One document matched: draft-jones-jose-json-private-and-symmetric-key-00.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
<?xml-stylesheet type='text/xsl' href='http://xml.resource.org/authoring/rfc2629.xslt' ?>
<?rfc toc="yes"?>
<?rfc tocompact="yes"?>
<?rfc tocdepth="4"?>
<?rfc tocindent="yes"?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<rfc category="std" ipr="trust200902" docName="draft-jones-jose-json-private-and-symmetric-key-00">
<front>
<title>JSON Private and Symmetric Key</title>
<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
<organization>Microsoft</organization>
<address>
<email>mbj@microsoft.com</email>
<uri>http://self-issued.info/</uri>
</address>
</author>
<date day="27" month="December" year="2012" />
<area>Security</area>
<workgroup>JOSE Working Group</workgroup>
<keyword>RFC</keyword>
<keyword>Request for Comments</keyword>
<keyword>I-D</keyword>
<keyword>Internet-Draft</keyword>
<keyword>JavaScript Object Notation</keyword>
<keyword>JSON</keyword>
<keyword>JSON Web Key</keyword>
<keyword>JWK</keyword>
<keyword>JSON Web Algorithms</keyword>
<keyword>JWA</keyword>
<abstract>
<t>
The JSON Private Key specification extends the
JSON Web Key (JWK) and
JSON Web Algorithms (JWA)
specifications to define
JavaScript Object Notation (JSON)
representations of private keys and symmetric keys.
</t>
</abstract>
</front>
<middle>
<section title="Introduction">
<t>
The JSON Private Key specification extends the
JSON Web Key (JWK) <xref target="JWK"/> and
JSON Web Algorithms (JWA) <xref target="JWA"/>
specifications to define
JavaScript Object Notation (JSON) <xref target="RFC4627"/>
representations of private and symmetric keys.
</t>
<section title='Notational Conventions'>
<t>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as
described in
Key words for use in RFCs to Indicate Requirement Levels <xref target='RFC2119' />.
</t>
</section>
</section>
<section title="Terminology">
<t>
This specification uses the same terminology as the
JSON Web Key (JWK) <xref target="JWK"/> and
JSON Web Algorithms (JWA) <xref target="JWA"/>
specifications.
</t>
</section>
<section title="JWK Parameters for Private Keys">
<t>
This section defines additional JSON Web Key parameters
that enable JWKs to represent private keys.
</t>
<section title="JWK Parameters for Elliptic Curve Private Keys" anchor="ECPrivate">
<t>
When the JWK <spanx style="verb">kty</spanx>
member value is <spanx style="verb">EC</spanx>,
the following member MAY be used to represent
an Elliptic Curve private key:
</t>
<section title='"d" (ECC Private Key) Parameter' anchor="dECDef">
<t>
The <spanx style="verb">d</spanx> (ECC private key) member contains
the Elliptic Curve private key value.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The array representation MUST not be shortened
to omit any leading zero bytes.
For instance, when representing 521 bit integers,
the byte array to be base64url encoded MUST contain 66 bytes,
including any leading zero bytes.
</t>
</section>
</section>
<section title="JWK Parameters for RSA Private Keys" anchor="RSAPrivate">
<t>
When the JWK <spanx style="verb">kty</spanx>
member value is <spanx style="verb">RSA</spanx>,
the following member MAY be used to represent
an RSA private key:
</t>
<section title='"d" (Private Exponent) Parameter' anchor="dRSADef">
<t>
The <spanx style="verb">d</spanx> (private exponent) member contains
the private exponent value for the RSA private key.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The array representation MUST not be shortened
to omit any leading zero bytes.
For instance, when representing 2048 bit integers,
the byte array to be base64url encoded MUST contain 256 bytes,
including any leading zero bytes.
</t>
</section>
<section title='"p" (First Prime Factor) Parameter' anchor="pRSADef">
<t>
The <spanx style="verb">p</spanx> (first prime factor) member contains
the first prime factor, a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
</t>
</section>
<section title='"q" (Second Prime Factor) Parameter' anchor="qRSADef">
<t>
The <spanx style="verb">q</spanx> (second prime factor) member contains
the second prime factor, a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
</t>
</section>
<section title='"dp" (First Factor CRT Exponent) Parameter' anchor="dpRSADef">
<t>
The <spanx style="verb">dp</spanx> (first factor CRT exponent)
member contains the Chinese Remainder Theorem (CRT) exponent
of the first factor, a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
</t>
</section>
<section title='"dq" (Second Factor CRT Exponent) Parameter' anchor="dqRSADef">
<t>
The <spanx style="verb">dq</spanx> (second factor CRT exponent)
member contains the Chinese Remainder Theorem (CRT) exponent
of the second factor, a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
</t>
</section>
<section title='"qi" (First CRT Coefficient) Parameter' anchor="qiRSADef">
<t>
The <spanx style="verb">dp</spanx> (first CRT coefficient)
member contains the Chinese Remainder Theorem (CRT)
coefficient of the second factor, a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
</t>
</section>
<section title='"oth" (Other Primes Info) Parameter' anchor="othRSADef">
<t>
The <spanx style="verb">oth</spanx> (other primes info)
member contains an array of information about any third and subsequent
primes, should they exist.
When only two primes have been used (the normal case),
this parameter MUST be omitted.
When three or more primes have been used, the number of array
elements MUST be the number of primes used minus two.
Each array element MUST be an object with the following members:
</t>
<section title='"r" (Prime Factor)'>
<t>
The <spanx style="verb">r</spanx> (prime factor) parameter
within an <spanx style="verb">oth</spanx> array member
represents the value of a subsequent prime factor,
a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
</t>
</section>
<section title='"d" (Factor CRT Exponent)'>
<t>
The <spanx style="verb">d</spanx> (Factor CRT Exponent) parameter
within an <spanx style="verb">oth</spanx> array member
represents the CRT exponent of the corresponding prime factor,
a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
</t>
</section>
<section title='"t" (Factor CRT Coefficient)'>
<t>
The <spanx style="verb">t</spanx> (factor CRT coefficient) parameter
within an <spanx style="verb">oth</spanx> array member
represents the CRT coefficient of the corresponding prime factor,
a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
</t>
</section>
</section>
</section>
</section>
<section title="JWK Parameters for Symmetric Keys" anchor="Symmetric">
<t>
When the JWK <spanx style="verb">kty</spanx>
member value is <spanx style="verb">oct</spanx> (octet sequence),
the following member MAY be used to represent
a symmetric key (or another key whose value is a single octet sequence):
</t>
<section title='"k" (Key Value) Parameter' anchor="kOctDef">
<t>
The <spanx style="verb">k</spanx> (key value) member contains
the value of the symmetric (or other single-valued) key.
It is represented as the base64url encoding of the
octet sequence containing the key value.
</t>
</section>
</section>
<section title="Example Private Keys" anchor="PrivateExample">
<t>
The following example JWK Set contains two keys represented
as JWKs containing both public and private key values:
one using an Elliptic Curve algorithm and
a second one using an RSA algorithm.
This example extends the example in
Section 3 of <xref target="JWK"/>,
adding private key values.
(Line breaks are for display purposes only.)
</t>
<figure><artwork><![CDATA[
{"keys":
[
{"kty":"EC",
"crv":"P-256",
"x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
"y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
"d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE",
"use":"enc",
"kid":"1"},
{"kty":"RSA",
"n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4
cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMst
n64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2Q
vzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbIS
D08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw
0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
"e":"AQAB",
"d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9
M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij
wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d
_cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz
nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz
me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q",
"p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV
nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV
WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs",
"q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum
qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx
kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk",
"dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim
YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu
YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0",
"dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU
vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9
GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk",
"qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg
UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx
yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU",
"alg":"RS256",
"kid":"2011-04-29"}
]
}
]]></artwork></figure>
</section>
<section title="Example Symmetric Keys" anchor="SymmetricExample">
<t>
The following example JWK Set contains two symmetric keys represented
as JWKs:
one designated as being for use with the AES Key Wrap algorithm and
a second one that is an HMAC key.
(Line breaks are for display purposes only.)
</t>
<figure><artwork><![CDATA[
{"keys":
[
{"kty":"oct",
"alg":"A128KW",
"k":"GawgguFyGrWKav7AX4VKUg"},
{"kty":"oct",
"k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75
aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow",
"kid":"HMAC key used in JWS A.1 example"}
]
}
]]></artwork></figure>
</section>
<section title="IANA Considerations" anchor="IANA">
<section title="JSON Web Key Types Registration">
<t>
This specification registers the key type defined in
<xref target="Symmetric"/> in the
IANA JSON Web Key Types registry <xref target="JWA"/>.
</t>
<section title='Registry Contents'>
<t> <?rfc subcompact="yes"?>
<list style='symbols'>
<t>
"kty" Parameter Value: <spanx style="verb">oct</spanx>
</t>
<t>
Implementation Requirements: RECOMMENDED+
</t>
<t>
Change Controller: IETF
</t>
<t>
Specification Document(s): <xref target="Symmetric" /> of [[ this document ]]
</t>
</list>
</t>
</section>
<?rfc subcompact="no"?>
</section>
<section title="JSON Web Key Parameters Registration">
<t>
This specification registers the parameter names defined in
<xref target="ECPrivate"/>, <xref target="RSAPrivate"/>,
and <xref target="Symmetric"/> in the
IANA JSON Web Key Parameters registry <xref target="JWK"/>.
</t>
<section title='Registry Contents'>
<t> <?rfc subcompact="yes"?>
<list style='symbols'>
<t>
Parameter Name: <spanx style="verb">d</spanx>
</t>
<t>
Change Controller: IETF
</t>
<t>
Specification Document(s): <xref target="dECDef"/> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Parameter Name: <spanx style="verb">d</spanx>
</t>
<t>
Change Controller: IETF
</t>
<t>
Specification Document(s): <xref target="dRSADef"/> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Parameter Name: <spanx style="verb">p</spanx>
</t>
<t>
Change Controller: IETF
</t>
<t>
Specification Document(s): <xref target="pRSADef"/> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Parameter Name: <spanx style="verb">q</spanx>
</t>
<t>
Change Controller: IETF
</t>
<t>
Specification Document(s): <xref target="qRSADef"/> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Parameter Name: <spanx style="verb">dp</spanx>
</t>
<t>
Change Controller: IETF
</t>
<t>
Specification Document(s): <xref target="dpRSADef"/> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Parameter Name: <spanx style="verb">dq</spanx>
</t>
<t>
Change Controller: IETF
</t>
<t>
Specification Document(s): <xref target="dqRSADef"/> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Parameter Name: <spanx style="verb">qi</spanx>
</t>
<t>
Change Controller: IETF
</t>
<t>
Specification Document(s): <xref target="qiRSADef"/> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Parameter Name: <spanx style="verb">oth</spanx>
</t>
<t>
Change Controller: IETF
</t>
<t>
Specification Document(s): <xref target="othRSADef"/> of [[ this document ]]
</t>
</list>
</t>
<t>
<list style='symbols'>
<t>
Parameter Name: <spanx style="verb">k</spanx>
</t>
<t>
Change Controller: IETF
</t>
<t>
Specification Document(s): <xref target="kOctDef"/> of [[ this document ]]
</t>
</list>
</t>
</section>
<?rfc subcompact="no"?>
</section>
</section>
<section title="Security Considerations" anchor="Security">
<t>
All of the security issues faced by any cryptographic application
must be faced by a JWS/JWE/JWK agent. Among these issues are protecting
the user's private and symmetric keys, preventing various attacks, and helping the
user avoid mistakes such as inadvertently encrypting a message for
the wrong recipient. The entire list of security considerations is
beyond the scope of this document.
</t>
<t>
Private and symmetric keys must be protected from disclosure
to unintended parties. One recommended means of doing so is
to encrypt JWKs or JWK Sets containing them by using the JWK
or JWK Set value as the plaintext of a JWE.
</t>
<t>
A key is no more trustworthy than the method by which it was received.
</t>
<t>
The security considerations in
<xref target="RFC3447">RFC 3447</xref> and <xref target="RFC6030">RFC 6030</xref>
about protecting private and symmetric keys also apply to this specification.
</t>
</section>
</middle>
<back>
<references title="Normative References">
<?rfc include='http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml' ?>
<?rfc include='http://xml.resource.org/public/rfc/bibxml/reference.RFC.3447.xml' ?>
<?rfc include='http://xml.resource.org/public/rfc/bibxml/reference.RFC.4627.xml' ?>
<?rfc include='http://xml.resource.org/public/rfc/bibxml/reference.RFC.6030.xml' ?>
<reference anchor="JWK">
<front>
<title>JSON Web Key (JWK)</title>
<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
<organization>Microsoft</organization>
<address>
<email>mbj@microsoft.com</email>
<uri>http://self-issued.info/</uri>
</address>
</author>
<date day="27" month="December" year="2012" />
</front>
<seriesInfo value="draft-ietf-jose-json-web-key" name="Internet-Draft"/>
<format target="http://tools.ietf.org/html/draft-ietf-jose-json-web-key" type="HTML"/>
</reference>
<reference anchor="JWA">
<front>
<title>JSON Web Algorithms (JWA)</title>
<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
<organization>Microsoft</organization>
<address>
<email>mbj@microsoft.com</email>
<uri>http://self-issued.info/</uri>
</address>
</author>
<date day="27" month="December" year="2012" />
</front>
<seriesInfo value="draft-ietf-jose-json-web-algorithms" name="Internet-Draft"/>
<format target="http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms" type="HTML"/>
</reference>
</references>
<section title="Acknowledgements" anchor="Acknowledgements">
<t>
John Bradley and James Manger contributed to the contents of this specification.
</t>
</section>
<section title='Document History'>
<t>
[[ to be removed by the RFC editor before publication as an RFC ]]
</t>
<t>
-00
<list style='symbols'>
<t>
Created draft-jones-jose-json-private-and-symmetric-key from
draft-jones-jose-json-private-key, adding a representation for
symmetric keys.
</t>
<t>
Tracked parameter changes and additions in the JWK spec.
</t>
<t>
Recommend encryption of JWKs and JWK Sets containing
private or symmetric keys as JWEs.
</t>
<t>
Added seriesInfo information to Internet Draft references.
</t>
</list>
</t>
<t>
draft-jones-jose-json-private-key-01
<list style='symbols'>
<t>
Changed the names of the RSA key parameters
so that the identifiers are the same as those used in RFC 3447.
</t>
<t>
Added the RSA private key fields enabling Chinese Remainder Theorem (CRT)
calculations, based upon their use in RFC 3447.
</t>
</list>
</t>
<t>
draft-jones-jose-json-private-key-00
<list style='symbols'>
<t>
Created draft-jones-jose-json-private-key to facilitate discussion
of the question from the W3C WebCrypto WG to the IETF JOSE WG of whether
JOSE plans to support a format for representing private keys.
</t>
</list>
</t>
</section>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-23 09:51:22 |