[jose] JEF (JSON Encryption Format) adoption of JWK
Anders Rundgren <anders.rundgren.net@gmail.com> Wed, 26 April 2017 15:26 UTC
Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BAB512EC99 for <jose@ietfa.amsl.com>; Wed, 26 Apr 2017 08:26:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kiJghjCpqyPB for <jose@ietfa.amsl.com>; Wed, 26 Apr 2017 08:26:56 -0700 (PDT)
Received: from mail-wr0-x242.google.com (mail-wr0-x242.google.com [IPv6:2a00:1450:400c:c0c::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87E6D12EC8E for <jose@ietf.org>; Wed, 26 Apr 2017 08:26:56 -0700 (PDT)
Received: by mail-wr0-x242.google.com with SMTP id g12so487863wrg.2 for <jose@ietf.org>; Wed, 26 Apr 2017 08:26:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding; bh=QSTr2DIG0T70P+1xzbsYygCuM3UlcLjFYyxvVMTerm8=; b=GKcrdbCv/JJn5GQfOj98e4BLq7/4XTyjzWSdUr+SJ34DgQ4LnEBMds+dCfko5FVKMA 3WFczrylPNRzvcIJRbGmanj+oxvTMVvcDXyNpwRM7n/+tFAKqky7d4kkMywLfCHUlu2/ VZxUvzgxsFQCqPu+uO4hAg775gmAEK18sMG4o92tMqopZRwf4if/oK86PCzfugvD11IZ 22jfL6y5N7ViBV12lL0UueO0C+GVHdEvS4Ie3u7g5A41zVpIalfWAJ5RKbStnZy94B22 zKrDObdp0/3e3SIG0IbQmoBle2fvGy1w6XyYRqXl9ddj1p/Gy7J4V4Dxvb8oO0rY2fOc db4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding; bh=QSTr2DIG0T70P+1xzbsYygCuM3UlcLjFYyxvVMTerm8=; b=Qy9oQmIZJ6PgR2G65IPPVF6PBnHTSROtGLVae2NcX4aK2wMG2XpNDSs2OOalBVr9x6 vRfrrUwwoETwfkOSbzjez3F+5gQWOYOGovSSQdeLc9MfItMWc8gA0Wbvio8wavmHimMH I9oSUI39C5ixSCRc7hTbPr3VKWJZ0WbuxkNTiMsaMGJoiAtv1BF+WXfnhbhMoj0SkZAY 0AbXsxdVpxsA+bCrldKAZ3iVRBmvQc20WLlRPjbMcx7i6STaCCOKViAnjfP2wmq0UQzG jxdoiLAMFBvo/9WcyIDcEUkIDO9C64EdW6kMBzpTCm3fZXdbhgKYEKOYOP3eSLIZjG9m 0DLw==
X-Gm-Message-State: AN3rC/4N7pEfTspQl/O8RwR94chx/cuHcqfO7bgIC/HPrzUD/E4Tn84W SN5VlIiHZpSpZA==
X-Received: by 10.223.142.213 with SMTP id q79mr241635wrb.25.1493220414211; Wed, 26 Apr 2017 08:26:54 -0700 (PDT)
Received: from [192.168.1.79] (124.25.176.95.rev.sfr.net. [95.176.25.124]) by smtp.googlemail.com with ESMTPSA id l27sm506951wrb.65.2017.04.26.08.26.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 26 Apr 2017 08:26:52 -0700 (PDT)
To: "jose@ietf.org" <jose@ietf.org>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <ee16f225-3148-b3e6-c42d-10d1d07e223b@gmail.com>
Date: Wed, 26 Apr 2017 17:26:50 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/fIvMP1HarkoTROHMp-Gem9amm7M>
Subject: [jose] JEF (JSON Encryption Format) adoption of JWK
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Apr 2017 15:26:58 -0000
Although JEF [1] doesn't offer as many advantages [2] as JCS [3] it shares a common characteristic: Removing the need for dressing protected headers in Base64Url thanks to the use of ES6 serialization for creating AAD.
Also in similarity with JCS, JEF runs flawlessly on some of the most popular platforms there are including Chrome, Android, Java, Node.js.
To make JEF more compliant with JOSE it nowadays builds on a subset of JWA and JWK.
Notation using JEF (JSON Encryption Format):
{
"algorithm": "A128CBC-HS256",
"encryptedKey": {
"algorithm": "ECDH-ES",
"keyId": "20170101:mybank:ec",
"ephemeralKey": {
"kty": "EC",
"crv": "P-256",
"x": "ZuESJhuxPPTuloRigAh0aWZrgfFpBgjKQO3qzPFKiKs",
"y": "_SwkU496ZCpmwiN2WvVVGFMfUstH1mGSZIbcvTtzdtc"
}
},
"iv": "FwpBD07mlfkaoIcrEZouig",
"tag": "MQYMFMpDtjmlxPop42hoQg",
"cipherText": "ito6qBV4xYTIv7C4-vNs3d95NNRpCZLC6dhkInrWn8M"
}
Notation using JWE (JSON Web Encryption):
{
"protected": "eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYn
JhbmR5YnVja0BidWNrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6Ik
VDIiwiY3J2IjoiUC0yNTYiLCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqan
FWc1AxclhXUXVfdndWT0hIdE5rZFlvQSIsInkiOiI4QlFBc0ltR2VBUz
Q2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0RHY0SXJzIn0sImVuYyI6Ik
ExMjhDQkMtSFMyNTYifQ",
"iv": "yc9N8v5sYyv3iGQT926IUg",
"ciphertext": "BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4O
PKbWE1zSTEFjDfhU9IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEs
DIqAYtskTTmzmzNa-_q4F_evAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolq
ZSF3xGNNkpOMQKF1Cl8i8wjzRli7-IXgyirlKQsbhhqRzkv8IcY6aHl2
4j03C-AR2le1r7URUhArM79BY8soZU0lzwI-sD5PZ3l4NDCCei9XkoIA
fsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7MsFfI_K767G9C9A
zp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ6195_JGG2m9
Csg",
"tag": "WCCkNa-x4BeB9hIDIfFuhg"
}
Anders
1] https://cyberphone.github.io/doc/security/jef.html
2] Non-intrusive enveloped signatures can simplify the design, debugging and documentation of message oriented JSON/JavaScript based systems.
3] https://cyberphone.github.io/doc/security/jcs.html
- [jose] JEF (JSON Encryption Format) adoption of J… Anders Rundgren