One document matched: draft-jones-json-web-encryption-json-serialization-00.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
<?xml-stylesheet type='text/xsl' href='http://xml.resource.org/authoring/rfc2629.xslt' ?>
<?rfc toc="yes"?>
<?rfc tocompact="yes"?>
<?rfc tocdepth="4"?>
<?rfc tocindent="yes"?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<rfc category="std" ipr="trust200902" docName="draft-jones-json-web-encryption-json-serialization-00">
<front>
<title abbrev="JWE JSON Serialization (JWE-JS)">JSON Web Encryption JSON Serialization (JWE-JS)</title>
<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
<organization>Microsoft</organization>
<address>
<email>mbj@microsoft.com</email>
<uri>http://self-issued.info/</uri>
</address>
</author>
<date day="5" month="March" year="2012" />
<area>Security</area>
<workgroup>JOSE Working Group</workgroup>
<keyword>RFC</keyword>
<keyword>Request for Comments</keyword>
<keyword>I-D</keyword>
<keyword>Internet-Draft</keyword>
<keyword>Assertion</keyword>
<keyword>Simple Web Token</keyword>
<keyword>Security Token</keyword>
<keyword>SWT</keyword>
<keyword>JavaScript Object Notation</keyword>
<keyword>JSON</keyword>
<keyword>JSON Web Token</keyword>
<keyword>JWT</keyword>
<keyword>JSON Web Signature</keyword>
<keyword>JWS</keyword>
<keyword>JSON Web Encryption</keyword>
<keyword>JWE</keyword>
<keyword>JSON Web Key</keyword>
<keyword>JWK</keyword>
<keyword>JSON Web Algorithms</keyword>
<keyword>JWA</keyword>
<abstract>
<t>
The JSON Web Encryption JSON Serialization (JWE-JS) is a means
of representing encrypted content using JSON data structures.
This specification describes a means of representing
secured content as a JSON data object
(as opposed to the JWE specification, which uses a
compact serialization with a URL-safe representation).
It enables the same content to be encrypted to multiple
parties (unlike JWE).
Cryptographic algorithms and identifiers used with this
specification are enumerated in the separate
JSON Web Algorithms (JWA) specification.
The JSON Serialization for related digital signature and HMAC
functionality is described in the separate
JSON Web Signature JSON Serialization (JWS-JS) specification.
</t>
</abstract>
<note title="Requirements Language">
<t>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described
in <xref target="RFC2119">RFC 2119</xref>.
</t>
</note>
</front>
<middle>
<section title="Introduction">
<t>
The JSON Web Encryption JSON Serialization (JWE-JS) is a format for
representing encrypted content as a
JSON <xref target="RFC4627">RFC 4627</xref> object.
It enables the same content to be encrypted to multiple parties
(unlike JWE <xref target="JWE" />.)
The encryption mechanisms are independent of the type of
content being encrypted.
Cryptographic algorithms and identifiers used with this
specification are enumerated in the separate
JSON Web Algorithms (JWA) <xref target="JWA" /> specification.
The JSON Serialization for related digital signature and HMAC
functionality is described in the separate
JSON Web Signature JSON Serialization (JWS-JS) <xref target="JWS-JS" />
specification.
</t>
</section>
<section title="Terminology">
<t>
This specification uses the same terminology as the
JSON Web Encryption (JWE) <xref target="JWE" />
specification.
</t>
</section>
<section title="JSON Serialization">
<t>
The JSON Serialization represents encrypted content as a JSON
object with members for each of three constituent parts: a
<spanx style="verb">headers</spanx> member whose value is a
non-empty array of Encoded JWE Header values, a <spanx
style="verb">encrypted_keys</spanx> member whose value is a
non-empty array of Encoded JWE Encrypted Key values, where the
number of elements in both arrays is the same, and a <spanx
style="verb">ciphertext</spanx> member whose value is an
Encoded JWE Ciphertext value.
</t>
<t>
Unlike the compact serialization used by JWEs, content using
the JSON Serialization MAY be encrypted to more than one
recipient. Each recipient requires a JWE Header value
specifying the cryptographic parameters used to encrypt the
JWE Encrypted Key to that recipient and the parameters used to
encrypt the plaintext to produce the JWE Ciphertext; these
values are represented as Encoded JWE Header values that are
elements of the non-empty array contained in the <spanx
style="verb">headers</spanx> member. Each recipient also
requires a JWE Encrypted Key value; these values are
represented as Encoded JWE Encrypted Key values that are
corresponding elements of the non-empty array contained in the
<spanx style="verb">encrypted_keys</spanx> member.
Therefore, the syntax is:
</t>
<figure><artwork><![CDATA[{"headers":["<header 1 contents>",...,"<header N contents>"],
"encrypted_keys":["<key 1 contents>",...,"<key N contents>"],
"ciphertext":"<ciphertext contents>"
}
]]></artwork></figure>
<t>
The contents of the Encoded JWE Header, Encoded JWE Encrypted
Key, and Encoded JWE Ciphertext values are exactly as
specified in JSON Web Encryption (JWE) <xref target="JWE" />.
They are interpreted and validated in the same manner, with
each corresponding <spanx style="verb">headers</spanx> and
<spanx style="verb">encrypted_keys</spanx> value being created
or validated together. The arrays MUST have the same number
of elements.
</t>
<t>
The i'th JWE Encrypted Key value is computed using the
parameters of i'th JWE Header value in the same manner
described in the JWE specification. This has the desirable
result that each Encoded JWE Encrypted Key value in the <spanx
style="verb">encrypted_keys</spanx> array is identical to the
value that would have been computed for the same header and
payload in a JWE, as is the JWE Ciphertext value.
</t>
<t>
All recipients use the same JWE Ciphertext value, resulting in
potentially significant space savings if the message is large.
Therefore, all header parameters that specify the treatment of
the JWE Ciphertext value MUST be the same for all recipients.
In particular, this means that the <spanx
style="verb">enc</spanx> (encryption method) header parameter
value in the JWE Header for each recipient MUST be the same,
as MUST be the <spanx style="verb">iv</spanx> (initialization
vector) value (when required for the algorithm).
</t>
</section>
<section title="Example JWE-JS" anchor="JSONSerializationExample">
<t>
This section contains an example using the JWE JSON
Serialization. This example demonstrates the capability for
encrypting the same plaintext to multiple recipients.
</t>
<t>
Two recipients are present in this example: both using the
RSA-PKCS1_1.5 algorithm to produce the JWE Encrypted Key (but
with using different public keys). The Plaintext is encrypted
using the AES-256-GCM algorithm to produce the JWE Ciphertext.
The two Decoded JWE Header Segments used are:
</t>
<figure><artwork><![CDATA[{"alg":"RSA1_5",
"enc":"A256GCM",
"iv":"__79_Pv6-fg",
"x5t":"7noOPq-hJ1_hCnvWh6IeYI2w9Q0"}]]></artwork></figure>
<t>
and:
</t>
<figure><artwork><![CDATA[{"alg":"RSA1_5",
"enc":"A256GCM",
"iv":"__79_Pv6-fg",
"jku":"https://example.com/public_key.jwk"}]]></artwork></figure>
<t>
The complete JSON Web Encryption JSON Serialization (JWE-JS)
for these values is as follows
(with line breaks for display purposes only):
</t>
<figure><artwork><![CDATA[{"headers":[
"eyJhbGciOiJSU0ExXzUiLA0KICJlbmMiOiJBMjU2R0NNIiwNCiAiaXYiOiJfX
zc5X1B2Ni1mZyIsDQogIng1dCI6Ijdub09QcS1oSjFfaENudldoNkllWUkydzlRM
CJ9",
"eyJhbGciOiJSU0ExXzUiLA0KICJlbmMiOiJBMjU2R0NNIiwNCiAiaXYiOiJfX
zc5X1B2Ni1mZyIsDQogImprdSI6Imh0dHBzOi8vZXhhbXBsZS5jb20vcHVibGljX
2tleS5qd2sifQ"],
"encrypted_keys":[
"TBD_key_1_value_TBD",
"TBD_key_2_value_TBD"],
"ciphertext":"TBD_ciphertext_value_TBD"
}]]></artwork></figure>
<t>
TBD: Finish this example.
</t>
</section>
<section title="IANA Considerations" anchor="IANA">
<t>
This specification makes no requests of IANA.
</t>
</section>
<section title="Security Considerations" anchor="Security">
<t>
The security considerations for this specification are the
same as those for the JSON Web Encryption (JWE) <xref
target="JWE" /> specification.
</t>
</section>
<section title="Open Issues and Things To Be Done (TBD)" anchor="TBD">
<t>
The following items remain to be done in this draft:
<list style="symbols">
<t>
Complete the example.
</t>
<t>
Track changes that occur in the JWE spec, including the
introduction of integrity protection for non AEAD operations.
</t>
</list>
</t>
</section>
</middle>
<back>
<references title="Normative References">
<?rfc include='http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml' ?>
<?rfc include='http://xml.resource.org/public/rfc/bibxml/reference.RFC.4627.xml' ?>
<reference anchor="JWE">
<front>
<title>JSON Web Encryption (JWE)</title>
<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
<organization>Microsoft</organization>
<address>
<email>mbj@microsoft.com</email>
<uri>http://self-issued.info/</uri>
</address>
</author>
<author fullname="Eric Rescorla" initials="E." surname="Rescorla">
<organization>RTFM, Inc.</organization>
<address>
<email>ekr@rtfm.com</email>
</address>
</author>
<author fullname="Joe Hildebrand" initials="J." surname="Hildebrand">
<organization>Cisco Systems, Inc.</organization>
<address>
<email>jhildebr@cisco.com</email>
</address>
</author>
<date day="16" month="January" year="2012" />
</front>
<format target="http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption" type="HTML" />
</reference>
<reference anchor="JWA">
<front>
<title>JSON Web Algorithms (JWA)</title>
<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
<organization>Microsoft</organization>
<address>
<email>mbj@microsoft.com</email>
<uri>http://self-issued.info/</uri>
</address>
</author>
<date day="16" month="January" year="2012" />
</front>
<format target="http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms" type="HTML" />
</reference>
</references>
<references title="Informative References">
<?rfc include="http://xml.resource.org/public/rfc/bibxml3/reference.I-D.draft-rescorla-jsms-00.xml" ?>
<reference anchor="JWS-JS">
<front>
<title>JSON Web Signature JSON Serialization (JWS-JS)</title>
<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
<organization>Microsoft</organization>
<address>
<email>mbj@microsoft.com</email>
<uri>http://self-issued.info/</uri>
</address>
</author>
<author fullname="John Bradley" initials="J." surname="Bradley">
<organization>independent</organization>
<address>
<email>ve7jtb@ve7jtb.com</email>
</address>
</author>
<author fullname="Nat Sakimura" initials="N." surname="Sakimura">
<organization>Nomura Research Institute</organization>
<address>
<email>n-sakimura@nri.co.jp</email>
</address>
</author>
<date day="5" month="March" year="2012" />
</front>
<format target="http://tools.ietf.org/html/draft-jones-json-web-signature-json-serialization" type="HTML" />
</reference>
<reference anchor="JSE">
<front>
<title>JSON Simple Encryption</title>
<author fullname="John Bradley" initials="J." surname="Bradley">
<organization>independent</organization>
</author>
<author fullname="Nat Sakimura (editor)" initials="N. " surname="Sakimura (editor)">
<organization>Nomura Research Institute</organization>
</author>
<date month="September" year="2010" />
</front>
<format target="http://jsonenc.info/enc/1.0/" type="HTML" />
</reference>
</references>
<section title="Acknowledgements" anchor="Acknowledgements">
<t>
JSON serializations for encrypted content were previously explored by
<xref target="JSE">JSON Simple Encryption</xref> and
<xref target="I-D.rescorla-jsms">JavaScript Message Security
Format</xref>.
</t>
</section>
<section title='Document History'>
<t>
-00
<list style='symbols'>
<t>
Created the initial version incorporating JOSE working
group input and drawing from the JSON Serialization
previously proposed in draft-jones-json-web-token-01.
</t>
</list>
</t>
</section>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-22 20:41:16 |