Re: [jose] The role of JWK
Brian Campbell <bcampbell@pingidentity.com> Thu, 14 August 2014 17:46 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51F741A6F9E for <jose@ietfa.amsl.com>; Thu, 14 Aug 2014 10:46:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.578
X-Spam-Level:
X-Spam-Status: No, score=-3.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Olg1pj3Zpalu for <jose@ietfa.amsl.com>; Thu, 14 Aug 2014 10:46:43 -0700 (PDT)
Received: from na3sys009aog131.obsmtp.com (na3sys009aog131.obsmtp.com [74.125.149.247]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1AC51A6F9D for <jose@ietf.org>; Thu, 14 Aug 2014 10:46:42 -0700 (PDT)
Received: from mail-ig0-f176.google.com ([209.85.213.176]) (using TLSv1) by na3sys009aob131.postini.com ([74.125.148.12]) with SMTP ID DSNKU+z1/fwLoHtBpKNRoRulhoQyJIcIvq0m@postini.com; Thu, 14 Aug 2014 10:46:42 PDT
Received: by mail-ig0-f176.google.com with SMTP id hn18so14325223igb.3 for <jose@ietf.org>; Thu, 14 Aug 2014 10:46:37 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=KoIUWyzwufn37bVL8hQ1GqJ1FsskNTvRV0zLgsJpeOc=; b=B845Rt9EiMztM+ouzSm7Bm3qBcGCFCVTv/b56XTQ7cJn8PzjGGPIgB8oW4p1XHC+ud KdYVrIcMYZpwZpKKi8T2ilkaN6DDJzl6Cv5wXFmt9nIsjdgjH+v3BeVv7pFP5gxYPCJZ 4lVfVxekhXdNpJSQogD7z2oJNI4gcdY1/hLSevAw+KXNzySsStQiTZ3/Gaa9A0W2dXa0 xkeVFobcDd2bt5GuaDnH90OZ/fKsnBxpsq7pzZDnd5Qb9TgizfbXFB4H0b8mOK2cEbZy LknxKaEpotqKxxUs4+q6d1C0NCRGgncVtIakrN9mE3/xF8On5UtIa6sBP2OT6rof/Bve LT4g==
X-Gm-Message-State: ALoCoQkg3OUtxHT6mMpoxZ2Ed5dBZWpHV6ecfJasjjYFvUnlEfm/Qq1Dyd3Bku8eKDHc1l4EPYmt8lxQLtYKUMJsgjMivMufXVpfACWqoTehbV7Edi+7m1prDALQell1ULkggo+UP0MW
X-Received: by 10.50.79.132 with SMTP id j4mr23134407igx.9.1408038397017; Thu, 14 Aug 2014 10:46:37 -0700 (PDT)
X-Received: by 10.50.79.132 with SMTP id j4mr23134370igx.9.1408038396691; Thu, 14 Aug 2014 10:46:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.150.162 with HTTP; Thu, 14 Aug 2014 10:46:06 -0700 (PDT)
In-Reply-To: <53ECE6F6.8000400@gmail.com>
References: <4E1F6AAD24975D4BA5B16804296739439AE1989B@TK5EX14MBXC293.redmond.corp.microsoft.com> <53EC868E.4000000@gmail.com> <CAL02cgS7LxLBWNRdh5EOKwyuiBSsR0jsmMz49c9xztfZehZP_A@mail.gmail.com> <53ECCFF8.9090305@mitre.org> <53ECE6F6.8000400@gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 14 Aug 2014 11:46:06 -0600
Message-ID: <CA+k3eCRbC=xOhTKOZ5K_i6X6NzYkF3j+X+5JQenLPF6kmpXEwg@mail.gmail.com>
To: Sergey Beryozkin <sberyozkin@gmail.com>
Content-Type: multipart/alternative; boundary="089e01228e0c79530d05009a7ca5"
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/wUOaJqxhaV2_tue6QZqkp44Mj-0
Cc: Richard Barnes <rlb@ipv.sx>, Justin Richer <jricher@mitre.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] The role of JWK
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Aug 2014 17:46:45 -0000
One pattern that's emerging as popular is to publish (and periodically rotate) a JWK Set at an HTTPS endpoint and reference they key used for individual messages by kid. OpenID Connect uses that model - it's discussed in some more detail in section 10: http://openid.net/specs/openid-connect-core-1_0.html#SigEnc There's not really much more info there but I discussed this a bit in a recent presentation I gave: http://www.slideshare.net/briandavidcampbell/i-left-my-jwt-in-san-jose/29 On Thu, Aug 14, 2014 at 10:42 AM, Sergey Beryozkin <sberyozkin@gmail.com> wrote: > Hi Richard and Justin > > Very helpful, many thanks ! > > Richard: thanks for the link, the idea of using JWK as a standard medium > for shipping the key (information) is something that helps to understand > why JWK is referred to so much in the specifications like JWE/JWS > > Justin: I'll try my best not to copy the Java code you linked too :-). > > Thanks for links to the examples, let me ask few questions below: > > > On 14/08/14 16:04, Justin Richer wrote: > >> Services are starting to publish their public keys as JWK instead of >> X509, since a JWK doesn't require a trusted CA and can be much more >> easily rotated at runtime. >> > Sorry if it is off-topic, is JWK representing a public key (the public > exponent) is effectively a self-signed public key/cert ? What provides the > extra trust into such JWK ? I've heard here about JWK Thumbprints ? > > > This is the class from our OAuth/OpenID >> Connect system that builds signers and validators off of a public-key >> JWK (using the Nimbus-DS JOSE library): >> >> https://github.com/mitreid-connect/OpenID-Connect-Java- >> Spring-Server/blob/master/openid-connect-common/src/ >> main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java >> >> >> To add to that, with the private/shared key components of JWK, it can be >> a very effective key store. Our OAuth server uses this for its keys, >> this is the class that reads the file and makes the keys available as >> Java key objects to the rest of the system: >> >> https://github.com/mitreid-connect/OpenID-Connect-Java- >> Spring-Server/blob/master/openid-connect-common/src/ >> main/java/org/mitre/jose/keystore/JWKSetKeyStore.java >> >> As you can see, these are both exceedingly simple classes because they >> simple read the URL (in the first case) or file (in the second case) and >> parse the JSON found there into a JWK set, which is then used to create >> the bare keys in the Java security framework. This is the RSA public key >> parser for example: >> >> https://bitbucket.org/connect2id/nimbus-jose-jwt/src/ >> 0d5b12b4d4b84c822bec4af368b3bea5120cb310/src/main/java/com/ >> nimbusds/jose/jwk/RSAKey.java?at=master#cl-1395 >> >> >> Finally, in order to make these keys more easy to deal with, we wrote a >> simple key generator program that will spin up a new RSA, EC, or Oct key >> and print it out as a JWK: >> >> https://github.com/mitreid-connect/json-web-key-generator >> >> >> Whenever we deploy a new copy of our server somewhere, we also pull down >> this program and run it to generate a new JWK key set (with public and >> private keys) that we use to start up the server. The alternative, which >> we used to do, was to use OpenSSL to generate a self-signed X509 >> certificate that we effectively threw away the trust chain for -- lots >> of extra effort to create information that we didn't want and then >> ignore it on the far end, all to get a simple keypair. It was >> unnecessarily complex from all ends, and the switch to JWK has been much >> nicer to deal with. >> >> Is the simplicity of making a demo application running fast a major > factor of preferring JWK to self-signed X509 ? What about the > synchronization between the existing X509-based key storage and the new > JWK-aware storages ? > > Thanks, Sergey > > -- Justin >> >> On 08/14/2014 09:25 AM, Richard Barnes wrote: >> >>> Hey Sergey, >>> >>> JWK isn't necessarily tied to JWE or JWS. It can be used to represent >>> the public key that was used to encrypt a JWE (so that the recipient >>> can look up the private key), or the public key that should be used to >>> verify a JWS. But it can also be used in other contexts. For >>> example, WebCrypto uses JWK (among others) as a format for serializing >>> keys. >>> https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html# >>> subtlecrypto-interface-datatypes >>> >>> As that link suggests, JWK is effectively the same as the PKCS#8 >>> format for private keys and the SubjectPublicKeyInfo format for public >>> keys -- just in JSON instead of ASN.1. It's a way to ship a key from >>> one place to another, for whatever reason you need to do that. >>> >>> Hope that helps, >>> --Richard >>> >>> >>> >>> >>> >>> On Thu, Aug 14, 2014 at 5:51 AM, Sergey Beryozkin >>> <sberyozkin@gmail.com <mailto:sberyozkin@gmail.com>> wrote: >>> >>> Hi, >>> >>> This is very likely a newbie question. What is the role of JWK ? >>> According to [1] it is "... a (JSON) data structure that >>> represents a cryptographic key". >>> >>> I can see plenty examples of JWK in the JWE specification. JWS and >>> JWE headers can have a "jwk" property representing a given JWK. >>> >>> What confuses me is that the examples in JWE use JWK to describe >>> the private parts of a given key. For example, when we talk about >>> the RSA OAEP key encryption, JWK would show a private exponent of >>> a given RSA key (JWE A1). Same for Aes Wrap secret key (JWE A3). Etc. >>> >>> So clearly one would not use a "jwk" JWE header to pass around a >>> JWK representation of the key which was used to encrypt the >>> content encryption key. >>> >>> So I'm thinking a JWK is: >>> - a convenient way to describe a cryptographic key for JWE/JWS >>> specifications to refer to it in the spec examples. >>> - perhaps there's a long-term vision that the key stores would >>> support JWK format directly ? >>> - JWK is a 'container' for various key properties, some of those >>> 'public' properties can be passed around as a JWE/JWS header; >>> >>> Am I on the right track, can someone please clarify it further ? >>> >>> Thanks, Sergey >>> >>> >>> [1] >>> http://tools.ietf.org/html/draft-ietf-jose-json-web-key-31#section-1 >>> >>> _______________________________________________ >>> jose mailing list >>> jose@ietf.org <mailto:jose@ietf.org> >>> >>> https://www.ietf.org/mailman/listinfo/jose >>> >>> >>> >>> >>> _______________________________________________ >>> jose mailing list >>> jose@ietf.org >>> https://www.ietf.org/mailman/listinfo/jose >>> >> >> > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose >
- [jose] JWK Elliptic Curve key representations and… Mike Jones
- Re: [jose] JWK Elliptic Curve key representations… Daniel Holth
- Re: [jose] JWK Elliptic Curve key representations… Mike Scott
- [jose] The role of JWK Sergey Beryozkin
- Re: [jose] The role of JWK Richard Barnes
- Re: [jose] JWK Elliptic Curve key representations… Richard Barnes
- Re: [jose] JWK Elliptic Curve key representations… Stephen Farrell
- Re: [jose] The role of JWK Justin Richer
- Re: [jose] JWK Elliptic Curve key representations… Mike Jones
- Re: [jose] The role of JWK Sergey Beryozkin
- Re: [jose] The role of JWK Justin Richer
- Re: [jose] The role of JWK Sergey Beryozkin
- Re: [jose] The role of JWK Brian Campbell
- Re: [jose] The role of JWK Justin Richer
- Re: [jose] JWK Elliptic Curve key representations… Kathleen Moriarty
- Re: [jose] JWK Elliptic Curve key representations… Mike Jones
- Re: [jose] JWK Elliptic Curve key representations… Justin Richer
- Re: [jose] JWK Elliptic Curve key representations… Richard Barnes
- Re: [jose] JWK Elliptic Curve key representations… Brian Campbell
- Re: [jose] The role of JWK Sergey Beryozkin
- Re: [jose] The role of JWK Sergey Beryozkin
- Re: [jose] The role of JWK Anders Rundgren
- Re: [jose] The role of JWK Sergey Beryozkin
- [jose] Does A128GCMKW qualify as key wrap or encr… Sergey Beryozkin
- Re: [jose] Does A128GCMKW qualify as key wrap or … Mike Jones