protected_b64u"/>)</t>
<t>encrypted key (<xref target="jwe-somefields-encdkey"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-somefields-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-somefields-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-somefields-tag"/>)</t>
</list></t>
<t>The following JWE Shared Unprotected Header is generated before assembling the output results:</t>
<figure title="JWE Shared Unprotected Header JSON" anchor="jwe-somefields-unprotected"><artwork><![CDATA[
{
"alg": "A128KW",
"kid": "81b20965-8332-43d9-a468-82160ad91ac8"
}
]]></artwork></figure>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-somefields-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key": "jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H"
}
],
"unprotected": {
"alg": "A128KW",
"kid": "81b20965-8332-43d9-a468-82160ad91ac8"
},
"protected": "eyJlbmMiOiJBMTI4R0NNIn0",
"iv": "WgEJsDS9bkoXQ3nR",
"ciphertext": "lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2D
M3swKkjOwQyZtWsFLYMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9O
CCJ1IHAolUv4MyOt80MoPb8fZYbNKqplzYJgIL58g8N2v46OgyG637d6
uuKPwhAnTGm_zWhqc_srOvgiLkzyFXPq1hBAURbc3-8BqeRb48iR1-_5
g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nOWL4teUPS8yHLbWeL83olU
4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWLHs1NqBbre0dEwK3
HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf",
"tag": "fNYLqpUe84KD45lvDiaBAQ"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-nofields" title="Protecting Content Only">
<t>This example illustrates encrypting content where none of the JOSE header parameters are protected. As this example includes parameters only in the JWE Shared Unprotected Header, only the JSON serialization is possible.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jwe-nofields-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style="symbols">
<t>Plaintext content; this example uses the content from <xref target="jwe-plaintext"/>.</t>
<t>Recipient encryption key; this example uses the key from <xref target="jwe-aeskw-key"/>.</t>
<t>Key encryption algorithm; this example uses “A128KW”.</t>
<t>Content encryption algorithm; this example uses “A128GCM”.</t>
</list></t>
</section>
<section anchor="jwe-nofields-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style="symbols">
<t>AES symmetric key as the Content Encryption Key; this example the key from <xref target="jwe-nofields-cek"/>.</t>
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jwe-nofields-iv"/>.</t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-nofields-cek"><artwork><![CDATA[
KBooAFl30QPV3vkcZlXnzQ
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-nofields-iv"><artwork><![CDATA[
YihBoVOGsR1l7jCD
]]></artwork></figure>
</section>
<section anchor="jwe-nofields-keyenc" title="Encrypting the Key">
<t>Performing the key encryption operation over the CEK (<xref target="jwe-nofields-cek"/> with the AES key (<xref target="jwe-aeskw-key"/> produces the following encrypted key:</t>
<figure title="Encrypted Key, base64url-encoded" anchor="jwe-nofields-encdkey"><artwork><![CDATA[
244YHfO_W7RMpQW81UjQrZcq5LSyqiPv
]]></artwork></figure>
</section>
<section anchor="jwe-nofields-contentenc" title="Encrypting the Content">
<t>Performing the content encryption operation over the Plaintext (<xref target="jwe-plaintext"/>) using the following:</t>
<t><list style="symbols">
<t>CEK (<xref target="jwe-nofields-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jwe-nofields-iv"/>); and</t>
<t>Empty string as authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style="symbols">
<t>Ciphertext from <xref target="jwe-nofields-ciphertext"/>.</t>
<t>Authenticated data from <xref target="jwe-nofields-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-nofields-ciphertext"><artwork><![CDATA[
qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-arsVCPaIeFwQfzrSS
6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHFSP3eqQPb4Ic1SDSqyXjw_L3
svybhHYUGyQuTmUQEDjgjJfBOifwHIsDsRPeBz1NomqeifVPq5GTCWFo5k_MNI
QURR2Wj0AHC2k7JZfu2iWjUHLF8ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISO
a6O73yPZtL04k_1FI7WDfrb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z
4KX9lfz1cne31N4-8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-nofields-tag"><artwork><![CDATA[
e2m0Vm7JvjK2VpCKXS-kyg
]]></artwork></figure>
</section>
<section anchor="jwe-nofields-output" title="Output Results">
<t>The following JWE Shared Unprotected Header is generated before assembling the output results:</t>
<figure title="JWE Shared Unprotected Header JSON" anchor="jwe-nofields-unprotected"><artwork><![CDATA[
{
"alg": "A128KW",
"kid": "81b20965-8332-43d9-a468-82160ad91ac8",
"enc": "A128GCM"
}
]]></artwork></figure>
<t>The following compose the resulting JWE object:</t>
<t><list style="symbols">
<t>JWE Shared Unprotected Header (<xref target="jwe-nofields-unprotected"/>)</t>
<t>encrypted key (<xref target="jwe-nofields-encdkey"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-nofields-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-nofields-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-nofields-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-nofields-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key": "244YHfO_W7RMpQW81UjQrZcq5LSyqiPv"
}
],
"unprotected": {
"alg": "A128KW",
"kid": "81b20965-8332-43d9-a468-82160ad91ac8",
"enc": "A128GCM"
},
"iv": "YihBoVOGsR1l7jCD",
"ciphertext": "qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-
arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHF
SP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDs
RPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8
ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDf
rb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4
-8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF",
"tag": "e2m0Vm7JvjK2VpCKXS-kyg"
}
]]></artwork></figure>
</section>
</section>
<section anchor="jwe-multi" title="Encrypting to Multiple Recipients">
<t>This example illustrates encryption content for multiple recipients. As this example has multiple recipients, only the JSON serialization is possible.</t>
<t>Note that RSAES-PKCS1-v1_5 uses random data to generate the ciphertext; it might not be possible to exactly replicate the results in this section.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jwe-multi-input" title="Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style="symbols">
<t>Plaintext content; this example uses the plaintext from <xref target="jwe-plaintext"/>.</t>
<t>Recipient keys; this example uses the following: <list style="symbols">
<t>The RSA public key from <xref target="jwe-rsa15-key"/> for the first recipient.</t>
<t>The EC public key from <xref target="jwe-ecdh_aeskw-key"/> for the second recipient.</t>
<t>The AES symmetric key from <xref target="jwe-aesgcmkw-key"/> for the third recipient.</t>
</list></t>
<t>Key encryption algorithms; this example uses the following: <list style="symbols">
<t>“RSA1_5” for the first recipient.</t>
<t>“ECDH-ES+A256KW” for the second recipient.</t>
<t>“A256GCMKW” for the third recipient.</t>
</list></t>
<t>Content encryption algorithm; this example uses “A128CBC-HS256”</t>
</list></t>
</section>
<section anchor="jwe-multi-gen" title="Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style="symbols">
<t>AES symmetric key as the Content Encryption Key (CEK); this example uses the key from <xref target="jwe-multi-cek"/>.</t>
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jwe-multi-iv"/>.</t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jwe-multi-cek"><artwork><![CDATA[
zXayeJ4gvm8NJr3IUInyokTUO-LbQNKEhe_zWlYbdpQ
]]></artwork></figure>
<figure title="Initialization Vector, base64url-encoded" anchor="jwe-multi-iv"><artwork><![CDATA[
VgEIHY20EnzUtZFl2RpB1g
]]></artwork></figure>
</section>
<section anchor="jwe-multi-keyenc_1" title="Encrypting the Key to the First Recipient">
<t>Performing the “RSA1_5” key encryption operation over the CEK (<xref target="jwe-multi-cek"/> with the first recipient’s RSA key (<xref target="jwe-rsa15-key"/> produces the following encrypted key:</t>
<figure title="Recipient #1 Encrypted Key, base64url-encoded" anchor="jwe-multi-encdkey_1"><artwork><![CDATA[
dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zjwj4w6Y5G4XJQsNNIBiqyvUUA
OcpL7S7-cFe7Pio7gV_Q06WmCSa-vhW6me4bWrBf7cHwEQJdXihidAYWVajJIa
KMXMvFRMV6iDlRr076DFthg2_AV0_tSiV6xSEIFqt1xnYPpmP91tc5WJDOGb-w
qjw0-b-S1laS11QVbuP78dQ7Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbeYS
rRicJK5xodvWgkpIdkMHo4LvdhRRvzoKzlic89jFWPlnBq_V4n5trGuExtp_-d
bHcGlihqc_wGgho9fLMK8JOArYLcMDNQ
]]></artwork></figure>
<t>The following are generated after encrypting the CEK for the first recipient:</t>
<t><list style="symbols">
<t>Recipient JWE Unprotected Header from <xref target="jwe-multi-rcpt_header_1"/></t>
</list></t>
<figure title="Recipient #1 JWE Per-recipient Unprotected Header JSON" anchor="jwe-multi-rcpt_header_1"><artwork><![CDATA[
{
"alg": "RSA1_5",
"kid": "frodo.baggins@hobbiton.example"
}
]]></artwork></figure>
<t>The following is the assembled first recipient JSON:</t>
<figure title="Recipient #1 JSON" anchor="jwe-multi-rcpt_1"><artwork><![CDATA[
{
"encrypted_key": "dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zjwj4w
6Y5G4XJQsNNIBiqyvUUAOcpL7S7-cFe7Pio7gV_Q06WmCSa-vhW6me4b
WrBf7cHwEQJdXihidAYWVajJIaKMXMvFRMV6iDlRr076DFthg2_AV0_t
SiV6xSEIFqt1xnYPpmP91tc5WJDOGb-wqjw0-b-S1laS11QVbuP78dQ7
Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbeYSrRicJK5xodvWgkpIdk
MHo4LvdhRRvzoKzlic89jFWPlnBq_V4n5trGuExtp_-dbHcGlihqc_wG
gho9fLMK8JOArYLcMDNQ",
"header": {
"alg": "RSA1_5",
"kid": "frodo.baggins@hobbiton.example"
}
}
]]></artwork></figure>
</section>
<section anchor="jwe-multi-keyenc_2" title="Encrypting the Key to the Second Recipient">
<t>The following are generated before encrypting the CEK for the second recipient:</t>
<t><list style="symbols">
<t>Ephemeral EC private key on the same curve as the EC public key; this example uses the private key from <xref target="jwe-multi-epk_2"/>.</t>
</list></t>
<figure title="Ephemeral public key for Recipient #2, in JWK format" anchor="jwe-multi-epk_2"><artwork><![CDATA[
{
"kty": "EC",
"crv": "P-384",
"x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xAn2Dt
MRb25Ma2CX",
"y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pOMbw9
1fzZ84pbfm",
"d": "1DKHfTv-PiifVw2VBHM_ZiVcwOMxkOyANS_lQHJcrDxVY3jhVCvZPw
MxJKIE793C"
}
]]></artwork></figure>
<t>Performing the “ECDH-ES+A256KW” key encryption operation over the CEK (<xref target="jwe-multi-cek"/> with the following:</t>
<t><list style="symbols">
<t>Static Elliptic Curve public key (<xref target="jwe-ecdh_aeskw-key"/>).</t>
<t>Ephemeral Elliptic Curve private key (<xref target="jwe-multi-epk_2"/>.</t>
</list></t>
<t>produces the following encrypted key:</t>
<figure title="Recipient #2 Encrypted Key, base64url-encoded" anchor="jwe-multi-encdkey_2"><artwork><![CDATA[
ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHixJuw_elY4gSSId_w
]]></artwork></figure>
<t>The following are generated after encrypting the CEK for the second recipient:</t>
<t><list style="symbols">
<t>Recipient JWE Unprotected Header from <xref target="jwe-multi-rcpt_header_2"/>.</t>
</list></t>
<figure title="Recipient #2 JWE Per-recipient Unprotected Header JSON" anchor="jwe-multi-rcpt_header_2"><artwork><![CDATA[
{
"alg": "ECDH-ES+A256KW",
"kid": "peregrin.took@tuckborough.example",
"epk": {
"kty": "EC",
"crv": "P-384",
"x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xAn2
DtMRb25Ma2CX",
"y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pOMb
w91fzZ84pbfm"
}
}
]]></artwork></figure>
<t>The following is the assembled second recipient JSON:</t>
<figure title="Recipient #2 JSON" anchor="jwe-multi-rcpt_2"><artwork><![CDATA[
{
"encrypted_key": "ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHixJuw
_elY4gSSId_w",
"header": {
"alg": "ECDH-ES+A256KW",
"kid": "peregrin.took@tuckborough.example",
"epk": {
"kty": "EC",
"crv": "P-384",
"x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xA
n2DtMRb25Ma2CX",
"y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pO
Mbw91fzZ84pbfm"
}
}
}
]]></artwork></figure>
</section>
<section anchor="jwe-multi-keyenc_3" title="Encrypting the Key to the Third Recipient">
<t>The following are generated before encrypting the CEK for the third recipient:</t>
<t><list style="symbols">
<t>Initialization vector/nonce for key wrapping; this example uses the initialization vector/nonce from <xref target="jwe-multi-kwiv_3"/></t>
</list></t>
<figure title="Recipient #2 Initialization Vector, base64url-encoded" anchor="jwe-multi-kwiv_3"><artwork><![CDATA[
AvpeoPZ9Ncn9mkBn
]]></artwork></figure>
<t>Performing the “A256GCMKW” key encryption operation over the CEK (<xref target="jwe-multi-cek"/>) with the following:</t>
<t><list style="symbols">
<t>AES symmetric key (<xref target="jwe-aesgcmkw-key"/>; and</t>
<t>Initialization vector/nonce ((<xref target="jwe-multi-kwiv_3"/></t>
</list></t>
<t>produces the following:</t>
<t><list style="symbols">
<t>Encrypted key from <xref target="jwe-multi-encdkey_3"/>.</t>
<t>Key wrap authentication tag from <xref target="jwe-multi-kwtag_3"/></t>
</list></t>
<figure title="Recipient #3 Encrypted Key, base64url-encoded" anchor="jwe-multi-encdkey_3"><artwork><![CDATA[
a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-WyTpS1E
]]></artwork></figure>
<figure title="Recipient #3 Authentication Tag, base64url-encoded" anchor="jwe-multi-kwtag_3"><artwork><![CDATA[
59Nqh1LlYtVIhfD3pgRGvw
]]></artwork></figure>
<t>The following are generated after encrypting the CEK for the third recipient:</t>
<t><list style="symbols">
<t>Recipient JWE Unprotected Header; this example uses the header from <xref target="jwe-multi-rcpt_header_3"/>.</t>
</list></t>
<figure title="Recipient #3 JWE Per-recipient Unprotected Header JSON" anchor="jwe-multi-rcpt_header_3"><artwork><![CDATA[
{
"alg": "A256GCMKW",
"kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
"tag": "59Nqh1LlYtVIhfD3pgRGvw",
"iv": "AvpeoPZ9Ncn9mkBn"
}
]]></artwork></figure>
<t>The following is the assembled third recipient JSON:</t>
<figure title="Recipient #3 JSON" anchor="jwe-multi-rcpt_3"><artwork><![CDATA[
{
"encrypted_key": "a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-WyTpS1
E",
"header": {
"alg": "A256GCMKW",
"kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
"tag": "59Nqh1LlYtVIhfD3pgRGvw",
"iv": "AvpeoPZ9Ncn9mkBn"
}
}
]]></artwork></figure>
</section>
<section anchor="jwe-multi-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the content:</t>
<t><list style="symbols">
<t>JWE Protected Header; this example uses the header from <xref target="jwe-multi-protected"/>, encoded to <xref target="RFC4648"/> base64url as <xref target="jwe-multi-protected_b64u"/>.</t>
</list></t>
<figure title="JWE Protected Header JSON" anchor="jwe-multi-protected"><artwork><![CDATA[
{
"enc": "A128CBC-HS256"
}
]]></artwork></figure>
<figure title="JWE Protected Header, base64url-encoded" anchor="jwe-multi-protected_b64u"><artwork><![CDATA[
eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0
]]></artwork></figure>
<t>Performing the content encryption operation over the Plaintext (<xref target="jwe-plaintext"/>) with the following:</t>
<t><list style="symbols">
<t>CEK (<xref target="jwe-multi-cek"/>),</t>
<t>Initialization vector/nonce (<xref target="jwe-multi-iv"/>), and</t>
<t>JWE Protected Header (<xref target="jwe-multi-protected_b64u"/>) as the authenticated data</t>
</list></t>
<t>produces the following:</t>
<t><list style="symbols">
<t>Ciphertext from <xref target="jwe-multi-ciphertext"/></t>
<t>Authentication tag from <xref target="jwe-multi-tag"/></t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jwe-multi-ciphertext"><artwork><![CDATA[
ajm2Q-OpPXCr7-MHXicknb1lsxLdXxK_yLds0KuhJzfWK04SjdxQeSw2L9mu3a
_k1C55kCQ_3xlkcVKC5yr__Is48VOoK0k63_QRM9tBURMFqLByJ8vOYQX0oJW4
VUHJLmGhF-tVQWB7Kz8mr8zeE7txF0MSaP6ga7-siYxStR7_G07Thd1jh-zGT0
wxM5g-VRORtq0K6AXpLlwEqRp7pkt2zRM0ZAXqSpe1O6FJ7FHLDyEFnD-zDIZu
kLpCbzhzMDLLw2-8I14FQrgi-iEuzHgIJFIJn2wh9Tj0cg_kOZy9BqMRZbmYXM
Y9YQjorZ_P_JYG3ARAIF3OjDNqpdYe-K_5Q5crGJSDNyij_ygEiItR5jssQVH2
ofDQdLChtazE
]]></artwork></figure>
<figure title="Authentication Tag, base64url-encoded" anchor="jwe-multi-tag"><artwork><![CDATA[
BESYyFN7T09KY7i8zKs5_g
]]></artwork></figure>
<t>The following is generated after encrypting the plaintext:</t>
<t><list style="symbols">
<t>JWE Shared Unprotected Header parameters; this example uses the header from <xref target="jwe-multi-unprotected"/>.</t>
</list></t>
<figure title="JWE Shared Unprotected Header JSON" anchor="jwe-multi-unprotected"><artwork><![CDATA[
{
"cty": "text/plain"
}
]]></artwork></figure>
</section>
<section anchor="jwe-multi-output" title="Output Results">
<t>The following compose the resulting JWE object:</t>
<t><list style="symbols">
<t>Recipient #1 JSON (<xref target="jwe-multi-rcpt_1"/>)</t>
<t>Recipient #2 JSON (<xref target="jwe-multi-rcpt_2"/>)</t>
<t>Recipient #3 JSON (<xref target="jwe-multi-rcpt_3"/>)</t>
<t>Initialization vector/nonce (<xref target="jwe-multi-iv"/>)</t>
<t>Ciphertext (<xref target="jwe-multi-ciphertext"/>)</t>
<t>Authentication tag (<xref target="jwe-multi-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialization" anchor="jwe-multi-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key": "dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zj
wj4w6Y5G4XJQsNNIBiqyvUUAOcpL7S7-cFe7Pio7gV_Q06WmCSa-
vhW6me4bWrBf7cHwEQJdXihidAYWVajJIaKMXMvFRMV6iDlRr076
DFthg2_AV0_tSiV6xSEIFqt1xnYPpmP91tc5WJDOGb-wqjw0-b-S
1laS11QVbuP78dQ7Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbe
YSrRicJK5xodvWgkpIdkMHo4LvdhRRvzoKzlic89jFWPlnBq_V4n
5trGuExtp_-dbHcGlihqc_wGgho9fLMK8JOArYLcMDNQ",
"header": {
"alg": "RSA1_5",
"kid": "frodo.baggins@hobbiton.example"
}
},
{
"encrypted_key": "ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHi
xJuw_elY4gSSId_w",
"header": {
"alg": "ECDH-ES+A256KW",
"kid": "peregrin.took@tuckborough.example",
"epk": {
"kty": "EC",
"crv": "P-384",
"x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhs
E2xAn2DtMRb25Ma2CX",
"y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEj
I1pOMbw91fzZ84pbfm"
}
}
},
{
"encrypted_key": "a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-Wy
TpS1E",
"header": {
"alg": "A256GCMKW",
"kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
"tag": "59Nqh1LlYtVIhfD3pgRGvw",
"iv": "AvpeoPZ9Ncn9mkBn"
}
}
],
"unprotected": {
"cty": "text/plain"
},
"protected": "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
"iv": "VgEIHY20EnzUtZFl2RpB1g",
"ciphertext": "ajm2Q-OpPXCr7-MHXicknb1lsxLdXxK_yLds0KuhJzfWK
04SjdxQeSw2L9mu3a_k1C55kCQ_3xlkcVKC5yr__Is48VOoK0k63_QRM
9tBURMFqLByJ8vOYQX0oJW4VUHJLmGhF-tVQWB7Kz8mr8zeE7txF0MSa
P6ga7-siYxStR7_G07Thd1jh-zGT0wxM5g-VRORtq0K6AXpLlwEqRp7p
kt2zRM0ZAXqSpe1O6FJ7FHLDyEFnD-zDIZukLpCbzhzMDLLw2-8I14FQ
rgi-iEuzHgIJFIJn2wh9Tj0cg_kOZy9BqMRZbmYXMY9YQjorZ_P_JYG3
ARAIF3OjDNqpdYe-K_5Q5crGJSDNyij_ygEiItR5jssQVH2ofDQdLCht
azE",
"tag": "BESYyFN7T09KY7i8zKs5_g"
}
]]></artwork></figure>
</section>
</section>
</section>
<section anchor="jw-nested" title="Nesting Signatures and Encryption">
<t>This example illustrates nesting a JSON Web Signature (JWS) structure within a JSON Web Encryption (JWE) structure. The signature uses the “PS256” (RSASSA-PSS) algorithm; the encryption uses the “RSA-OAEP” (RSAES-OAEP) key encryption algorithm and the “A128GCM” (AES-GCM) content encryption algorithm.</t>
<t>Note that RSASSA-PSS uses random data to generate the signature, and RSAES-OAEP uses random data to generate the ciphertext; it might not be possible to exactly replicate the results in this section.</t>
<t>Note that whitespace is added for readability as described in <xref target="intro-conventions"/>.</t>
<section anchor="jw-nested-sig-input" title="Signing Input Factors">
<t>The following are supplied before beginning the signing operation:</t>
<t><list style="symbols">
<t>Payload content; this example uses the JSON Web Token (JWT) <xref target="I-D.ietf-oauth-json-web-token"/> content from <xref target="jw-nested-sig-payload"/>, encoded as <xref target="RFC4648"/> base64url to produce <xref target="jw-nested-sig-payload_b64u"/>.</t>
<t>RSA private key; this example uses the key from <xref target="jw-nested-sig-rsa"/></t>
</list></t>
<figure title="Payload content, in JSON format" anchor="jw-nested-sig-payload"><artwork><![CDATA[
{
"iss": "hobbiton.example",
"exp": 1300819380,
"http://example.com/is_root": true
}
]]></artwork></figure>
<figure title="Payload content, base64url-encoded" anchor="jw-nested-sig-payload_b64u"><artwork><![CDATA[
eyJpc3MiOiJob2JiaXRvbi5leGFtcGxlIiwiZXhwIjoxMzAwODE5MzgwLCJodH
RwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZX0
]]></artwork></figure>
<figure title="RSA 2048-bit Private Key, in JWK format" anchor="jw-nested-sig-rsa"><artwork><![CDATA[
{
"kty": "RSA",
"kid": "hobbiton.example",
"use": "sig",
"n": "kNrPIBDXMU6fcyv5i-QHQAQ-K8gsC3HJb7FYhYaw8hXbNJa-t8q0lD
KwLZgQXYV-ffWxXJv5GGrlZE4GU52lfMEegTDzYTrRQ3tepgKFjMGg6I
y6fkl1ZNsx2gEonsnlShfzA9GJwRTmtKPbk1s-hwx1IU5AT-AIelNqBg
cF2vE5W25_SGGBoaROVdUYxqETDggM1z5cKV4ZjDZ8-lh4oVB07bkac6
LQdHpJUUySH_Er20DXx30Kyi97PciXKTS-QKXnmm8ivyRCmux22ZoPUi
nd2BKC5OiG4MwALhaL2Z2k8CsRdfy-7dg7z41Rp6D0ZeEvtaUp4bX4aK
raL4rTfw",
"e": "AQAB",
"d": "ZLe_TIxpE9-W_n2VBa-HWvuYPtjvxwVXClJFOpJsdea8g9RMx34qEO
EtnoYc2un3CZ3LtJi-mju5RAT8YSc76YJds3ZVw0UiO8mMBeG6-iOnvg
obobNx7K57-xjTJZU72EjOr9kB7z6ZKwDDq7HFyCDhUEcYcHFVc7iL_6
TibVhAhOFONWlqlJgEgwVYd0rybNGKifdnpEbwyHoMwY6HM1qvnEFgP7
iZ0YzHUT535x6jj4VKcdA7ZduFkhUauysySEW7mxZM6fj1vdjJIy9LD1
fIz30Xv4ckoqhKF5GONU6tNmMmNgAD6gIViyEle1PrIxl1tBhCI14bRW
-zrpHgAQ",
"p": "yKWYoNIAqwMRQlgIBOdT1NIcbDNUUs2Rh-pBaxD_mIkweMt4Mg-0-B
2iSYvMrs8horhonV7vxCQagcBAATGW-hAafUehWjxWSH-3KccRM8toL4
e0q7M-idRDOBXSoe7Z2-CV2x_ZCY3RP8qp642R13WgXqGDIM4MbUkZSj
cY9-c",
"q": "uND4o15V30KDzf8vFJw589p1vlQVQ3NEilrinRUPHkkxaAzDzccGgr
WMWpGxGFFnNL3w5CqPLeU76-5IVYQq0HwYVl0hVXQHr7sgaGu-483Ad3
ENcL23FrOnF45m7_2ooAstJDe49MeLTTQKrSIBl_SKvqpYvfSPTczPcZ
kh9Kk",
"dp": "jmTnEoq2qqa8ouaymjhJSCnsveUXnMQC2gAneQJRQkFqQu-zV2PKP
KNbPvKVyiF5b2-L3tM3OW2d2iNDyRUWXlT7V5l0KwPTABSTOnTqAmYCh
Gi8kXXdlhcrtSvXldBakC6saxwI_TzGGY2MVXzc2ZnCvCXHV4qjSxOrf
P3pHFU",
"dq": "R9FUvU88OVzEkTkXl3-5-WusE4DjHmndeZIlu3rifBdfLpq_P-iWP
BbGaq9wzQ1c-J7SzCdJqkEJDv5yd2C7rnZ6kpzwBh_nmL8zscAk1qsun
nt9CJGAYz7-sGWy1JGShFazfP52ThB4rlCJ0YuEaQMrIzpY77_oLAhpm
DA0hLk",
"qi": "S8tC7ZknW6hPITkjcwttQOPLVmRfwirRlFAViuDb8NW9CrV_7F2Oq
UZCqmzHTYAumwGFHI1WVRep7anleWaJjxC_1b3fq_al4qH3Pe-EKiHg6
IMazuRtZLUROcThrExDbF5dYbsciDnfRUWLErZ4N1Be0bnxYuPqxwKd9
QZwMo0"
}
]]></artwork></figure>
</section>
<section anchor="jw-nested-sig-op" title="Signing Operation">
<t>The following are generated to complete the signing operation:</t>
<t><list style="symbols">
<t>JWS Protected Header; this example uses header from <xref target="jw-nested-sig-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jw-nested-sig-protected_b64u"/>.</t>
</list></t>
<figure title="JWS Protected Header JSON" anchor="jw-nested-sig-protected"><artwork><![CDATA[
{
"alg": "PS256",
"typ": "JWT"
}
]]></artwork></figure>
<figure title="JWS Protected Header, base64url-encoded" anchor="jw-nested-sig-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9
]]></artwork></figure>
<t>Performing the signature operation over the combined JWS Protected Header (<xref target="jw-nested-sig-protected_b64u"/>) and Payload content (<xref target="jw-nested-sig-payload"/>) produces the following signature:</t>
<figure title="JWS Signature, base64url-encoded" anchor="jw-nested-sig-sig"><artwork><![CDATA[
dPpMqwRZxFYi1UfcDAaf8M99o7kwUWtiXZ-ByvVuJih4MhJ_aZqciprz0OWaIA
kIvn1qskChirjKvY9ESZNUCP4JjvfyPS-nqjJxYoA5ztWOyFk2cZNIPXjcJXSQ
wXPO9tEe-v4VSqgD0aKHqPxYog4N6Cz1lKph1U1sYDSI67_bLL7elg_vkjfMp5
_W5l5LuUYGMeh6hxQIaIUXf9EwV2JmvTMuZ-vBOWy0Sniy1EFo72CRTvmtrIf5
AROo5MNliY3KtUxeP-SOmD-LEYwW9SlkohYzMVAZDDOrVbv7KVRHpeYNaK75KE
QqdCEEkS_rskZS-Qtt_nlegTWh1mEYaA
]]></artwork></figure>
</section>
<section anchor="jw-nested-sig-output" title="Signing Output">
<t>The following compose the resulting JWS object:</t>
<t><list style="symbols">
<t>JWS Protected Header (<xref target="jw-nested-sig-protected_b64u"/>))</t>
<t>Payload content (<xref target="jw-nested-sig-payload_b64u"/>)</t>
<t>Signature (<xref target="jw-nested-sig-sig"/>)</t>
</list></t>
<t>The resulting JWS object using the Compact Serialization (which is the plaintext input to the proceeding encryption operation):</t>
<figure title="Compact Serialization" anchor="jw-nested-sig-compact"><artwork><![CDATA[
eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9
.
eyJpc3MiOiJob2JiaXRvbi5leGFtcGxlIiwiZXhwIjoxMzAwODE5MzgwLCJodH
RwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZX0
.
dPpMqwRZxFYi1UfcDAaf8M99o7kwUWtiXZ-ByvVuJih4MhJ_aZqciprz0OWaIA
kIvn1qskChirjKvY9ESZNUCP4JjvfyPS-nqjJxYoA5ztWOyFk2cZNIPXjcJXSQ
wXPO9tEe-v4VSqgD0aKHqPxYog4N6Cz1lKph1U1sYDSI67_bLL7elg_vkjfMp5
_W5l5LuUYGMeh6hxQIaIUXf9EwV2JmvTMuZ-vBOWy0Sniy1EFo72CRTvmtrIf5
AROo5MNliY3KtUxeP-SOmD-LEYwW9SlkohYzMVAZDDOrVbv7KVRHpeYNaK75KE
QqdCEEkS_rskZS-Qtt_nlegTWh1mEYaA
]]></artwork></figure>
</section>
<section anchor="jw-nested-enc-input" title="Encryption Input Factors">
<t>The following are supplied before beginning the encryption process:</t>
<t><list style="symbols">
<t>Plaintext content; this example uses the content from <xref target="jw-nested-sig-compact"/>.</t>
<t>RSA public key; this example use the key from <xref target="jwe-rsa_oaep-key"/>.</t>
</list></t>
</section>
<section anchor="jw-nested-enc-gen" title="Encryption Generated Factors">
<t>The following are generated before encrypting:</t>
<t><list style="symbols">
<t>AES symmetric key as the Content Encryption CEK (CEK); this example uses the key from <xref target="jw-nested-enc-cek"/>.</t>
<t>Initialization vector/nonce; this example uses the initialization vector/nonce from <xref target="jw-nested-enc-iv"/>.</t>
</list></t>
<figure title="Content Encryption Key, base64url-encoded" anchor="jw-nested-enc-cek"><artwork><![CDATA[
0RHSNYwN-6-2QBGsYTZLSQ
]]></artwork></figure>
<figure title="Initialization vector, base64url-encoded" anchor="jw-nested-enc-iv"><artwork><![CDATA[
GbX1i9kXz0sxXPmA
]]></artwork></figure>
</section>
<section anchor="jw-nested-keyenc" title="Encrypting the Key">
<t>Performing the key encryption operation over the CEK (<xref target="jw-nested-enc-cek"/>) with the RSA key (<xref target="jwe-rsa_oaep-key"/>) produces the following encrypted key:</t>
<figure title="Encrypted Key, base64url-encoded" anchor="jw-nested-enc-encdkey"><artwork><![CDATA[
a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurCyrBg3I7YhCRYjphDOOS4
E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4g
zMedpiJHQVeyI-zkZV7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21
O0ul4YxSHV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5I
R7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDU
F_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-I
apSjVFnMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ
a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAa
mBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp
ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDhi1smxS_X_x
pkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_GnVrNwlK7Lgxw6FSQvDO
0
]]></artwork></figure>
</section>
<section anchor="jw-nested-contentenc" title="Encrypting the Content">
<t>The following are generated before encrypting the plaintext:</t>
<t><list style="symbols">
<t>JWE Protected Header; this example uses the the header from <xref target="jw-nested-enc-protected"/>, encoded using <xref target="RFC4648"/> base64url to produce <xref target="jw-nested-enc-protected_b64u"/>.</t>
</list></t>
<figure title="JWE Protected Header JSON" anchor="jw-nested-enc-protected"><artwork><![CDATA[
{
"alg": "RSA-OAEP",
"cty": "JWT",
"enc": "A128GCM"
}
]]></artwork></figure>
<figure title="JWE Protected Header, base64url-encoded" anchor="jw-nested-enc-protected_b64u"><artwork><![CDATA[
eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYyI6IkExMjhHQ00ifQ
]]></artwork></figure>
<t>Performing the content encryption operation over the Plaintext (<xref target="jw-nested-sig-compact"/>) with the following:</t>
<t><list style="symbols">
<t>CEK (<xref target="jw-nested-enc-cek"/>);</t>
<t>Initialization vector/nonce (<xref target="jw-nested-enc-iv"/>); and</t>
<t>JWE Protected Header (<xref target="jw-nested-enc-protected_b64u"/>) as authenticated data.</t>
</list></t>
<t>produces the following:</t>
<t><list style="symbols">
<t>Ciphertext from <xref target="jw-nested-enc-ciphertext"/>.</t>
<t>Authentication tag from <xref target="jw-nested-enc-tag"/>.</t>
</list></t>
<figure title="Ciphertext, base64url-encoded" anchor="jw-nested-enc-ciphertext"><artwork><![CDATA[
SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBNgCe2OFMf66cSJ8k2Q
kxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAvVLsAXB0_UTCBGyBg3C2bWLX
qZlfJAAoJRUPRk-BimYZY81zVBuIhc7HsQePCpu33SzMsFHjn4lP_idrJz_glZ
TNgKDt8zdnUPauKTKDNOH1DD4fuzvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9C
hMPqW1QNhzuX_Zul3bvrJwr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEa
ulV18l4Fg9tLejdkAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2
zI3Q_1sYjKUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUr
lx4gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gYjLf
hn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5XmnwZMyNc
9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMxtlMizR88NKU1WkB
siXMCjy1Noue7MD-ShDp5dmM
]]></artwork></figure>
<figure title="Authentication tag, base64url-encoded" anchor="jw-nested-enc-tag"><artwork><![CDATA[
KnIKEhN8U-3C9s4gtSpjSw
]]></artwork></figure>
</section>
<section anchor="jw-nested-enc-output" title="Encryption Output">
<t>The following compose the resulting JWE object:</t>
<t><list style="symbols">
<t>JWE Protected Header (<xref target="jw-nested-enc-protected_b64u"/>)</t>
<t>Encrypted key (<xref target="jw-nested-enc-encdkey"/>)</t>
<t>Initialization vector/nonce (<xref target="jw-nested-enc-iv"/>)</t>
<t>Ciphertext (<xref target="jw-nested-enc-ciphertext"/>)</t>
<t>Authentication Tag (<xref target="jw-nested-enc-tag"/>)</t>
</list></t>
<t>The resulting JWE object using the Compact serialization:</t>
<figure title="Compact Serialization" anchor="jw-nested-enc-compact"><artwork><![CDATA[
eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYyI6IkExMjhHQ00ifQ
.
a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurCyrBg3I7YhCRYjphDOOS4
E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4g
zMedpiJHQVeyI-zkZV7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21
O0ul4YxSHV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5I
R7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDU
F_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-I
apSjVFnMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ
a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAa
mBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp
ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDhi1smxS_X_x
pkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_GnVrNwlK7Lgxw6FSQvDO
0
.
GbX1i9kXz0sxXPmA
.
SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBNgCe2OFMf66cSJ8k2Q
kxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAvVLsAXB0_UTCBGyBg3C2bWLX
qZlfJAAoJRUPRk-BimYZY81zVBuIhc7HsQePCpu33SzMsFHjn4lP_idrJz_glZ
TNgKDt8zdnUPauKTKDNOH1DD4fuzvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9C
hMPqW1QNhzuX_Zul3bvrJwr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEa
ulV18l4Fg9tLejdkAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2
zI3Q_1sYjKUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUr
lx4gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gYjLf
hn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5XmnwZMyNc
9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMxtlMizR88NKU1WkB
siXMCjy1Noue7MD-ShDp5dmM
.
KnIKEhN8U-3C9s4gtSpjSw
]]></artwork></figure>
<t>The resulting JWE object using the JSON serialization:</t>
<figure title="JSON Serialiation" anchor="jw-nested-enc-json"><artwork><![CDATA[
{
"recipients": [
{
"encrypted_key": "a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVh
jurCyrBg3I7YhCRYjphDOOS4E7rXbr2Fn6NyQq-A-gqT0FXqNjVO
GrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4gzMedpiJHQVeyI-zkZV
7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21O0ul4YxS
HV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e
5IR7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5
o6yV64x6yzDUF_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBq
XxXvIjLeZivjNkzogCq3-IapSjVFnMjBxjpYLT8muaawo1yy1XXM
uinIpNcOY3n4KKrXLrCcteX85m4IIHMZa38s1Hpr56fPPseMA-Jl
tmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAamBKOYwfk7J
hLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp
ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDh
i1smxS_X_xpkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_
GnVrNwlK7Lgxw6FSQvDO0"
}
],
"protected": "eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYy
I6IkExMjhHQ00ifQ",
"iv": "GbX1i9kXz0sxXPmA",
"ciphertext": "SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBN
gCe2OFMf66cSJ8k2QkxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAv
VLsAXB0_UTCBGyBg3C2bWLXqZlfJAAoJRUPRk-BimYZY81zVBuIhc7Hs
QePCpu33SzMsFHjn4lP_idrJz_glZTNgKDt8zdnUPauKTKDNOH1DD4fu
zvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9ChMPqW1QNhzuX_Zul3bvrJ
wr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEaulV18l4Fg9tLejd
kAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2zI3Q_1sYj
KUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUrlx4
gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gY
jLfhn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5
XmnwZMyNc9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMx
tlMizR88NKU1WkBsiXMCjy1Noue7MD-ShDp5dmM",
"tag": "KnIKEhN8U-3C9s4gtSpjSw"
}
]]></artwork></figure>
</section>
</section>
<section anchor="security" title="Security Considerations">
<t>This document is designed to provide examples for developers to use in checking their implementations. As such it does not follow some of the security considerations and recommendations in the core
documents. For instance:</t>
<t><list style="symbols">
<t>it does not always generate a new CEK value for every encrypted example;</t>
<t>it does not always generate a new IV value for every encrypted example; and</t>
<t>it does not always generate a new ephemeral key for every ephemeral key example.</t>
</list></t>
<t>For each example, data that is expected to be generated for each signing or encryption operation is isolated to sections titled “Generated Factors”.</t>
</section>
<section anchor="iana" title="IANA Considerations">
<t>This document has no actions for IANA.</t>
</section>
</middle>
<back>
<references title='Informative References'>
<reference anchor='I-D.ietf-jose-json-web-algorithms'>
<front>
<title>JSON Web Algorithms (JWA)</title>
<author initials='M' surname='Jones' fullname='Michael Jones'>
<organization />
</author>
<date month='October' day='17' year='2014' />
<abstract><t>The JSON Web Algorithms (JWA) specification registers cryptographic algorithms and identifiers to be used with the JSON Web Signature (JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK) specifications. It defines several IANA registries for these identifiers.</t></abstract>
</front>
<seriesInfo name='Internet-Draft' value='draft-ietf-jose-json-web-algorithms-35' />
<format type='TXT'
target='http://www.ietf.org/internet-drafts/draft-ietf-jose-json-web-algorithms-35.txt' />
</reference>
<reference anchor='I-D.ietf-jose-json-web-encryption'>
<front>
<title>JSON Web Encryption (JWE)</title>
<author initials='M' surname='Jones' fullname='Michael Jones'>
<organization />
</author>
<author initials='J' surname='Hildebrand' fullname='Joe Hildebrand'>
<organization />
</author>
<date month='October' day='17' year='2014' />
<abstract><t>JSON Web Encryption (JWE) represents encrypted content using JavaScript Object Notation (JSON) based data structures. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and IANA registries defined by that specification. Related digital signature and MAC capabilities are described in the separate JSON Web Signature (JWS) specification.</t></abstract>
</front>
<seriesInfo name='Internet-Draft' value='draft-ietf-jose-json-web-encryption-35' />
<format type='TXT'
target='http://www.ietf.org/internet-drafts/draft-ietf-jose-json-web-encryption-35.txt' />
</reference>
<reference anchor='I-D.ietf-jose-json-web-key'>
<front>
<title>JSON Web Key (JWK)</title>
<author initials='M' surname='Jones' fullname='Michael Jones'>
<organization />
</author>
<date month='October' day='17' year='2014' />
<abstract><t>A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This specification also defines a JSON Web Key Set (JWK Set) JSON data structure that represents a set of JWKs. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and IANA registries defined by that specification.</t></abstract>
</front>
<seriesInfo name='Internet-Draft' value='draft-ietf-jose-json-web-key-35' />
<format type='TXT'
target='http://www.ietf.org/internet-drafts/draft-ietf-jose-json-web-key-35.txt' />
</reference>
<reference anchor='I-D.ietf-jose-json-web-signature'>
<front>
<title>JSON Web Signature (JWS)</title>
<author initials='M' surname='Jones' fullname='Michael Jones'>
<organization />
</author>
<author initials='J' surname='Bradley' fullname='John Bradley'>
<organization />
</author>
<author initials='N' surname='Sakimura' fullname='Nat Sakimura'>
<organization />
</author>
<date month='October' day='17' year='2014' />
<abstract><t>JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JavaScript Object Notation (JSON) based data structures. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and an IANA registry defined by that specification. Related encryption capabilities are described in the separate JSON Web Encryption (JWE) specification.</t></abstract>
</front>
<seriesInfo name='Internet-Draft' value='draft-ietf-jose-json-web-signature-35' />
<format type='TXT'
target='http://www.ietf.org/internet-drafts/draft-ietf-jose-json-web-signature-35.txt' />
</reference>
<reference anchor='I-D.ietf-oauth-json-web-token'>
<front>
<title>JSON Web Token (JWT)</title>
<author initials='M' surname='Jones' fullname='Michael Jones'>
<organization />
</author>
<author initials='J' surname='Bradley' fullname='John Bradley'>
<organization />
</author>
<author initials='N' surname='Sakimura' fullname='Nat Sakimura'>
<organization />
</author>
<date month='October' day='17' year='2014' />
<abstract><t>JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JavaScript Object Notation (JSON) object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or MACed and/or encrypted.</t></abstract>
</front>
<seriesInfo name='Internet-Draft' value='draft-ietf-oauth-json-web-token-29' />
<format type='TXT'
target='http://www.ietf.org/internet-drafts/draft-ietf-oauth-json-web-token-29.txt' />
</reference>
<reference anchor='RFC1951'>
<front>
<title>DEFLATE Compressed Data Format Specification version 1.3</title>
<author initials='P.' surname='Deutsch' fullname='L. Peter Deutsch'>
<organization>Aladdin Enterprises</organization>
<address>
<postal>
<street>203 Santa Margarita Ave.</street>
<city>Menlo Park</city>
<region>CA</region>
<code>94025</code>
<country>US</country></postal>
<phone>+1 415 322 0103</phone>
<facsimile>+1 415 322 1734</facsimile>
<email>ghost@aladdin.com</email></address></author>
<date year='1996' month='May' />
<abstract>
<t>This specification defines a lossless compressed data format that compresses data using a combination of the LZ77 algorithm and Huffman coding, with efficiency comparable to the best currently available general-purpose compression methods. The data can be produced or consumed, even for an arbitrarily long sequentially presented input data stream, using only an a priori bounded amount of intermediate storage. The format can be implemented readily in a manner not covered by patents.</t></abstract></front>
<seriesInfo name='RFC' value='1951' />
<format type='TXT' octets='36944' target='http://www.rfc-editor.org/rfc/rfc1951.txt' />
<format type='PS' octets='57408' target='http://www.rfc-editor.org/rfc/rfc1951.ps' />
<format type='PDF' octets='56620' target='http://www.rfc-editor.org/rfc/rfc1951.pdf' />
</reference>
<reference anchor='RFC4648'>
<front>
<title>The Base16, Base32, and Base64 Data Encodings</title>
<author initials='S.' surname='Josefsson' fullname='S. Josefsson'>
<organization /></author>
<date year='2006' month='October' />
<abstract>
<t>This document describes the commonly used base 64, base 32, and base 16 encoding schemes. It also discusses the use of line-feeds in encoded data, use of padding in encoded data, use of non-alphabet characters in encoded data, use of different encoding alphabets, and canonical encodings. [STANDARDS-TRACK]</t></abstract></front>
<seriesInfo name='RFC' value='4648' />
<format type='TXT' octets='35491' target='http://www.rfc-editor.org/rfc/rfc4648.txt' />
</reference>
<reference anchor='RFC7095'>
<front>
<title>jCard: The JSON Format for vCard</title>
<author initials='P.' surname='Kewisch' fullname='P. Kewisch'>
<organization /></author>
<date year='2014' month='January' />
<abstract>
<t>This specification defines "jCard", a JSON format for vCard data. The vCard data format is a text format for representing and exchanging information about individuals and other entities, for example, telephone numbers, email addresses, structured names, and delivery addresses. JSON is a lightweight, text-based, language- independent data interchange format commonly used in Internet applications.</t></abstract></front>
<seriesInfo name='RFC' value='7095' />
<format type='TXT' octets='59088' target='http://www.rfc-editor.org/rfc/rfc7095.txt' />
</reference>
</references>
<section anchor="acknowledgements" title="Acknowledgements">
<t>Most of the examples herein use quotes and character names found in the novels “The Hobbit”; “The Fellowship of the Ring”; “The Two Towers”; and “Return of the King”, written by J. R. R. Tolkien.</t>
<t>Thanks to Richard Barnes, Brian Campbell, Mike Jones, and Jim Schaad for input and review of text. Thanks to Brian Campbell for verifying examples.</t>
</section>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-23 13:50:09 |