[jose] The role of JWK
Sergey Beryozkin <sberyozkin@gmail.com> Thu, 14 August 2014 09:51 UTC
Return-Path: <sberyozkin@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4534F1A09CD for <jose@ietfa.amsl.com>; Thu, 14 Aug 2014 02:51:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z166YSUxfN5C for <jose@ietfa.amsl.com>; Thu, 14 Aug 2014 02:51:30 -0700 (PDT)
Received: from mail-we0-x22e.google.com (mail-we0-x22e.google.com [IPv6:2a00:1450:400c:c03::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7592D1A09C8 for <jose@ietf.org>; Thu, 14 Aug 2014 02:51:30 -0700 (PDT)
Received: by mail-we0-f174.google.com with SMTP id x48so848449wes.19 for <jose@ietf.org>; Thu, 14 Aug 2014 02:51:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=MaSe+8cXXi0FVVTA2N0nQCJ8bCslGKvZwgUioLFZFu8=; b=DpckkxyJxgPDd7LmtFuIpPCp1120rcYVR7SdmReIbTWP0a1b1HE+Yxv1oGc+dDsQVl Bfpeo+3JIg4lbcu+Z9MLIca5wxlYJ7CsPnDijp5vxF3QPwUG9ydsBswBAKV9/OlqIH0m s3DcTgddigOh7g4Gj4E9gg7Zxnj/zPmeKd9RifSyrJwVFs0DuDOtnseUoDLXNFXHd3JM JsoDKvhrbArXcAAD8Q0t7UjnueuWZ9Gm9mhMeTA6713F2WIUaMtT3WjSwnNpXhQCdfnR 7bXBGelkHcwsPcYn4vLYpHwKFwoQSetrwpsU1Us6QRTBcqyjZoQI8yw4LJ/qB4qljxcK BooA==
X-Received: by 10.194.81.37 with SMTP id w5mr10921347wjx.12.1408009888652; Thu, 14 Aug 2014 02:51:28 -0700 (PDT)
Received: from [192.168.2.7] ([109.255.231.6]) by mx.google.com with ESMTPSA id ft17sm10380125wjc.14.2014.08.14.02.51.27 for <jose@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 14 Aug 2014 02:51:27 -0700 (PDT)
Message-ID: <53EC868E.4000000@gmail.com>
Date: Thu, 14 Aug 2014 10:51:10 +0100
From: Sergey Beryozkin <sberyozkin@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: jose@ietf.org
References: <4E1F6AAD24975D4BA5B16804296739439AE1989B@TK5EX14MBXC293.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439AE1989B@TK5EX14MBXC293.redmond.corp.microsoft.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/k-AAlzYBGUhlQY21ux6k6DLra8Q
Subject: [jose] The role of JWK
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Aug 2014 09:51:32 -0000
Hi, This is very likely a newbie question. What is the role of JWK ? According to [1] it is "... a (JSON) data structure that represents a cryptographic key". I can see plenty examples of JWK in the JWE specification. JWS and JWE headers can have a "jwk" property representing a given JWK. What confuses me is that the examples in JWE use JWK to describe the private parts of a given key. For example, when we talk about the RSA OAEP key encryption, JWK would show a private exponent of a given RSA key (JWE A1). Same for Aes Wrap secret key (JWE A3). Etc. So clearly one would not use a "jwk" JWE header to pass around a JWK representation of the key which was used to encrypt the content encryption key. So I'm thinking a JWK is: - a convenient way to describe a cryptographic key for JWE/JWS specifications to refer to it in the spec examples. - perhaps there's a long-term vision that the key stores would support JWK format directly ? - JWK is a 'container' for various key properties, some of those 'public' properties can be passed around as a JWE/JWS header; Am I on the right track, can someone please clarify it further ? Thanks, Sergey [1] http://tools.ietf.org/html/draft-ietf-jose-json-web-key-31#section-1
- [jose] JWK Elliptic Curve key representations and… Mike Jones
- Re: [jose] JWK Elliptic Curve key representations… Daniel Holth
- Re: [jose] JWK Elliptic Curve key representations… Mike Scott
- [jose] The role of JWK Sergey Beryozkin
- Re: [jose] The role of JWK Richard Barnes
- Re: [jose] JWK Elliptic Curve key representations… Richard Barnes
- Re: [jose] JWK Elliptic Curve key representations… Stephen Farrell
- Re: [jose] The role of JWK Justin Richer
- Re: [jose] JWK Elliptic Curve key representations… Mike Jones
- Re: [jose] The role of JWK Sergey Beryozkin
- Re: [jose] The role of JWK Justin Richer
- Re: [jose] The role of JWK Sergey Beryozkin
- Re: [jose] The role of JWK Brian Campbell
- Re: [jose] The role of JWK Justin Richer
- Re: [jose] JWK Elliptic Curve key representations… Kathleen Moriarty
- Re: [jose] JWK Elliptic Curve key representations… Mike Jones
- Re: [jose] JWK Elliptic Curve key representations… Justin Richer
- Re: [jose] JWK Elliptic Curve key representations… Richard Barnes
- Re: [jose] JWK Elliptic Curve key representations… Brian Campbell
- Re: [jose] The role of JWK Sergey Beryozkin
- Re: [jose] The role of JWK Sergey Beryozkin
- Re: [jose] The role of JWK Anders Rundgren
- Re: [jose] The role of JWK Sergey Beryozkin
- [jose] Does A128GCMKW qualify as key wrap or encr… Sergey Beryozkin
- Re: [jose] Does A128GCMKW qualify as key wrap or … Mike Jones