Re: [jose] JOSE and PKCS11

Neil Madden <> Wed, 27 February 2019 14:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6792B130FCA for <>; Wed, 27 Feb 2019 06:26:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Lz_rbh25XUNl for <>; Wed, 27 Feb 2019 06:26:54 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4864:20::329]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E5AAC130E6F for <>; Wed, 27 Feb 2019 06:26:53 -0800 (PST)
Received: by with SMTP id z84so5766935wmg.4 for <>; Wed, 27 Feb 2019 06:26:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=lClwDeKh8VQ5C3nEDy9pVC2iE/MiFcsEqWOFD83j29U=; b=dC3O4V6z2LiFOZKlCDmOVFERDDBN+4um+N+AJmUbaXN6Tu9GuzD7lNeKpgZDuwN8Zc yFM74ECURzfenGPZFajjJmxHj9bkAqdroioRDM4MOJ7YsRptXytnB5eiRRfvp36D5qlP ++8BT9V8thNme4PhEMG2IStVC2QVaU3gq4SUE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=lClwDeKh8VQ5C3nEDy9pVC2iE/MiFcsEqWOFD83j29U=; b=FNzHKTcEol5AqnqgF5bVv2L1i6eiIjo1s+qoyBJ7oDipgRk7UPNqLl3iyWP57GGJdU eb2oH7C8oDMIyRgOwsgrbhLH+wnIardxekZF/EJY9pwj5i1punl0NmYYzYTgM420R+g1 GpjSzQGgTWeHUDpr7nca8gqyDYFvjVu4Ilt7rCUkfHbVudTjMBma/aPVqGExEbLXwB3K bMzBf7l9aHY3I/f6GaMfMJOwS5keFUHAkMAcOh0BOgZxzdamvxvGVeCtzFqxAjMMyQb5 i0x8tUm3A4KfcdAfhNohIlx72yuaB0eDI61KBIA+Maz32NmZZsVCXB2pkIfM17A2YyHe Zstg==
X-Gm-Message-State: APjAAAW5NDCTC6QQ5zlLyzE9K8iVuTPao+sUd/BSIbLMVrbx9nPlyvmd dSnwbMvna6jgi7exc+XyeZt5MQ==
X-Google-Smtp-Source: AHgI3IYMJboeNVYzSYrHj/bbEsFgxpWfG3pnsYT9WBx1sz+CI61zQMU8eOtw9onEwbI1zjFdNUwnNw==
X-Received: by 2002:a1c:4155:: with SMTP id o82mr2433409wma.122.1551277612242; Wed, 27 Feb 2019 06:26:52 -0800 (PST)
Received: from guest2s-mbp.lan ( []) by with ESMTPSA id h13sm13232594wrs.42.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 Feb 2019 06:26:51 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: Neil Madden <>
In-Reply-To: <>
Date: Wed, 27 Feb 2019 14:26:50 +0000
Cc: Nathaniel McCallum <>, jose <>,
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <>
To: Stefan Berger <>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <>
Subject: Re: [jose] JOSE and PKCS11
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 27 Feb 2019 14:26:56 -0000

On 27 Feb 2019, at 14:13, Stefan Berger <> wrote:
> "jose" <> wrote on 02/27/2019 03:18:51 AM:
> > 
> > I’m not sure I understand yet the issue that is being addressed with
> > this work. 
> > 
> > Certainly many JOSE libraries already support HSMs. We have 
> > customers using HSMs with our JOSE library via PKCS#11. But most of 
> > our use-cases typically only ever publish public keys as JWKs. 
> > 
> > You can already encode an identifier for a local private key using 
> > the key id (kid) header, so it’s not clear to me why you would need 
> > anything else if no actual key material is being transported. So 
> > what are the actual use-cases that need to be solved? Presumably 
> > some sort of communication between two parties that share access to 
> > the same HSM?
> Does the format of the kid need to be specified so that an implementation would react to it?
> A use case would be that one gets several public keys from different people to encrypt some data. I have several keys and I would like to avoid decryption by trial and error, which becomes more time consuming when network devices are involved, so I send the public key in JWE format and it contains the URI (pkcs11 or kmip) for the key to use for decryption. The encryptor embeds this key identifier in the recipients section so that I know which section is for me and which key to use for decrypting.

That already works just fine. Set the “kid” claim in your public JWK to the pkcs11/kmip URI and then make sure the client sends you the same value in the “kid” header of the encrypted JWE. This is precisely what the “kid” JWK claim and header are for.

Depending on the sensitivity of the information in the URI, you may want to either encrypt it or replace it with an opaque identifier that you store in a local lookup table.

— Neil