Re: [jose] The role of JWK

Sergey Beryozkin <> Thu, 14 August 2014 16:42 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 687251A0409 for <>; Thu, 14 Aug 2014 09:42:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nSGe-PzqHoIW for <>; Thu, 14 Aug 2014 09:42:34 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3FC5B1A08A9 for <>; Thu, 14 Aug 2014 09:42:34 -0700 (PDT)
Received: by with SMTP id q58so1345162wes.18 for <>; Thu, 14 Aug 2014 09:42:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=Iq3guZzmzoGcmi/7S/qtZd7d/VeWoZhinHXt3B9vaZQ=; b=oXqPbAt1vGAKI9BecPvTxY0ZsJd2yJsyuUdpePnSHq996IGoLAG+RRV/E3oc4K5Jql kgvICmABKK4qtQqLRfp5uhawg+zOLUueVCERk5muiZQ3Q1jKTLvsQkHIYNvWFGpseXJY CjZcNAaxiZbzWgfyYSuYUxIM+zqarjTJxocx/KOE4CMUdcc9pIDQrKwlSpGi0/WkWi2K mB3vlCus1WN0I4+Q2jdRCGYiuJUzdV17oERQRyc4dWj9H6ppHM8q7/lKfRA72s1q+M4a TlgELX9WJqxeIq3JSUeJwQTHnbnaJrB4AbAcqmuQCKOFGitlWr+At1bottGhxQtCC5Ie Mh/w==
X-Received: by with SMTP id bv18mr13978414wjb.63.1408034552767; Thu, 14 Aug 2014 09:42:32 -0700 (PDT)
Received: from [] ([]) by with ESMTPSA id bt9sm12490199wjc.40.2014. for <multiple recipients> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 14 Aug 2014 09:42:32 -0700 (PDT)
Message-ID: <>
Date: Thu, 14 Aug 2014 17:42:30 +0100
From: Sergey Beryozkin <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: Justin Richer <>, Richard Barnes <>
References: <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "" <>
Subject: Re: [jose] The role of JWK
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 14 Aug 2014 16:42:37 -0000

Hi Richard and Justin

Very helpful, many thanks !

Richard: thanks for the link, the idea of using JWK as a standard medium 
for shipping the key (information) is something that helps to understand 
why JWK is referred to so much in the specifications like JWE/JWS

Justin: I'll try my best not to copy the Java code you linked too :-).

Thanks for links to the examples, let me ask few questions below:

On 14/08/14 16:04, Justin Richer wrote:
> Services are starting to publish their public keys as JWK instead of
> X509, since a JWK doesn't require a trusted CA and can be much more
> easily rotated at runtime.
Sorry if it is off-topic, is JWK representing a public key (the public 
exponent) is effectively a self-signed public key/cert ? What provides 
the extra trust into such JWK ? I've heard here about JWK Thumbprints ?

> This is the class from our OAuth/OpenID
> Connect system that builds signers and validators off of a public-key
> JWK (using the Nimbus-DS JOSE library):
> To add to that, with the private/shared key components of JWK, it can be
> a very effective key store. Our OAuth server uses this for its keys,
> this is the class that reads the file and makes the keys available as
> Java key objects to the rest of the system:
> As you can see, these are both exceedingly simple classes because they
> simple read the URL (in the first case) or file (in the second case) and
> parse the JSON found there into a JWK set, which is then used to create
> the bare keys in the Java security framework. This is the RSA public key
> parser for example:
> Finally, in order to make these keys more easy to deal with, we wrote a
> simple key generator program that will spin up a new RSA, EC, or Oct key
> and print it out as a JWK:
> Whenever we deploy a new copy of our server somewhere, we also pull down
> this program and run it to generate a new JWK key set (with public and
> private keys) that we use to start up the server. The alternative, which
> we used to do, was to use OpenSSL to generate a self-signed X509
> certificate that we effectively threw away the trust chain for -- lots
> of extra effort to create information that we didn't want and then
> ignore it on the far end, all to get a simple keypair. It was
> unnecessarily complex from all ends, and the switch to JWK has been much
> nicer to deal with.
Is the simplicity of making a demo application running fast a major 
factor of preferring JWK to self-signed X509  ? What about the 
synchronization between the existing X509-based key storage and the new 
JWK-aware storages ?

Thanks, Sergey

>   -- Justin
> On 08/14/2014 09:25 AM, Richard Barnes wrote:
>> Hey Sergey,
>> JWK isn't necessarily tied to JWE or JWS.  It can be used to represent
>> the public key that was used to encrypt a JWE (so that the recipient
>> can look up the private key), or the public key that should be used to
>> verify a JWS.  But it can also be used in other contexts.  For
>> example, WebCrypto uses JWK (among others) as a format for serializing
>> keys.
>> As that link suggests, JWK is effectively the same as the PKCS#8
>> format for private keys and the SubjectPublicKeyInfo format for public
>> keys -- just in JSON instead of ASN.1.  It's a way to ship a key from
>> one place to another, for whatever reason you need to do that.
>> Hope that helps,
>> --Richard
>> On Thu, Aug 14, 2014 at 5:51 AM, Sergey Beryozkin
>> < <>> wrote:
>>     Hi,
>>     This is very likely a newbie question. What is the role of JWK ?
>>     According to [1] it is "... a (JSON) data structure that
>>     represents a cryptographic key".
>>     I can see plenty examples of JWK in the JWE specification. JWS and
>>     JWE headers can have a "jwk" property representing a given JWK.
>>     What confuses me is that the examples in JWE use JWK to describe
>>     the private parts of a given key. For example, when we talk about
>>     the RSA OAEP key encryption, JWK would show a private exponent of
>>     a given RSA key (JWE A1). Same for Aes Wrap secret key (JWE A3). Etc.
>>     So clearly one would not use a "jwk" JWE header to pass around a
>>     JWK representation of the key which was used to encrypt the
>>     content encryption key.
>>     So I'm thinking a JWK is:
>>     - a convenient way to describe a cryptographic key for JWE/JWS
>>     specifications to refer to it in the spec examples.
>>     - perhaps there's a long-term vision that the key stores would
>>     support JWK format directly ?
>>     - JWK is a 'container' for various key properties, some of those
>>     'public' properties can be passed around as a JWE/JWS header;
>>     Am I on the right track, can someone please clarify it further ?
>>     Thanks, Sergey
>>     [1]
>>     _______________________________________________
>>     jose mailing list
>> <>
>> _______________________________________________
>> jose mailing list