JSON Web Key (JWK) Thumbprint
RFC 7638
|
Document |
Type |
|
RFC - Proposed Standard
(September 2015; No errata)
|
|
Last updated |
|
2015-10-14
|
|
Stream |
|
IETF
|
|
Formats |
|
plain text
html
pdf
htmlized
bibtex
|
|
Reviews |
|
|
Stream |
WG state
|
|
Submitted to IESG for Publication
|
|
Document shepherd |
|
Karen O'Donoghue
|
|
Shepherd write-up |
|
Show
(last changed 2015-06-30)
|
IESG |
IESG state |
|
RFC 7638 (Proposed Standard)
|
|
Consensus Boilerplate |
|
Yes
|
|
Telechat date |
|
|
|
Responsible AD |
|
Kathleen Moriarty
|
|
Send notices to |
|
(None)
|
IANA |
IANA review state |
|
IANA OK - Actions Needed
|
|
IANA action state |
|
RFC-Ed-Ack
|
Internet Engineering Task Force (IETF) M. Jones
Request for Comments: 7638 Microsoft
Category: Standards Track N. Sakimura
ISSN: 2070-1721 Nomura Research Institute
September 2015
JSON Web Key (JWK) Thumbprint
Abstract
This specification defines a method for computing a hash value over a
JSON Web Key (JWK). It defines which fields in a JWK are used in the
hash computation, the method of creating a canonical form for those
fields, and how to convert the resulting Unicode string into a byte
sequence to be hashed. The resulting hash value can be used for
identifying or selecting the key represented by the JWK that is the
subject of the thumbprint.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7638.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Jones & Sakimura Standards Track [Page 1]
RFC 7638 JSON Web Key (JWK) Thumbprint September 2015
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Notational Conventions . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. JSON Web Key (JWK) Thumbprint . . . . . . . . . . . . . . . . 3
3.1. Example JWK Thumbprint Computation . . . . . . . . . . . 4
3.2. JWK Members Used in the Thumbprint Computation . . . . . 6
3.2.1. JWK Thumbprint of a Private Key . . . . . . . . . . . 6
3.2.2. Why Not Include Optional Members? . . . . . . . . . . 7
3.3. Order and Representation of Members in Hash Input . . . . 7
3.4. Selection of Hash Function . . . . . . . . . . . . . . . 8
3.5. JWK Thumbprints of Keys Not in JWK Format . . . . . . . . 8
4. Practical JSON and Unicode Considerations . . . . . . . . . . 8
5. Relationship to Digests of X.509 Values . . . . . . . . . . . 9
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
7. Security Considerations . . . . . . . . . . . . . . . . . . . 10
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 11
8.1. Normative References . . . . . . . . . . . . . . . . . . 11
8.2. Informative References . . . . . . . . . . . . . . . . . 12
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13
1. Introduction
This specification defines a method for computing a hash value
(a.k.a. digest) over a JSON Web Key (JWK) [JWK]. It defines which
fields in a JWK are used in the hash computation, the method of
creating a canonical form for those fields, and how to convert the
resulting Unicode string into a byte sequence to be hashed. The
resulting hash value can be used for identifying or selecting the key
represented by the JWK that is the subject of the thumbprint, for
instance, by using the base64url-encoded JWK Thumbprint value as a
"kid" (key ID) value.
1.1. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
"Key words for use in RFCs to Indicate Requirement Levels" [RFC2119].
The interpretation should only be applied when the terms appear in
all capital letters.
Jones & Sakimura Standards Track [Page 2]
RFC 7638 JSON Web Key (JWK) Thumbprint September 2015
2. Terminology
This specification uses the same terminology as the "JSON Web Key
Show full document text