Re: [jose] The role of JWK
Sergey Beryozkin <sberyozkin@gmail.com> Mon, 18 August 2014 09:20 UTC
Return-Path: <sberyozkin@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4A2D1A0386 for <jose@ietfa.amsl.com>; Mon, 18 Aug 2014 02:20:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.499
X-Spam-Level:
X-Spam-Status: No, score=0.499 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, J_CHICKENPOX_41=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3M_0bD3t0Kcg for <jose@ietfa.amsl.com>; Mon, 18 Aug 2014 02:20:45 -0700 (PDT)
Received: from mail-wi0-x22e.google.com (mail-wi0-x22e.google.com [IPv6:2a00:1450:400c:c05::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A01971A0385 for <jose@ietf.org>; Mon, 18 Aug 2014 02:20:44 -0700 (PDT)
Received: by mail-wi0-f174.google.com with SMTP id d1so3376710wiv.13 for <jose@ietf.org>; Mon, 18 Aug 2014 02:20:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=m89ejUqR+iqqXTKET5paCKYiKWQn+c3pcS7H53vW2RE=; b=BXbbsknsEygjMB7LOADmPTjjOoRzrGlMw/hcfxJhwqvmudBe4tg/AdYnfvimTv0wfM MtMFnd5uV5WNXtxCNm+VDdwaFaRLcwjXzl7D80Q0VFZxqd42oKs51D9pFtEK+YPGadWH N53IGgKlBFkFiwzTGx+gdd5UpIqavS0qb5tA7wS8obbYd9WOcguUnxosR8TZn4AYlTUt lCNVjgfAezsSdfCgl241SzJqVVqnCO9zV4JzUkm4s4sESx4nntrwoxPnw/1e+72tYOjl qP91EMWFEEE+0P5Z1ruGrxQxLDGM/y/1w6GTeQmWpMyVT399Gv8yi4FR0gST8NIVEWi1 6ncg==
X-Received: by 10.181.9.104 with SMTP id dr8mr16507913wid.26.1408353643208; Mon, 18 Aug 2014 02:20:43 -0700 (PDT)
Received: from [192.168.2.7] ([109.255.231.6]) by mx.google.com with ESMTPSA id r20sm36053917wik.0.2014.08.18.02.20.42 for <multiple recipients> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 18 Aug 2014 02:20:42 -0700 (PDT)
Message-ID: <53F1C569.2020908@gmail.com>
Date: Mon, 18 Aug 2014 10:20:41 +0100
From: Sergey Beryozkin <sberyozkin@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: Anders Rundgren <anders.rundgren.net@gmail.com>
References: <4E1F6AAD24975D4BA5B16804296739439AE1989B@TK5EX14MBXC293.redmond.corp.microsoft.com> <53EC868E.4000000@gmail.com> <CAL02cgS7LxLBWNRdh5EOKwyuiBSsR0jsmMz49c9xztfZehZP_A@mail.gmail.com> <53ECCFF8.9090305@mitre.org> <53ECE6F6.8000400@gmail.com> <CA+k3eCRbC=xOhTKOZ5K_i6X6NzYkF3j+X+5JQenLPF6kmpXEwg@mail.gmail.com> <53EDDB85.6070304@gmail.com> <53EF1771.9000409@gmail.com>
In-Reply-To: <53EF1771.9000409@gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/MyCHa0Gf0zv94ibjIw3eCLkd3uM
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] The role of JWK
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Aug 2014 09:20:47 -0000
Hi Anders, On 16/08/14 09:33, Anders Rundgren wrote: > On 2014-08-15 12:05, Sergey Beryozkin wrote: >> Sorry for returning to it, >> >> Brian, IMHO, jose4J would do really well in the Apache (Software >> Foundation) landscape, just a thought which you may've heard not once >> already. >> >> In your presentation you referred to JWK being like self-signed certs. >> Yes, Justin explained they are not X509 certs, rather the containers for >> the raw key info. The lack of the associated trust chain does bring an >> analogy to the self-signed certificates. >> >> However I can see JWK can hold X509 related properties. As such it >> appears that it is feasible that browsers could support JWK indirectly >> eventually. That would likely require JWS being supported at the TLS >> level... > > Hi Sergey, > > May I as developer in this space offer my opinion on this matter? > Sure :-), it's very welcome > Browsers will soon support JWK directly through W3C WebCrypto. > > However, browser/platform key-stores typically use proprietary formats > and TLS structures are binary. I ended up reading parts of WebCrypto yesterday, should've done it earlier, after Richard's reply. I did not realize using the JOSE structures was actually one of Web Crypto use cases (though Web Crypto API (key management) making it simpler to use JWE/JWS from the browser) > > Although JWK [maybe] could replace PEM and PKCS #12, I don't think that > will > happen either. > > That is, from my horizon (FWIW), the JOSE standards will probably only be > used in *new* schemes. This isn't too bad since there are a lot of such in > the workings, including payment systems. > > Regarding certificates versus public keys, the FIDO alliance craze seems > to indicate that client-side PKI is not so hot anymore. Personally, I > would take this with a grain of salt :-) > I'm learning something new with every reply, I was not aware of the FIDO alliance at all :-) Thanks Sergey > Anders > >> >> >> Thanks, Sergey >> >> On 14/08/14 18:46, Brian Campbell wrote: >>> One pattern that's emerging as popular is to publish (and periodically >>> rotate) a JWK Set at an HTTPS endpoint and reference they key used for >>> individual messages by kid. OpenID Connect uses that model - it's >>> discussed in some more detail in section 10: >>> http://openid.net/specs/openid-connect-core-1_0.html#SigEnc >>> >>> There's not really much more info there but I discussed this a bit in a >>> recent presentation I gave: >>> http://www.slideshare.net/briandavidcampbell/i-left-my-jwt-in-san-jose/29 >>> >>> >>> >>> >>> >>> On Thu, Aug 14, 2014 at 10:42 AM, Sergey Beryozkin <sberyozkin@gmail.com >>> <mailto:sberyozkin@gmail.com>> wrote: >>> >>> Hi Richard and Justin >>> >>> Very helpful, many thanks ! >>> >>> Richard: thanks for the link, the idea of using JWK as a standard >>> medium for shipping the key (information) is something that >>> helps to >>> understand why JWK is referred to so much in the specifications >>> like >>> JWE/JWS >>> >>> Justin: I'll try my best not to copy the Java code you linked >>> too :-). >>> >>> Thanks for links to the examples, let me ask few questions below: >>> >>> >>> On 14/08/14 16:04, Justin Richer wrote: >>> >>> Services are starting to publish their public keys as JWK >>> instead of >>> X509, since a JWK doesn't require a trusted CA and can be >>> much more >>> easily rotated at runtime. >>> >>> Sorry if it is off-topic, is JWK representing a public key (the >>> public exponent) is effectively a self-signed public key/cert ? >>> What >>> provides the extra trust into such JWK ? I've heard here about JWK >>> Thumbprints ? >>> >>> >>> This is the class from our OAuth/OpenID >>> Connect system that builds signers and validators off of a >>> public-key >>> JWK (using the Nimbus-DS JOSE library): >>> >>> >>> https://github.com/mitreid-__connect/OpenID-Connect-Java-__Spring-Server/blob/master/__openid-connect-common/src/__main/java/org/mitre/jwt/__signer/service/impl/__JWKSetCacheService.java >>> >>> >>> <https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/blob/master/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java> >>> >>> >>> >>> To add to that, with the private/shared key components of JWK, >>> it can be >>> a very effective key store. Our OAuth server uses this for >>> its keys, >>> this is the class that reads the file and makes the keys >>> available as >>> Java key objects to the rest of the system: >>> >>> >>> https://github.com/mitreid-__connect/OpenID-Connect-Java-__Spring-Server/blob/master/__openid-connect-common/src/__main/java/org/mitre/jose/__keystore/JWKSetKeyStore.java >>> >>> >>> <https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/blob/master/openid-connect-common/src/main/java/org/mitre/jose/keystore/JWKSetKeyStore.java> >>> >>> >>> As you can see, these are both exceedingly simple classes >>> because they >>> simple read the URL (in the first case) or file (in the second >>> case) and >>> parse the JSON found there into a JWK set, which is then >>> used to >>> create >>> the bare keys in the Java security framework. This is the RSA >>> public key >>> parser for example: >>> >>> >>> https://bitbucket.org/__connect2id/nimbus-jose-jwt/__src/__0d5b12b4d4b84c822bec4af368b3be__a5120cb310/src/main/java/com/__nimbusds/jose/jwk/RSAKey.java?__at=master#cl-1395 >>> >>> >>> <https://bitbucket.org/connect2id/nimbus-jose-jwt/src/0d5b12b4d4b84c822bec4af368b3bea5120cb310/src/main/java/com/nimbusds/jose/jwk/RSAKey.java?at=master#cl-1395> >>> >>> >>> >>> Finally, in order to make these keys more easy to deal with, we >>> wrote a >>> simple key generator program that will spin up a new RSA, >>> EC, or >>> Oct key >>> and print it out as a JWK: >>> >>> https://github.com/mitreid-__connect/json-web-key-generator >>> <https://github.com/mitreid-connect/json-web-key-generator> >>> >>> >>> Whenever we deploy a new copy of our server somewhere, we also >>> pull down >>> this program and run it to generate a new JWK key set (with >>> public and >>> private keys) that we use to start up the server. The >>> alternative, which >>> we used to do, was to use OpenSSL to generate a self-signed >>> X509 >>> certificate that we effectively threw away the trust chain for >>> -- lots >>> of extra effort to create information that we didn't want >>> and then >>> ignore it on the far end, all to get a simple keypair. It was >>> unnecessarily complex from all ends, and the switch to JWK has >>> been much >>> nicer to deal with. >>> >>> Is the simplicity of making a demo application running fast a major >>> factor of preferring JWK to self-signed X509 ? What about the >>> synchronization between the existing X509-based key storage and the >>> new JWK-aware storages ? >>> >>> Thanks, Sergey >>> >>> -- Justin >>> >>> On 08/14/2014 09:25 AM, Richard Barnes wrote: >>> >>> Hey Sergey, >>> >>> JWK isn't necessarily tied to JWE or JWS. It can be >>> used to >>> represent >>> the public key that was used to encrypt a JWE (so that the >>> recipient >>> can look up the private key), or the public key that should >>> be used to >>> verify a JWS. But it can also be used in other >>> contexts. For >>> example, WebCrypto uses JWK (among others) as a format for >>> serializing >>> keys. >>> >>> https://dvcs.w3.org/hg/__webcrypto-api/raw-file/tip/__spec/Overview.html#__subtlecrypto-interface-__datatypes >>> >>> >>> <https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#subtlecrypto-interface-datatypes> >>> >>> >>> As that link suggests, JWK is effectively the same as >>> the PKCS#8 >>> format for private keys and the SubjectPublicKeyInfo format >>> for public >>> keys -- just in JSON instead of ASN.1. It's a way to >>> ship a >>> key from >>> one place to another, for whatever reason you need to do >>> that. >>> >>> Hope that helps, >>> --Richard >>> >>> >>> >>> >>> >>> On Thu, Aug 14, 2014 at 5:51 AM, Sergey Beryozkin >>> <sberyozkin@gmail.com <mailto:sberyozkin@gmail.com> >>> <mailto:sberyozkin@gmail.com >>> <mailto:sberyozkin@gmail.com>>> >>> wrote: >>> >>> Hi, >>> >>> This is very likely a newbie question. What is the >>> role >>> of JWK ? >>> According to [1] it is "... a (JSON) data structure >>> that >>> represents a cryptographic key". >>> >>> I can see plenty examples of JWK in the JWE >>> specification. JWS and >>> JWE headers can have a "jwk" property representing a >>> given JWK. >>> >>> What confuses me is that the examples in JWE use >>> JWK to >>> describe >>> the private parts of a given key. For example, when we >>> talk about >>> the RSA OAEP key encryption, JWK would show a private >>> exponent of >>> a given RSA key (JWE A1). Same for Aes Wrap secret key >>> (JWE A3). Etc. >>> >>> So clearly one would not use a "jwk" JWE header to >>> pass >>> around a >>> JWK representation of the key which was used to >>> encrypt the >>> content encryption key. >>> >>> So I'm thinking a JWK is: >>> - a convenient way to describe a cryptographic key for >>> JWE/JWS >>> specifications to refer to it in the spec examples. >>> - perhaps there's a long-term vision that the key >>> stores would >>> support JWK format directly ? >>> - JWK is a 'container' for various key properties, >>> some >>> of those >>> 'public' properties can be passed around as a JWE/JWS >>> header; >>> >>> Am I on the right track, can someone please clarify it >>> further ? >>> >>> Thanks, Sergey >>> >>> >>> [1] >>> >>> http://tools.ietf.org/html/__draft-ietf-jose-json-web-key-__31#section-1 >>> >>> <http://tools.ietf.org/html/draft-ietf-jose-json-web-key-31#section-1> >>> >>> _________________________________________________ >>> jose mailing list >>> jose@ietf.org <mailto:jose@ietf.org> <mailto:jose@ietf.org >>> <mailto:jose@ietf.org>> >>> >>> https://www.ietf.org/mailman/__listinfo/jose >>> <https://www.ietf.org/mailman/listinfo/jose> >>> >>> >>> >>> >>> _________________________________________________ >>> jose mailing list >>> jose@ietf.org <mailto:jose@ietf.org> >>> https://www.ietf.org/mailman/__listinfo/jose >>> <https://www.ietf.org/mailman/listinfo/jose> >>> >>> >>> >>> _________________________________________________ >>> jose mailing list >>> jose@ietf.org <mailto:jose@ietf.org> >>> https://www.ietf.org/mailman/__listinfo/jose >>> <https://www.ietf.org/mailman/listinfo/jose> >>> >>> >> >> _______________________________________________ >> jose mailing list >> jose@ietf.org >> https://www.ietf.org/mailman/listinfo/jose >> >
- [jose] JWK Elliptic Curve key representations and… Mike Jones
- Re: [jose] JWK Elliptic Curve key representations… Daniel Holth
- Re: [jose] JWK Elliptic Curve key representations… Mike Scott
- [jose] The role of JWK Sergey Beryozkin
- Re: [jose] The role of JWK Richard Barnes
- Re: [jose] JWK Elliptic Curve key representations… Richard Barnes
- Re: [jose] JWK Elliptic Curve key representations… Stephen Farrell
- Re: [jose] The role of JWK Justin Richer
- Re: [jose] JWK Elliptic Curve key representations… Mike Jones
- Re: [jose] The role of JWK Sergey Beryozkin
- Re: [jose] The role of JWK Justin Richer
- Re: [jose] The role of JWK Sergey Beryozkin
- Re: [jose] The role of JWK Brian Campbell
- Re: [jose] The role of JWK Justin Richer
- Re: [jose] JWK Elliptic Curve key representations… Kathleen Moriarty
- Re: [jose] JWK Elliptic Curve key representations… Mike Jones
- Re: [jose] JWK Elliptic Curve key representations… Justin Richer
- Re: [jose] JWK Elliptic Curve key representations… Richard Barnes
- Re: [jose] JWK Elliptic Curve key representations… Brian Campbell
- Re: [jose] The role of JWK Sergey Beryozkin
- Re: [jose] The role of JWK Sergey Beryozkin
- Re: [jose] The role of JWK Anders Rundgren
- Re: [jose] The role of JWK Sergey Beryozkin
- [jose] Does A128GCMKW qualify as key wrap or encr… Sergey Beryozkin
- Re: [jose] Does A128GCMKW qualify as key wrap or … Mike Jones