Re: [jose] The role of JWK
Richard Barnes <rlb@ipv.sx> Thu, 14 August 2014 13:25 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E3AF1A0438 for <jose@ietfa.amsl.com>; Thu, 14 Aug 2014 06:25:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xVGcObeaccw4 for <jose@ietfa.amsl.com>; Thu, 14 Aug 2014 06:25:18 -0700 (PDT)
Received: from mail-ob0-f173.google.com (mail-ob0-f173.google.com [209.85.214.173]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F159A1A001E for <jose@ietf.org>; Thu, 14 Aug 2014 06:25:17 -0700 (PDT)
Received: by mail-ob0-f173.google.com with SMTP id vb8so953209obc.32 for <jose@ietf.org>; Thu, 14 Aug 2014 06:25:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=s9YZU7z1qe/2mnhnUneEQZCfU+WrGWNKbZEYGfmtTMs=; b=KKXkpw6tvsyBNFoGmS6/kTEB7XUJAedhfq3KaX1AnXp5g/f7yf3Z7XRx4pHhhqe9BS MyWKKFHTges1XUtGM1U1kjyLk/dqeGvjP8mabkYA7gaGOFlbkwh8MhQ0TqsYOBgHa8hV YASHz2O5biO/xFC5d2qWACMkjBtmhMRbdhV+Ap0Qola7XiQXdx5iEC8I5OafYhnZAx2P AkuafNhNrbkqyYffs+kNAJusS0Y+Wc4rhvbSDOo5T2NSEhWBHgX5WDi9g+CEccb7JzpK taLuiYRqYUkgeWJ/zjh4mZ9Vl/TGgi3Am6eQqh88xSVKlnzfFN4YxbAG4lGoEI64gdOg ukpA==
X-Gm-Message-State: ALoCoQlOVXqne5EJ8NSdBcgzUy5OJDTtXE6zaPFV6wRGYGSCMcfO6GqZi5hL+G3IuVrXPzY5IRfb
MIME-Version: 1.0
X-Received: by 10.182.94.230 with SMTP id df6mr13010074obb.36.1408022717332; Thu, 14 Aug 2014 06:25:17 -0700 (PDT)
Received: by 10.76.106.202 with HTTP; Thu, 14 Aug 2014 06:25:17 -0700 (PDT)
In-Reply-To: <53EC868E.4000000@gmail.com>
References: <4E1F6AAD24975D4BA5B16804296739439AE1989B@TK5EX14MBXC293.redmond.corp.microsoft.com> <53EC868E.4000000@gmail.com>
Date: Thu, 14 Aug 2014 09:25:17 -0400
Message-ID: <CAL02cgS7LxLBWNRdh5EOKwyuiBSsR0jsmMz49c9xztfZehZP_A@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Sergey Beryozkin <sberyozkin@gmail.com>
Content-Type: multipart/alternative; boundary="e89a8fb1f488e71309050096d5ae"
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/iwP7CWLkCqmQ6GWSHJ0UMuxcK0o
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] The role of JWK
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Aug 2014 13:25:20 -0000
Hey Sergey, JWK isn't necessarily tied to JWE or JWS. It can be used to represent the public key that was used to encrypt a JWE (so that the recipient can look up the private key), or the public key that should be used to verify a JWS. But it can also be used in other contexts. For example, WebCrypto uses JWK (among others) as a format for serializing keys. https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#subtlecrypto-interface-datatypes As that link suggests, JWK is effectively the same as the PKCS#8 format for private keys and the SubjectPublicKeyInfo format for public keys -- just in JSON instead of ASN.1. It's a way to ship a key from one place to another, for whatever reason you need to do that. Hope that helps, --Richard On Thu, Aug 14, 2014 at 5:51 AM, Sergey Beryozkin <sberyozkin@gmail.com> wrote: > Hi, > > This is very likely a newbie question. What is the role of JWK ? > According to [1] it is "... a (JSON) data structure that represents a > cryptographic key". > > I can see plenty examples of JWK in the JWE specification. JWS and JWE > headers can have a "jwk" property representing a given JWK. > > What confuses me is that the examples in JWE use JWK to describe the > private parts of a given key. For example, when we talk about the RSA OAEP > key encryption, JWK would show a private exponent of a given RSA key (JWE > A1). Same for Aes Wrap secret key (JWE A3). Etc. > > So clearly one would not use a "jwk" JWE header to pass around a JWK > representation of the key which was used to encrypt the content encryption > key. > > So I'm thinking a JWK is: > - a convenient way to describe a cryptographic key for JWE/JWS > specifications to refer to it in the spec examples. > - perhaps there's a long-term vision that the key stores would support JWK > format directly ? > - JWK is a 'container' for various key properties, some of those 'public' > properties can be passed around as a JWE/JWS header; > > Am I on the right track, can someone please clarify it further ? > > Thanks, Sergey > > > [1] http://tools.ietf.org/html/draft-ietf-jose-json-web-key-31#section-1 > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose >
- [jose] JWK Elliptic Curve key representations and… Mike Jones
- Re: [jose] JWK Elliptic Curve key representations… Daniel Holth
- Re: [jose] JWK Elliptic Curve key representations… Mike Scott
- [jose] The role of JWK Sergey Beryozkin
- Re: [jose] The role of JWK Richard Barnes
- Re: [jose] JWK Elliptic Curve key representations… Richard Barnes
- Re: [jose] JWK Elliptic Curve key representations… Stephen Farrell
- Re: [jose] The role of JWK Justin Richer
- Re: [jose] JWK Elliptic Curve key representations… Mike Jones
- Re: [jose] The role of JWK Sergey Beryozkin
- Re: [jose] The role of JWK Justin Richer
- Re: [jose] The role of JWK Sergey Beryozkin
- Re: [jose] The role of JWK Brian Campbell
- Re: [jose] The role of JWK Justin Richer
- Re: [jose] JWK Elliptic Curve key representations… Kathleen Moriarty
- Re: [jose] JWK Elliptic Curve key representations… Mike Jones
- Re: [jose] JWK Elliptic Curve key representations… Justin Richer
- Re: [jose] JWK Elliptic Curve key representations… Richard Barnes
- Re: [jose] JWK Elliptic Curve key representations… Brian Campbell
- Re: [jose] The role of JWK Sergey Beryozkin
- Re: [jose] The role of JWK Sergey Beryozkin
- Re: [jose] The role of JWK Anders Rundgren
- Re: [jose] The role of JWK Sergey Beryozkin
- [jose] Does A128GCMKW qualify as key wrap or encr… Sergey Beryozkin
- Re: [jose] Does A128GCMKW qualify as key wrap or … Mike Jones