JSON Web Algorithms (JWA)
RFC 7518
- Versions
- 00
- 01
- 02
- 03
- 04
- 05
- 06
- 07
- 08
- 09
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
Document | Type | RFC - Proposed Standard (May 2015; No errata) | |
---|---|---|---|
Author | Michael Jones | ||
Last updated | 2015-10-14 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | Submitted to IESG for Publication | |
Document shepherd | Karen O'Donoghue | ||
Shepherd write-up | Show (last changed 2014-08-19) | ||
IESG | IESG state | RFC 7518 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Yes | ||
Telechat date | |||
Responsible AD | Kathleen Moriarty | ||
Send notices to | (None) | ||
IANA | IANA review state | Version Changed - Review Needed | |
IANA action state | RFC-Ed-Ack |
Internet Engineering Task Force (IETF) M. Jones Request for Comments: 7518 Microsoft Category: Standards Track May 2015 ISSN: 2070-1721 JSON Web Algorithms (JWA) Abstract This specification registers cryptographic algorithms and identifiers to be used with the JSON Web Signature (JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK) specifications. It defines several IANA registries for these identifiers. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7518. Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Jones Standards Track [Page 1] RFC 7518 JSON Web Algorithms (JWA) May 2015 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Notational Conventions . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Cryptographic Algorithms for Digital Signatures and MACs . . 6 3.1. "alg" (Algorithm) Header Parameter Values for JWS . . . . 6 3.2. HMAC with SHA-2 Functions . . . . . . . . . . . . . . . . 7 3.3. Digital Signature with RSASSA-PKCS1-v1_5 . . . . . . . . 8 3.4. Digital Signature with ECDSA . . . . . . . . . . . . . . 9 3.5. Digital Signature with RSASSA-PSS . . . . . . . . . . . . 10 3.6. Using the Algorithm "none" . . . . . . . . . . . . . . . 11 4. Cryptographic Algorithms for Key Management . . . . . . . . . 11 4.1. "alg" (Algorithm) Header Parameter Values for JWE . . . . 12 4.2. Key Encryption with RSAES-PKCS1-v1_5 . . . . . . . . . . 13 4.3. Key Encryption with RSAES OAEP . . . . . . . . . . . . . 14 4.4. Key Wrapping with AES Key Wrap . . . . . . . . . . . . . 14 4.5. Direct Encryption with a Shared Symmetric Key . . . . . . 15 4.6. Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) . . . . . . . . . . . . . . . 15 4.6.1. Header Parameters Used for ECDH Key Agreement . . . . 16 4.6.1.1. "epk" (Ephemeral Public Key) Header Parameter . . 16 4.6.1.2. "apu" (Agreement PartyUInfo) Header Parameter . . 17 4.6.1.3. "apv" (Agreement PartyVInfo) Header Parameter . . 17 4.6.2. Key Derivation for ECDH Key Agreement . . . . . . . . 17 4.7. Key Encryption with AES GCM . . . . . . . . . . . . . . . 18 4.7.1. Header Parameters Used for AES GCM Key Encryption . . 19 4.7.1.1. "iv" (Initialization Vector) Header Parameter . . 19 4.7.1.2. "tag" (Authentication Tag) Header Parameter . . . 19 4.8. Key Encryption with PBES2 . . . . . . . . . . . . . . . . 20 4.8.1. Header Parameters Used for PBES2 Key Encryption . . . 20 4.8.1.1. "p2s" (PBES2 Salt Input) Header Parameter . . . . 21 4.8.1.2. "p2c" (PBES2 Count) Header Parameter . . . . . . 21 5. Cryptographic Algorithms for Content Encryption . . . . . . . 21 5.1. "enc" (Encryption Algorithm) Header Parameter Values for JWE . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 5.2. AES_CBC_HMAC_SHA2 Algorithms . . . . . . . . . . . . . . 22 5.2.1. Conventions Used in Defining AES_CBC_HMAC_SHA2 . . . 23 5.2.2. Generic AES_CBC_HMAC_SHA2 Algorithm . . . . . . . . . 23 5.2.2.1. AES_CBC_HMAC_SHA2 Encryption . . . . . . . . . . 23 5.2.2.2. AES_CBC_HMAC_SHA2 Decryption . . . . . . . . . . 25 5.2.3. AES_128_CBC_HMAC_SHA_256 . . . . . . . . . . . . . . 25 5.2.4. AES_192_CBC_HMAC_SHA_384 . . . . . . . . . . . . . . 26 5.2.5. AES_256_CBC_HMAC_SHA_512 . . . . . . . . . . . . . . 26Show full document text