One document matched: draft-ietf-jose-json-web-key-40.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
<?xml-stylesheet type='text/xsl' href='http://xml2rfc.tools.ietf.org/authoring/rfc2629.xslt' ?>
<?rfc toc="yes"?>
<?rfc tocompact="yes"?>
<?rfc tocdepth="4"?>
<?rfc tocindent="yes"?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<!--
Note to the RFC Editor:
This draft is part of a set of drafts crossing two working groups that should be
processed as a set. The resulting RFCs should be numbered sequentially in this order:
1 draft-ietf-jose-json-web-signature
2 draft-ietf-jose-json-web-encryption
3 draft-ietf-jose-json-web-key
4 draft-ietf-jose-json-web-algorithms
5 draft-ietf-oauth-json-web-token
6 draft-ietf-jose-cookbook
7 draft-ietf-oauth-assertions
8 draft-ietf-oauth-saml2-bearer
9 draft-ietf-oauth-jwt-bearer
-->
<rfc category="std" ipr="trust200902" docName="draft-ietf-jose-json-web-key-40">
<front>
<title>JSON Web Key (JWK)</title>
<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
<organization>Microsoft</organization>
<address>
<email>mbj@microsoft.com</email>
<uri>http://self-issued.info/</uri>
</address>
</author>
<date day="13" month="January" year="2015"/>
<area>Security</area>
<workgroup>JOSE Working Group</workgroup>
<keyword>RFC</keyword>
<keyword>Request for Comments</keyword>
<keyword>I-D</keyword>
<keyword>Internet-Draft</keyword>
<keyword>JavaScript Object Notation</keyword>
<keyword>JSON</keyword>
<keyword>JSON Object Signing and Encryption</keyword>
<keyword>JOSE</keyword>
<keyword>JSON Web Signature</keyword>
<keyword>JWS</keyword>
<keyword>JSON Web Encryption</keyword>
<keyword>JWE</keyword>
<keyword>JSON Web Key</keyword>
<keyword>JWK</keyword>
<keyword>JSON Web Algorithms</keyword>
<keyword>JWA</keyword>
<abstract>
<t>
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON)
data structure that represents a cryptographic key.
This specification also defines a JSON Web Key Set (JWK Set)
JSON data structure that represents a set of JWKs.
Cryptographic algorithms and identifiers for use with this
specification are described in the separate
JSON Web Algorithms (JWA) specification
and IANA registries defined by that specification.
</t>
</abstract>
</front>
<middle>
<section title="Introduction" anchor="Introduction">
<t>
A JSON Web Key (JWK) is a
JavaScript Object Notation (JSON) <xref target="RFC7159"/>
data structure that represents a cryptographic key.
This specification also defines a JSON Web Key Set (JWK Set)
JSON data structure that represents a set of JWKs.
Cryptographic algorithms and identifiers for use with this
specification are described in the separate
JSON Web Algorithms (JWA) <xref target="JWA" /> specification
and IANA registries defined by that specification.
</t>
<t>
Goals for this specification do not include
representing new kinds of certificate chains,
representing new kinds of certified keys,
or replacing X.509 certificates.
</t>
<t>
JWKs and JWK Sets are used in the
JSON Web Signature (JWS) <xref target="JWS" />
and
JSON Web Encryption (JWE) <xref target="JWE" />
specifications.
</t>
<t>
Names defined by this specification are short because a core goal is
for the resulting representations to be compact.
</t>
<section title="Notational Conventions" anchor="NotationalConventions">
<t>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as
described in
Key words for use in RFCs to Indicate Requirement Levels <xref target='RFC2119' />.
If these words are used without being spelled in uppercase then
they are to be interpreted with their normal natural language meanings.
</t>
<t>
BASE64URL(OCTETS) denotes the base64url encoding of OCTETS,
per Section 2 of <xref target="JWS" />.
</t>
<t>
UTF8(STRING) denotes the octets of the
UTF-8 <xref target="RFC3629"/> representation of STRING,
where STRING is a sequence of zero or more Unicode <xref target="UNICODE"/> characters.
</t>
<t>
ASCII(STRING) denotes the octets of the
ASCII <xref target="RFC20"/> representation of STRING,
where STRING is a sequence of zero or more ASCII characters.
</t>
<t>
The concatenation of two values A and B
is denoted as A || B.
</t>
</section>
</section>
<section title="Terminology" anchor="Terminology">
<t>
These terms defined by the
JSON Web Signature (JWS) <xref target="JWS"/>
specification are incorporated into this specification:
"Base64url Encoding",
"Collision-Resistant Name",
"Header Parameter",
and "JOSE Header".
</t>
<t>
These terms defined by the
<xref target="RFC4949">Internet Security Glossary, Version 2</xref>
are incorporated into this specification:
"Ciphertext",
"Digital Signature",
"Message Authentication Code (MAC)",
and "Plaintext".
</t>
<t>
These terms are defined by this specification:
</t>
<t>
<list style="hanging">
<t hangText="JSON Web Key (JWK)">
<vspace/>
A JSON object that represents a cryptographic key.
The members of the object represent properties of the key, including its value.
</t>
<t hangText="JSON Web Key Set (JWK Set)">
<vspace/>
A JSON object that represents a set of JWKs.
The JSON object MUST have a <spanx style="verb">keys</spanx> member,
which is an array of JWKs.
</t>
</list>
</t>
</section>
<section title="Example JWK" anchor="ExampleJWK">
<t>
This section provides an example of a JWK.
The following example JWK declares that
the key is an Elliptic Curve <xref target="DSS"/> key,
it is used with the P-256 Elliptic Curve,
and its x and y coordinates are the base64url encoded values shown.
A key identifier is also provided for the key.
</t>
<figure><artwork><![CDATA[
{"kty":"EC",
"crv":"P-256",
"x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU",
"y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0",
"kid":"Public key used in JWS A.3 example"
}
]]></artwork></figure>
<t>
Additional example JWK values can be found in <xref target="ExampleJWKSets"/>.
</t>
</section>
<section title="JSON Web Key (JWK) Format" anchor="JWKFormat">
<t>
A JSON Web Key (JWK) is a JSON object that represents a cryptographic key.
The members of the object represent properties of the key, including its value.
This JSON object MAY contain white space and/or line breaks
before or after any JSON values or structural characters,
in accordance with Section 2 of <xref target="RFC7159">RFC 7159</xref>.
This document defines the key parameters that are not algorithm specific,
and thus common to many keys.
</t>
<t>
In addition to the common parameters, each JWK will have
members that are key type-specific.
These members represent the parameters of the key.
Section 6 of the JSON Web Algorithms (JWA) <xref target="JWA"/> specification
defines multiple kinds of cryptographic keys and their associated members.
</t>
<t>
The member names within a JWK MUST be unique;
JWK parsers MUST either reject JWKs with duplicate member names
or use a JSON parser that returns only the lexically last duplicate member name,
as specified in Section 15.12 (The JSON Object) of
ECMAScript 5.1 <xref target="ECMAScript"/>.
</t>
<t>
Additional members can be present in the JWK;
if not understood by implementations encountering them, they MUST be ignored.
Member names used for representing key parameters
for different keys types need not be distinct.
Any new member name
should either be registered in the IANA JSON Web Key Parameters registry
defined in
<xref target="JWKParamReg" /> or be
a value that contains a Collision-Resistant Name.
</t>
<section title='"kty" (Key Type) Parameter' anchor="ktyDef">
<t>
The <spanx style="verb">kty</spanx> (key type) member
identifies the cryptographic algorithm family used with the key,
such as <spanx style="verb">RSA</spanx> or <spanx style="verb">EC</spanx>.
<spanx style="verb">kty</spanx> values should either be
registered in the IANA JSON Web Key Types registry
defined in
<xref target="JWA" /> or be
a value that contains a Collision-Resistant Name.
The <spanx style="verb">kty</spanx> value is a case-sensitive string.
This member MUST be present in a JWK.
</t>
<t>
A list of defined <spanx style="verb">kty</spanx> values can be found
in the IANA JSON Web Key Types registry
defined in
<xref target="JWA"/>;
the initial contents of this registry are the values defined in
Section 6.1 of the
JSON Web Algorithms (JWA) <xref target="JWA" /> specification.
</t>
<t>
The key type definitions include specification of the
members to be used for those key types.
Additional members used with <spanx style="verb">kty</spanx> values can
also be found
in the IANA JSON Web Key Parameters registry
defined in
<xref target="JWKParamReg"/>.
</t>
</section>
<section title='"use" (Public Key Use) Parameter' anchor="useDef">
<t>
The <spanx style="verb">use</spanx> (public key use) member identifies the
intended use of the public key.
The <spanx style="verb">use</spanx> parameter is employed to indicate whether
a public key is used for encrypting data or verifying the signature on data.
</t>
<t>
Values defined by this specification are:
</t>
<t>
<?rfc subcompact="yes"?>
<list style='symbols'>
<t><spanx style="verb">sig</spanx> (signature)</t>
<t><spanx style="verb">enc</spanx> (encryption)</t>
</list>
<?rfc subcompact="no"?>
</t>
<t>
Other values MAY be used.
The <spanx style="verb">use</spanx> value is a case-sensitive string.
Use of the <spanx style="verb">use</spanx> member is OPTIONAL,
unless the application requires its presence.
</t>
<t>
When a key is used to wrap another key and a Public Key Use designation
for the first key is desired, the <spanx style="verb">enc</spanx> (encryption)
key use value is used, since key wrapping is a kind of encryption.
The <spanx style="verb">enc</spanx> value is also be used for
public keys used for key agreement operations.
</t>
<t>
Additional Public Key Use values can be registered in the IANA
JSON Web Key Use registry defined in <xref target="UseReg"/>.
Registering any extension values used is highly recommended when
this specification is used in open environments, in which multiple organizations
need to have a common understanding of any extensions used.
However, unregistered extension values can be used in closed environments,
in which the producing and consuming organization will always be the same.
</t>
</section>
<section title='"key_ops" (Key Operations) Parameter' anchor="key_opsDef">
<t>
The <spanx style="verb">key_ops</spanx> (key operations) member
identifies the operation(s) that the key is intended to be used for.
The <spanx style="verb">key_ops</spanx> parameter is intended for use cases
in which public, private, or symmetric keys may be present.
</t>
<t>
Its value is an array of key operation values.
Values defined by this specification are:
</t>
<t>
<?rfc subcompact="yes"?>
<list style='symbols'>
<t><spanx style="verb">sign</spanx> (compute digital signature or MAC)</t>
<t><spanx style="verb">verify</spanx> (verify digital signature or MAC)</t>
<t><spanx style="verb">encrypt</spanx> (encrypt content)</t>
<t><spanx style="verb">decrypt</spanx> (decrypt content and validate decryption, if applicable)</t>
<t><spanx style="verb">wrapKey</spanx> (encrypt key)</t>
<t><spanx style="verb">unwrapKey</spanx> (decrypt key and validate decryption, if applicable)</t>
<t><spanx style="verb">deriveKey</spanx> (derive key)</t>
<t><spanx style="verb">deriveBits</spanx> (derive bits not to be used as a key)</t>
</list>
<?rfc subcompact="no"?>
</t>
<t>
(Note that the <spanx style="verb">key_ops</spanx> values
intentionally match the <spanx style="verb">KeyUsage</spanx> values defined in
the <xref target="W3C.CR-WebCryptoAPI-20141211">Web Cryptography API</xref> specification.)
</t>
<t>
Other values MAY be used.
The key operation values are case-sensitive strings.
Duplicate key operation values MUST NOT be present in the array.
Use of the <spanx style="verb">key_ops</spanx> member is OPTIONAL,
unless the application requires its presence.
</t>
<t>
Multiple unrelated key operations SHOULD NOT be specified for a key
because of the potential vulnerabilities associated with
using the same key with multiple algorithms.
Thus, the combinations
<spanx style="verb">sign</spanx> with <spanx style="verb">verify</spanx>,
<spanx style="verb">encrypt</spanx> with <spanx style="verb">decrypt</spanx>, and
<spanx style="verb">wrapKey</spanx> with <spanx style="verb">unwrapKey</spanx>
are permitted, but other combinations SHOULD NOT be used.
</t>
<t>
Additional Key Operations values can be registered in the IANA
JSON Web Key Operations registry defined in <xref target="KeyOpsReg"/>.
The same considerations about registering extension values apply to
the <spanx style="verb">key_ops</spanx> member as do for
the <spanx style="verb">use</spanx> member.
</t>
<t>
The <spanx style="verb">use</spanx> and
<spanx style="verb">key_ops</spanx> JWK members SHOULD NOT be used together;
however, if both are used, the information they convey MUST be consistent.
Applications should specify which of these members they use,
if either is to be used by the application.
</t>
</section>
<section title='"alg" (Algorithm) Parameter' anchor="algDef">
<t>
The <spanx style="verb">alg</spanx> (algorithm) member identifies the
algorithm intended for use with the key.
The values used should either be registered in the
IANA JSON Web Signature and Encryption Algorithms registry
defined in
<xref target="JWA" /> or be
a value that contains a Collision-Resistant Name.
The <spanx style="verb">alg</spanx> value is a case-sensitive ASCII string.
Use of this member is OPTIONAL.
</t>
</section>
<section title='"kid" (Key ID) Parameter' anchor="kidDef">
<t>
The <spanx style="verb">kid</spanx> (key ID) member is used
to match a specific key.
This is used, for instance, to choose among a set of keys within a JWK Set
during key rollover.
The structure of the <spanx style="verb">kid</spanx> value is unspecified.
When <spanx style="verb">kid</spanx> values are used
within a JWK Set, different keys within the JWK Set SHOULD use distinct
<spanx style="verb">kid</spanx> values.
(One example in which different keys might use the same
<spanx style="verb">kid</spanx> value is if they have different
<spanx style="verb">kty</spanx> (key type) values but are considered
to be equivalent alternatives by the application using them.)
The <spanx style="verb">kid</spanx> value is a case-sensitive string.
Use of this member is OPTIONAL.
</t>
<t>
When used with JWS or JWE, the <spanx style="verb">kid</spanx>
value is used to match a JWS or JWE <spanx style="verb">kid</spanx>
Header Parameter value.
</t>
</section>
<section title='"x5u" (X.509 URL) Parameter' anchor="x5uDef">
<t>
The <spanx style="verb">x5u</spanx> (X.509 URL) member
is a URI <xref target="RFC3986"/> that refers to a resource for
an X.509 public key certificate or certificate chain <xref target="RFC5280"/>.
The identified resource MUST provide a representation of
the certificate or certificate chain that conforms to
<xref target="RFC5280">RFC 5280</xref> in PEM encoded form,
with each certificate delimited as specified in
Section 6.1 of <xref target="RFC4945">RFC 4945</xref>.
The key in the first certificate MUST match the public key
represented by other members of the JWK.
The protocol used to acquire the resource MUST provide
integrity protection; an HTTP GET request to retrieve the
certificate MUST use TLS
[<xref target="RFC2818" format="counter"/>, <xref target="RFC5246" format="counter"/>];
the identity of the server MUST be validated, as per
Section 6 of <xref target="RFC6125">RFC 6125</xref>.
Use of this member is OPTIONAL.
</t>
<t>
While there is no requirement that optional JWK members providing key usage,
algorithm, or other information be present when the <spanx style="verb">x5u</spanx>
member is used, doing so may improve interoperability for
applications that do not handle PKIX certificates.
If other members are present, the contents of those members MUST be
semantically consistent with the related fields in the first certificate.
For instance, if the <spanx style="verb">use</spanx> member is present,
then it MUST correspond to the usage that is specified in the certificate,
when it includes this information.
Similarly, if the <spanx style="verb">alg</spanx> member is present,
it MUST correspond to the algorithm specified in the certificate.
</t>
</section>
<section title='"x5c" (X.509 Certificate Chain) Parameter' anchor="x5cDef">
<t>
The <spanx style="verb">x5c</spanx> (X.509 Certificate Chain) member
contains a chain of one or more PKIX certificates <xref target="RFC5280"/>.
The certificate chain is represented as
a JSON array of certificate value strings.
Each string in the array is a base64 encoded
(<xref target="RFC4648"/> Section 4 -- not base64url encoded)
DER <xref target="ITU.X690.1994"/> PKIX certificate value.
The PKIX certificate containing the key value
MUST be the first certificate.
This MAY be followed by additional certificates, with each
subsequent certificate being the one used to certify the
previous one.
The key in the first certificate MUST match the public key
represented by other members of the JWK.
Use of this member is OPTIONAL.
</t>
<t>
As with the <spanx style="verb">x5u</spanx> member,
optional JWK members providing key usage, algorithm, or other information
MAY also be present when
the <spanx style="verb">x5c</spanx> member is used.
If other members are present, the contents of those members MUST be
semantically consistent with the related fields in the first certificate.
See the last paragraph of <xref target="x5uDef"/>
for additional guidance on this.
</t>
</section>
<section title='"x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter'
anchor="x5tDef">
<t>
The <spanx style="verb">x5t</spanx> (X.509 Certificate SHA-1 Thumbprint)
member is a base64url encoded
SHA-1 thumbprint (a.k.a. digest) of the DER encoding of
an X.509 certificate <xref target="RFC5280"/>.
Note that certificate thumbprints are also sometimes known as certificate fingerprints.
The key in the certificate MUST match the public key
represented by other members of the JWK.
Use of this member is OPTIONAL.
</t>
<t>
As with the <spanx style="verb">x5u</spanx> member,
optional JWK members providing key usage, algorithm, or other information
MAY also be present when
the <spanx style="verb">x5t</spanx> member is used.
If other members are present, the contents of those members MUST be
semantically consistent with the related fields in the referenced certificate.
See the last paragraph of <xref target="x5uDef"/>
for additional guidance on this.
</t>
</section>
<section title='"x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter'
anchor="x5tS256Def">
<t>
The <spanx style="verb">x5t#S256</spanx> (X.509 Certificate SHA-256 Thumbprint)
member is a base64url encoded
SHA-256 thumbprint (a.k.a. digest) of the DER encoding of
an X.509 certificate <xref target="RFC5280"/>.
Note that certificate thumbprints are also sometimes known as certificate fingerprints.
The key in the certificate MUST match the public key
represented by other members of the JWK.
Use of this member is OPTIONAL.
</t>
<t>
As with the <spanx style="verb">x5u</spanx> member,
optional JWK members providing key usage, algorithm, or other information
MAY also be present when
the <spanx style="verb">x5t#S256</spanx> member is used.
If other members are present, the contents of those members MUST be
semantically consistent with the related fields in the referenced certificate.
See the last paragraph of <xref target="x5uDef"/>
for additional guidance on this.
</t>
</section>
</section>
<section title="JSON Web Key Set (JWK Set) Format" anchor="JWKSet">
<t>
A JSON Web Key Set (JWK Set) is a JSON object that represents a set of JWKs.
The JSON object MUST have a <spanx style="verb">keys</spanx> member,
with its value being an array of JWKs.
This JSON object MAY contain white space and/or line breaks.
</t>
<t>
The member names within a JWK Set MUST be unique;
JWK Set parsers MUST either reject JWK Sets with duplicate member names
or use a JSON parser that returns only the lexically last duplicate member name,
as specified in Section 15.12 (The JSON Object) of
ECMAScript 5.1 <xref target="ECMAScript"/>.
</t>
<t>
Additional members can be present in the JWK Set;
if not understood by implementations encountering them, they MUST be ignored.
Parameters for representing additional properties of JWK Sets
should either be registered in the IANA JSON Web Key Set Parameters registry
defined in
<xref target="JWKSetParamReg" /> or be
a value that contains a Collision-Resistant Name.
</t>
<t>
Implementations SHOULD ignore JWKs within a JWK Set that use
<spanx style="verb">kty</spanx> (key type) values that
are not understood by them,
are missing required members,
or for which values are out of the supported ranges.
</t>
<section title='"keys" Parameter' anchor="keysDef">
<t>
The value of the <spanx style="verb">keys</spanx>
member is an array of JWK values.
By default, the order of the JWK values within the array does not imply
an order of preference among them, although applications of JWK Sets
can choose to assign a meaning to the order for their purposes, if desired.
</t>
</section>
</section>
<section title="String Comparison Rules" anchor="StringComparison">
<t>
The string comparison rules for this specification are the same as
those defined in
Section 5.3 of <xref target="JWS" />.
</t>
</section>
<section title="Encrypted JWK and Encrypted JWK Set Formats" anchor="EncryptedJWK">
<t>
Access to JWKs containing non-public key material
by parties without legitimate access to the non-public information
MUST be prevented.
This can be accomplished by encrypting the JWK
when potentially observable by such parties
to prevent the disclosure of private or symmetric key values.
The use of an Encrypted JWK, which is a JWE with the UTF-8 encoding of a JWK
as its plaintext value, is recommended for this purpose.
The processing of Encrypted JWKs is identical to
the processing of other JWEs.
A <spanx style="verb">cty</spanx> (content type) Header Parameter
value of <spanx style="verb">jwk+json</spanx> MUST be used to indicate
that the content of the JWE is a JWK,
unless the application knows that the encrypted content is
a JWK by another means or convention,
in which case the <spanx style="verb">cty</spanx> value
would typically be omitted.
</t>
<t>
JWK Sets containing non-public key material will also need to be encrypted
under these circumstances.
The use of an Encrypted JWK Set, which is a JWE with the UTF-8 encoding of a JWK Set
as its plaintext value, is recommended for this purpose.
The processing of Encrypted JWK Sets is identical to
the processing of other JWEs.
A <spanx style="verb">cty</spanx> (content type) Header Parameter
value of <spanx style="verb">jwk-set+json</spanx> MUST be used to indicate
that the content of the JWE is a JWK Set,
unless the application knows that the encrypted content is
a JWK Set by another means or convention,
in which case the <spanx style="verb">cty</spanx> value
would typically be omitted.
</t>
<t>
See <xref target="example-encrypted-jwk"/> for an example encrypted JWK.
</t>
</section>
<section title="IANA Considerations" anchor="IANA">
<t>
The following registration procedure is used for all the
registries established by this specification.
</t>
<t>
Values are registered on a Specification Required
<xref target="RFC5226"/> basis after a three-week review period on the jose-reg-review@ietf.org mailing
list, on the advice of one or more Designated Experts. However, to allow for the
allocation of values prior to publication, the Designated Expert(s) may approve
registration once they are satisfied that such a specification will be published.
</t>
<t>
Registration requests must be sent to the jose-reg-review@ietf.org mailing list for review and
comment, with an appropriate subject
(e.g., "Request to register JWK parameter: example").
</t>
<t>
Within the review period, the Designated Expert(s) will either approve or
deny the registration request, communicating this decision to the review list and IANA.
Denials should include an explanation and, if applicable, suggestions as to how to make
the request successful.
Registration requests that are undetermined for
a period longer than 21 days can be brought to the IESG's attention
(using the iesg@ietf.org mailing list) for resolution.
</t>
<t>
Criteria that should be applied by the Designated Expert(s) includes
determining whether the proposed registration duplicates existing functionality,
determining whether it is likely to be of general applicability
or whether it is useful only for a single application,
and whether the registration description is clear.
</t>
<t>
IANA must only accept registry updates from the Designated Expert(s) and should direct
all requests for registration to the review mailing list.
</t>
<t>
It is suggested that multiple Designated Experts be appointed who are able to
represent the perspectives of different applications using this specification,
in order to enable broadly-informed review of registration decisions.
In cases where a registration decision could be perceived as
creating a conflict of interest for a particular Expert,
that Expert should defer to the judgment of the other Expert(s).
</t>
<t>
[[ Note to the RFC Editor and IANA:
Pearl Liang of ICANN had requested that the draft supply the following
proposed registry description information.
It is to be used for all registries established by this specification.
<list style="symbols">
<t>
Protocol Category: JSON Object Signing and Encryption (JOSE)
</t>
<t>
Registry Location: http://www.iana.org/assignments/jose
</t>
<t>
Webpage Title: (same as the protocol category)
</t>
<t>
Registry Name: (same as the section title, but excluding the word "Registry",
for example "JSON Web Key Parameters")
</t>
</list>
]]
</t>
<section title="JSON Web Key Parameters Registry" anchor="JWKParamReg">
<t>
This specification establishes the
IANA JSON Web Key Parameters registry
for JWK parameter names.
The registry records the parameter name,
the key type(s) that the parameter is used with,
and a reference to the specification that defines it.
It also records whether the parameter conveys public or private information.
This specification registers the parameter names defined in
<xref target="JWKFormat"/>.
The same JWK parameter name may be registered multiple times,
provided that duplicate parameter registrations are only for
key type specific JWK parameters; in this case, the meaning
of the duplicate parameter name is disambiguated by the
<spanx style="verb">kty</spanx> value of the JWK containing it.
</t>
<section title="Registration Template" anchor="JWKTemplate">
<t>
<list style='hanging'>
<t hangText='Parameter Name:'>
<vspace/>
The name requested (e.g., "kid").
Because a core goal of this specification is for the resulting
representations to be compact, it is RECOMMENDED that the name be short
-- not to exceed 8 characters without a compelling reason to do so.
This name is case-sensitive.
Names may not match other registered names in a case-insensitive manner
unless the Designated Expert(s) state that there is a compelling reason
to allow an exception in this particular case.
However, matching names may be registered, provided that the
accompanying sets of <spanx style="verb">kty</spanx> values that
the Parameter Name is used with are disjoint;
for the purposes of matching <spanx style="verb">kty</spanx> values,
"*" matches all values.
</t>
<t hangText='Parameter Description:'>
<vspace/>
Brief description of the parameter (e.g., "Key ID").
</t>
<t hangText='Used with "kty" Value(s):'>
<vspace/>
The key type parameter value(s) that the parameter name is to be used with,
or the value "*" if the parameter value is used with all key types.
Values may not match other registered <spanx style="verb">kty</spanx>
values in a case-insensitive manner
when the registered Parameter Name is the same
(including when the Parameter Name matches in a case-insensitive manner)
unless the Designated Expert(s) state that there is a compelling reason
to allow an exception in this particular case.
</t>
<t hangText='Parameter Information Class:'>
<vspace/>
Registers whether the parameter conveys public or private information.
Its value must be one the words Public or Private.
</t>
<t hangText='Change Controller:'>
<vspace/>
For Standards Track RFCs, state "IESG". For others, give the name of the
responsible party. Other details (e.g., postal address, email address, home page
URI) may also be included.
</t>
<t hangText='Specification Document(s):'>
<vspace/>
Reference to the document(s) that specify the parameter, preferably including URI(s) that
can be used to retrieve copies of the document(s). An indication of the relevant
sections may also be included but is not required.
</t>
</list>
</t>
</section>
<section title="Initial Registry Contents" anchor="JWKContents">
<t> <?rfc subcompact="yes"?>
<list style='symbols'>
<t>
Parameter Name: <spanx style="verb">kty</spanx>
</t>
<t>
Parameter Description: Key Type
</t>
<t>
Used with "kty" Value(s): *
</t>
<t>
Parameter Information Class: Public
</t>
<t>
Change Controller: IESG
</t>
<t>
Specification Document(s): <xref target="ktyDef" /> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Parameter Name: <spanx style="verb">use</spanx>
</t>
<t>
Parameter Description: Public Key Use
</t>
<t>
Used with "kty" Value(s): *
</t>
<t>
Parameter Information Class: Public
</t>
<t>
Change Controller: IESG
</t>
<t>
Specification Document(s): <xref target="useDef" /> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Parameter Name: <spanx style="verb">key_ops</spanx>
</t>
<t>
Parameter Description: Key Operations
</t>
<t>
Used with "kty" Value(s): *
</t>
<t>
Parameter Information Class: Public
</t>
<t>
Change Controller: IESG
</t>
<t>
Specification Document(s): <xref target="key_opsDef" /> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Parameter Name: <spanx style="verb">alg</spanx>
</t>
<t>
Parameter Description: Algorithm
</t>
<t>
Used with "kty" Value(s): *
</t>
<t>
Parameter Information Class: Public
</t>
<t>
Change Controller: IESG
</t>
<t>
Specification Document(s): <xref target="algDef" /> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Parameter Name: <spanx style="verb">kid</spanx>
</t>
<t>
Parameter Description: Key ID
</t>
<t>
Used with "kty" Value(s): *
</t>
<t>
Parameter Information Class: Public
</t>
<t>
Change Controller: IESG
</t>
<t>
Specification Document(s): <xref target="kidDef" /> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Parameter Name: <spanx style="verb">x5u</spanx>
</t>
<t>
Parameter Description: X.509 URL
</t>
<t>
Used with "kty" Value(s): *
</t>
<t>
Parameter Information Class: Public
</t>
<t>
Change Controller: IESG
</t>
<t>
Specification Document(s): <xref target="x5uDef" /> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Parameter Name: <spanx style="verb">x5c</spanx>
</t>
<t>
Parameter Description: X.509 Certificate Chain
</t>
<t>
Used with "kty" Value(s): *
</t>
<t>
Parameter Information Class: Public
</t>
<t>
Change Controller: IESG
</t>
<t>
Specification Document(s): <xref target="x5cDef" /> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Parameter Name: <spanx style="verb">x5t</spanx>
</t>
<t>
Parameter Description: X.509 Certificate SHA-1 Thumbprint
</t>
<t>
Used with "kty" Value(s): *
</t>
<t>
Parameter Information Class: Public
</t>
<t>
Change Controller: IESG
</t>
<t>
Specification Document(s): <xref target="x5tDef" /> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Parameter Name: <spanx style="verb">x5t#S256</spanx>
</t>
<t>
Parameter Description: X.509 Certificate SHA-256 Thumbprint
</t>
<t>
Used with "kty" Value(s): *
</t>
<t>
Parameter Information Class: Public
</t>
<t>
Change Controller: IESG
</t>
<t>
Specification Document(s): <xref target="x5tS256Def" /> of [[ this document ]]
</t>
</list>
</t>
</section>
<?rfc subcompact="no"?>
</section>
<section title="JSON Web Key Use Registry" anchor="UseReg">
<t>
This specification establishes the
IANA JSON Web Key Use registry
for JWK <spanx style="verb">use</spanx> (public key use) member values.
The registry records the public key use value
and a reference to the specification that defines it.
This specification registers the parameter names defined in
<xref target="useDef" />.
</t>
<section title="Registration Template" anchor="UseTemplate">
<t>
<list style='hanging'>
<t hangText='Use Member Value:'>
<vspace/>
The name requested (e.g., "sig").
Because a core goal of this specification is for the resulting
representations to be compact, it is RECOMMENDED that the name be short
-- not to exceed 8 characters without a compelling reason to do so.
This name is case-sensitive.
Names may not match other registered names in a case-insensitive manner
unless the Designated Expert(s) state that there is a compelling reason
to allow an exception in this particular case.
</t>
<t hangText='Use Description:'>
<vspace/>
Brief description of the use (e.g., "Digital Signature or MAC").
</t>
<t hangText='Change Controller:'>
<vspace/>
For Standards Track RFCs, state "IESG". For others, give the name of the
responsible party. Other details (e.g., postal address, email address, home page
URI) may also be included.
</t>
<t hangText='Specification Document(s):'>
<vspace/>
Reference to the document(s) that specify the parameter, preferably including URI(s) that
can be used to retrieve copies of the document(s). An indication of the relevant
sections may also be included but is not required.
</t>
</list>
</t>
</section>
<section title="Initial Registry Contents" anchor="UseContents">
<t> <?rfc subcompact="yes"?>
<list style='symbols'>
<t>
Use Member Value: <spanx style="verb">sig</spanx>
</t>
<t>
Use Description: Digital Signature or MAC
</t>
<t>
Change Controller: IESG
</t>
<t>
Specification Document(s): <xref target="useDef" /> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Use Member Value: <spanx style="verb">enc</spanx>
</t>
<t>
Use Description: Encryption
</t>
<t>
Change Controller: IESG
</t>
<t>
Specification Document(s): <xref target="useDef" /> of [[ this document ]]
</t>
</list>
</t>
</section>
<?rfc subcompact="no"?>
</section>
<section title="JSON Web Key Operations Registry" anchor="KeyOpsReg">
<t>
This specification establishes the
IANA JSON Web Key Operations registry
for values of JWK <spanx style="verb">key_ops</spanx> array elements.
The registry records the key operation value
and a reference to the specification that defines it.
This specification registers the parameter names defined in
<xref target="key_opsDef" />.
</t>
<section title="Registration Template" anchor="KeyOpsTemplate">
<t>
<list style='hanging'>
<t hangText='Key Operation Value:'>
<vspace/>
The name requested (e.g., "sign").
Because a core goal of this specification is for the resulting
representations to be compact, it is RECOMMENDED that the name be short
-- not to exceed 8 characters without a compelling reason to do so.
This name is case-sensitive.
Names may not match other registered names in a case-insensitive manner
unless the Designated Expert(s) state that there is a compelling reason
to allow an exception in this particular case.
</t>
<t hangText='Key Operation Description:'>
<vspace/>
Brief description of the key operation (e.g., "Compute digital signature or MAC").
</t>
<t hangText='Change Controller:'>
<vspace/>
For Standards Track RFCs, state "IESG". For others, give the name of the
responsible party. Other details (e.g., postal address, email address, home page
URI) may also be included.
</t>
<t hangText='Specification Document(s):'>
<vspace/>
Reference to the document(s) that specify the parameter, preferably including URI(s) that
can be used to retrieve copies of the document(s). An indication of the relevant
sections may also be included but is not required.
</t>
</list>
</t>
</section>
<section title="Initial Registry Contents" anchor="KeyOpsContents">
<t> <?rfc subcompact="yes"?>
<list style='symbols'>
<t>
Key Operation Value: <spanx style="verb">sign</spanx>
</t>
<t>
Key Operation Description: Compute digital signature or MAC
</t>
<t>
Change Controller: IESG
</t>
<t>
Specification Document(s): <xref target="key_opsDef" /> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Key Operation Value: <spanx style="verb">verify</spanx>
</t>
<t>
Key Operation Description: Verify digital signature or MAC
</t>
<t>
Change Controller: IESG
</t>
<t>
Specification Document(s): <xref target="key_opsDef" /> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Key Operation Value: <spanx style="verb">encrypt</spanx>
</t>
<t>
Key Operation Description: Encrypt content
</t>
<t>
Change Controller: IESG
</t>
<t>
Specification Document(s): <xref target="key_opsDef" /> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Key Operation Value: <spanx style="verb">decrypt</spanx>
</t>
<t>
Key Operation Description: Decrypt content and validate decryption, if applicable
</t>
<t>
Change Controller: IESG
</t>
<t>
Specification Document(s): <xref target="key_opsDef" /> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Key Operation Value: <spanx style="verb">wrapKey</spanx>
</t>
<t>
Key Operation Description: Encrypt key
</t>
<t>
Change Controller: IESG
</t>
<t>
Specification Document(s): <xref target="key_opsDef" /> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Key Operation Value: <spanx style="verb">unwrapKey</spanx>
</t>
<t>
Key Operation Description: Decrypt key and validate decryption, if applicable
</t>
<t>
Change Controller: IESG
</t>
<t>
Specification Document(s): <xref target="key_opsDef" /> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Key Operation Value: <spanx style="verb">deriveKey</spanx>
</t>
<t>
Key Operation Description: Derive key
</t>
<t>
Change Controller: IESG
</t>
<t>
Specification Document(s): <xref target="key_opsDef" /> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Key Operation Value: <spanx style="verb">deriveBits</spanx>
</t>
<t>
Key Operation Description: Derive bits not to be used as a key
</t>
<t>
Change Controller: IESG
</t>
<t>
Specification Document(s): <xref target="key_opsDef" /> of [[ this document ]]
</t>
</list>
</t>
</section>
<?rfc subcompact="no"?>
</section>
<section title="JSON Web Key Set Parameters Registry" anchor="JWKSetParamReg">
<t>
This specification establishes the
IANA JSON Web Key Set Parameters registry
for JWK Set parameter names.
The registry records the parameter name
and a reference to the specification that defines it.
This specification registers the parameter names defined in
<xref target="JWKSet" />.
</t>
<section title="Registration Template" anchor="SetTemplate">
<t>
<list style='hanging'>
<t hangText='Parameter Name:'>
<vspace/>
The name requested (e.g., "keys").
Because a core goal of this specification is for the resulting
representations to be compact, it is RECOMMENDED that the name be short
-- not to exceed 8 characters without a compelling reason to do so.
This name is case-sensitive.
Names may not match other registered names in a case-insensitive manner
unless the Designated Expert(s) state that there is a compelling reason
to allow an exception in this particular case.
</t>
<t hangText='Parameter Description:'>
<vspace/>
Brief description of the parameter (e.g., "Array of JWK values").
</t>
<t hangText='Change Controller:'>
<vspace/>
For Standards Track RFCs, state "IESG". For others, give the name of the
responsible party. Other details (e.g., postal address, email address, home page
URI) may also be included.
</t>
<t hangText='Specification Document(s):'>
<vspace/>
Reference to the document(s) that specify the parameter, preferably including URI(s) that
can be used to retrieve copies of the document(s). An indication of the relevant
sections may also be included but is not required.
</t>
</list>
</t>
</section>
<section title="Initial Registry Contents" anchor="SetContents">
<t> <?rfc subcompact="yes"?>
<list style='symbols'>
<t>
Parameter Name: <spanx style="verb">keys</spanx>
</t>
<t>
Parameter Description: Array of JWK values
</t>
<t>
Change Controller: IESG
</t>
<t>
Specification Document(s): <xref target="keysDef" /> of [[ this document ]]
</t>
</list>
</t>
</section>
<?rfc subcompact="no"?>
</section>
<section title="Media Type Registration" anchor="MediaReg">
<section title="Registry Contents" anchor="MediaContents">
<t>
This specification registers the
<spanx style="verb">application/jwk+json</spanx> and
<spanx style="verb">application/jwk-set+json</spanx>
Media Types <xref target="RFC2046"/>
in the MIME Media Types registry <xref target="IANA.MediaTypes"/>
in the manner described in <xref target="RFC6838">RFC 6838</xref>,
which can be used to indicate, respectively, that the content is
a JWK or
a JWK Set.
</t>
<t> <?rfc subcompact="yes"?>
<list style="symbols">
<t>
Type Name: application
</t>
<t>
Subtype Name: jwk+json
</t>
<t>
Required Parameters: n/a
</t>
<t>
Optional Parameters: n/a
</t>
<t>
Encoding considerations: 8bit;
application/jwk+json values are represented as JSON object;
UTF-8 encoding SHOULD be employed for the JSON object.
</t>
<t>
Security Considerations: See the Security Considerations section of [[ this document ]]
</t>
<t>
Interoperability Considerations: n/a
</t>
<t>
Published Specification: [[ this document ]]
</t>
<t>
Applications that use this media type:
OpenID Connect, Salesforce, Google, Android,
Windows Azure, W3C WebCrypto API, numerous others
</t>
<t>
Fragment identifier considerations: n/a
</t>
<t>
Additional Information: Magic number(s): n/a,
File extension(s): n/a,
Macintosh file type code(s): n/a
</t>
<t>
Person & email address to contact for further information: Michael B. Jones, mbj@microsoft.com
</t>
<t>
Intended Usage: COMMON
</t>
<t>
Restrictions on Usage: none
</t>
<t>
Author: Michael B. Jones, mbj@microsoft.com
</t>
<t>
Change Controller: IESG
</t>
<t>
Provisional registration? No
</t>
</list>
</t>
<t>
<list style="symbols">
<t>
Type Name: application
</t>
<t>
Subtype Name: jwk-set+json
</t>
<t>
Required Parameters: n/a
</t>
<t>
Optional Parameters: n/a
</t>
<t>
Encoding considerations: 8bit;
application/jwk-set+json values are represented as a JSON Object;
UTF-8 encoding SHOULD be employed for the JSON object.
</t>
<t>
Security Considerations: See the Security Considerations section of [[ this document ]]
</t>
<t>
Interoperability Considerations: n/a
</t>
<t>
Published Specification: [[ this document ]]
</t>
<t>
Applications that use this media type:
OpenID Connect, Salesforce, Google, Android,
Windows Azure, W3C WebCrypto API, numerous others
</t>
<t>
Fragment identifier considerations: n/a
</t>
<t>
Additional Information: Magic number(s): n/a,
File extension(s): n/a,
Macintosh file type code(s): n/a
</t>
<t>
Person & email address to contact for further information: Michael B. Jones, mbj@microsoft.com
</t>
<t>
Intended Usage: COMMON
</t>
<t>
Restrictions on Usage: none
</t>
<t>
Author: Michael B. Jones, mbj@microsoft.com
</t>
<t>
Change Controller: IESG
</t>
<t>
Provisional registration? No
</t>
</list>
</t>
</section>
<?rfc subcompact="no"?>
</section>
</section>
<section title="Security Considerations" anchor="Security">
<t>
All of the security issues that are pertinent to any cryptographic application
must be addressed by JWS/JWE/JWK agents. Among these issues are protecting
the user's asymmetric private and symmetric secret keys and
employing countermeasures to various attacks.
</t>
<section title="Key Provenance and Trust" anchor="KeyTrust">
<t>
One should place no more trust in the data cryptographically secured by a key
than in the method by which it was obtained and
in the trustworthiness of the entity asserting an association with the key.
Any data associated with a key that is obtained in an untrusted manner
should be treated with skepticism.
See Section 10.3 of <xref target="JWS"/> for security considerations on
key origin authentication.
</t>
<t>
The security considerations in Section 12.3 of
<xref target="W3C.NOTE-xmldsig-core2-20130411">XML DSIG 2.0</xref>
about the strength of a digital signature depending upon all the links in
the security chain also apply to this specification.
</t>
<t>
The TLS Requirements in Section 8 of <xref target="JWS" />
also apply to this specification,
except that the <spanx style="verb">x5u</spanx> JWK member
is the only feature defined by this specification using TLS.
</t>
</section>
<section title="Preventing Disclosure of Non-Public Key Information"
anchor="PreventingDisclosure">
<t>
Private and symmetric keys MUST be protected from disclosure
to unintended parties. One recommended means of doing so is
to encrypt JWKs or JWK Sets containing them by using the JWK
or JWK Set value as the plaintext of a JWE.
Of course, this requires that there be a secure way to obtain
the key used to encrypt the non-public key information
to the intended party and a secure way for that party to obtain
the corresponding decryption key.
</t>
<t>
The security considerations in
<xref target="RFC3447">RFC 3447</xref> and <xref target="RFC6030">RFC 6030</xref>
about protecting private and symmetric keys, key usage, and information leakage
also apply to this specification.
</t>
</section>
<section title="RSA Private Key Representations and Blinding" anchor="RSABlinding">
<t>
The RSA Key blinding operation <xref target="Kocher"/>, which is a defense
against some timing attacks, requires all of the
RSA key values <spanx style="verb">n</spanx>, <spanx style="verb">e</spanx>,
and <spanx style="verb">d</spanx>.
However, some RSA private key representations do not include the
public exponent <spanx style="verb">e</spanx>, but only include
the modulus <spanx style="verb">n</spanx>
and the private exponent <spanx style="verb">d</spanx>.
This is true, for instance, of the Java RSAPrivateKeySpec API,
which does not include the public exponent <spanx style="verb">e</spanx>
as a parameter.
So as to enable RSA key blinding, such representations should be avoided.
For Java, the RSAPrivateCrtKeySpec API can be used instead.
Section 8.2.2(i) of the Handbook of Applied Cryptography
<xref target="HAC"/> discusses how to compute the remaining RSA private key
parameters, if needed, using only <spanx style="verb">n</spanx>,
<spanx style="verb">e</spanx>, and <spanx style="verb">d</spanx>.
</t>
</section>
<section title="Key Entropy and Random Values" anchor="KeyEntropy">
<t>
See Section 10.1 of <xref target="JWS"/> for security considerations on
key entropy and random values.
</t>
</section>
</section>
</middle>
<back>
<references title="Normative References">
<?rfc include='http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2046.xml' ?>
<?rfc include='http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml' ?>
<?rfc include='http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2818.xml' ?>
<?rfc include='http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3629.xml' ?>
<?rfc include='http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3986.xml' ?>
<?rfc include='http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4648.xml' ?>
<?rfc include='http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4945.xml' ?>
<?rfc include='http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4949.xml' ?>
<?rfc include='http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5246.xml' ?>
<?rfc include='http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5280.xml' ?>
<?rfc include='http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6125.xml' ?>
<?rfc include='http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7159.xml' ?>
<reference anchor="RFC20">
<front>
<title>ASCII format for Network Interchange</title>
<author fullname="Vint Cerf" surname="Cerf" initials="V.">
<organization>University California Los Angeles (UCLA)</organization>
</author>
<date month="October" day="16" year="1969"/>
<abstract><t>For concreteness, we suggest the use of standard 7-bit ASCII embedded in an 8 bit byte whose high order bit is always 0.</t></abstract>
</front>
<seriesInfo value="20" name="RFC"/>
<format target="http://www.rfc-editor.org/rfc/rfc20.txt" octets="18504" type="TXT"/>
</reference>
<?rfc include='http://xml2rfc.tools.ietf.org/public/rfc/bibxml2/reference.ITU.X690.1994.xml' ?>
<reference anchor="UNICODE" target="http://www.unicode.org/versions/latest/">
<front>
<title abbrev="Unicode">The Unicode Standard</title>
<author>
<organization>The Unicode Consortium</organization>
<address />
</author>
<date year="1991-"/>
</front>
<!--
<annotation>
Note that this reference is to the latest version of Unicode,
rather than to a specific release. It is not expected that future changes in
the UNICODE specification will impact the syntax of JSON or the UTF-8 encoding.
</annotation>
-->
</reference>
<reference anchor="JWS">
<front>
<title>JSON Web Signature (JWS)</title>
<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
<organization>Microsoft</organization>
<address>
<email>mbj@microsoft.com</email>
<uri>http://self-issued.info/</uri>
</address>
</author>
<author fullname="John Bradley" initials="J." surname="Bradley">
<organization abbrev="Ping Identity">Ping Identity</organization>
<address>
<email>ve7jtb@ve7jtb.com</email>
</address>
</author>
<author fullname="Nat Sakimura" initials="N." surname="Sakimura">
<organization abbrev="NRI">Nomura Research Institute</organization>
<address>
<email>n-sakimura@nri.co.jp</email>
</address>
</author>
<date day="13" month="January" year="2015"/>
</front>
<seriesInfo value="draft-ietf-jose-json-web-signature" name="Internet-Draft"/>
<format target="http://tools.ietf.org/html/draft-ietf-jose-json-web-signature" type="HTML" />
</reference>
<reference anchor="JWE">
<front>
<title>JSON Web Encryption (JWE)</title>
<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
<organization>Microsoft</organization>
<address>
<email>mbj@microsoft.com</email>
<uri>http://self-issued.info/</uri>
</address>
</author>
<author fullname="Joe Hildebrand" initials="J." surname="Hildebrand">
<organization abbrev="Cisco">Cisco Systems, Inc.</organization>
<address>
<email>jhildebr@cisco.com</email>
</address>
</author>
<date day="13" month="January" year="2015"/>
</front>
<seriesInfo value="draft-ietf-jose-json-web-encryption" name="Internet-Draft"/>
<format target="http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption" type="HTML" />
</reference>
<reference anchor="JWA">
<front>
<title>JSON Web Algorithms (JWA)</title>
<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
<organization>Microsoft</organization>
<address>
<email>mbj@microsoft.com</email>
<uri>http://self-issued.info/</uri>
</address>
</author>
<date day="13" month="January" year="2015"/>
</front>
<seriesInfo value="draft-ietf-jose-json-web-algorithms" name="Internet-Draft"/>
<format target="http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms" type="HTML" />
</reference>
<reference anchor="ECMAScript">
<front>
<title>ECMAScript Language Specification, 5.1 Edition</title>
<author>
<organization>Ecma International</organization>
</author>
<date month="June" year="2011"/>
</front>
<seriesInfo name="ECMA" value="262"/>
<format target="http://www.ecma-international.org/ecma-262/5.1/" type="HTML" />
<format target="http://www.ecma-international.org/ecma-262/5.1/ECMA-262.pdf" type="PDF" />
</reference>
<reference anchor="IANA.MediaTypes">
<front>
<title>MIME Media Types</title>
<author>
<organization>Internet Assigned Numbers Authority (IANA)</organization>
</author>
<date year="2005"/>
</front>
<format target="http://www.iana.org/assignments/media-types"
type="HTML" />
</reference>
</references>
<references title="Informative References">
<?rfc include='http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3447.xml' ?>
<?rfc include='http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5226.xml' ?>
<?rfc include='http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6030.xml' ?>
<?rfc include='http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6838.xml' ?>
<reference anchor="DSS">
<front>
<title>Digital Signature Standard (DSS)</title>
<author>
<organization>National Institute of Standards and
Technology</organization>
</author>
<date month="July" year="2013" />
</front>
<seriesInfo name="FIPS" value="PUB 186-4" />
<format target="http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf" type="PDF" />
</reference>
<reference target="http://www.w3.org/TR/2014/CR-WebCryptoAPI-20141211/" anchor="W3C.CR-WebCryptoAPI-20141211">
<front>
<title>Web Cryptography API</title>
<author fullname="Ryan Sleevi" surname="Sleevi" initials="R.">
<organization>Google, Inc.</organization>
</author>
<author fullname="Mark Watson" surname="Watson" initials="M.">
<organization>Netflix</organization>
</author>
<date day="11" month="December" year="2014"/>
</front>
<seriesInfo value="Candidate Recommendation CR-WebCryptoAPI-20141211" name="World Wide Web Consortium"/>
<format target="http://www.w3.org/TR/2014/CR-WebCryptoAPI-20141211/" type="HTML"/>
</reference>
<reference target="http://www.w3.org/TR/2013/NOTE-xmldsig-core2-20130411/" anchor="W3C.NOTE-xmldsig-core2-20130411">
<front>
<title>XML Signature Syntax and Processing Version 2.0</title>
<author fullname="Donald Eastlake" surname="Eastlake" initials="D."><organization/></author>
<author fullname="Joseph Reagle" surname="Reagle" initials="J."><organization/></author>
<author fullname="David Solo" surname="Solo" initials="D."><organization/></author>
<author fullname="Frederick Hirsch" surname="Hirsch" initials="F."><organization/></author>
<author fullname="Thomas Roessler" surname="Roessler" initials="T."><organization/></author>
<author fullname="Kelvin Yiu" surname="Yiu" initials="K."><organization/></author>
<author fullname="Pratik Datta" surname="Datta" initials="P."><organization/></author>
<author fullname="Scott Cantor" surname="Cantor" initials="S."><organization/></author>
<date year="2013" day="11" month="April"/>
</front>
<seriesInfo value="NOTE-xmldsig-core2-20130411" name="World Wide Web Consortium Note"/>
<format target="http://www.w3.org/TR/2013/NOTE-xmldsig-core2-20130411/" type="HTML"/>
</reference>
<reference anchor="MagicSignatures">
<front>
<title>Magic Signatures</title>
<author fullname="John Panzer (editor)" initials="J." surname="Panzer (editor)"></author>
<author fullname="Ben Laurie" initials="B." surname="Laurie"></author>
<author fullname="Dirk Balfanz" initials="D." surname="Balfanz"></author>
<date day="7" month="January" year="2011" />
</front>
<format target="http://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-01.html" type="HTML" />
</reference>
<!-- Note to the RFC Editor: What is the right way to achieve this reference?
Kocher, P.C.: Timing Attacks on Implementations of Diffe-Hellman, RSA, DSS,
and Other Systems. In Proceedings of the 16th Annual International Cryptology
Conference Advances in Cryptology, Springer-Verlag, pp. 104-113, 1996.
-->
<reference anchor="Kocher">
<front>
<title>Timing Attacks on Implementations of Diffe-Hellman, RSA, DSS,
and Other Systems</title>
<author fullname="P.C. Kocher" surname="Kocher" initials="P.C.">
</author>
<date year="1996"/>
</front>
<seriesInfo name="In Proceedings of the 16th Annual International Cryptology
Conference Advances in Cryptology, Springer-Verlag,"
value="pp. 104-113"/>
</reference>
<!-- Note to the RFC Editor: What is the right way to achieve this reference?
A. Menezes, P. van Oorschot, and S. Vanstone:
Handbook of Applied Cryptography, CRC Press, 1996.
http://cacr.uwaterloo.ca/hac/about/chap8.pdf
-->
<reference target="http://cacr.uwaterloo.ca/hac/about/chap8.pdf" anchor="HAC">
<front>
<title>Handbook of Applied Cryptography</title>
<author fullname="A. Menezes" surname="Menezes" initials="A.">
</author>
<author fullname="P. van Oorschot" surname="van Oorschot" initials="P.">
</author>
<author fullname="S. Vanstone" surname="Vanstone" initials="S.">
</author>
<date year="1996"/>
</front>
<seriesInfo name="CRC" value="Press"/>
<format target="http://cacr.uwaterloo.ca/hac/about/chap8.pdf" type="HTML"/>
</reference>
</references>
<section title="Example JSON Web Key Sets" anchor="ExampleJWKSets">
<section title="Example Public Keys" anchor="PublicExample">
<t>
The following example JWK Set contains two public keys
represented as JWKs: one
using an Elliptic Curve algorithm and a second one using an
RSA algorithm. The first specifies that the key is to be
used for encryption.
The second specifies that the key is to be used with the
<spanx style='verb'>RS256</spanx> algorithm.
Both provide a Key ID for key matching
purposes. In both cases, integers are represented using the
base64url encoding of their big endian representations.
(Line breaks within values are for display purposes only.)
</t>
<figure><artwork><![CDATA[
{"keys":
[
{"kty":"EC",
"crv":"P-256",
"x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
"y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
"use":"enc",
"kid":"1"},
{"kty":"RSA",
"n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx
4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs
tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2
QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI
SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb
w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
"e":"AQAB",
"alg":"RS256",
"kid":"2011-04-29"}
]
}
]]></artwork></figure>
</section>
<section title="Example Private Keys" anchor="PrivateExample">
<t>
The following example JWK Set contains two keys represented
as JWKs containing both public and private key values:
one using an Elliptic Curve algorithm and
a second one using an RSA algorithm.
This example extends the example in
the previous section,
adding private key values.
(Line breaks within values are for display purposes only.)
</t>
<figure><artwork><![CDATA[
{"keys":
[
{"kty":"EC",
"crv":"P-256",
"x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
"y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
"d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE",
"use":"enc",
"kid":"1"},
{"kty":"RSA",
"n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4
cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMst
n64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2Q
vzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbIS
D08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw
0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
"e":"AQAB",
"d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9
M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij
wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d
_cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz
nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz
me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q",
"p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV
nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV
WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs",
"q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum
qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx
kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk",
"dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim
YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu
YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0",
"dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU
vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9
GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk",
"qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg
UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx
yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU",
"alg":"RS256",
"kid":"2011-04-29"}
]
}
]]></artwork></figure>
</section>
<section title="Example Symmetric Keys" anchor="SymmetricExample">
<t>
The following example JWK Set contains two symmetric keys represented
as JWKs:
one designated as being for use with the AES Key Wrap algorithm and
a second one that is an HMAC key.
(Line breaks within values are for display purposes only.)
</t>
<figure><artwork><![CDATA[
{"keys":
[
{"kty":"oct",
"alg":"A128KW",
"k":"GawgguFyGrWKav7AX4VKUg"},
{"kty":"oct",
"k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75
aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow",
"kid":"HMAC key used in JWS A.1 example"}
]
}
]]></artwork></figure>
</section>
</section>
<section title='Example Use of "x5c" (X.509 Certificate Chain) Parameter' anchor="x5cExample">
<t>
<figure>
<preamble>The following is an example of a JWK
with a RSA signing key represented both as an RSA public key
and as an X.509 certificate using the
<spanx style="verb">x5c</spanx> parameter
(with line breaks within values for display purposes only):</preamble>
<artwork><![CDATA[
{"kty":"RSA",
"use":"sig",
"kid":"1b94c",
"n":"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08
PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q
u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a
YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH
MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv
VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ",
"e":"AQAB",
"x5c":
["MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJB
gNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYD
VQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1
wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBg
NVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDV
QQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1w
YmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnH
YMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66
s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6
SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpn
fajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPq
PvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVk
aZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BA
QUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL
+9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1
zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL
2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo
4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTq
gawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA=="]
}
]]></artwork>
</figure>
</t>
</section>
<section title="Example Encrypted RSA Private Key" anchor="example-encrypted-jwk">
<t>
This example encrypts an RSA private key to the recipient using
<spanx style="verb">PBES2-HS256+A128KW</spanx> for key encryption and
<spanx style="verb">A128CBC+HS256</spanx> for content encryption.
</t>
<t>NOTE: Unless otherwise indicated, all line breaks are included solely for readability.</t>
<section title='Plaintext RSA Private Key' anchor='example-privkey-plaintext'>
<t>The following RSA key is the plaintext for the authenticated encryption operation,
formatted as a JWK
(with line breaks within values for display purposes only):</t>
<figure>
<artwork><![CDATA[
{
"kty":"RSA",
"kid":"juliet@capulet.lit",
"use":"enc",
"n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy
O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP
8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0
Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X
OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1
_I8sLGuSiVdt3C_Fn2PZ3Z8i744FPFGGcG1qs2Wz-Q",
"e":"AQAB",
"d":"GRtbIQmhOZtyszfgKdg4u_N-R_mZGU_9k7JQ_jn1DnfTuMdSNprTeaSTyWfS
NkuaAwnOEbIQVy1IQbWVV25NY3ybc_IhUJtfri7bAXYEReWaCl3hdlPKXy9U
vqPYGR0kIXTQRqns-dVJ7jahlI7LyckrpTmrM8dWBo4_PMaenNnPiQgO0xnu
ToxutRZJfJvG4Ox4ka3GORQd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu
rY15k9qMSpG9OX_IJAXmxzAh_tWiZOwk2K4yxH9tS3Lq1yX8C1EWmeRDkK2a
hecG85-oLKQt5VEpWHKmjOi_gJSdSgqcN96X52esAQ",
"p":"2rnSOV4hKSN8sS4CgcQHFbs08XboFDqKum3sc4h3GRxrTmQdl1ZK9uw-PIHf
QP0FkxXVrx-WE-ZEbrqivH_2iCLUS7wAl6XvARt1KkIaUxPPSYB9yk31s0Q8
UK96E3_OrADAYtAJs-M3JxCLfNgqh56HDnETTQhH3rCT5T3yJws",
"q":"1u_RiFDP7LBYh3N4GXLT9OpSKYP0uQZyiaZwBtOCBNJgQxaj10RWjsZu0c6I
edis4S7B_coSKB0Kj9PaPaBzg-IySRvvcQuPamQu66riMhjVtG6TlV8CLCYK
rYl52ziqK0E_ym2QnkwsUX7eYTB7LbAHRK9GqocDE5B0f808I4s",
"dp":"KkMTWqBUefVwZ2_Dbj1pPQqyHSHjj90L5x_MOzqYAJMcLMZtbUtwKqvVDq3
tbEo3ZIcohbDtt6SbfmWzggabpQxNxuBpoOOf_a_HgMXK_lhqigI4y_kqS1w
Y52IwjUn5rgRrJ-yYo1h41KR-vz2pYhEAeYrhttWtxVqLCRViD6c",
"dq":"AvfS0-gRxvn0bwJoMSnFxYcK1WnuEjQFluMGfwGitQBWtfZ1Er7t1xDkbN9
GQTB9yqpDoYaN06H7CFtrkxhJIBQaj6nkF5KKS3TQtQ5qCzkOkmxIe3KRbBy
mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu_lRFCOJ3xDea-ots",
"qi":"lSQi-w9CpyUReMErP1RsBLk7wNtOvs5EQpPqmuMvqW57NBUczScEoPwmUqq
abu9V0-Py4dQ57_bapoKRu1R90bvuFnU63SHWEFglZQvJDMeAvmj4sm-Fp0o
Yu_neotgQ0hzbI5gry7ajdYy9-2lNx_76aBZoOUu9HCJ-UsfSOI8"
}
]]></artwork>
</figure>
<t>
The octets representing the Plaintext used in this example (using JSON array notation) are:
</t>
<t>
[123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107, 105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112, 117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34, 58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56, 80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78, 89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87, 101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49, 103, 80, 78, 113, 70, 77, 83, 81, 82, 121, 79, 49, 50, 53, 71, 112, 45, 84, 69, 107, 111, 100, 104, 87, 114, 48, 105, 117, 106, 106, 72, 86, 120, 55, 66, 99, 86, 48, 108, 108, 83, 52, 119, 53, 65, 67, 71, 103, 80, 114, 99, 65, 100, 54, 90, 99, 83, 82, 48, 45, 73, 113, 111, 109, 45, 81, 70, 99, 78, 80, 56, 83, 106, 103, 48, 56, 54, 77, 119, 111, 113, 81, 85, 95, 76, 89, 121, 119, 108, 65, 71, 90, 50, 49, 87, 83, 100, 83, 95, 80, 69, 82, 121, 71, 70, 105, 78, 110, 106, 51, 81, 81, 108, 79, 56, 89, 110, 115, 53, 106, 67, 116, 76, 67, 82, 119, 76, 72, 76, 48, 80, 98, 49, 102, 69, 118, 52, 53, 65, 117, 82, 73, 117, 85, 102, 86, 99, 80, 121, 83, 66, 87, 89, 110, 68, 121, 71, 120, 118, 106, 89, 71, 68, 83, 77, 45, 65, 113, 87, 83, 57, 122, 73, 81, 50, 90, 105, 108, 103, 84, 45, 71, 113, 85, 109, 105, 112, 103, 48, 88, 79, 67, 48, 67, 99, 50, 48, 114, 103, 76, 101, 50, 121, 109, 76, 72, 106, 112, 72, 99, 105, 67, 75, 86, 65, 98, 89, 53, 45, 76, 51, 50, 45, 108, 83, 101, 90, 79, 45, 79, 115, 54, 85, 49, 53, 95, 97, 88, 114, 107, 57, 71, 119, 56, 99, 80, 85, 97, 88, 49, 95, 73, 56, 115, 76, 71, 117, 83, 105, 86, 100, 116, 51, 67, 95, 70, 110, 50, 80, 90, 51, 90, 56, 105, 55, 52, 52, 70, 80, 70, 71, 71, 99, 71, 49, 113, 115, 50, 87, 122, 45, 81, 34, 44, 34, 101, 34, 58, 34, 65, 81, 65, 66, 34, 44, 34, 100, 34, 58, 34, 71, 82, 116, 98, 73, 81, 109, 104, 79, 90, 116, 121, 115, 122, 102, 103, 75, 100, 103, 52, 117, 95, 78, 45, 82, 95, 109, 90, 71, 85, 95, 57, 107, 55, 74, 81, 95, 106, 110, 49, 68, 110, 102, 84, 117, 77, 100, 83, 78, 112, 114, 84, 101, 97, 83, 84, 121, 87, 102, 83, 78, 107, 117, 97, 65, 119, 110, 79, 69, 98, 73, 81, 86, 121, 49, 73, 81, 98, 87, 86, 86, 50, 53, 78, 89, 51, 121, 98, 99, 95, 73, 104, 85, 74, 116, 102, 114, 105, 55, 98, 65, 88, 89, 69, 82, 101, 87, 97, 67, 108, 51, 104, 100, 108, 80, 75, 88, 121, 57, 85, 118, 113, 80, 89, 71, 82, 48, 107, 73, 88, 84, 81, 82, 113, 110, 115, 45, 100, 86, 74, 55, 106, 97, 104, 108, 73, 55, 76, 121, 99, 107, 114, 112, 84, 109, 114, 77, 56, 100, 87, 66, 111, 52, 95, 80, 77, 97, 101, 110, 78, 110, 80, 105, 81, 103, 79, 48, 120, 110, 117, 84, 111, 120, 117, 116, 82, 90, 74, 102, 74, 118, 71, 52, 79, 120, 52, 107, 97, 51, 71, 79, 82, 81, 100, 57, 67, 115, 67, 90, 50, 118, 115, 85, 68, 109, 115, 88, 79, 102, 85, 69, 78, 79, 121, 77, 113, 65, 68, 67, 54, 112, 49, 77, 51, 104, 51, 51, 116, 115, 117, 114, 89, 49, 53, 107, 57, 113, 77, 83, 112, 71, 57, 79, 88, 95, 73, 74, 65, 88, 109, 120, 122, 65, 104, 95, 116, 87, 105, 90, 79, 119, 107, 50, 75, 52, 121, 120, 72, 57, 116, 83, 51, 76, 113, 49, 121, 88, 56, 67, 49, 69, 87, 109, 101, 82, 68, 107, 75, 50, 97, 104, 101, 99, 71, 56, 53, 45, 111, 76, 75, 81, 116, 53, 86, 69, 112, 87, 72, 75, 109, 106, 79, 105, 95, 103, 74, 83, 100, 83, 103, 113, 99, 78, 57, 54, 88, 53, 50, 101, 115, 65, 81, 34, 44, 34, 112, 34, 58, 34, 50, 114, 110, 83, 79, 86, 52, 104, 75, 83, 78, 56, 115, 83, 52, 67, 103, 99, 81, 72, 70, 98, 115, 48, 56, 88, 98, 111, 70, 68, 113, 75, 117, 109, 51, 115, 99, 52, 104, 51, 71, 82, 120, 114, 84, 109, 81, 100, 108, 49, 90, 75, 57, 117, 119, 45, 80, 73, 72, 102, 81, 80, 48, 70, 107, 120, 88, 86, 114, 120, 45, 87, 69, 45, 90, 69, 98, 114, 113, 105, 118, 72, 95, 50, 105, 67, 76, 85, 83, 55, 119, 65, 108, 54, 88, 118, 65, 82, 116, 49, 75, 107, 73, 97, 85, 120, 80, 80, 83, 89, 66, 57, 121, 107, 51, 49, 115, 48, 81, 56, 85, 75, 57, 54, 69, 51, 95, 79, 114, 65, 68, 65, 89, 116, 65, 74, 115, 45, 77, 51, 74, 120, 67, 76, 102, 78, 103, 113, 104, 53, 54, 72, 68, 110, 69, 84, 84, 81, 104, 72, 51, 114, 67, 84, 53, 84, 51, 121, 74, 119, 115, 34, 44, 34, 113, 34, 58, 34, 49, 117, 95, 82, 105, 70, 68, 80, 55, 76, 66, 89, 104, 51, 78, 52, 71, 88, 76, 84, 57, 79, 112, 83, 75, 89, 80, 48, 117, 81, 90, 121, 105, 97, 90, 119, 66, 116, 79, 67, 66, 78, 74, 103, 81, 120, 97, 106, 49, 48, 82, 87, 106, 115, 90, 117, 48, 99, 54, 73, 101, 100, 105, 115, 52, 83, 55, 66, 95, 99, 111, 83, 75, 66, 48, 75, 106, 57, 80, 97, 80, 97, 66, 122, 103, 45, 73, 121, 83, 82, 118, 118, 99, 81, 117, 80, 97, 109, 81, 117, 54, 54, 114, 105, 77, 104, 106, 86, 116, 71, 54, 84, 108, 86, 56, 67, 76, 67, 89, 75, 114, 89, 108, 53, 50, 122, 105, 113, 75, 48, 69, 95, 121, 109, 50, 81, 110, 107, 119, 115, 85, 88, 55, 101, 89, 84, 66, 55, 76, 98, 65, 72, 82, 75, 57, 71, 113, 111, 99, 68, 69, 53, 66, 48, 102, 56, 48, 56, 73, 52, 115, 34, 44, 34, 100, 112, 34, 58, 34, 75, 107, 77, 84, 87, 113, 66, 85, 101, 102, 86, 119, 90, 50, 95, 68, 98, 106, 49, 112, 80, 81, 113, 121, 72, 83, 72, 106, 106, 57, 48, 76, 53, 120, 95, 77, 79, 122, 113, 89, 65, 74, 77, 99, 76, 77, 90, 116, 98, 85, 116, 119, 75, 113, 118, 86, 68, 113, 51, 116, 98, 69, 111, 51, 90, 73, 99, 111, 104, 98, 68, 116, 116, 54, 83, 98, 102, 109, 87, 122, 103, 103, 97, 98, 112, 81, 120, 78, 120, 117, 66, 112, 111, 79, 79, 102, 95, 97, 95, 72, 103, 77, 88, 75, 95, 108, 104, 113, 105, 103, 73, 52, 121, 95, 107, 113, 83, 49, 119, 89, 53, 50, 73, 119, 106, 85, 110, 53, 114, 103, 82, 114, 74, 45, 121, 89, 111, 49, 104, 52, 49, 75, 82, 45, 118, 122, 50, 112, 89, 104, 69, 65, 101, 89, 114, 104, 116, 116, 87, 116, 120, 86, 113, 76, 67, 82, 86, 105, 68, 54, 99, 34, 44, 34, 100, 113, 34, 58, 34, 65, 118, 102, 83, 48, 45, 103, 82, 120, 118, 110, 48, 98, 119, 74, 111, 77, 83, 110, 70, 120, 89, 99, 75, 49, 87, 110, 117, 69, 106, 81, 70, 108, 117, 77, 71, 102, 119, 71, 105, 116, 81, 66, 87, 116, 102, 90, 49, 69, 114, 55, 116, 49, 120, 68, 107, 98, 78, 57, 71, 81, 84, 66, 57, 121, 113, 112, 68, 111, 89, 97, 78, 48, 54, 72, 55, 67, 70, 116, 114, 107, 120, 104, 74, 73, 66, 81, 97, 106, 54, 110, 107, 70, 53, 75, 75, 83, 51, 84, 81, 116, 81, 53, 113, 67, 122, 107, 79, 107, 109, 120, 73, 101, 51, 75, 82, 98, 66, 121, 109, 88, 120, 107, 98, 53, 113, 119, 85, 112, 88, 53, 69, 76, 68, 53, 120, 70, 99, 54, 70, 101, 105, 97, 102, 87, 89, 89, 54, 51, 84, 109, 109, 69, 65, 117, 95, 108, 82, 70, 67, 79, 74, 51, 120, 68, 101, 97, 45, 111, 116, 115, 34, 44, 34, 113, 105, 34, 58, 34, 108, 83, 81, 105, 45, 119, 57, 67, 112, 121, 85, 82, 101, 77, 69, 114, 80, 49, 82, 115, 66, 76, 107, 55, 119, 78, 116, 79, 118, 115, 53, 69, 81, 112, 80, 113, 109, 117, 77, 118, 113, 87, 53, 55, 78, 66, 85, 99, 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, 125]
</t>
</section>
<section title='JOSE Header' anchor='example-privkey-header'>
<t>The following example JWE Protected Header declares that:</t>
<t>
<list style='symbols'>
<t>the Content Encryption Key is encrypted to the recipient using the PSE2-HS256+A128KW algorithm to produce the JWE Encrypted Key,</t>
<t>the Salt Input (<spanx style="verb">p2s</spanx>) value is
[217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 155, 137, 174, 42, 80, 215],</t>
<t>the Iteration Count (<spanx style="verb">p2c</spanx>) value is 4096,</t>
<t>
authenticated encryption is performed on the Plaintext
using the AES_128_CBC_HMAC_SHA_256 algorithm
to produce the Ciphertext and the Authentication Tag, and
</t>
<t>the content type is application/jwk+json.</t>
</list>
<figure>
<artwork><![CDATA[
{
"alg":"PBES2-HS256+A128KW",
"p2s":"2WCTcJZ1Rvd_CJuJripQ1w",
"p2c":4096,
"enc":"A128CBC-HS256",
"cty":"jwk+json"
}
]]></artwork>
</figure>
</t>
<t>
Encoding this JWE Protected Header as
BASE64URL(UTF8(JWE Protected Header)) gives this value
(with line breaks for display purposes only):
</t>
<figure>
<artwork><![CDATA[
eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn
VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi
andrK2pzb24ifQ
]]></artwork>
</figure>
</section>
<section title='Content Encryption Key (CEK)' anchor='example-privkey-cek'>
<t>Generate a 256 bit random Content Encryption Key (CEK).
In this example, the value (using JSON array notation) is:</t>
<t>
[111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 112, 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 48, 253, 182]
</t>
</section>
<section title='Key Derivation' anchor='example-privkey-keyderivation'>
<t>
Derive a key from a shared passphrase using the
PBKDF2 algorithm with HMAC SHA-256
and the specified Salt and Iteration Count values
and a 128 bit requested output key size
to produce the PBKDF2 Derived Key.
This example uses the following passphrase:
</t>
<figure>
<artwork><![CDATA[
Thus from my lips, by yours, my sin is purged.
]]></artwork>
</figure>
<t>
The octets representing the passphrase are:
</t>
<t>
[84, 104, 117, 115, 32, 102, 114, 111, 109, 32, 109, 121, 32, 108, 105, 112, 115, 44, 32, 98, 121, 32, 121, 111, 117, 114, 115, 44, 32, 109, 121, 32, 115, 105, 110, 32, 105, 115, 32, 112, 117, 114, 103, 101, 100, 46]
</t>
<t>
The Salt value (UTF8(Alg) || 0x00 || Salt Input) is:
</t>
<t>
[80, 66, 69, 83, 50, 45, 72, 83, 50, 53, 54, 43, 65, 49, 50, 56, 75, 87,
0,
217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 155, 137, 174, 42, 80, 215].
</t>
<t>
The resulting PBKDF2 Derived Key value is:
</t>
<t>
[110, 171, 169, 92, 129, 92, 109, 117, 233, 242, 116, 233, 170, 14, 24, 75]
</t>
</section>
<section title='Key Encryption' anchor='example-privkey-keyencrypt'>
<t>
Encrypt the CEK with the <spanx style="verb">A128KW</spanx> algorithm
using the PBKDF2 Derived Key.
The resulting JWE Encrypted Key value is:
</t>
<t>
[78, 186, 151, 59, 11, 141, 81, 240, 213, 245, 83, 211, 53, 188, 134, 188, 66, 125, 36, 200, 222, 124, 5, 103, 249, 52, 117, 184, 140, 81, 246, 158, 161, 177, 20, 33, 245, 57, 59, 4]
</t>
<t>
Encoding this JWE Encrypted Key as
BASE64URL(JWE Encrypted Key) gives this value:
</t>
<figure>
<artwork><![CDATA[
TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA
]]></artwork>
</figure>
</section>
<section title='Initialization Vector' anchor='example-privkey-iv'>
<t>Generate a random 128 bit JWE Initialization Vector.
In this example, the value is:</t>
<t>
[97, 239, 99, 214, 171, 54, 216, 57, 145, 72, 7, 93, 34, 31, 149, 156]
</t>
<t>
Encoding this JWE Initialization Vector as
BASE64URL(JWE Initialization Vector) gives this value:
</t>
<figure>
<artwork><![CDATA[
Ye9j1qs22DmRSAddIh-VnA
]]></artwork>
</figure>
</section>
<section title='Additional Authenticated Data' anchor='example-privkey-adata'>
<t>
Let the Additional Authenticated Data encryption parameter be
ASCII(BASE64URL(UTF8(JWE Protected Header))).
This value is:
</t>
<t>
[123, 34, 97, 108, 103, 34, 58, 34, 80, 66, 69, 83, 50, 45, 72, 83, 50, 53, 54, 43, 65, 49, 50, 56, 75, 87, 34, 44, 34, 112, 50, 115, 34, 58, 34, 50, 87, 67, 84, 99, 74, 90, 49, 82, 118, 100, 95, 67, 74, 117, 74, 114, 105, 112, 81, 49, 119, 34, 44, 34, 112, 50, 99, 34, 58, 52, 48, 57, 54, 44, 34, 101, 110, 99, 34, 58, 34, 65, 49, 50, 56, 67, 66, 67, 45, 72, 83, 50, 53, 54, 34, 44, 34, 99, 116, 121, 34, 58, 34, 106, 119, 107, 43, 106, 115, 111, 110, 34, 125]
</t>
</section>
<section title='Content Encryption' anchor='example-privkey-contentencrypt'>
<t>
Perform authenticated encryption on the Plaintext
with the AES_128_CBC_HMAC_SHA_256 algorithm
using the CEK as the encryption key,
the JWE Initialization Vector,
and the Additional Authenticated Data value above.
The resulting Ciphertext is:
</t>
<t>
[3, 8, 65, 242, 92, 107, 148, 168, 197, 159, 77, 139, 25, 97, 42, 131, 110, 199, 225, 56, 61, 127, 38, 64, 108, 91, 247, 167, 150, 98, 112, 122, 99, 235, 132, 50, 28, 46, 56, 170, 169, 89, 220, 145, 38, 157, 148, 224, 66, 140, 8, 169, 146, 117, 222, 54, 242, 28, 31, 11, 129, 227, 226, 169, 66, 117, 133, 254, 140, 216, 115, 203, 131, 60, 60, 47, 233, 132, 121, 13, 35, 188, 53, 19, 172, 77, 59, 54, 211, 158, 172, 25, 60, 111, 0, 80, 201, 158, 160, 210, 68, 55, 12, 67, 136, 130, 87, 216, 197, 95, 62, 20, 155, 205, 5, 140, 27, 168, 221, 65, 114, 78, 157, 254, 46, 206, 182, 52, 135, 87, 239, 3, 34, 186, 126, 220, 151, 17, 33, 237, 57, 96, 172, 183, 58, 45, 248, 103, 241, 142, 136, 7, 53, 16, 173, 181, 7, 93, 92, 252, 1, 53, 212, 242, 8, 255, 11, 239, 181, 24, 148, 136, 111, 24, 161, 244, 23, 106, 69, 157, 215, 243, 189, 240, 166, 169, 249, 72, 38, 201, 99, 223, 173, 229, 9, 222, 82, 79, 157, 176, 248, 85, 239, 121, 163, 1, 31, 48, 98, 206, 61, 249, 104, 216, 201, 227, 105, 48, 194, 193, 10, 36, 160, 159, 241, 166, 84, 54, 188, 211, 243, 242, 40, 46, 45, 193, 193, 160, 169, 101, 201, 1, 73, 47, 105, 142, 88, 28, 42, 132, 26, 61, 58, 63, 142, 243, 77, 26, 179, 153, 166, 46, 203, 208, 49, 55, 229, 34, 178, 4, 109, 180, 204, 204, 115, 1, 103, 193, 5, 91, 215, 214, 195, 1, 110, 208, 53, 144, 36, 105, 12, 54, 25, 129, 101, 15, 183, 150, 250, 147, 115, 227, 58, 250, 5, 128, 232, 63, 15, 14, 19, 141, 124, 253, 142, 137, 189, 135, 26, 44, 240, 27, 88, 132, 105, 127, 6, 71, 37, 41, 124, 187, 165, 140, 34, 200, 123, 80, 228, 24, 231, 176, 132, 171, 138, 145, 152, 116, 224, 50, 141, 51, 147, 91, 186, 7, 246, 106, 217, 148, 244, 227, 244, 45, 220, 121, 165, 224, 148, 181, 17, 181, 128, 197, 101, 237, 11, 169, 229, 149, 199, 78, 56, 15, 14, 190, 91, 216, 222, 247, 213, 74, 40, 8, 96, 20, 168, 119, 96, 26, 24, 52, 37, 82, 127, 57, 176, 147, 118, 59, 7, 224, 33, 117, 72, 155, 29, 82, 26, 215, 189, 140, 119, 28, 152, 118, 93, 222, 194, 192, 148, 115, 83, 253, 216, 212, 108, 88, 83, 175, 172, 220, 97, 79, 110, 42, 223, 170, 161, 34, 164, 144, 193, 76, 122, 92, 160, 41, 178, 175, 6, 35, 96, 113, 96, 158, 90, 129, 101, 26, 45, 70, 180, 189, 230, 15, 5, 247, 150, 209, 94, 171, 26, 13, 142, 212, 129, 1, 176, 5, 0, 112, 203, 174, 185, 119, 76, 233, 189, 54, 172, 189, 245, 223, 253, 205, 12, 88, 9, 126, 157, 225, 90, 40, 229, 191, 63, 30, 160, 224, 69, 3, 140, 109, 70, 89, 37, 213, 245, 194, 210, 180, 188, 63, 210, 139, 221, 2, 144, 200, 20, 177, 216, 29, 227, 242, 106, 12, 135, 142, 139, 144, 82, 225, 162, 171, 176, 108, 99, 6, 43, 193, 161, 116, 234, 216, 1, 242, 21, 124, 162, 98, 205, 124, 193, 38, 12, 242, 90, 101, 76, 204, 184, 124, 58, 180, 16, 240, 26, 76, 195, 250, 212, 191, 185, 191, 97, 198, 186, 73, 225, 75, 14, 90, 123, 121, 172, 101, 50, 160, 221, 141, 253, 205, 126, 77, 9, 87, 198, 110, 104, 182, 141, 120, 51, 25, 232, 3, 32, 80, 6, 156, 8, 18, 4, 135, 221, 142, 25, 135, 2, 129, 132, 115, 227, 74, 141, 28, 119, 11, 141, 117, 134, 198, 62, 150, 254, 97, 75, 197, 251, 99, 89, 204, 224, 226, 67, 83, 175, 89, 0, 81, 29, 38, 207, 89, 140, 255, 197, 177, 164, 128, 62, 116, 224, 180, 109, 169, 28, 2, 59, 176, 130, 252, 44, 178, 81, 24, 181, 176, 75, 44, 61, 91, 12, 37, 21, 255, 83, 130, 197, 16, 231, 60, 217, 56, 131, 118, 168, 202, 58, 52, 84, 124, 162, 185, 174, 162, 226, 242, 112, 68, 246, 202, 16, 208, 52, 154, 58, 129, 80, 102, 33, 171, 6, 186, 177, 14, 195, 88, 136, 6, 0, 155, 28, 100, 162, 207, 162, 222, 117, 248, 170, 208, 114, 87, 31, 57, 176, 33, 57, 83, 253, 12, 168, 110, 194, 59, 22, 86, 48, 227, 196, 22, 176, 218, 122, 149, 21, 249, 195, 178, 174, 250, 20, 34, 120, 60, 139, 201, 99, 40, 18, 177, 17, 54, 54, 6, 3, 222, 128, 160, 88, 11, 27, 0, 81, 192, 36, 41, 169, 146, 8, 47, 64, 136, 28, 64, 209, 67, 135, 202, 20, 234, 182, 91, 204, 146, 195, 187, 0, 72, 77, 11, 111, 152, 204, 252, 177, 212, 89, 33, 50, 132, 184, 44, 183, 186, 19, 250, 69, 176, 201, 102, 140, 14, 143, 212, 212, 160, 123, 208, 185, 27, 155, 68, 77, 133, 198, 2, 126, 155, 215, 22, 91, 30, 217, 176, 172, 244, 156, 174, 143, 75, 90, 21, 102, 1, 160, 59, 253, 188, 88, 57, 185, 197, 83, 24, 22, 180, 174, 47, 207, 52, 1, 141, 146, 119, 233, 68, 228, 224, 228, 193, 248, 155, 202, 90, 7, 213, 88, 33, 108, 107, 14, 86, 8, 120, 250, 58, 142, 35, 164, 238, 221, 219, 35, 123, 88, 199, 192, 143, 104, 83, 17, 166, 243, 247, 11, 166, 67, 68, 204, 132, 23, 110, 103, 228, 14, 55, 122, 88, 57, 180, 178, 237, 52, 130, 214, 245, 102, 123, 67, 73, 175, 1, 127, 112, 148, 94, 132, 164, 197, 153, 217, 87, 25, 89, 93, 63, 22, 66, 166, 90, 251, 101, 10, 145, 66, 17, 124, 36, 255, 165, 226, 97, 16, 86, 112, 154, 88, 105, 253, 56, 209, 229, 122, 103, 51, 24, 228, 190, 3, 236, 48, 182, 121, 176, 140, 128, 117, 87, 251, 224, 37, 23, 248, 21, 218, 85, 251, 136, 84, 147, 143, 144, 46, 155, 183, 251, 89, 86, 23, 26, 237, 100, 167, 32, 130, 173, 237, 89, 55, 110, 70, 142, 127, 65, 230, 208, 109, 69, 19, 253, 84, 130, 130, 193, 92, 58, 108, 150, 42, 136, 249, 234, 86, 241, 182, 19, 117, 246, 26, 181, 92, 101, 155, 44, 103, 235, 173, 30, 140, 90, 29, 183, 190, 77, 53, 206, 127, 5, 87, 8, 187, 184, 92, 4, 157, 22, 18, 105, 251, 39, 88, 182, 181, 103, 148, 233, 6, 63, 70, 188, 7, 101, 216, 127, 77, 31, 12, 233, 7, 147, 106, 30, 150, 77, 145, 13, 205, 48, 56, 245, 220, 89, 252, 127, 51, 180, 36, 31, 55, 18, 214, 230, 254, 217, 197, 65, 247, 27, 215, 117, 247, 108, 157, 121, 11, 63, 150, 195, 83, 6, 134, 242, 41, 24, 105, 204, 5, 63, 192, 14, 159, 113, 72, 140, 128, 51, 215, 80, 215, 39, 149, 94, 79, 128, 34, 5, 129, 82, 83, 121, 187, 37, 146, 27, 32, 177, 167, 71, 9, 195, 30, 199, 196, 205, 252, 207, 69, 8, 120, 27, 190, 51, 43, 75, 249, 234, 167, 116, 206, 203, 199, 43, 108, 87, 48, 155, 140, 228, 210, 85, 25, 161, 96, 67, 8, 205, 64, 39, 75, 88, 44, 238, 227, 16, 0, 100, 93, 129, 18, 4, 149, 50, 68, 72, 99, 35, 111, 254, 27, 102, 175, 108, 233, 87, 181, 44, 169, 18, 139, 79, 208, 14, 202, 192, 5, 162, 222, 231, 149, 24, 211, 49, 120, 101, 39, 206, 87, 147, 204, 200, 251, 104, 115, 5, 127, 117, 195, 79, 151, 18, 224, 52, 0, 245, 4, 85, 255, 103, 217, 0, 116, 198, 80, 91, 167, 192, 154, 199, 197, 149, 237, 51, 2, 131, 30, 226, 95, 105, 48, 68, 135, 208, 144, 120, 176, 145, 157, 8, 171, 80, 94, 61, 92, 92, 220, 157, 13, 138, 51, 23, 185, 124, 31, 77, 1, 87, 241, 43, 239, 55, 122, 86, 210, 48, 208, 204, 112, 144, 80, 147, 106, 219, 47, 253, 31, 134, 176, 16, 135, 219, 95, 17, 129, 83, 236, 125, 136, 112, 86, 228, 252, 71, 129, 218, 174, 156, 236, 12, 27, 159, 11, 138, 252, 253, 207, 31, 115, 214, 118, 239, 203, 16, 211, 205, 99, 22, 51, 163, 107, 162, 246, 199, 67, 127, 34, 108, 197, 53, 117, 58, 199, 3, 190, 74, 70, 190, 65, 235, 175, 97, 157, 215, 252, 189, 245, 100, 229, 248, 46, 90, 126, 237, 4, 159, 128, 58, 7, 156, 236, 69, 191, 85, 240, 179, 224, 249, 152, 49, 195, 223, 60, 78, 186, 157, 155, 217, 58, 105, 116, 164, 217, 111, 215, 150, 218, 252, 84, 86, 248, 140, 240, 226, 61, 106, 208, 95, 60, 163, 6, 0, 235, 253, 162, 96, 62, 234, 251, 249, 35, 21, 7, 211, 233, 86, 50, 33, 203, 67, 248, 60, 190, 123, 48, 167, 226, 90, 191, 71, 56, 183, 165, 17, 85, 76, 238, 140, 211, 168, 53, 223, 194, 4, 97, 149, 156, 120, 137, 76, 33, 229, 243, 194, 208, 198, 202, 139, 28, 114, 46, 224, 92, 254, 83, 100, 134, 158, 92, 70, 78, 61, 62, 138, 24, 173, 216, 66, 198, 70, 254, 47, 59, 193, 53, 6, 139, 19, 153, 253, 28, 199, 122, 160, 27, 67, 234, 209, 227, 139, 4, 50, 7, 178, 183, 89, 252, 32, 128, 137, 55, 52, 29, 89, 12, 111, 42, 181, 51, 170, 132, 132, 207, 170, 228, 254, 178, 213, 0, 136, 175, 8]
</t>
<t>The resulting Authentication Tag value is:</t>
<t>
[208, 113, 102, 132, 236, 236, 67, 223, 39, 53, 98, 99, 32, 121, 17, 236]
</t>
<t>
Encoding this JWE Ciphertext as
BASE64URL(JWE Ciphertext) gives this value
(with line breaks for display purposes only):
</t>
<figure>
<artwork><![CDATA[
AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo
wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g
0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_
GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP
nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB
wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3
lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ
h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU
qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi
rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665
d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe
PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_
ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH
PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC
_CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi
GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy
rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE
hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc
ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo
4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe
hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI
B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc
OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5
TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15
Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM
38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE
SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA
D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8
H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4
r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp-
7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO
v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl
88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD
IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg
]]></artwork>
</figure>
<t>
Encoding this JWE Authentication Tag as
BASE64URL(JWE Authentication Tag) gives this value:
</t>
<figure>
<artwork><![CDATA[
0HFmhOzsQ98nNWJjIHkR7A
]]></artwork>
</figure>
</section>
<section title='Complete Representation' anchor='example-privkey-complete'>
<t>
Assemble the final representation:
The JWE Compact Serialization of this result,
as defined in Section 7.1 of <xref target="JWE"/>,
is the string
BASE64URL(UTF8(JWE Protected Header))
|| '.' || BASE64URL(JWE Encrypted Key)
|| '.' || BASE64URL(JWE Initialization Vector)
|| '.' || BASE64URL(JWE Ciphertext)
|| '.' || BASE64URL(JWE Authentication Tag).
</t>
<t>
The final result in this example
(with line breaks for display purposes only) is:
</t>
<figure>
<artwork><![CDATA[
eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJwMnMiOiIyV0NUY0paMVJ2ZF9DSn
VKcmlwUTF3IiwicDJjIjo0MDk2LCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5Ijoi
andrK2pzb24ifQ.
TrqXOwuNUfDV9VPTNbyGvEJ9JMjefAVn-TR1uIxR9p6hsRQh9Tk7BA.
Ye9j1qs22DmRSAddIh-VnA.
AwhB8lxrlKjFn02LGWEqg27H4Tg9fyZAbFv3p5ZicHpj64QyHC44qqlZ3JEmnZTgQo
wIqZJ13jbyHB8LgePiqUJ1hf6M2HPLgzw8L-mEeQ0jvDUTrE07NtOerBk8bwBQyZ6g
0kQ3DEOIglfYxV8-FJvNBYwbqN1Bck6d_i7OtjSHV-8DIrp-3JcRIe05YKy3Oi34Z_
GOiAc1EK21B11c_AE11PII_wvvtRiUiG8YofQXakWd1_O98Kap-UgmyWPfreUJ3lJP
nbD4Ve95owEfMGLOPflo2MnjaTDCwQokoJ_xplQ2vNPz8iguLcHBoKllyQFJL2mOWB
wqhBo9Oj-O800as5mmLsvQMTflIrIEbbTMzHMBZ8EFW9fWwwFu0DWQJGkMNhmBZQ-3
lvqTc-M6-gWA6D8PDhONfP2Oib2HGizwG1iEaX8GRyUpfLuljCLIe1DkGOewhKuKkZ
h04DKNM5Nbugf2atmU9OP0Ldx5peCUtRG1gMVl7Qup5ZXHTjgPDr5b2N731UooCGAU
qHdgGhg0JVJ_ObCTdjsH4CF1SJsdUhrXvYx3HJh2Xd7CwJRzU_3Y1GxYU6-s3GFPbi
rfqqEipJDBTHpcoCmyrwYjYHFgnlqBZRotRrS95g8F95bRXqsaDY7UgQGwBQBwy665
d0zpvTasvfXf_c0MWAl-neFaKOW_Px6g4EUDjG1GWSXV9cLStLw_0ovdApDIFLHYHe
PyagyHjouQUuGiq7BsYwYrwaF06tgB8hV8omLNfMEmDPJaZUzMuHw6tBDwGkzD-tS_
ub9hxrpJ4UsOWnt5rGUyoN2N_c1-TQlXxm5oto14MxnoAyBQBpwIEgSH3Y4ZhwKBhH
PjSo0cdwuNdYbGPpb-YUvF-2NZzODiQ1OvWQBRHSbPWYz_xbGkgD504LRtqRwCO7CC
_CyyURi1sEssPVsMJRX_U4LFEOc82TiDdqjKOjRUfKK5rqLi8nBE9soQ0DSaOoFQZi
GrBrqxDsNYiAYAmxxkos-i3nX4qtByVx85sCE5U_0MqG7COxZWMOPEFrDaepUV-cOy
rvoUIng8i8ljKBKxETY2BgPegKBYCxsAUcAkKamSCC9AiBxA0UOHyhTqtlvMksO7AE
hNC2-YzPyx1FkhMoS4LLe6E_pFsMlmjA6P1NSge9C5G5tETYXGAn6b1xZbHtmwrPSc
ro9LWhVmAaA7_bxYObnFUxgWtK4vzzQBjZJ36UTk4OTB-JvKWgfVWCFsaw5WCHj6Oo
4jpO7d2yN7WMfAj2hTEabz9wumQ0TMhBduZ-QON3pYObSy7TSC1vVme0NJrwF_cJRe
hKTFmdlXGVldPxZCplr7ZQqRQhF8JP-l4mEQVnCaWGn9ONHlemczGOS-A-wwtnmwjI
B1V_vgJRf4FdpV-4hUk4-QLpu3-1lWFxrtZKcggq3tWTduRo5_QebQbUUT_VSCgsFc
OmyWKoj56lbxthN19hq1XGWbLGfrrR6MWh23vk01zn8FVwi7uFwEnRYSafsnWLa1Z5
TpBj9GvAdl2H9NHwzpB5NqHpZNkQ3NMDj13Fn8fzO0JB83Etbm_tnFQfcb13X3bJ15
Cz-Ww1MGhvIpGGnMBT_ADp9xSIyAM9dQ1yeVXk-AIgWBUlN5uyWSGyCxp0cJwx7HxM
38z0UIeBu-MytL-eqndM7LxytsVzCbjOTSVRmhYEMIzUAnS1gs7uMQAGRdgRIElTJE
SGMjb_4bZq9s6Ve1LKkSi0_QDsrABaLe55UY0zF4ZSfOV5PMyPtocwV_dcNPlxLgNA
D1BFX_Z9kAdMZQW6fAmsfFle0zAoMe4l9pMESH0JB4sJGdCKtQXj1cXNydDYozF7l8
H00BV_Er7zd6VtIw0MxwkFCTatsv_R-GsBCH218RgVPsfYhwVuT8R4HarpzsDBufC4
r8_c8fc9Z278sQ081jFjOja6L2x0N_ImzFNXU6xwO-Ska-QeuvYZ3X_L31ZOX4Llp-
7QSfgDoHnOxFv1Xws-D5mDHD3zxOup2b2TppdKTZb9eW2vxUVviM8OI9atBfPKMGAO
v9omA-6vv5IxUH0-lWMiHLQ_g8vnswp-Jav0c4t6URVUzujNOoNd_CBGGVnHiJTCHl
88LQxsqLHHIu4Fz-U2SGnlxGTj0-ihit2ELGRv4vO8E1BosTmf0cx3qgG0Pq0eOLBD
IHsrdZ_CCAiTc0HVkMbyq1M6qEhM-q5P6y1QCIrwg.
0HFmhOzsQ98nNWJjIHkR7A
]]></artwork>
</figure>
</section>
</section>
<section title="Acknowledgements" anchor="Acknowledgements">
<t>
A JSON representation for RSA public keys was previously
introduced by John Panzer, Ben Laurie, and Dirk Balfanz
in <xref target="MagicSignatures">Magic Signatures</xref>.
</t>
<t>
Thanks to Matt Miller for creating the encrypted key example
and to Edmund Jay and Brian Campbell for validating the example.
</t>
<t>
This specification is the work of the JOSE Working Group,
which includes dozens of active and dedicated participants.
In particular, the following individuals contributed ideas,
feedback, and wording that influenced this specification:
</t>
<t>
Dirk Balfanz,
Richard Barnes,
John Bradley,
Brian Campbell,
Breno de Medeiros,
Stephen Farrell,
Joe Hildebrand,
Edmund Jay,
Stephen Kent,
Ben Laurie,
James Manger,
Matt Miller,
Kathleen Moriarty,
Chuck Mortimore,
Tony Nadalin,
Axel Nennker,
John Panzer,
Eric Rescorla,
Pete Resnick,
Nat Sakimura,
Jim Schaad,
Ryan Sleevi,
Paul Tarjan,
Hannes Tschofenig,
and Sean Turner.
</t>
<t>
Jim Schaad and Karen O'Donoghue chaired the JOSE working group and
Sean Turner, Stephen Farrell, and Kathleen Moriarty served as Security area directors
during the creation of this specification.
</t>
</section>
<section title="Document History" anchor="History">
<t>
[[ to be removed by the RFC Editor before publication as an RFC ]]
</t>
<t>
-40
<list style='symbols'>
<t>
Clarified the definitions of UTF8(STRING) and ASCII(STRING).
</t>
<t>
Stated that line breaks are for display purposes only
in places where this disclaimer was needed and missing.
</t>
<t>
Updated the WebCrypto reference to refer to the W3C Candidate Recommendation.
</t>
</list>
</t>
<t>
-39
<list style='symbols'>
<t>
No changes were made, other than to the version number and date.
</t>
</list>
</t>
<t>
-38
<list style='symbols'>
<t>
Replaced uses of the phrase "JWK object" with "JWK".
</t>
</list>
</t>
<t>
-37
<list style='symbols'>
<t>
Updated the TLS requirements language to only require implementations
to support TLS when they support features using TLS.
</t>
<t>
Restricted algorithm names to using only ASCII characters.
</t>
<t>
Updated the example IANA registration request subject line.
</t>
</list>
</t>
<t>
-36
<list style='symbols'>
<t>
Stated that if both <spanx style="verb">use</spanx> and
<spanx style="verb">key_ops</spanx> are used,
the information they convey MUST be consistent.
</t>
<t>
Clarified where white space and line breaks may occur in JSON objects
by referencing Section 2 of RFC 7159.
</t>
<t>
Specified that registration reviews occur on the jose-reg-review@ietf.org mailing list.
</t>
</list>
</t>
<t>
-35
<list style='symbols'>
<t>
Used real values for examples in the IANA Registration Templates.
</t>
</list>
</t>
<t>
-34
<list style='symbols'>
<t>
Addressed IESG review comments by Pete Resnick, Stephen Farrell,
and Richard Barnes.
</t>
<t>
Referenced RFC 4945 for PEM certificate delimiter syntax.
</t>
</list>
</t>
<t>
-33
<list style='symbols'>
<t>
Addressed secdir review comments by Stephen Kent for which
resolutions had mistakenly been omitted in the previous draft.
</t>
<t>
Acknowledged additional contributors.
</t>
</list>
</t>
<t>
-32
<list style='symbols'>
<t>
Addressed Gen-ART review comments by Russ Housley.
</t>
<t>
Addressed secdir review comments by Stephen Kent.
</t>
</list>
</t>
<t>
-31
<list style='symbols'>
<t>
No changes were made, other than to the version number and date.
</t>
</list>
</t>
<t>
-30
<list style='symbols'>
<t>
Added references and cleaned up the reference syntax in a few places.
</t>
<t>
Applied minor wording changes to the Security Considerations section.
</t>
</list>
</t>
<t>
-29
<list style='symbols'>
<t>
Replaced the terms JWS Header, JWE Header, and JWT Header
with a single JOSE Header term defined in the JWS specification.
This also enabled a single Header Parameter definition to be used
and reduced other areas of duplication between specifications.
</t>
</list>
</t>
<t>
-28
<list style='symbols'>
<t>
Revised the introduction to the Security Considerations section.
</t>
<t>
Refined the text about when applications using encrypted JWKs and JWK Sets
would not need to use the <spanx style="verb">cty</spanx> header parameter.
</t>
</list>
</t>
<t>
-27
<list style='symbols'>
<t>
Added an example JWK early in the draft.
</t>
<t>
Described additional security considerations.
</t>
<t>
Added the <spanx style="verb">x5t#S256</spanx>
(X.509 Certificate SHA-256 Thumbprint) JWK member.
</t>
<t>
Addressed a few editorial issues.
</t>
</list>
</t>
<t>
-26
<list style='symbols'>
<t>
Referenced Section 6 of RFC 6125 for TLS server certificate identity validation.
</t>
<t>
Deleted misleading non-normative phrase from the <spanx style="verb">use</spanx> description.
</t>
<t>
Noted that octet sequences are depicted using JSON array notation.
</t>
<t>
Updated references, including to W3C specifications.
</t>
</list>
</t>
<t>
-25
<list style='symbols'>
<t>
Updated WebCrypto reference to refer to W3C Last Call draft.
</t>
</list>
</t>
<t>
-24
<list style='symbols'>
<t>
Corrected the authentication tag value in the encrypted key example.
</t>
<t>
Updated the JSON reference to RFC 7159.
</t>
</list>
</t>
<t>
-23
<list style='symbols'>
<t>
No changes were made, other than to the version number and date.
</t>
</list>
</t>
<t>
-22
<list style='symbols'>
<t>
Corrected RFC 2119 terminology usage.
</t>
<t>
Replaced references to draft-ietf-json-rfc4627bis with RFC 7158.
</t>
</list>
</t>
<t>
-21
<list style='symbols'>
<t>
Replaced the <spanx style="verb">key_ops</spanx> values
<spanx style="verb">wrap</spanx> and <spanx style="verb">unwrap</spanx> with
<spanx style="verb">wrapKey</spanx> and <spanx style="verb">unwrapKey</spanx>
to match the <spanx style="verb">KeyUsage</spanx> values defined in
the current Web Cryptography API editor's draft.
</t>
<t>
Compute the PBES2 salt parameter as (UTF8(Alg) || 0x00 || Salt Input),
where the <spanx style="verb">p2s</spanx> Header Parameter
encodes the Salt Input value and
Alg is the <spanx style="verb">alg</spanx> Header Parameter value.
</t>
<t>
Changed some references from being normative to informative,
addressing issue #90.
</t>
</list>
</t>
<t>
-20
<list style='symbols'>
<t>
Renamed <spanx style="verb">use_details</spanx> to
<spanx style="verb">key_ops</spanx> (key operations).
</t>
<t>
Clarified that <spanx style="verb">use</spanx> is meant for public key
use cases, <spanx style="verb">key_ops</spanx> is meant for use cases
in which public, private, or symmetric keys may be present,
and that <spanx style="verb">use</spanx> and
<spanx style="verb">key_ops</spanx> should not be used together.
</t>
<t>
Replaced references to RFC 4627 with draft-ietf-json-rfc4627bis,
addressing issue #90.
</t>
</list>
</t>
<t>
-19
<list style='symbols'>
<t>
Added optional <spanx style="verb">use_details</spanx> (key use details)
JWK member.
</t>
<t>
Reordered the key selection parameters.
</t>
</list>
</t>
<t>
-18
<list style='symbols'>
<t>
Changes to address editorial and minor issues
#68, #69, #73, #74, #76, #77, #78, #79, #82, #85, #89, and #135.
</t>
<t>
Added and used Description registry fields.
</t>
</list>
</t>
<t>
-17
<list style='symbols'>
<t>
Refined the <spanx style="verb">typ</spanx> and
<spanx style="verb">cty</spanx> definitions to always be
MIME Media Types, with the omission of "application/"
prefixes recommended for brevity,
addressing issue #50.
</t>
<t>
Added an example encrypting an RSA private key with
<spanx style="verb">PBES2-HS256+A128KW</spanx> and
<spanx style="verb">A128CBC-HS256</spanx>.
Thanks to Matt Miller for producing this!
</t>
<t>
Processing rules occurring in both
JWS and JWK are now referenced in JWS by JWK, rather than duplicated,
addressing issue #57.
</t>
<t>
Terms used in multiple documents are now defined in
one place and incorporated by reference.
Some lightly used or obvious terms were also removed.
This addresses issue #58.
</t>
</list>
</t>
<t>
-16
<list style='symbols'>
<t>
Changes to address editorial and minor issues
#41, #42, #43, #47, #51, #67, #71, #76, #80, #83, #84, #85, #86, #87, and #88.
</t>
</list>
</t>
<t>
-15
<list style='symbols'>
<t>
Changes to address editorial issues
#48, #64, #65, #66, and #91.
</t>
</list>
</t>
<t>
-14
<list style='symbols'>
<t>
Relaxed language introducing key parameters since
some parameters are applicable to multiple, but not all, key types.
</t>
</list>
</t>
<t>
-13
<list style='symbols'>
<t>
Applied spelling and grammar corrections.
</t>
</list>
</t>
<t>
-12
<list style='symbols'>
<t>
Stated that recipients MUST either reject JWKs and JWK Sets with
duplicate member names
or use a JSON parser that returns only
the lexically last duplicate member name.
</t>
</list>
</t>
<t>
-11
<list style='symbols'>
<t>
Stated that when <spanx style="verb">kid</spanx> values are used
within a JWK Set, different keys within the JWK Set SHOULD use distinct
<spanx style="verb">kid</spanx> values.
</t>
<t>
Added optional <spanx style="verb">x5u</spanx> (X.509 URL),
<spanx style="verb">x5t</spanx> (X.509 Certificate Thumbprint), and
<spanx style="verb">x5c</spanx> (X.509 Certificate Chain) JWK parameters.
</t>
<t>
Added section on Encrypted JWK and Encrypted JWK Set Formats.
</t>
<t>
Added a Parameter Information Class value to the
JSON Web Key Parameters registry, which registers whether
the parameter conveys public or private information.
</t>
<t>
Registered <spanx style="verb">application/jwk+json</spanx> and
<spanx style="verb">application/jwk-set+json</spanx> MIME types
and <spanx style="verb">JWK</spanx> and <spanx style="verb">JWK-SET</spanx>
typ header parameter values, addressing issue #21.
</t>
</list>
</t>
<t>
-10
<list style='symbols'>
<t>
No changes were made, other than to the version number and date.
</t>
</list>
</t>
<t>
-09
<list style='symbols'>
<t>
Expanded the scope of the JWK specification to include
private and symmetric key representations, as specified by
draft-jones-jose-json-private-and-symmetric-key-00.
</t>
<t>
Defined that members that are not understood must be ignored.
</t>
</list>
</t>
<t>
-08
<list style='symbols'>
<t>
Changed the name of the JWK key type parameter from
<spanx style="verb">alg</spanx> to <spanx style="verb">kty</spanx>
to enable use of <spanx style="verb">alg</spanx> to indicate
the particular algorithm that the key is intended to be used with.
</t>
<t>
Clarified statements of the form "This member is OPTIONAL"
to "Use of this member is OPTIONAL".
</t>
<t>
Referenced String Comparison Rules in JWS.
</t>
<t>
Added seriesInfo information to Internet Draft references.
</t>
</list>
</t>
<t>
-07
<list style='symbols'>
<t>
Changed the name of the JWK RSA modulus parameter from
<spanx style="verb">mod</spanx> to <spanx style="verb">n</spanx>
and the name of the JWK RSA exponent parameter from
<spanx style="verb">xpo</spanx> to <spanx style="verb">e</spanx>,
so that the identifiers are the same as those used in RFC 3447.
</t>
</list>
</t>
<t>
-06
<list style='symbols'>
<t>
Changed the name of the JWK RSA exponent parameter from
<spanx style="verb">exp</spanx> to <spanx style="verb">xpo</spanx>
so as to allow the potential use of the name <spanx style="verb">exp</spanx>
for a future extension that might define an expiration parameter for keys.
(The <spanx style="verb">exp</spanx> name is already used for this
purpose in the JWT specification.)
</t>
<t>
Clarify that the <spanx style="verb">alg</spanx> (algorithm family)
member is REQUIRED.
</t>
<t>
Correct an instance of "JWK" that should have been "JWK Set".
</t>
<t>
Applied changes made by the RFC Editor to RFC 6749's registry language
to this specification.
</t>
</list>
</t>
<t>
-05
<list style='symbols'>
<t>
Indented artwork elements to better distinguish them from the body text.
</t>
</list>
</t>
<t>
-04
<list style='symbols'>
<t>
Refer to the registries as the primary sources of defined
values and then secondarily reference the sections
defining the initial contents of the registries.
</t>
<t>
Normatively reference
XML DSIG 2.0
for its security considerations.
</t>
<t>
Added this language to Registration Templates:
"This name is case sensitive. Names that match other registered names
in a case insensitive manner SHOULD NOT be accepted."
</t>
<t>
Described additional open issues.
</t>
<t>
Applied editorial suggestions.
</t>
</list>
</t>
<t>
-03
<list style='symbols'>
<t>
Clarified that <spanx style="verb">kid</spanx> values need not be unique
within a JWK Set.
</t>
<t>
Moved JSON Web Key Parameters registry to the JWK specification.
</t>
<t>
Added "Collision Resistant Namespace" to the terminology section.
</t>
<t>
Changed registration requirements from RFC Required to
Specification Required with Expert Review.
</t>
<t>
Added Registration Template sections for defined registries.
</t>
<t>
Added Registry Contents sections to populate registry values.
</t>
<t>
Numerous editorial improvements.
</t>
</list>
</t>
<t>
-02
<list style='symbols'>
<t>
Simplified JWK terminology to get replace the "JWK Key Object" and
"JWK Container Object" terms with simply "JSON Web Key (JWK)"
and "JSON Web Key Set (JWK Set)" and to eliminate potential
confusion between single keys and sets of keys.
As part of this change, the top-level member name for a
set of keys was changed from <spanx style="verb">jwk</spanx>
to <spanx style="verb">keys</spanx>.
</t>
<t>
Clarified that values with duplicate member names MUST be rejected.
</t>
<t>
Established JSON Web Key Set Parameters registry.
</t>
<t>
Explicitly listed non-goals in the introduction.
</t>
<t>
Moved algorithm-specific definitions from JWK to JWA.
</t>
<t>
Reformatted to give each member definition its own section heading.
</t>
</list>
</t>
<t>
-01
<list style='symbols'>
<t>
Corrected the Magic Signatures reference.
</t>
</list>
</t>
<t>
-00
<list style='symbols'>
<t>
Created the initial IETF draft based upon
draft-jones-json-web-key-03 with no normative changes.
</t>
</list>
</t>
</section>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-23 03:00:07 |