Re: [jose] comment on

Mike Jones <> Wed, 19 November 2014 19:11 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id F1FDC1AD47E for <>; Wed, 19 Nov 2014 11:11:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id f1R9ukFYWDMS for <>; Wed, 19 Nov 2014 11:11:02 -0800 (PST)
Received: from ( [IPv6:2a01:111:f400:fc10::725]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B61B11AD45D for <>; Wed, 19 Nov 2014 11:11:01 -0800 (PST)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Wed, 19 Nov 2014 19:10:38 +0000
Received: from (2a01:111:f400:7c10::129) by (2a01:111:e400:1414::45) with Microsoft SMTP Server (TLS) id via Frontend Transport; Wed, 19 Nov 2014 19:10:37 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id via Frontend Transport; Wed, 19 Nov 2014 19:10:36 +0000
Received: from ([]) by ([]) with mapi id 14.03.0210.003; Wed, 19 Nov 2014 19:10:26 +0000
From: Mike Jones <>
To: "" <>
Thread-Topic: comment on
Thread-Index: AQHQBCcWPJWy2CKnf0OwbAd7v9wVZJxoS2Yw
Date: Wed, 19 Nov 2014 19:10:25 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439BB8C7FETK5EX14MBXC286r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
Received-SPF: Pass ( domain of designates as permitted sender); client-ip=;;
Authentication-Results: spf=pass (sender IP is;
X-Forefront-Antispam-Report: CIP:; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(438002)(377454003)(199003)(189002)(2656002)(87936001)(85806002)(19625215002)(16236675004)(110136001)(104016003)(19617315012)(4396001)(55846006)(26826002)(84326002)(19300405004)(97736003)(2501002)(21056001)(99396003)(92566001)(92726001)(230783001)(120916001)(46102003)(512874002)(84676001)(6806004)(44976005)(19580405001)(19580395003)(15975445006)(68736004)(69596002)(86612001)(86362001)(31966008)(76176999)(50986999)(66066001)(54356999)(71186001)(20776003)(33656002)(64706001)(95666004)(106466001)(81156004)(107046002)(2351001)(106116001)(15202345003)(62966003)(77096003)(77156002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0301MB1204;; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BN3PR0301MB1204;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:; SRVR:BN3PR0301MB1204;
X-Forefront-PRVS: 04004D94E2
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:; SRVR:BN3PR0301MB1204;
Cc: Alok Menghrajani <>
Subject: Re: [jose] comment on
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 19 Nov 2014 19:11:05 -0000

Given the WebCrypto decision to not import RSA private keys unless the CRT parameters are also present, I think it makes sense to include these parameter values (p, q, dp, dq, qi) in the examples.

The places these values would be added are:

I’ll plan to do this in the next drafts unless I hear objections.

                                                                -- Mike

From: Alok Menghrajani []
Sent: Wednesday, November 19, 2014 10:32 AM
To: Mike Jones
Subject: comment on

Hello Mike,

I am working on a piece of javascript code which uses the web crypto api and jwe. When writing some unittests, I noticed that the example JWK in, appendix A.1.3 contains a "d" parameter (this is also the case with some of the other examples).

On one hand, the example mentions "recipient's public key" and only encrypts data, so I think the JWK should not have a "d" parameter.

On the other hand, it might make sense to have the private key to help anyone who would want to decrypt the example's cipher text.

It turns out that the current browser crypto API is pretty unfriendly: it won't import the example's JWK key as a public key unless the "d" parameter is omitted and it won't import the JWK as a private key unless the remaining key parameters are there; the API doesn't compute them for you.

Do you agree the "d" parameter should be removed or do you think the remaining key parameters should be included?