Examples of Protecting Content using JavaScript Object Signing and Encryption (JOSE)
draft-ietf-jose-cookbook-06
The information below is for an old version of the document.
Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 7520.
|
|
---|---|---|---|
Author | Matthew A. Miller | ||
Last updated | 2014-11-28 (Latest revision 2014-11-13) | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Formats | |||
Reviews |
SECDIR Last Call review
by Yaron Sheffer
Has issues
|
||
Additional resources | Mailing list discussion | ||
Stream | WG state | Submitted to IESG for Publication | |
Document shepherd | Jim Schaad | ||
Shepherd write-up | Show Last changed 2014-11-14 | ||
IESG | IESG state | Became RFC 7520 (Informational) | |
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | Kathleen Moriarty | ||
Send notices to | draft-ietf-jose-cookbook.all@tools.ietf.org, ietf@augustcellars.com, jose-chairs@tools.ietf.org, jose@ietf.org | ||
IANA | IANA review state | IANA OK - No Actions Needed |
draft-ietf-jose-cookbook-06
5.13.5. Encrypting the Key to the Third Recipient The following are generated before encrypting the CEK for the third recipient: o Initialization vector/nonce for key wrapping; this example uses the initialization vector/nonce from Figure 211 AvpeoPZ9Ncn9mkBn Figure 211: Recipient #2 Initialization Vector, base64url-encoded Performing the "A256GCMKW" key encryption operation over the CEK (Figure 202) with the following: o AES symmetric key (Figure 138; and o Initialization vector/nonce ((Figure 211 produces the following: o Encrypted key from Figure 212. o Key wrap authentication tag from Figure 213 a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-WyTpS1E Figure 212: Recipient #3 Encrypted Key, base64url-encoded 59Nqh1LlYtVIhfD3pgRGvw Figure 213: Recipient #3 Authentication Tag, base64url-encoded The following are generated after encrypting the CEK for the third recipient: o Recipient JWE Unprotected Header; this example uses the header from Figure 214. { "alg": "A256GCMKW", "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d", "tag": "59Nqh1LlYtVIhfD3pgRGvw", "iv": "AvpeoPZ9Ncn9mkBn" } Figure 214: Recipient #3 JWE Per-recipient Unprotected Header JSON Miller Expires May 17, 2015 [Page 101] Internet-Draft JOSE Cookbook November 2014 The following is the assembled third recipient JSON: { "encrypted_key": "a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-WyTpS1 E", "header": { "alg": "A256GCMKW", "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d", "tag": "59Nqh1LlYtVIhfD3pgRGvw", "iv": "AvpeoPZ9Ncn9mkBn" } } Figure 215: Recipient #3 JSON 5.13.6. Encrypting the Content The following are generated before encrypting the content: o JWE Protected Header; this example uses the header from Figure 216, encoded to [RFC4648] base64url as Figure 217. { "enc": "A128CBC-HS256" } Figure 216: JWE Protected Header JSON eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0 Figure 217: JWE Protected Header, base64url-encoded Performing the content encryption operation over the Plaintext (Figure 72) with the following: o CEK (Figure 202), o Initialization vector/nonce (Figure 203), and o JWE Protected Header (Figure 217) as the authenticated data produces the following: o Ciphertext from Figure 218 o Authentication tag from Figure 219 Miller Expires May 17, 2015 [Page 102] Internet-Draft JOSE Cookbook November 2014 ajm2Q-OpPXCr7-MHXicknb1lsxLdXxK_yLds0KuhJzfWK04SjdxQeSw2L9mu3a _k1C55kCQ_3xlkcVKC5yr__Is48VOoK0k63_QRM9tBURMFqLByJ8vOYQX0oJW4 VUHJLmGhF-tVQWB7Kz8mr8zeE7txF0MSaP6ga7-siYxStR7_G07Thd1jh-zGT0 wxM5g-VRORtq0K6AXpLlwEqRp7pkt2zRM0ZAXqSpe1O6FJ7FHLDyEFnD-zDIZu kLpCbzhzMDLLw2-8I14FQrgi-iEuzHgIJFIJn2wh9Tj0cg_kOZy9BqMRZbmYXM Y9YQjorZ_P_JYG3ARAIF3OjDNqpdYe-K_5Q5crGJSDNyij_ygEiItR5jssQVH2 ofDQdLChtazE Figure 218: Ciphertext, base64url-encoded BESYyFN7T09KY7i8zKs5_g Figure 219: Authentication Tag, base64url-encoded The following is generated after encrypting the plaintext: o JWE Shared Unprotected Header parameters; this example uses the header from Figure 220. { "cty": "text/plain" } Figure 220: JWE Shared Unprotected Header JSON 5.13.7. Output Results The following compose the resulting JWE object: o Recipient #1 JSON (Figure 206) o Recipient #2 JSON (Figure 210) o Recipient #3 JSON (Figure 215) o Initialization vector/nonce (Figure 203) o Ciphertext (Figure 218) o Authentication tag (Figure 219) The Compact Serialization is not presented because it does not support this use case; the JSON Flattened Serialization is not presented because there is more than one recipient. The resulting JWE object using the JSON General Serialization: { Miller Expires May 17, 2015 [Page 103] Internet-Draft JOSE Cookbook November 2014 "recipients": [ { "encrypted_key": "dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zj wj4w6Y5G4XJQsNNIBiqyvUUAOcpL7S7-cFe7Pio7gV_Q06WmCSa- vhW6me4bWrBf7cHwEQJdXihidAYWVajJIaKMXMvFRMV6iDlRr076 DFthg2_AV0_tSiV6xSEIFqt1xnYPpmP91tc5WJDOGb-wqjw0-b-S 1laS11QVbuP78dQ7Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbe YSrRicJK5xodvWgkpIdkMHo4LvdhRRvzoKzlic89jFWPlnBq_V4n 5trGuExtp_-dbHcGlihqc_wGgho9fLMK8JOArYLcMDNQ", "header": { "alg": "RSA1_5", "kid": "frodo.baggins@hobbiton.example" } }, { "encrypted_key": "ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHi xJuw_elY4gSSId_w", "header": { "alg": "ECDH-ES+A256KW", "kid": "peregrin.took@tuckborough.example", "epk": { "kty": "EC", "crv": "P-384", "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhs E2xAn2DtMRb25Ma2CX", "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEj I1pOMbw91fzZ84pbfm" } } }, { "encrypted_key": "a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-Wy TpS1E", "header": { "alg": "A256GCMKW", "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d", "tag": "59Nqh1LlYtVIhfD3pgRGvw", "iv": "AvpeoPZ9Ncn9mkBn" } } ], "unprotected": { "cty": "text/plain" }, "protected": "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0", "iv": "VgEIHY20EnzUtZFl2RpB1g", "ciphertext": "ajm2Q-OpPXCr7-MHXicknb1lsxLdXxK_yLds0KuhJzfWK 04SjdxQeSw2L9mu3a_k1C55kCQ_3xlkcVKC5yr__Is48VOoK0k63_QRM Miller Expires May 17, 2015 [Page 104] Internet-Draft JOSE Cookbook November 2014 9tBURMFqLByJ8vOYQX0oJW4VUHJLmGhF-tVQWB7Kz8mr8zeE7txF0MSa P6ga7-siYxStR7_G07Thd1jh-zGT0wxM5g-VRORtq0K6AXpLlwEqRp7p kt2zRM0ZAXqSpe1O6FJ7FHLDyEFnD-zDIZukLpCbzhzMDLLw2-8I14FQ rgi-iEuzHgIJFIJn2wh9Tj0cg_kOZy9BqMRZbmYXMY9YQjorZ_P_JYG3 ARAIF3OjDNqpdYe-K_5Q5crGJSDNyij_ygEiItR5jssQVH2ofDQdLCht azE", "tag": "BESYyFN7T09KY7i8zKs5_g" } Figure 221: JSON General Serialization 6. Nesting Signatures and Encryption This example illustrates nesting a JSON Web Signature (JWS) structure within a JSON Web Encryption (JWE) structure. The signature uses the "PS256" (RSASSA-PSS) algorithm; the encryption uses the "RSA-OAEP" (RSAES-OAEP) key encryption algorithm and the "A128GCM" (AES-GCM) content encryption algorithm. Note that RSASSA-PSS uses random data to generate the signature, and RSAES-OAEP uses random data to generate the ciphertext; it might not be possible to exactly replicate the results in this section. Note that whitespace is added for readability as described in Section 1.1. 6.1. Signing Input Factors The following are supplied before beginning the signing operation: o Payload content; this example uses the JSON Web Token (JWT) [I-D.ietf-oauth-json-web-token] content from Figure 222, encoded as [RFC4648] base64url to produce Figure 223. o RSA private key; this example uses the key from Figure 224 { "iss": "hobbiton.example", "exp": 1300819380, "http://example.com/is_root": true } Figure 222: Payload content, in JSON format eyJpc3MiOiJob2JiaXRvbi5leGFtcGxlIiwiZXhwIjoxMzAwODE5MzgwLCJodH RwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZX0 Figure 223: Payload content, base64url-encoded Miller Expires May 17, 2015 [Page 105] Internet-Draft JOSE Cookbook November 2014 { "kty": "RSA", "kid": "hobbiton.example", "use": "sig", "n": "kNrPIBDXMU6fcyv5i-QHQAQ-K8gsC3HJb7FYhYaw8hXbNJa-t8q0lD KwLZgQXYV-ffWxXJv5GGrlZE4GU52lfMEegTDzYTrRQ3tepgKFjMGg6I y6fkl1ZNsx2gEonsnlShfzA9GJwRTmtKPbk1s-hwx1IU5AT-AIelNqBg cF2vE5W25_SGGBoaROVdUYxqETDggM1z5cKV4ZjDZ8-lh4oVB07bkac6 LQdHpJUUySH_Er20DXx30Kyi97PciXKTS-QKXnmm8ivyRCmux22ZoPUi nd2BKC5OiG4MwALhaL2Z2k8CsRdfy-7dg7z41Rp6D0ZeEvtaUp4bX4aK raL4rTfw", "e": "AQAB", "d": "ZLe_TIxpE9-W_n2VBa-HWvuYPtjvxwVXClJFOpJsdea8g9RMx34qEO EtnoYc2un3CZ3LtJi-mju5RAT8YSc76YJds3ZVw0UiO8mMBeG6-iOnvg obobNx7K57-xjTJZU72EjOr9kB7z6ZKwDDq7HFyCDhUEcYcHFVc7iL_6 TibVhAhOFONWlqlJgEgwVYd0rybNGKifdnpEbwyHoMwY6HM1qvnEFgP7 iZ0YzHUT535x6jj4VKcdA7ZduFkhUauysySEW7mxZM6fj1vdjJIy9LD1 fIz30Xv4ckoqhKF5GONU6tNmMmNgAD6gIViyEle1PrIxl1tBhCI14bRW -zrpHgAQ", "p": "yKWYoNIAqwMRQlgIBOdT1NIcbDNUUs2Rh-pBaxD_mIkweMt4Mg-0-B 2iSYvMrs8horhonV7vxCQagcBAATGW-hAafUehWjxWSH-3KccRM8toL4 e0q7M-idRDOBXSoe7Z2-CV2x_ZCY3RP8qp642R13WgXqGDIM4MbUkZSj cY9-c", "q": "uND4o15V30KDzf8vFJw589p1vlQVQ3NEilrinRUPHkkxaAzDzccGgr WMWpGxGFFnNL3w5CqPLeU76-5IVYQq0HwYVl0hVXQHr7sgaGu-483Ad3 ENcL23FrOnF45m7_2ooAstJDe49MeLTTQKrSIBl_SKvqpYvfSPTczPcZ kh9Kk", "dp": "jmTnEoq2qqa8ouaymjhJSCnsveUXnMQC2gAneQJRQkFqQu-zV2PKP KNbPvKVyiF5b2-L3tM3OW2d2iNDyRUWXlT7V5l0KwPTABSTOnTqAmYCh Gi8kXXdlhcrtSvXldBakC6saxwI_TzGGY2MVXzc2ZnCvCXHV4qjSxOrf P3pHFU", "dq": "R9FUvU88OVzEkTkXl3-5-WusE4DjHmndeZIlu3rifBdfLpq_P-iWP BbGaq9wzQ1c-J7SzCdJqkEJDv5yd2C7rnZ6kpzwBh_nmL8zscAk1qsun nt9CJGAYz7-sGWy1JGShFazfP52ThB4rlCJ0YuEaQMrIzpY77_oLAhpm DA0hLk", "qi": "S8tC7ZknW6hPITkjcwttQOPLVmRfwirRlFAViuDb8NW9CrV_7F2Oq UZCqmzHTYAumwGFHI1WVRep7anleWaJjxC_1b3fq_al4qH3Pe-EKiHg6 IMazuRtZLUROcThrExDbF5dYbsciDnfRUWLErZ4N1Be0bnxYuPqxwKd9 QZwMo0" } Figure 224: RSA 2048-bit Private Key, in JWK format 6.2. Signing Operation The following are generated to complete the signing operation: Miller Expires May 17, 2015 [Page 106] Internet-Draft JOSE Cookbook November 2014 o JWS Protected Header; this example uses header from Figure 225, encoded using [RFC4648] base64url to produce Figure 226. { "alg": "PS256", "typ": "JWT" } Figure 225: JWS Protected Header JSON eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9 Figure 226: JWS Protected Header, base64url-encoded Performing the signature operation over the combined JWS Protected Header (Figure 226) and Payload content (Figure 222) produces the following signature: dPpMqwRZxFYi1UfcDAaf8M99o7kwUWtiXZ-ByvVuJih4MhJ_aZqciprz0OWaIA kIvn1qskChirjKvY9ESZNUCP4JjvfyPS-nqjJxYoA5ztWOyFk2cZNIPXjcJXSQ wXPO9tEe-v4VSqgD0aKHqPxYog4N6Cz1lKph1U1sYDSI67_bLL7elg_vkjfMp5 _W5l5LuUYGMeh6hxQIaIUXf9EwV2JmvTMuZ-vBOWy0Sniy1EFo72CRTvmtrIf5 AROo5MNliY3KtUxeP-SOmD-LEYwW9SlkohYzMVAZDDOrVbv7KVRHpeYNaK75KE QqdCEEkS_rskZS-Qtt_nlegTWh1mEYaA Figure 227: JWS Signature, base64url-encoded 6.3. Signing Output The following compose the resulting JWS object: o JWS Protected Header (Figure 226)) o Payload content (Figure 223) o Signature (Figure 227) The resulting JWS object using the Compact Serialization (which is the plaintext input to the proceeding encryption operation): Miller Expires May 17, 2015 [Page 107] Internet-Draft JOSE Cookbook November 2014 eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9 . eyJpc3MiOiJob2JiaXRvbi5leGFtcGxlIiwiZXhwIjoxMzAwODE5MzgwLCJodH RwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZX0 . dPpMqwRZxFYi1UfcDAaf8M99o7kwUWtiXZ-ByvVuJih4MhJ_aZqciprz0OWaIA kIvn1qskChirjKvY9ESZNUCP4JjvfyPS-nqjJxYoA5ztWOyFk2cZNIPXjcJXSQ wXPO9tEe-v4VSqgD0aKHqPxYog4N6Cz1lKph1U1sYDSI67_bLL7elg_vkjfMp5 _W5l5LuUYGMeh6hxQIaIUXf9EwV2JmvTMuZ-vBOWy0Sniy1EFo72CRTvmtrIf5 AROo5MNliY3KtUxeP-SOmD-LEYwW9SlkohYzMVAZDDOrVbv7KVRHpeYNaK75KE QqdCEEkS_rskZS-Qtt_nlegTWh1mEYaA Figure 228: Compact Serialization 6.4. Encryption Input Factors The following are supplied before beginning the encryption process: o Plaintext content; this example uses the content from Figure 228. o RSA public key; this example use the key from Figure 84. 6.5. Encryption Generated Factors The following are generated before encrypting: o AES symmetric key as the Content Encryption CEK (CEK); this example uses the key from Figure 229. o Initialization vector/nonce; this example uses the initialization vector/nonce from Figure 230. 0RHSNYwN-6-2QBGsYTZLSQ Figure 229: Content Encryption Key, base64url-encoded GbX1i9kXz0sxXPmA Figure 230: Initialization vector, base64url-encoded 6.6. Encrypting the Key Performing the key encryption operation over the CEK (Figure 229) with the RSA key (Figure 84) produces the following encrypted key: Miller Expires May 17, 2015 [Page 108] Internet-Draft JOSE Cookbook November 2014 a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurCyrBg3I7YhCRYjphDOOS4 E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4g zMedpiJHQVeyI-zkZV7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21 O0ul4YxSHV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5I R7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDU F_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-I apSjVFnMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAa mBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDhi1smxS_X_x pkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_GnVrNwlK7Lgxw6FSQvDO 0 Figure 231: Encrypted Key, base64url-encoded 6.7. Encrypting the Content The following are generated before encrypting the plaintext: o JWE Protected Header; this example uses the the header from Figure 232, encoded using [RFC4648] base64url to produce Figure 233. { "alg": "RSA-OAEP", "cty": "JWT", "enc": "A128GCM" } Figure 232: JWE Protected Header JSON eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYyI6IkExMjhHQ00ifQ Figure 233: JWE Protected Header, base64url-encoded Performing the content encryption operation over the Plaintext (Figure 228) with the following: o CEK (Figure 229); o Initialization vector/nonce (Figure 230); and o JWE Protected Header (Figure 233) as authenticated data. produces the following: o Ciphertext from Figure 234. Miller Expires May 17, 2015 [Page 109] Internet-Draft JOSE Cookbook November 2014 o Authentication tag from Figure 235. SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBNgCe2OFMf66cSJ8k2Q kxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAvVLsAXB0_UTCBGyBg3C2bWLX qZlfJAAoJRUPRk-BimYZY81zVBuIhc7HsQePCpu33SzMsFHjn4lP_idrJz_glZ TNgKDt8zdnUPauKTKDNOH1DD4fuzvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9C hMPqW1QNhzuX_Zul3bvrJwr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEa ulV18l4Fg9tLejdkAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2 zI3Q_1sYjKUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUr lx4gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gYjLf hn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5XmnwZMyNc 9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMxtlMizR88NKU1WkB siXMCjy1Noue7MD-ShDp5dmM Figure 234: Ciphertext, base64url-encoded KnIKEhN8U-3C9s4gtSpjSw Figure 235: Authentication tag, base64url-encoded 6.8. Encryption Output The following compose the resulting JWE object: o JWE Protected Header (Figure 233) o Encrypted key (Figure 231) o Initialization vector/nonce (Figure 230) o Ciphertext (Figure 234) o Authentication Tag (Figure 235) The resulting JWE object using the Compact serialization: Miller Expires May 17, 2015 [Page 110] Internet-Draft JOSE Cookbook November 2014 eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYyI6IkExMjhHQ00ifQ . a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurCyrBg3I7YhCRYjphDOOS4 E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4g zMedpiJHQVeyI-zkZV7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21 O0ul4YxSHV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5I R7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDU F_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-I apSjVFnMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAa mBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDhi1smxS_X_x pkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_GnVrNwlK7Lgxw6FSQvDO 0 . GbX1i9kXz0sxXPmA . SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBNgCe2OFMf66cSJ8k2Q kxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAvVLsAXB0_UTCBGyBg3C2bWLX qZlfJAAoJRUPRk-BimYZY81zVBuIhc7HsQePCpu33SzMsFHjn4lP_idrJz_glZ TNgKDt8zdnUPauKTKDNOH1DD4fuzvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9C hMPqW1QNhzuX_Zul3bvrJwr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEa ulV18l4Fg9tLejdkAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2 zI3Q_1sYjKUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUr lx4gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gYjLf hn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5XmnwZMyNc 9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMxtlMizR88NKU1WkB siXMCjy1Noue7MD-ShDp5dmM . KnIKEhN8U-3C9s4gtSpjSw Figure 236: Compact Serialization The resulting JWE object using the JSON General Serialization: Miller Expires May 17, 2015 [Page 111] Internet-Draft JOSE Cookbook November 2014 { "recipients": [ { "encrypted_key": "a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVh jurCyrBg3I7YhCRYjphDOOS4E7rXbr2Fn6NyQq-A-gqT0FXqNjVO GrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4gzMedpiJHQVeyI-zkZV 7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21O0ul4YxS HV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e 5IR7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5 o6yV64x6yzDUF_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBq XxXvIjLeZivjNkzogCq3-IapSjVFnMjBxjpYLT8muaawo1yy1XXM uinIpNcOY3n4KKrXLrCcteX85m4IIHMZa38s1Hpr56fPPseMA-Jl tmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAamBKOYwfk7J hLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDh i1smxS_X_xpkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_ GnVrNwlK7Lgxw6FSQvDO0" } ], "protected": "eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYy I6IkExMjhHQ00ifQ", "iv": "GbX1i9kXz0sxXPmA", "ciphertext": "SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBN gCe2OFMf66cSJ8k2QkxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAv VLsAXB0_UTCBGyBg3C2bWLXqZlfJAAoJRUPRk-BimYZY81zVBuIhc7Hs QePCpu33SzMsFHjn4lP_idrJz_glZTNgKDt8zdnUPauKTKDNOH1DD4fu zvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9ChMPqW1QNhzuX_Zul3bvrJ wr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEaulV18l4Fg9tLejd kAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2zI3Q_1sYj KUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUrlx4 gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gY jLfhn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5 XmnwZMyNc9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMx tlMizR88NKU1WkBsiXMCjy1Noue7MD-ShDp5dmM", "tag": "KnIKEhN8U-3C9s4gtSpjSw" } Figure 237: JSON General Serialization The resulting JWE object using the JSON Flattened Serialization: Miller Expires May 17, 2015 [Page 112] Internet-Draft JOSE Cookbook November 2014 { "encrypted_key": "a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurC yrBg3I7YhCRYjphDOOS4E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13 mwy7RoYhjTkBEC6P7sMYMXXx4gzMedpiJHQVeyI-zkZV7A9matpgevAJ WrXzOUysYGTtwoSN6gtUVtlLaivjvb21O0ul4YxSHV-ByK1kyeetRp_f uYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5IR7nany-25_UmC2uros NkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDUF_5JCIdl-Qv6 H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-IapSjVF nMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3 kJusAamBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15q JIEXNJtqnblpymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TX uPC8yDDhi1smxS_X_xpkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX 2Fo_GnVrNwlK7Lgxw6FSQvDO0", "protected": "eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYy I6IkExMjhHQ00ifQ", "iv": "GbX1i9kXz0sxXPmA", "ciphertext": "SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBN gCe2OFMf66cSJ8k2QkxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAv VLsAXB0_UTCBGyBg3C2bWLXqZlfJAAoJRUPRk-BimYZY81zVBuIhc7Hs QePCpu33SzMsFHjn4lP_idrJz_glZTNgKDt8zdnUPauKTKDNOH1DD4fu zvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9ChMPqW1QNhzuX_Zul3bvrJ wr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEaulV18l4Fg9tLejd kAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2zI3Q_1sYj KUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUrlx4 gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gY jLfhn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5 XmnwZMyNc9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMx tlMizR88NKU1WkBsiXMCjy1Noue7MD-ShDp5dmM", "tag": "KnIKEhN8U-3C9s4gtSpjSw" } Figure 238: JSON Flattened Serialization 7. Security Considerations This document is designed to provide examples for developers to use in checking their implementations. As such it does not follow some of the security considerations and recommendations in the core documents. For instance: o it does not always generate a new CEK value for every encrypted example; o it does not always generate a new IV value for every encrypted example; and Miller Expires May 17, 2015 [Page 113] Internet-Draft JOSE Cookbook November 2014 o it does not always generate a new ephemeral key for every ephemeral key example. For each example, data that is expected to be generated for each signing or encryption operation is isolated to sections titled "Generated Factors". 8. IANA Considerations This document has no actions for IANA. 9. Informative References [I-D.ietf-jose-json-web-algorithms] Jones, M., "JSON Web Algorithms (JWA)", draft-ietf-jose- json-web-algorithms-35 (work in progress), October 2014. [I-D.ietf-jose-json-web-encryption] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", draft-ietf-jose-json-web-encryption-35 (work in progress), October 2014. [I-D.ietf-jose-json-web-key] Jones, M., "JSON Web Key (JWK)", draft-ietf-jose-json-web- key-35 (work in progress), October 2014. [I-D.ietf-jose-json-web-signature] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Signature (JWS)", draft-ietf-jose-json-web-signature-35 (work in progress), October 2014. [I-D.ietf-oauth-json-web-token] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token (JWT)", draft-ietf-oauth-json-web-token-29 (work in progress), October 2014. [LOTR-FELLOWSHIP] Tolkien, J. and C. Tolkien, "The Fellowship of the Ring", ISBN 9780061917702, March 2009. [RFC1951] Deutsch, P., "DEFLATE Compressed Data Format Specification version 1.3", RFC 1951, May 1996. [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 4648, October 2006. [RFC7095] Kewisch, P., "jCard: The JSON Format for vCard", RFC 7095, January 2014. Miller Expires May 17, 2015 [Page 114] Internet-Draft JOSE Cookbook November 2014 Appendix A. Acknowledgements Most of the examples herein use quotes and character names found in the novel "The Fellowship of the Ring" [LOTR-FELLOWSHIP], written by J. R. R. Tolkien. Thanks to Richard Barnes, Brian Campbell, Mike Jones, and Jim Schaad for input and review of text. Thanks to Brian Campbell for verifying Compact Serialization examples. Author's Address Matthew Miller Cisco Systems, Inc. Email: mamille2@cisco.com Miller Expires May 17, 2015 [Page 115]