Re: [jose] jwk
Mike Jones <Michael.Jones@microsoft.com> Mon, 29 October 2012 22:05 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A04821F8654 for <jose@ietfa.amsl.com>; Mon, 29 Oct 2012 15:05:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s-I6xJ6dV6iK for <jose@ietfa.amsl.com>; Mon, 29 Oct 2012 15:05:49 -0700 (PDT)
Received: from NA01-BY2-obe.outbound.protection.outlook.com (na01-by2-obe.ptr.protection.outlook.com [207.46.100.28]) by ietfa.amsl.com (Postfix) with ESMTP id 24FD521F8647 for <jose@ietf.org>; Mon, 29 Oct 2012 15:05:48 -0700 (PDT)
Received: from BY2FFO11FD006.protection.gbl (10.1.15.204) by BY2FFO11HUB025.protection.gbl (10.1.14.111) with Microsoft SMTP Server (TLS) id 15.0.545.8; Mon, 29 Oct 2012 22:05:43 +0000
Received: from TK5EX14HUBC104.redmond.corp.microsoft.com (131.107.125.37) by BY2FFO11FD006.mail.protection.outlook.com (10.1.14.127) with Microsoft SMTP Server (TLS) id 15.0.545.8 via Frontend Transport; Mon, 29 Oct 2012 22:05:43 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.15]) by TK5EX14HUBC104.redmond.corp.microsoft.com ([157.54.80.25]) with mapi id 14.02.0318.003; Mon, 29 Oct 2012 22:05:06 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Axel Nennker <ignisvulpis@gmail.com>
Thread-Topic: jwk
Thread-Index: AQHNsiF/w0zq/rO+/0GqJ4iKlhRQdpfI5BAggAAQvQCAB5mvgA==
Date: Mon, 29 Oct 2012 22:05:05 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943668828D9@TK5EX14MBXC285.redmond.corp.microsoft.com>
References: <CAHcDwFziH9QF1TgbywGzi2VPiwADpgdOxzrN1xtTN2pjLJOXOw@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739436687BCEB@TK5EX14MBXC285.redmond.corp.microsoft.com> <CAHcDwFysxev670hgiq7HxSAsNQ+9vbw5727yoTfMQrBr2p+j8A@mail.gmail.com>
In-Reply-To: <CAHcDwFysxev670hgiq7HxSAsNQ+9vbw5727yoTfMQrBr2p+j8A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.74]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B1680429673943668828D9TK5EX14MBXC285r_"
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(377454001)(51444002)(479174001)(5343655001)(15202345001)(74662001)(8716001)(512954001)(51856001)(44976002)(16696001)(54356001)(33656001)(31966008)(54316001)(74502001)(550184003)(53806001)(47446002)(16826001)(2666001)(1411001)(1076001)(49866001)(4396001)(16406001)(20776001)(50986001)(46102001)(5343635001)(4196001)(47736001)(47976001)(3846001)(3556001)(3746001); DIR:OUT; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 064903DDDC
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] jwk
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Oct 2012 22:05:51 -0000
"x5c" helps because you can represent a bare key as a self-signed cert in PEM format in the "x5c" parameter. The JOSE specs already support PEM-encoded keys.
-- Mike
From: Axel Nennker [mailto:ignisvulpis@gmail.com]
Sent: Wednesday, October 24, 2012 2:14 PM
To: Mike Jones
Cc: jose@ietf.org
Subject: Re: jwk
In the case where I generate the keypair on the fly I do not have an URL to put in x5u. And a cert in not a public key. I want bare keys.
I don't know how x5u and x5c help here.
I have the problem that I don't know how to convert (exp,mod) into a pubkey on one platform (Firefox). I think that PEM is easier.
I think the same might be true an other platforms too.
Another reason I think that PEM is better is that there are command line tools to produce PEM-encoded keys while I don't know any tool to produce (exp, mod).
--Axel
2012/10/24 Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>
To be clear, JWS and JWE already support the use of PEM encoded keys through the "x5c" and "x5u" parameters. Therefore, I don't see any need to also add X.509-based key formats to JWK itself.
-- Mike
From: Axel Nennker [mailto:ignisvulpis@gmail.com<mailto:ignisvulpis@gmail.com>]
Sent: Wednesday, October 24, 2012 12:55 PM
To: jose@ietf.org<mailto:jose@ietf.org>
Cc: Mike Jones
Subject: jwk
I think that having more choices other than (xpo, mod) is useful.
I believe that it is easier for me to implement keys in Firefox if I have PEM encoded keys.
So the format could be:
user_jwk : {"pub": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4OTqe0p1tgEoOVtDzjQI yP1Ipo8ivqTIeH4yH9kLzI4fCKx6ggZJ3h9ecj4p5E355umCThN/1doBc/tq18VGlNtyDNxCh45Z1zGYJKwZxaVaWQXlB2gfgnko1D+Zw9KIlipQHtnhJw/qREEIp4YOgaGcSZBCcQQ4DYCOjfTTbKUXSTlrlOgflfgTiyhUFuiKWkoeivwASigL76PtYNYc n+dlYKYB/vSQ2CY7FtaDcr22EdqUDVPLNg1+K1rsvHvllP7iTnXA5IgxT5JELdrk KX9Ek68zDzelOaJxs2tbkkwbqSLQfREzQ/yGAIOW9rZVqlaVBEBzUYzREmeybVq3 gwIDAQAB" }
// PEM encoded public key without linebreaks
A more general format would be:
jwk: { "-----BEGIN PUBLIC KEY-----": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4OTqe0p1tgEoOVtDzjQI yP1Ipo8ivqTIeH4yH9kLzI4fCKx6ggZJ3h9ecj4p5E355umCThN/1doBc/tq18VGlNtyDNxCh45Z1zGYJKwZxaVaWQXlB2gfgnko1D+Zw9KIlipQHtnhJw/qREEIp4YOgaGcSZBCcQQ4DYCOjfTTbKUXSTlrlOgflfgTiyhUFuiKWkoeivwASigL76PtYNYc n+dlYKYB/vSQ2CY7FtaDcr22EdqUDVPLNg1+K1rsvHvllP7iTnXA5IgxT5JELdrk KX9Ek68zDzelOaJxs2tbkkwbqSLQfREzQ/yGAIOW9rZVqlaVBEBzUYzREmeybVq3 gwIDAQAB"
}
This general format could be used for private keys too.
What do you think?
Axel
ps: Don't know whether I can post from this email address.... Mike, would you lease post it if it does appear in your inbox but not on the list. Thanks.
- [jose] jwk Axel Nennker
- Re: [jose] jwk Dirkjan Ochtman
- Re: [jose] jwk Mike Jones
- Re: [jose] jwk Axel Nennker
- Re: [jose] jwk Mike Jones
- Re: [jose] jwk Axel Nennker
- Re: [jose] jwk Mike Jones
- Re: [jose] jwk Axel.Nennker