draft-ietf-jose-json-web-algorithms-09.txt   draft-ietf-jose-json-web-algorithms-10.txt 
JOSE Working Group M. Jones JOSE Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track April 23, 2013 Intended status: Standards Track April 25, 2013
Expires: October 25, 2013 Expires: October 27, 2013
JSON Web Algorithms (JWA) JSON Web Algorithms (JWA)
draft-ietf-jose-json-web-algorithms-09 draft-ietf-jose-json-web-algorithms-10
Abstract Abstract
The JSON Web Algorithms (JWA) specification enumerates cryptographic The JSON Web Algorithms (JWA) specification enumerates cryptographic
algorithms and identifiers to be used with the JSON Web Signature algorithms and identifiers to be used with the JSON Web Signature
(JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK) (JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK)
specifications. specifications.
Status of this Memo Status of this Memo
skipping to change at page 1, line 33 skipping to change at page 1, line 33
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 25, 2013. This Internet-Draft will expire on October 27, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 46 skipping to change at page 2, line 46
4.8.1. Conventions Used in Defining AES_CBC_HMAC_SHA2 . . . . 18 4.8.1. Conventions Used in Defining AES_CBC_HMAC_SHA2 . . . . 18
4.8.2. Generic AES_CBC_HMAC_SHA2 Algorithm . . . . . . . . . 19 4.8.2. Generic AES_CBC_HMAC_SHA2 Algorithm . . . . . . . . . 19
4.8.2.1. AES_CBC_HMAC_SHA2 Encryption . . . . . . . . . . . 19 4.8.2.1. AES_CBC_HMAC_SHA2 Encryption . . . . . . . . . . . 19
4.8.2.2. AES_CBC_HMAC_SHA2 Decryption . . . . . . . . . . . 21 4.8.2.2. AES_CBC_HMAC_SHA2 Decryption . . . . . . . . . . . 21
4.8.3. AES_128_CBC_HMAC_SHA_256 . . . . . . . . . . . . . . . 21 4.8.3. AES_128_CBC_HMAC_SHA_256 . . . . . . . . . . . . . . . 21
4.8.4. AES_256_CBC_HMAC_SHA_512 . . . . . . . . . . . . . . . 22 4.8.4. AES_256_CBC_HMAC_SHA_512 . . . . . . . . . . . . . . . 22
4.8.5. Plaintext Encryption with AES_CBC_HMAC_SHA2 . . . . . 22 4.8.5. Plaintext Encryption with AES_CBC_HMAC_SHA2 . . . . . 22
4.9. Plaintext Encryption with AES GCM . . . . . . . . . . . . 22 4.9. Plaintext Encryption with AES GCM . . . . . . . . . . . . 22
4.10. Additional Encryption Algorithms and Parameters . . . . . 23 4.10. Additional Encryption Algorithms and Parameters . . . . . 23
5. Cryptographic Algorithms for JWK . . . . . . . . . . . . . . . 23 5. Cryptographic Algorithms for JWK . . . . . . . . . . . . . . . 23
5.1. "kty" (Key Type) Parameter Values for JWK . . . . . . . . 24 5.1. "kty" (Key Type) Parameter Values for JWK . . . . . . . . 23
5.2. JWK Parameters for Elliptic Curve Keys . . . . . . . . . . 24 5.2. JWK Parameters for Elliptic Curve Keys . . . . . . . . . . 24
5.2.1. JWK Parameters for Elliptic Curve Public Keys . . . . 24 5.2.1. JWK Parameters for Elliptic Curve Public Keys . . . . 24
5.2.1.1. "crv" (Curve) Parameter . . . . . . . . . . . . . 24 5.2.1.1. "crv" (Curve) Parameter . . . . . . . . . . . . . 24
5.2.1.2. "x" (X Coordinate) Parameter . . . . . . . . . . . 25 5.2.1.2. "x" (X Coordinate) Parameter . . . . . . . . . . . 24
5.2.1.3. "y" (Y Coordinate) Parameter . . . . . . . . . . . 25 5.2.1.3. "y" (Y Coordinate) Parameter . . . . . . . . . . . 25
5.2.2. JWK Parameters for Elliptic Curve Private Keys . . . . 25 5.2.2. JWK Parameters for Elliptic Curve Private Keys . . . . 25
5.2.2.1. "d" (ECC Private Key) Parameter . . . . . . . . . 25 5.2.2.1. "d" (ECC Private Key) Parameter . . . . . . . . . 25
5.3. JWK Parameters for RSA Keys . . . . . . . . . . . . . . . 25 5.3. JWK Parameters for RSA Keys . . . . . . . . . . . . . . . 25
5.3.1. JWK Parameters for RSA Public Keys . . . . . . . . . . 25 5.3.1. JWK Parameters for RSA Public Keys . . . . . . . . . . 25
5.3.1.1. "n" (Modulus) Parameter . . . . . . . . . . . . . 26 5.3.1.1. "n" (Modulus) Parameter . . . . . . . . . . . . . 25
5.3.1.2. "e" (Exponent) Parameter . . . . . . . . . . . . . 26 5.3.1.2. "e" (Exponent) Parameter . . . . . . . . . . . . . 26
5.3.2. JWK Parameters for RSA Private Keys . . . . . . . . . 26 5.3.2. JWK Parameters for RSA Private Keys . . . . . . . . . 26
5.3.2.1. "d" (Private Exponent) Parameter . . . . . . . . . 26 5.3.2.1. "d" (Private Exponent) Parameter . . . . . . . . . 26
5.3.2.2. "p" (First Prime Factor) Parameter . . . . . . . . 26 5.3.2.2. "p" (First Prime Factor) Parameter . . . . . . . . 26
5.3.2.3. "q" (Second Prime Factor) Parameter . . . . . . . 26 5.3.2.3. "q" (Second Prime Factor) Parameter . . . . . . . 26
5.3.2.4. "dp" (First Factor CRT Exponent) Parameter . . . . 27 5.3.2.4. "dp" (First Factor CRT Exponent) Parameter . . . . 26
5.3.2.5. "dq" (Second Factor CRT Exponent) Parameter . . . 27 5.3.2.5. "dq" (Second Factor CRT Exponent) Parameter . . . 27
5.3.2.6. "qi" (First CRT Coefficient) Parameter . . . . . . 27 5.3.2.6. "qi" (First CRT Coefficient) Parameter . . . . . . 27
5.3.2.7. "oth" (Other Primes Info) Parameter . . . . . . . 27 5.3.2.7. "oth" (Other Primes Info) Parameter . . . . . . . 27
5.3.3. JWK Parameters for Symmetric Keys . . . . . . . . . . 28 5.3.3. JWK Parameters for Symmetric Keys . . . . . . . . . . 28
5.3.3.1. "k" (Key Value) Parameter . . . . . . . . . . . . 28 5.3.3.1. "k" (Key Value) Parameter . . . . . . . . . . . . 28
5.4. Additional Key Types and Parameters . . . . . . . . . . . 28 5.4. Additional Key Types and Parameters . . . . . . . . . . . 28
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28
6.1. JSON Web Signature and Encryption Algorithms Registry . . 29 6.1. JSON Web Signature and Encryption Algorithms Registry . . 29
6.1.1. Template . . . . . . . . . . . . . . . . . . . . . . . 29 6.1.1. Template . . . . . . . . . . . . . . . . . . . . . . . 29
6.1.2. Initial Registry Contents . . . . . . . . . . . . . . 30 6.1.2. Initial Registry Contents . . . . . . . . . . . . . . 30
skipping to change at page 23, line 12 skipping to change at page 23, line 12
The requested size of the Authentication Tag output MUST be 128 bits, The requested size of the Authentication Tag output MUST be 128 bits,
regardless of the key size. regardless of the key size.
The JWE Authentication Tag is set to be the Authentication Tag value The JWE Authentication Tag is set to be the Authentication Tag value
produced by the encryption. During decryption, the received JWE produced by the encryption. During decryption, the received JWE
Authentication Tag is used as the Authentication Tag value. Authentication Tag is used as the Authentication Tag value.
An example using this algorithm is shown in Appendix A.1 of [JWE]. An example using this algorithm is shown in Appendix A.1 of [JWE].
Note: AES GCM MUST NOT be used when using the JWE JSON Serialization
for multiple recipients, since this would result in the same
Initialization Vector and Plaintext values being used for multiple
GCM encryptions. This is prohibited by the GCM specification because
of severe security vulnerabilities that would result, were GCM used
in this way.
4.10. Additional Encryption Algorithms and Parameters 4.10. Additional Encryption Algorithms and Parameters
Additional algorithms MAY be used to protect JWEs with corresponding Additional algorithms MAY be used to protect JWEs with corresponding
"alg" (algorithm) and "enc" (encryption method) header parameter "alg" (algorithm) and "enc" (encryption method) header parameter
values being defined to refer to them. New "alg" and "enc" header values being defined to refer to them. New "alg" and "enc" header
parameter values SHOULD either be registered in the IANA JSON Web parameter values SHOULD either be registered in the IANA JSON Web
Signature and Encryption Algorithms registry Section 6.1 or be a Signature and Encryption Algorithms registry Section 6.1 or be a
value that contains a Collision Resistant Namespace. In particular, value that contains a Collision Resistant Namespace. In particular,
it is permissible to use the algorithm identifiers defined in XML it is permissible to use the algorithm identifiers defined in XML
Encryption [W3C.REC-xmlenc-core-20021210], XML Encryption 1.1 Encryption [W3C.REC-xmlenc-core-20021210], XML Encryption 1.1
skipping to change at page 46, line 38 skipping to change at page 46, line 38
Nat Sakimura, Jim Schaad, Hannes Tschofenig, and Sean Turner. Nat Sakimura, Jim Schaad, Hannes Tschofenig, and Sean Turner.
Jim Schaad and Karen O'Donoghue chaired the JOSE working group and Jim Schaad and Karen O'Donoghue chaired the JOSE working group and
Sean Turner and Stephen Farrell served as Security area directors Sean Turner and Stephen Farrell served as Security area directors
during the creation of this specification. during the creation of this specification.
Appendix E. Document History Appendix E. Document History
[[ to be removed by the RFC editor before publication as an RFC ]] [[ to be removed by the RFC editor before publication as an RFC ]]
-10
o Changed the JWE processing rules for multiple recipients so that a
single AAD value contains the header parameters and encrypted key
values for all the recipients, enabling AES GCM to be safely used
for multiple recipients.
-09 -09
o Expanded the scope of the JWK parameters to include private and o Expanded the scope of the JWK parameters to include private and
symmetric key representations, as specified by symmetric key representations, as specified by
draft-jones-jose-json-private-and-symmetric-key-00. draft-jones-jose-json-private-and-symmetric-key-00.
o Changed term "JWS Secured Input" to "JWS Signing Input". o Changed term "JWS Secured Input" to "JWS Signing Input".
o Changed from using the term "byte" to "octet" when referring to 8 o Changed from using the term "byte" to "octet" when referring to 8
bit values. bit values.
 End of changes. 9 change blocks. 
15 lines changed or deleted 15 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/