Re: [jose] jwk
Axel Nennker <ignisvulpis@gmail.com> Wed, 24 October 2012 21:14 UTC
Return-Path: <ignisvulpis@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D98C21F85AE for <jose@ietfa.amsl.com>; Wed, 24 Oct 2012 14:14:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xYLF7Y-07cYg for <jose@ietfa.amsl.com>; Wed, 24 Oct 2012 14:14:22 -0700 (PDT)
Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id 3095A21F8620 for <jose@ietf.org>; Wed, 24 Oct 2012 14:14:22 -0700 (PDT)
Received: by mail-wg0-f44.google.com with SMTP id dr13so539953wgb.13 for <jose@ietf.org>; Wed, 24 Oct 2012 14:14:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=35y6uZLHCjPtARwqsmneNWE4ozPYRKjv6UX29z7JMkA=; b=ddMTrYy3OETh+NCiOpDPSjgfF1lpCr9rIEqshDze8EzEHzpGFdqHNJeybfu/3JdDa7 eYRjli36XyvDdywpFWZSzNO01bTpIbQhdkOzWyLnGleQJsMzDFkm3Jw3CMtvKg16ykak 042LD1jpluxe/2buG4bhHS+93LrX7Gxyq2ptfuo/d1VkEPE5GZgZNK/2Q7NwUM7VEBOk Ygwce58+KUXN0cLF5ihidAKfRrkQgKfS1cjdDSU+TRraoYlU/YzOon7zcyCEHC/mdvH1 cnqazMJAALGRlLZ8lnhJ7rlxSF/Wh5nf6uCx9cCcFQSd3oN+WO0ecwPpCNrVJRIgsB8L KgfA==
MIME-Version: 1.0
Received: by 10.180.99.133 with SMTP id eq5mr5218447wib.21.1351113261054; Wed, 24 Oct 2012 14:14:21 -0700 (PDT)
Received: by 10.216.54.130 with HTTP; Wed, 24 Oct 2012 14:14:20 -0700 (PDT)
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436687BCEB@TK5EX14MBXC285.redmond.corp.microsoft.com>
References: <CAHcDwFziH9QF1TgbywGzi2VPiwADpgdOxzrN1xtTN2pjLJOXOw@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739436687BCEB@TK5EX14MBXC285.redmond.corp.microsoft.com>
Date: Wed, 24 Oct 2012 23:14:20 +0200
Message-ID: <CAHcDwFysxev670hgiq7HxSAsNQ+9vbw5727yoTfMQrBr2p+j8A@mail.gmail.com>
From: Axel Nennker <ignisvulpis@gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="f46d04428c96f9f95d04ccd491d4"
Cc: jose@ietf.org
Subject: Re: [jose] jwk
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Oct 2012 21:14:23 -0000
In the case where I generate the keypair on the fly I do not have an URL to put in x5u. And a cert in not a public key. I want bare keys. I don't know how x5u and x5c help here. I have the problem that I don't know how to convert (exp,mod) into a pubkey on one platform (Firefox). I think that PEM is easier. I think the same might be true an other platforms too. Another reason I think that PEM is better is that there are command line tools to produce PEM-encoded keys while I don't know any tool to produce (exp, mod). --Axel 2012/10/24 Mike Jones <Michael.Jones@microsoft.com> > To be clear, JWS and JWE already support the use of PEM encoded keys > through the "x5c" and "x5u" parameters. Therefore, I don't see any need to > also add X.509-based key formats to JWK itself.**** > > ** ** > > -- Mike**** > > ** ** > > *From:* Axel Nennker [mailto:ignisvulpis@gmail.com] > *Sent:* Wednesday, October 24, 2012 12:55 PM > *To:* jose@ietf.org > *Cc:* Mike Jones > *Subject:* jwk**** > > ** ** > > > I think that having more choices other than (xpo, mod) is useful. > I believe that it is easier for me to implement keys in Firefox if I have > PEM encoded keys. > > So the format could be: > > user_jwk : {"pub": > "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4OTqe0p1tgEoOVtDzjQI > yP1Ipo8ivqTIeH4yH9kLzI4fCKx6ggZJ3h9ecj4p5E355umCThN/1doBc/tq18VGlNtyDNxCh45Z1zGYJKwZxaVaWQXlB2gfgnko1D+Zw9KIlipQHtnhJw/qREEIp4YOgaGcSZBCcQQ4DYCOjfTTbKUXSTlrlOgflfgTiyhUFuiKWkoeivwASigL76PtYNYc > n+dlYKYB/vSQ2CY7FtaDcr22EdqUDVPLNg1+K1rsvHvllP7iTnXA5IgxT5JELdrk > KX9Ek68zDzelOaJxs2tbkkwbqSLQfREzQ/yGAIOW9rZVqlaVBEBzUYzREmeybVq3 gwIDAQAB" > } > // PEM encoded public key without linebreaks > > A more general format would be: > > jwk: { "-----BEGIN PUBLIC KEY-----": > "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4OTqe0p1tgEoOVtDzjQI > yP1Ipo8ivqTIeH4yH9kLzI4fCKx6ggZJ3h9ecj4p5E355umCThN/1doBc/tq18VGlNtyDNxCh45Z1zGYJKwZxaVaWQXlB2gfgnko1D+Zw9KIlipQHtnhJw/qREEIp4YOgaGcSZBCcQQ4DYCOjfTTbKUXSTlrlOgflfgTiyhUFuiKWkoeivwASigL76PtYNYc > n+dlYKYB/vSQ2CY7FtaDcr22EdqUDVPLNg1+K1rsvHvllP7iTnXA5IgxT5JELdrk > KX9Ek68zDzelOaJxs2tbkkwbqSLQfREzQ/yGAIOW9rZVqlaVBEBzUYzREmeybVq3 gwIDAQAB" > } > > This general format could be used for private keys too. > > What do you think? > > Axel > > ps: Don't know whether I can post from this email address.... Mike, would > you lease post it if it does appear in your inbox but not on the list. > Thanks.**** >
- [jose] jwk Axel Nennker
- Re: [jose] jwk Dirkjan Ochtman
- Re: [jose] jwk Mike Jones
- Re: [jose] jwk Axel Nennker
- Re: [jose] jwk Mike Jones
- Re: [jose] jwk Axel Nennker
- Re: [jose] jwk Mike Jones
- Re: [jose] jwk Axel.Nennker