IETF Logo Mail Archive

[jose] Applying ES6 serialization to JSON encryption schemes

Anders Rundgren <anders.rundgren.net@gmail.com> Wed, 03 August 2016 05:54 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1004F12D8D9 for <jose@ietfa.amsl.com>; Tue, 2 Aug 2016 22:54:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xp_NGPbm965o for <jose@ietfa.amsl.com>; Tue, 2 Aug 2016 22:54:12 -0700 (PDT)
Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5564F12D8D0 for <jose@ietf.org>; Tue, 2 Aug 2016 22:54:12 -0700 (PDT)
Received: by mail-wm0-x236.google.com with SMTP id f65so433697080wmi.0 for <jose@ietf.org>; Tue, 02 Aug 2016 22:54:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding; bh=bMgYDs3v4mOQRVMvxLvUr+eVPGXYwZkoc/nr8FEl1Ds=; b=ll+2xpTL5mEDbTacF0vvBOuuls/o4Kh0Q8EE03IkIjIU+yk04WS/hDmjhrJ1BtE7gv CCfa9Te8rhkI9qcdj9kUnJppYWeSO+NFd1bOuX7x8THX+rtAS3xDJyrV25PtUbQGWi40 lXgdmCxZ0lmaUmQCaA8aXuFVgjk+1DYKjil9XIwQgNBr30+DlJnbXwOlSImTkYiFAXQE zT1DAAFtmszKRXsclFy+KTfr75qw1Y0ihtkHnOHl3thJqe0GUxlXgDS3PFyUugc7AJaw IH5P9l//JXNgLTzdoAtRiAjxrOP7vhMiWHvNJdyGDVmin/I4F9FHD7z2hwzx+1IMfOEN K3dg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding; bh=bMgYDs3v4mOQRVMvxLvUr+eVPGXYwZkoc/nr8FEl1Ds=; b=Q+1rN/8bAikyBwqN8NfwYXgiKfaNrm2f5hvtR6G7VPfG5+SmK7p4FA/JksemcMeWID 2RF5g8Z2BcaSWQfXs3Dp1K5K4YV+sHO7yYA5XPRKXflG7C/fKSW+wx8LJfqEii/A7cYd +gdTn0v024E9W3MlDfJmma1HjuiCB4EhAeIZhE/raWWxaN4jwtf+Dw9DZcGbQrHXIx91 I86RSER9hW7Uo7SaoUJf/MVhXxkRG8thKGCGaygL4gLKNt5D4xGQwogKRA4gVbB8p9ad 905+wNnuUslJifxnmGcL5ioswe7bVRf+1nRDDKHtT7PrlKbPOP9zT1vCytTs6pNdQyZB 65Yg==
X-Gm-Message-State: AEkoousdhRSKToMHhmcUVcu3L3p2BCODh9ZCTVqw/p0xMBdOIMGxHGSCk27/08WlP33apg==
X-Received: by 10.194.81.137 with SMTP id a9mr59614912wjy.106.1470203650617; Tue, 02 Aug 2016 22:54:10 -0700 (PDT)
Received: from [192.168.1.79] (124.25.176.95.rev.sfr.net. [95.176.25.124]) by smtp.googlemail.com with ESMTPSA id r13sm6263116wmf.12.2016.08.02.22.54.09 for <jose@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Aug 2016 22:54:09 -0700 (PDT)
To: "jose@ietf.org" <jose@ietf.org>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <7fc844f0-706d-a776-66fc-25b2d293025c@gmail.com>
Date: Wed, 03 Aug 2016 07:54:06 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/QL_YQJaklGuw8Xi2rAzPY3Y4WHI>
Subject: [jose] Applying ES6 serialization to JSON encryption schemes
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2016 05:54:14 -0000

Hi All,

ES6 serialization made the concept clear-text signed JavaScript/JSON objects trivial to implement.
Well, V8 is actually needed for full compliance.

It was not equally clear (to me at least...) how ES6 serialization could be used in encryption schemes.
After looking into this a bit more, the protected (=unreadable) header in JWE was an obvious candidate.

The result is here:
https://cyberphone.github.io/openkeystore/resources/docs/jef.html

Anders

v2.23.0 | Report a Bug | By Email