Subversion Repositories specifications

Compare Revisions

Rev 535 → Rev 547

1.0/draft-jones-json-web-encryption.txt
4,14 → 4,14
Network Working Group M. Jones
Internet-Draft Microsoft
Intended status: Standards Track E. Rescorla
Expires: May 2, 2012 RTFM, Inc.
Expires: June 15, 2012 RTFM, Inc.
J. Hildebrand
Cisco Systems, Inc.
October 30, 2011
December 13, 2011
 
 
JSON Web Encryption (JWE)
draft-jones-json-web-encryption-01
draft-jones-json-web-encryption-02
 
Abstract
 
40,7 → 40,7
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
 
This Internet-Draft will expire on May 2, 2012.
This Internet-Draft will expire on June 15, 2012.
 
Copyright Notice
 
52,9 → 52,9
 
 
 
Jones, et al. Expires May 2, 2012 [Page 1]
Jones, et al. Expires June 15, 2012 [Page 1]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
(http://trustee.ietf.org/license-info) in effect on the date of
92,7 → 92,7
13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17
13.1. Normative References . . . . . . . . . . . . . . . . . . . 17
13.2. Informative References . . . . . . . . . . . . . . . . . . 19
Appendix A. JWE Examples . . . . . . . . . . . . . . . . . . . . 20
Appendix A. JWE Examples . . . . . . . . . . . . . . . . . . . . 19
A.1. JWE Example using TBD Algorithm . . . . . . . . . . . . . 20
A.1.1. Encrypting . . . . . . . . . . . . . . . . . . . . . . 20
A.1.2. Decrypting . . . . . . . . . . . . . . . . . . . . . . 20
108,9 → 108,9
 
 
 
Jones, et al. Expires May 2, 2012 [Page 2]
Jones, et al. Expires June 15, 2012 [Page 2]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
1. Introduction
138,7 → 138,7
the Plaintext for the recipient to produce the Ciphertext, which
is encrypted to the recipient as the JWE Encrypted Key.
 
JWE Header A string containing a JSON object that describes the
JWE Header A string representing a JSON object that describes the
encryption operations applied to create the JWE Encrypted Key and
the JWE Ciphertext.
 
164,9 → 164,9
 
 
 
Jones, et al. Expires May 2, 2012 [Page 3]
Jones, et al. Expires June 15, 2012 [Page 3]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
Header Parameter Values The values of the members within the JWE
188,7 → 188,7
parts are base64url-encoded for transmission, and typically
represented as the concatenation of the encoded strings in that
order, with the three strings being separated by period ('.')
characters, as is done when used in JSON Web Tokens (JWTs) [JWT].
characters.
 
JWE utilizes encryption to ensure the confidentiality of the contents
of the Plaintext. JWE does not add a content integrity check if not
220,9 → 220,9
 
 
 
Jones, et al. Expires May 2, 2012 [Page 4]
Jones, et al. Expires June 15, 2012 [Page 4]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
{"alg":"RSA1_5",
231,8 → 231,10
"x5t":"7noOPq-hJ1_hCnvWh6IeYI2w9Q0"}
 
Base64url encoding the bytes of the UTF-8 representation of the JWE
Header yields this Encoded JWE Header value:
TBD
Header yields this Encoded JWE Header value (with line breaks for
display purposes only):
eyJhbGciOiJSU0ExXzUiLA0KICJlbmMiOiJBMjU2R0NNIiwNCiAiaXYiOiJfXzc5
X1B2Ni1mZyIsDQogIng1dCI6Ijdub09QcS1oSjFfaENudldoNkllWUkydzlRMCJ9
 
TBD: Finish this example by showing generation of a Content
Encryption Key (CEK), using the CEK to encrypt the Plaintext to
243,14 → 245,12
 
4. JWE Header
 
The members of the JWE Header describe the encryption applied to the
Plaintext. Implementations MUST understand the entire contents of
the header; otherwise, the JWE MUST be rejected for processing.
The members of the JSON object represented by the JWE Header describe
the encryption applied to the Plaintext and optionally additional
properties of the JWE. The Header Parameter Names within this object
MUST be unique. Implementations MUST understand the entire contents
of the header; otherwise, the JWE MUST be rejected for processing.
 
The member names within the JWE Header are referred to as Header
Parameter Names. These names MUST be unique. The corresponding
values are referred to as Header Parameter Values.
 
4.1. Reserved Header Parameter Names
 
The following header parameter names are reserved. All the names are
276,9 → 276,9
 
 
 
Jones, et al. Expires May 2, 2012 [Page 5]
Jones, et al. Expires June 15, 2012 [Page 5]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
+-----------+--------+-------------+--------------------------------+
290,32 → 290,28
| | | | parameter identifies the |
| | | | cryptographic algorithm used |
| | | | to secure the JWE Encrypted |
| | | | Key. A list of reserved "alg" |
| | | | Key. A list of defined "alg" |
| | | | values is presented in |
| | | | Table 3. The processing of |
| | | | the "alg" (algorithm) header |
| | | | parameter requires that the |
| | | | value of the "alg" header |
| | | | parameter MUST be one that is |
| | | | both supported and for which |
| | | | there exists a key for use |
| | | | with that algorithm associated |
| | | | with the intended recipient. |
| | | | The "alg" value is case |
| | | | sensitive. This header |
| | | | parameter is REQUIRED. |
| | | | value MUST be one that is both |
| | | | supported and for which there |
| | | | exists a key for use with that |
| | | | algorithm associated with the |
| | | | intended recipient. The "alg" |
| | | | value is case sensitive. This |
| | | | header parameter is REQUIRED. |
| enc | string | StringOrURI | The "enc" (encryption method) |
| | | | header parameter identifies |
| | | | the symmetric encryption |
| | | | algorithm used to secure the |
| | | | Ciphertext. A list of |
| | | | reserved "enc" values is |
| | | | presented in Table 4. The |
| | | | processing of the "enc" |
| | | | (encryption method) header |
| | | | parameter requires that the |
| | | | value of the "enc" header |
| | | | parameter MUST be one that is |
| | | | Ciphertext. A list of defined |
| | | | "enc" values is presented in |
| | | | Table 4. The processing of |
| | | | the "enc" (encryption method) |
| | | | header parameter requires that |
| | | | the value MUST be one that is |
| | | | supported. The "enc" value is |
| | | | case sensitive. This header |
| | | | parameter is REQUIRED. |
332,9 → 328,13
 
 
 
Jones, et al. Expires May 2, 2012 [Page 6]
 
 
 
 
Jones, et al. Expires June 15, 2012 [Page 6]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
| epk | object | JWK Key | Ephemeral Public Key ("epk") |
345,9 → 345,10
| | | | represented in the same manner |
| | | | as a JSON Web Key [JWK] JWK |
| | | | Key Object value, containing |
| | | | "curve", "x", and "y" members. |
| | | | The inclusion of the JWK Key |
| | | | Object "algorithm" member is |
| | | | "crv" (curve), "x", and "y" |
| | | | members. The inclusion of the |
| | | | JWK Key Object "alg" |
| | | | (algorithm) member is |
| | | | OPTIONAL. This header |
| | | | parameter is OPTIONAL. |
| zip | string | String | Compression algorithm ("zip") |
387,10 → 388,9
 
 
 
 
Jones, et al. Expires May 2, 2012 [Page 7]
Jones, et al. Expires June 15, 2012 [Page 7]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
| jku | string | URL | The "jku" (JSON Web Key URL) |
444,9 → 444,9
 
 
 
Jones, et al. Expires May 2, 2012 [Page 8]
Jones, et al. Expires June 15, 2012 [Page 8]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
| x5u | string | URL | The "x5u" (X.509 URL) header |
500,9 → 500,9
 
 
 
Jones, et al. Expires May 2, 2012 [Page 9]
Jones, et al. Expires June 15, 2012 [Page 9]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
+-------------+-----------------------------------------------------+
524,9 → 524,9
name or algorithm value SHOULD either be defined in the IANA JSON Web
Encryption Header Parameters registry or be defined as a URI that
contains a collision resistant namespace. In each case, the definer
of the name or value MUST take reasonable precautions to make sure
they are in control of the part of the namespace they use to define
the header parameter name.
of the name or value needs to take reasonable precautions to make
sure they are in control of the part of the namespace they use to
define the header parameter name.
 
New header parameters should be introduced sparingly, as they can
result in non-interoperable JWEs.
556,9 → 556,9
 
 
 
Jones, et al. Expires May 2, 2012 [Page 10]
Jones, et al. Expires June 15, 2012 [Page 10]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
3. Generate a random IV (if required for the algorithm).
572,10 → 572,13
7. Set the Encoded JWE Ciphertext equal to the base64url encoded
representation of C.
 
8. Create the JWE Header containing the encryption parameters used.
8. Create a JWE Header containing the encryption parameters used.
Note that white space is explicitly allowed in the
representation and no canonicalization is performed before
encoding.
 
9. Base64url encoded the UTF-8 representation of the JWE Header to
create the Encoded JWE Header.
9. Base64url encode the bytes of the UTF-8 representation of the
JWE Header to create the Encoded JWE Header.
 
10. The three encoded parts, taken together, are the result of the
encryption.
606,17 → 609,17
6. Decrypt the binary representation of the JWE Ciphertext using the
CEK.
 
7. Uncompress the result of the previous step, if a "zip" parameter
was included.
 
 
 
 
Jones, et al. Expires May 2, 2012 [Page 11]
Jones, et al. Expires June 15, 2012 [Page 11]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
7. Uncompress the result of the previous step, if a "zip" parameter
was included.
 
8. Output the result.
 
 
662,17 → 665,17
specific algorithms for these purposes.
 
The table below Table 3 is the set of "alg" header parameter values
that are reserved by this specification. These algorithms are used
to encrypt the CEK, which produces the JWE Encrypted Key.
 
 
 
 
Jones, et al. Expires May 2, 2012 [Page 12]
Jones, et al. Expires June 15, 2012 [Page 12]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
that are defined by this specification. These algorithms are used to
encrypt the CEK, which produces the JWE Encrypted Key.
 
+-----------+-------------------------------------------------------+
| alg | Encryption Algorithm |
| Parameter | |
698,11 → 701,11
| | [NIST-800-38D] |
+-----------+-------------------------------------------------------+
 
Table 3: JWE Reserved alg Parameter Values
Table 3: JWE Defined "alg" Parameter Values
 
The table below Table 4 is the set of "enc" header parameter values
that are reserved by this specification. These algorithms are used
to encrypt the Plaintext, which produces the Ciphertext.
that are defined by this specification. These algorithms are used to
encrypt the Plaintext, which produces the Ciphertext.
 
+-----------+-------------------------------------------------------+
| enc | Symmetric Encryption Algorithm |
721,12 → 724,9
 
 
 
 
 
 
Jones, et al. Expires May 2, 2012 [Page 13]
Jones, et al. Expires June 15, 2012 [Page 13]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
| A256GCM | Advanced Encryption Standard (AES) using 256 bit keys |
734,7 → 734,7
| | [NIST-800-38D] |
+-----------+-------------------------------------------------------+
 
Table 4: JWE Reserved enc Parameter Values
Table 4: JWE Defined "enc" Parameter Values
 
Of these algorithms, only RSA-PKCS1-1.5 with 2048 bit keys, AES-128-
CBC, and AES-256-CBC MUST be implemented by conforming
744,8 → 744,8
 
9.1. Encrypting a JWE with TBD
 
TBD: Descriptions of the particulars of each specified algorithm go
here.
TBD: Descriptions of the particulars of using each specified
algorithm go here.
 
9.2. Additional Algorithms
 
753,10 → 753,11
"alg" and "enc" header parameter values being defined to refer to
them. New "alg" and "enc" header parameter values SHOULD either be
defined in the IANA JSON Web Encryption Algorithms registry or be a
URI that contains a collision resistant namespace. In particular,
the use of algorithm identifiers defined in
[W3C.REC-xmlenc-core-20021210], [W3C.CR-xmlenc-core1-20110303], and
related specifications is permitted.
URI that contains a collision resistant namespace. In particular, it
is permissible to use the algorithm identifiers defined in XML
Encryption [W3C.REC-xmlenc-core-20021210], XML Encryption 1.1
[W3C.CR-xmlenc-core1-20110303], and related specifications as "alg"
and "enc" values.
 
 
10. IANA Considerations
773,20 → 774,20
inclusion of the header parameter names defined in Table 1.
 
o A new IANA registry entitled "JSON Web Encryption Algorithms" for
reserved values used with the "alg" and "enc" header parameter
values, as defined in Section 9.2. Inclusion in the registry is
RFC Required in the RFC 5226 [RFC5226] sense. The registry will
record the "alg" or "enc" value and a pointer to the RFC that
values used with the "alg" and "enc" header parameters is defined
in Section 9.2. Inclusion in the registry is RFC Required in the
RFC 5226 [RFC5226] sense. The registry will record the "alg" or
 
 
 
Jones, et al. Expires May 2, 2012 [Page 14]
Jones, et al. Expires June 15, 2012 [Page 14]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
defines it. This specification defines inclusion of the algorithm
values defined in Table 3 and Table 4.
"enc" value and a pointer to the RFC that defines it. This
specification defines inclusion of the algorithm values defined in
Table 3 and Table 4.
 
 
11. Security Considerations
832,15 → 833,15
be represented in a JSON string as "\uD834\uDD1E". Ideally, JWE
implementations SHOULD ensure that characters outside the Basic
Multilingual Plane are preserved and compared correctly;
alternatively, if this is not possible due to these characters
 
 
 
Jones, et al. Expires May 2, 2012 [Page 15]
Jones, et al. Expires June 15, 2012 [Page 15]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
alternatively, if this is not possible due to these characters
exercising limitations present in the underlying JSON implementation,
then input containing them MUST be rejected.
 
855,7 → 856,8
 
o Consider whether we want to define composite signing/encryption
operations (as was the consensus to do at IIW, as documented at
http://self-issued.info/?p=378).
http://self-issued.info/?p=378). This would provide both
confidentiality and integrity.
 
o Consider whether reusing the JWS "jku", "kid", "x5u", and "x5t"
parameters is the right thing to do, particularly as it
887,16 → 889,16
 
o Should StringOrURI use IRIs rather than RFC 3986 URIs?
 
o Provide a more robust description of the use of the IV. The
current statement "For GCM, the random 64-bit IV is prepended to
 
 
 
Jones, et al. Expires May 2, 2012 [Page 16]
Jones, et al. Expires June 15, 2012 [Page 16]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
o Provide a more robust description of the use of the IV. The
current statement "For GCM, the random 64-bit IV is prepended to
the ciphertext" in the Symmetric Encryption section is almost
certainly out of place.
 
906,9 → 908,6
removed. Therefore, implementers MUST be prepared for this
eventuality.
 
o Consider whether a media type should be proposed, such as
"application/jwe".
 
o Should we define the use of RFC 5649 key wrapping functions, which
allow arbitrary key sizes, in addition to the current use of RFC
3394 key wrapping functions, which require that keys be multiples
924,11 → 923,11
"Advanced Encryption Standard (AES)", FIPS PUB 197,
November 2001.
 
[JWK] Jones, M., "JSON Web Key (JWK)", October 2011.
[JWK] Jones, M., "JSON Web Key (JWK)", December 2011.
 
[JWS] Jones, M., Balfanz, D., Bradley, J., Goland, Y., Panzer,
J., Sakimura, N., and P. Tarjan, "JSON Web Signature
(JWS)", October 2011.
(JWS)", December 2011.
 
[NIST-800-38A]
National Institute of Standards and Technology (NIST),
945,16 → 944,15
National Institute of Standards and Technology (NIST),
"Recommendation for Pair-Wise Key Establishment Schemes
Using Discrete Logarithm Cryptography (Revised)", NIST PUB
800-56A, March 2007.
 
 
 
Jones, et al. Expires May 2, 2012 [Page 17]
Jones, et al. Expires June 15, 2012 [Page 17]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
800-56A, March 2007.
 
[RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic
Mail: Part I: Message Encryption and Authentication
Procedures", RFC 1421, February 1993.
1001,23 → 999,19
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, August 2008.
 
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key
 
 
 
Jones, et al. Expires May 2, 2012 [Page 18]
Jones, et al. Expires June 15, 2012 [Page 18]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, May 2008.
 
[RFC5785] Nottingham, M. and E. Hammer-Lahav, "Defining Well-Known
Uniform Resource Identifiers (URIs)", RFC 5785,
April 2010.
 
[RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic
Curve Cryptography Algorithms", RFC 6090, February 2011.
 
1041,30 → 1035,18
 
[JWT] Jones, M., Balfanz, D., Bradley, J., Goland, Y., Panzer,
J., Sakimura, N., and P. Tarjan, "JSON Web Token (JWT)",
October 2011.
December 2011.
 
[RFC3275] Eastlake, D., Reagle, J., and D. Solo, "(Extensible Markup
Language) XML-Signature Syntax and Processing", RFC 3275,
March 2002.
 
[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70,
RFC 5652, September 2009.
 
[W3C.CR-xmlenc-core1-20110303]
Hirsch, F., Reagle, J., Eastlake, D., and T. Roessler,
Hirsch, F., Roessler, T., Reagle, J., and D. Eastlake,
"XML Encryption Syntax and Processing Version 1.1", World
Wide Web Consortium CR CR-xmlenc-core1-20110303,
March 2011,
<http://www.w3.org/TR/2011/CR-xmlenc-core1-20110303>.
 
 
 
 
Jones, et al. Expires May 2, 2012 [Page 19]
Internet-Draft JWE October 2011
 
 
[W3C.REC-xmlenc-core-20021210]
Eastlake, D. and J. Reagle, "XML Encryption Syntax and
Processing", World Wide Web Consortium Recommendation REC-
1076,6 → 1058,13
 
This section provides several examples of JWEs.
 
 
 
Jones, et al. Expires June 15, 2012 [Page 19]
Internet-Draft JWE December 2011
 
 
A.1. JWE Example using TBD Algorithm
 
A.1.1. Encrypting
1091,20 → 1080,32
 
This appendix contains a table cross-referencing the "alg" and "enc"
values used in this specification with the equivalent identifiers
used by other standards and software packages. See XML DSIG
[RFC3275] and Java Cryptography Architecture [JCA] for more
information about the names defined by those documents.
used by other standards and software packages. See XML Encryption
[W3C.REC-xmlenc-core-20021210], XML Encryption 1.1
[W3C.CR-xmlenc-core1-20110303], and Java Cryptography Architecture
[JCA] for more information about the names defined by those
documents.
 
+---------+------+-------------------------+-------------------+----+
| Algorit | JWE | XML ENC | JCA | OI |
| hm | | | | D |
+---------+------+-------------------------+-------------------+----+
| RSA | RSA1 | http://www.w3.org/2001/ | RSA/ECB/PKCS1Padd | TB |
| using | _5 | 04/xmlenc#rsa-1_5 | ing | D |
| RSA-PKC | | | | |
| S1-1.5 | | | | |
| paddin | | | | |
| g | | | | |
+---------+-------+---------------------------+---------------------+
| Algorit | JWE | XML ENC | JCA |
| hm | | | |
+---------+-------+---------------------------+---------------------+
| RSA | RSA1_ | http://www.w3.org/2001/04 | RSA/ECB/PKCS1Paddin |
| using | 5 | /xmlenc#rsa-1_5 | g |
| RSA-PKC | | | |
| S1-1.5 | | | |
| paddin | | | |
| g | | | |
| RSA | RSA-O | http://www.w3.org/2001/04 | RSA/ECB/OAEPWithSHA |
| using | AEP | /xmlenc#rsa-oaep-mgf1p | -1AndMGF1Padding |
| Optimal | | | |
| Asymmet | | | |
| ric | | | |
| Encryp | | | |
| tion | | | |
| Paddi | | | |
| ng(OAEP | | | |
| ) | | | |
 
 
 
1115,46 → 1116,51
 
 
 
 
Jones, et al. Expires May 2, 2012 [Page 20]
Jones, et al. Expires June 15, 2012 [Page 20]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
| RSA | RSA- | http://www.w3.org/2001/ | RSA/ECB/OAEPWithS | TB |
| using | OAEP | 04/xmlenc#rsa-oaep-mgf1 | HA-1AndMGF1Paddin | D |
| Optimal | | p | g | |
| Asymmet | | | | |
| ric | | | | |
| Encryp | | | | |
| tion | | | | |
| Paddi | | | | |
| ng(OAEP | | | | |
| ) | | | | |
| Ellipti | ECDH | http://www.w3.org/2009/ | TBD | TB |
| cCurve | -ES | xmlenc11#ECDH-ES | | D |
| Diffie | | | | |
| -Hellma | | | | |
| n Ephem | | | | |
| eral | | | | |
| Stat | | | | |
| ic | | | | |
| Advance | A128 | http://www.w3.org/2001/ | TBD | TB |
| d | KW | 04/xmlenc#kw-aes128 | | D |
| Encryp | | | | |
| tion | | | | |
| Stand | | | | |
| ard(AES | | | | |
| ) Key | | | | |
| Wrap | | | | |
| Algo | | | | |
| rithm R | | | | |
| FC 339 | | | | |
| 4 [RF | | | | |
| C3394] | | | | |
| using12 | | | | |
| 8 bitke | | | | |
| ys | | | | |
| Ellipti | ECDH- | http://www.w3.org/2009/xm | TBD |
| cCurve | ES | lenc11#ECDH-ES | |
| Diffie | | | |
| -Hellma | | | |
| n Ephem | | | |
| eral | | | |
| Stat | | | |
| ic | | | |
| Advance | A128K | http://www.w3.org/2001/04 | TBD |
| d | W | /xmlenc#kw-aes128 | |
| Encryp | | | |
| tion | | | |
| Stand | | | |
| ard(AES | | | |
| ) Key | | | |
| Wrap | | | |
| Algo | | | |
| rithm R | | | |
| FC 339 | | | |
| 4 [RF | | | |
| C3394] | | | |
| using12 | | | |
| 8 bitke | | | |
| ys | | | |
| Advance | A256K | http://www.w3.org/2001/04 | TBD |
| d | W | /xmlenc#kw-aes256 | |
| Encryp | | | |
| tion | | | |
| Stand | | | |
| ard(AES | | | |
| ) Key | | | |
| Wrap | | | |
| Algo | | | |
| rithm R | | | |
| FC 339 | | | |
| 4 [RF | | | |
| C3394] | | | |
| using25 | | | |
| 6 bitke | | | |
| ys | | | |
 
 
 
1166,100 → 1172,81
 
 
 
Jones, et al. Expires June 15, 2012 [Page 21]
Internet-Draft JWE December 2011
 
 
| Advance | A128C | http://www.w3.org/2001/04 | AES/CBC/PKCS5Paddin |
| d | BC | /xmlenc#aes128-cbc | g |
| Encryp | | | |
| tion | | | |
| Stand | | | |
| ard(AES | | | |
| ) usin | | | |
| g 128 | | | |
| bitkeys | | | |
| inCiph | | | |
| er Bloc | | | |
| k Chai | | | |
| ningmod | | | |
| e | | | |
| Advance | A256C | http://www.w3.org/2001/04 | AES/CBC/PKCS5Paddin |
| d | BC | /xmlenc#aes256-cbc | g |
| Encryp | | | |
| tion | | | |
| Stand | | | |
| ard(AES | | | |
| ) usin | | | |
| g 256 | | | |
| bitkeys | | | |
| inCiph | | | |
| er Bloc | | | |
| k Chai | | | |
| ningmod | | | |
| e | | | |
| Advance | A128G | http://www.w3.org/2009/xm | AES/GCM/NoPadding |
| d | CM | lenc11#aes128-gcm | |
| Encryp | | | |
| tion | | | |
| Stand | | | |
| ard(AES | | | |
| ) usin | | | |
| g 128 | | | |
| bitkeys | | | |
| inGalo | | | |
| is/Coun | | | |
| ter Mod | | | |
| e | | | |
 
 
 
 
Jones, et al. Expires May 2, 2012 [Page 21]
Internet-Draft JWE October 2011
 
 
| Advance | A256 | http://www.w3.org/2001/ | TBD | TB |
| d | KW | 04/xmlenc#kw-aes256 | | D |
| Encryp | | | | |
| tion | | | | |
| Stand | | | | |
| ard(AES | | | | |
| ) Key | | | | |
| Wrap | | | | |
| Algo | | | | |
| rithm R | | | | |
| FC 339 | | | | |
| 4 [RF | | | | |
| C3394] | | | | |
| using25 | | | | |
| 6 bitke | | | | |
| ys | | | | |
| Advance | A128 | http://www.w3.org/2001/ | AES/CBC/PKCS5Padd | TB |
| d | CBC | 04/xmlenc#aes128-cbc | ing | D |
| Encryp | | | | |
| tion | | | | |
| Stand | | | | |
| ard(AES | | | | |
| ) usin | | | | |
| g 128 | | | | |
| bitkeys | | | | |
| inCiph | | | | |
| er Bloc | | | | |
| k Chai | | | | |
| ningmod | | | | |
| e | | | | |
| Advance | A256 | http://www.w3.org/2001/ | AES/CBC/PKCS5Padd | TB |
| d | CBC | 04/xmlenc#aes256-cbc | ing | D |
| Encryp | | | | |
| tion | | | | |
| Stand | | | | |
| ard(AES | | | | |
| ) usin | | | | |
| g 256 | | | | |
| bitkeys | | | | |
| inCiph | | | | |
| er Bloc | | | | |
| k Chai | | | | |
| ningmod | | | | |
| e | | | | |
 
 
 
 
 
 
 
Jones, et al. Expires May 2, 2012 [Page 22]
Jones, et al. Expires June 15, 2012 [Page 22]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
| Advance | A128 | http://www.w3.org/2009/ | AES/GCM/NoPadding | TB |
| d | GCM | xmlenc11#aes128-gcm | | D |
| Encryp | | | | |
| tion | | | | |
| Stand | | | | |
| ard(AES | | | | |
| ) usin | | | | |
| g 128 | | | | |
| bitkeys | | | | |
| inGalo | | | | |
| is/Coun | | | | |
| ter Mod | | | | |
| e | | | | |
| Advance | A256 | http://www.w3.org/2009/ | AES/GCM/NoPadding | TB |
| d | GCM | xmlenc11#aes256-gcm | | D |
| Encryp | | | | |
| tion | | | | |
| Stand | | | | |
| ard(AES | | | | |
| ) usin | | | | |
| g 256 | | | | |
| bitkeys | | | | |
| inGalo | | | | |
| is/Coun | | | | |
| ter Mod | | | | |
| e | | | | |
+---------+------+-------------------------+-------------------+----+
| Advance | A256G | http://www.w3.org/2009/xm | AES/GCM/NoPadding |
| d | CM | lenc11#aes256-gcm | |
| Encryp | | | |
| tion | | | |
| Stand | | | |
| ard(AES | | | |
| ) usin | | | |
| g 256 | | | |
| bitkeys | | | |
| inGalo | | | |
| is/Coun | | | |
| ter Mod | | | |
| e | | | |
+---------+-------+---------------------------+---------------------+
 
Table 5: Algorithm Identifier Cross-Reference
 
1268,9 → 1255,10
 
Solutions for encrypting JSON content were also explored by [JSS] and
[I-D.rescorla-jsms], both of which significantly influenced this
draft. This draft attempts to explicitly reuse as much from
[W3C.CR-xmlenc-core1-20110303] and RFC 5652 [RFC5652] as possible,
while utilizing simple compact JSON-based data structures.
draft. This draft attempts to explicitly reuse as much from XML
Encryption 1.1 [W3C.CR-xmlenc-core1-20110303] and RFC 5652 [RFC5652]
as possible, while utilizing simple compact JSON-based data
structures.
 
Special thanks are due to John Bradley and Nat Sakimura for the
discussions that helped inform the content of this specification and
1280,13 → 1268,25
 
Appendix D. Document History
 
-02
 
o Update to use short JWK Key Object names in Ephemeral Public Keys.
 
o Moved "MUST" requirements from the Overview to later in the spec.
 
o Respect line length restrictions in examples.
 
o Applied other editorial improvements.
 
-01
 
 
 
Jones, et al. Expires May 2, 2012 [Page 23]
 
 
Jones, et al. Expires June 15, 2012 [Page 23]
Internet-Draft JWE October 2011
Internet-Draft JWE December 2011
 
 
o Changed type of Ephemeral Public Key ("epk") from string to JSON
1340,5 → 1340,5
 
 
 
Jones, et al. Expires May 2, 2012 [Page 24]
Jones, et al. Expires June 15, 2012 [Page 24]
1.0/draft-jones-json-web-encryption.xml
6,7 → 6,6
<!ENTITY RFC1952 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1952.xml">
<!ENTITY RFC2119 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY RFC2818 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2818.xml">
<!ENTITY RFC3275 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3275.xml">
<!ENTITY RFC3394 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3394.xml">
<!ENTITY RFC3447 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3447.xml">
<!ENTITY RFC3629 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3629.xml">
18,7 → 17,6
<!ENTITY RFC5246 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5246.xml">
<!ENTITY RFC5280 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5280.xml">
<!ENTITY RFC5652 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5652.xml">
<!ENTITY RFC5785 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5785.xml">
<!ENTITY RFC6090 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6090.xml">
<!ENTITY RFC6125 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6125.xml">
<!ENTITY W3C.REC-xmlenc-core-20021210 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml4/reference.W3C.REC-xmlenc-core-20021210.xml">
28,7 → 26,7
]>
<?rfc toc="yes"?>
<?rfc tocompact="yes"?>
<?rfc tocdepth="3"?>
<?rfc tocdepth="4"?>
<?rfc tocindent="yes"?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes"?>
36,7 → 34,7
<?rfc inline="yes"?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<rfc category="std" docName="draft-jones-json-web-encryption-01"
<rfc category="std" docName="draft-jones-json-web-encryption-02"
ipr="trust200902">
<front>
<title abbrev="JWE">JSON Web Encryption (JWE)</title>
63,7 → 61,7
</address>
</author>
 
<date day="30" month="October" year="2011" />
<date day="13" month="December" year="2011" />
 
<area>Security</area>
 
145,7 → 143,7
</t>
 
<t hangText="JWE Header">
A string containing a JSON object that describes the
A string representing a JSON object that describes the
encryption operations applied to create the JWE Encrypted
Key and the JWE Ciphertext.
</t>
201,8 → 199,7
base64url-encoded for transmission, and typically represented
as the concatenation of the encoded strings in that order,
with the three strings being separated by period ('.')
characters, as is done when used in JSON Web Tokens (JWTs)
<xref target="JWT" />.
characters.
</t>
<t>
JWE utilizes encryption to ensure the confidentiality of the
249,10 → 246,12
 
<t>
Base64url encoding the bytes of the UTF-8 representation of
the JWE Header yields this Encoded JWE Header value:
the JWE Header yields this Encoded JWE Header value
(with line breaks for display purposes only):
</t>
 
<figure><artwork><![CDATA[TBD]]></artwork></figure>
<figure><artwork><![CDATA[eyJhbGciOiJSU0ExXzUiLA0KICJlbmMiOiJBMjU2R0NNIiwNCiAiaXYiOiJfXzc5
X1B2Ni1mZyIsDQogIng1dCI6Ijdub09QcS1oSjFfaENudldoNkllWUkydzlRMCJ9]]></artwork></figure>
 
<t>
TBD: Finish this example by showing generation of a Content
268,17 → 267,14
<section title="JWE Header">
 
<t>
The members of the JWE Header describe the encryption applied
to the Plaintext. Implementations MUST understand the
The members of the JSON object represented by the JWE Header
describe the encryption applied to the Plaintext and optionally
additional properties of the JWE.
The Header Parameter Names within this object MUST be unique.
Implementations MUST understand the
entire contents of the header; otherwise, the JWE MUST be
rejected for processing.
</t>
<t>
The member names within the JWE Header are referred to as
Header Parameter Names. These names MUST be unique. The
corresponding values are referred to as Header Parameter
Values.
</t>
 
<section title="Reserved Header Parameter Names" anchor="ReservedHeaderParameterName">
<t>
309,12 → 305,11
<c>
The <spanx style="verb">alg</spanx> (algorithm) header
parameter identifies the cryptographic algorithm used to
secure the JWE Encrypted Key. A list of reserved <spanx
secure the JWE Encrypted Key. A list of defined <spanx
style="verb">alg</spanx> values is presented in <xref
target="AlgTable"></xref>.
The processing of the <spanx style="verb">alg</spanx>
(algorithm) header parameter requires that the value of
the <spanx style="verb">alg</spanx> header parameter MUST
(algorithm) header parameter requires that the value MUST
be one that is both supported and for which there exists a
key for use with that algorithm associated with the
intended recipient. The <spanx style="verb">alg</spanx>
329,12 → 324,11
The <spanx style="verb">enc</spanx> (encryption
method) header parameter identifies the symmetric
encryption algorithm used to secure the Ciphertext. A
list of reserved <spanx style="verb">enc</spanx> values is
list of defined <spanx style="verb">enc</spanx> values is
presented in <xref target="EncTable"></xref>. The
processing of the <spanx style="verb">enc</spanx>
(encryption method) header parameter requires that the
value of the <spanx style="verb">enc</spanx> header
parameter MUST be one that is supported. The <spanx
value MUST be one that is supported. The <spanx
style="verb">enc</spanx> value is case sensitive. This
header parameter is REQUIRED.
</c>
358,10 → 352,10
<xref target="RFC6090">RFC 6090</xref>
encryption. This key is represented in the same manner as
a JSON Web Key <xref target="JWK" /> JWK Key Object value,
containing <spanx style="verb">curve</spanx>, <spanx
containing <spanx style="verb">crv</spanx> (curve), <spanx
style="verb">x</spanx>, and <spanx style="verb">y</spanx>
members. The inclusion of the JWK Key Object <spanx
style="verb">algorithm</spanx> member is OPTIONAL.
style="verb">alg</spanx> (algorithm) member is OPTIONAL.
This header parameter is OPTIONAL.
</c>
 
505,7 → 499,7
defined in the IANA JSON Web Encryption Header Parameters
registry or be defined as a URI that contains a collision
resistant namespace. In each case, the definer of the name
or value MUST take reasonable precautions to make sure they
or value needs to take reasonable precautions to make sure they
are in control of the part of the namespace they use to
define the header parameter name.
</t>
567,12 → 561,15
representation of C.
</t>
<t>
Create the JWE Header containing the encryption
Create a JWE Header containing the encryption
parameters used.
Note that white space is explicitly allowed
in the representation and no canonicalization is performed
before encoding.
</t>
<t>
Base64url encoded the UTF-8 representation of the JWE
Header to create the Encoded JWE Header.
Base64url encode the bytes of the UTF-8 representation of
the JWE Header to create the Encoded JWE Header.
</t>
<t>
The three encoded parts, taken together, are the result of
687,11 → 684,11
<t>
The table below <xref target="AlgTable" /> is the set of
<spanx style="verb">alg</spanx> header parameter values that
are reserved by this specification. These algorithms are used
are defined by this specification. These algorithms are used
to encrypt the CEK, which produces the JWE Encrypted Key.
</t>
 
<texttable title="JWE Reserved alg Parameter Values" anchor="AlgTable">
<texttable title='JWE Defined "alg" Parameter Values' anchor="AlgTable">
 
<ttcol align="left">alg Parameter Value</ttcol>
<ttcol align="left">Encryption Algorithm</ttcol>
735,11 → 732,11
<t>
The table below <xref target="EncTable" /> is the set of
<spanx style="verb">enc</spanx> header parameter values that
are reserved by this specification. These algorithms are used
are defined by this specification. These algorithms are used
to encrypt the Plaintext, which produces the Ciphertext.
</t>
 
<texttable title="JWE Reserved enc Parameter Values" anchor="EncTable">
<texttable title='JWE Defined "enc" Parameter Values' anchor="EncTable">
 
<ttcol align="left">enc Parameter Value</ttcol>
<ttcol align="left">Symmetric Encryption Algorithm</ttcol>
778,7 → 775,7
<section title="Encrypting a JWE with TBD" anchor="EncryptingWithTBD">
 
<t>
TBD: Descriptions of the particulars of each specified
TBD: Descriptions of the particulars of using each specified
algorithm go here.
</t>
 
795,10 → 792,11
header parameter values SHOULD either be defined in the IANA
JSON Web Encryption Algorithms registry or be a URI that
contains a collision resistant namespace. In particular,
the use of algorithm identifiers defined in <xref
target="W3C.REC-xmlenc-core-20021210" />, <xref
target="W3C.CR-xmlenc-core1-20110303" />, and related
specifications is permitted.
it is permissible to use the algorithm identifiers defined in
<xref target="W3C.REC-xmlenc-core-20021210">XML Encryption</xref>,
<xref target="W3C.CR-xmlenc-core1-20110303">XML Encryption 1.1</xref>,
and related specifications as <spanx style="verb">alg</spanx>
and <spanx style="verb">enc</spanx> values.
</t>
 
</section>
825,9 → 823,9
</t>
<t>
A new IANA registry entitled "JSON Web Encryption
Algorithms" for reserved values used with the <spanx
Algorithms" for values used with the <spanx
style="verb">alg</spanx> and <spanx
style="verb">enc</spanx> header parameter values, as
style="verb">enc</spanx> header parameters is
defined in <xref target="MoreAlgs"></xref>. Inclusion in
the registry is RFC Required in the <xref
target="RFC5226">RFC 5226</xref> sense. The registry will
920,6 → 918,7
Consider whether we want to define composite
signing/encryption operations (as was the consensus to do
at IIW, as documented at http://self-issued.info/?p=378).
This would provide both confidentiality and integrity.
</t>
<t>
Consider whether reusing the JWS <spanx
979,10 → 978,6
prepared for this eventuality.
</t>
<t>
Consider whether a media type should be proposed, such as
"application/jwe".
</t>
<t>
Should we define the use of RFC 5649 key wrapping
functions, which allow arbitrary key sizes, in addition to
the current use of RFC 3394 key wrapping functions, which
1011,7 → 1006,6
&RFC5226;
&RFC5246;
&RFC5280;
&RFC5785;
&RFC6090;
&RFC6125;
 
1118,9 → 1112,9
</address>
</author>
 
<date day="30" month="October" year="2011" />
<date day="13" month="December" year="2011" />
</front>
<format target="http://self-issued.info/docs/draft-jones-json-web-signature.html" type="HTML" />
<format target="http://tools.ietf.org/html/draft-jones-json-web-signature" type="HTML" />
</reference>
 
<reference anchor="JWK">
1135,15 → 1129,14
</address>
</author>
 
<date day="30" month="October" year="2011" />
<date day="13" month="December" year="2011" />
</front>
<format target="http://self-issued.info/docs/draft-jones-json-web-key.html" type="HTML" />
<format target="http://tools.ietf.org/html/draft-jones-json-web-key" type="HTML" />
</reference>
 
</references>
 
<references title="Informative References">
&RFC3275;
&RFC5652;
&W3C.REC-xmlenc-core-20021210;
&W3C.CR-xmlenc-core1-20110303;
1202,9 → 1195,9
</address>
</author>
 
<date day="30" month="October" year="2011" />
<date day="13" month="December" year="2011" />
</front>
<format target="http://self-issued.info/docs/draft-jones-json-web-token.html" type="HTML" />
<format target="http://tools.ietf.org/html/draft-jones-json-web-token" type="HTML" />
</reference>
 
&jsms;
1267,7 → 1260,10
style="verb">alg</spanx> and <spanx style="verb">enc</spanx>
values used in this specification with the equivalent
identifiers used by other standards and software packages.
See <xref target="RFC3275">XML DSIG</xref> and <xref
See
<xref target="W3C.REC-xmlenc-core-20021210">XML Encryption</xref>,
<xref target="W3C.CR-xmlenc-core1-20110303">XML Encryption 1.1</xref>,
and <xref
target="JCA">Java Cryptography Architecture</xref> for more
information about the names defined by those documents.
 
1278,69 → 1274,59
<ttcol align="left">JWE</ttcol>
<ttcol align="left">XML ENC</ttcol>
<ttcol align="left">JCA</ttcol>
<ttcol align="left">OID</ttcol>
 
<c>RSA using RSA-PKCS1-1.5 padding</c>
<c>RSA1_5</c>
<c>http://www.w3.org/2001/04/xmlenc#rsa-1_5</c>
<c>RSA/ECB/PKCS1Padding</c>
<!-- TBD: RSA/None/PKCS1Padding or RSA/ECB/PKCS1Padding ? -->
<c>TBD</c>
 
<c>RSA using Optimal Asymmetric Encryption Padding (OAEP)</c>
<c>RSA-OAEP</c>
<c>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</c>
<c>RSA/ECB/OAEPWithSHA-1AndMGF1Padding</c>
<!-- RSA/ECB/OAEPWithSHA-1AndMGF1Padding or RSA/ECB/OAEPWithSHA-256AndMGF1Padding or RSA/NONE/OAEPWithSHA-1AndMGF1Padding or RSA/NONE/OAEPWithSHA-256AndMGF1Padding ? -->
<c>TBD</c>
 
<c>Elliptic Curve Diffie-Hellman Ephemeral Static</c>
<c>ECDH-ES</c>
<c>http://www.w3.org/2009/xmlenc11#ECDH-ES</c>
<c>TBD</c>
<c>TBD</c>
 
<c>Advanced Encryption Standard (AES) Key Wrap Algorithm <xref
target="RFC3394">RFC 3394</xref> using 128 bit keys</c>
<c>A128KW</c>
<c>http://www.w3.org/2001/04/xmlenc#kw-aes128</c>
<c>TBD</c>
<c>TBD</c>
 
<c>Advanced Encryption Standard (AES) Key Wrap Algorithm <xref
target="RFC3394">RFC 3394</xref> using 256 bit keys</c>
<c>A256KW</c>
<c>http://www.w3.org/2001/04/xmlenc#kw-aes256</c>
<c>TBD</c>
<c>TBD</c>
 
<c>Advanced Encryption Standard (AES) using 128 bit keys in
Cipher Block Chaining mode</c>
<c>A128CBC</c>
<c>http://www.w3.org/2001/04/xmlenc#aes128-cbc</c>
<c>AES/CBC/PKCS5Padding</c>
<c>TBD</c>
 
<c>Advanced Encryption Standard (AES) using 256 bit keys in
Cipher Block Chaining mode</c>
<c>A256CBC</c>
<c>http://www.w3.org/2001/04/xmlenc#aes256-cbc</c>
<c>AES/CBC/PKCS5Padding</c>
<c>TBD</c>
 
<c>Advanced Encryption Standard (AES) using 128 bit keys in
Galois/Counter Mode</c>
<c>A128GCM</c>
<c>http://www.w3.org/2009/xmlenc11#aes128-gcm</c>
<c>AES/GCM/NoPadding</c>
<c>TBD</c>
 
<c>Advanced Encryption Standard (AES) using 256 bit keys in
Galois/Counter Mode</c>
<c>A256GCM</c>
<c>http://www.w3.org/2009/xmlenc11#aes256-gcm</c>
<c>AES/GCM/NoPadding</c>
<c>TBD</c>
 
</texttable>
</section>
1351,8 → 1337,9
Solutions for encrypting JSON content were also explored by
<xref target="JSS" /> and <xref target="I-D.rescorla-jsms"/>,
both of which significantly influenced this draft. This draft
attempts to explicitly reuse as much from <xref
target="W3C.CR-xmlenc-core1-20110303" /> and <xref
attempts to explicitly reuse as much from
<xref target="W3C.CR-xmlenc-core1-20110303">XML Encryption 1.1</xref>
and <xref
target="RFC5652">RFC 5652</xref> as possible, while utilizing
simple compact JSON-based data structures.
</t>
1368,6 → 1355,25
 
<section title='Document History'>
<t>
-02
<list style='symbols'>
<t>
Update to use short JWK Key Object names in Ephemeral
Public Keys.
</t>
<t>
Moved "MUST" requirements from the Overview to later in
the spec.
</t>
<t>
Respect line length restrictions in examples.
</t>
<t>
Applied other editorial improvements.
</t>
</list>
</t>
<t>
-01
<list style='symbols'>
<t>
1.0/draft-jones-json-web-encryption.html
145,12 → 145,12
<tr><td class="header">Network Working Group</td><td class="header">M. Jones</td></tr>
<tr><td class="header">Internet-Draft</td><td class="header">Microsoft</td></tr>
<tr><td class="header">Intended status: Standards Track</td><td class="header">E. Rescorla</td></tr>
<tr><td class="header">Expires: May 2, 2012</td><td class="header">RTFM, Inc.</td></tr>
<tr><td class="header">Expires: June 15, 2012</td><td class="header">RTFM, Inc.</td></tr>
<tr><td class="header">&nbsp;</td><td class="header">J. Hildebrand</td></tr>
<tr><td class="header">&nbsp;</td><td class="header">Cisco Systems, Inc.</td></tr>
<tr><td class="header">&nbsp;</td><td class="header">October 30, 2011</td></tr>
<tr><td class="header">&nbsp;</td><td class="header">December 13, 2011</td></tr>
</table></td></tr></table>
<h1><br />JSON Web Encryption (JWE)<br />draft-jones-json-web-encryption-01</h1>
<h1><br />JSON Web Encryption (JWE)<br />draft-jones-json-web-encryption-02</h1>
 
<h3>Abstract</h3>
 
185,7 → 185,7
It is inappropriate to use Internet-Drafts as reference material or to cite
them other than as &ldquo;work in progress.&rdquo;</p>
<p>
This Internet-Draft will expire on May 2, 2012.</p>
This Internet-Draft will expire on June 15, 2012.</p>
 
<h3>Copyright Notice</h3>
<p>
283,7 → 283,7
wrapper for encrypted content using JSON <a class='info' href='#RFC4627'>RFC 4627<span> (</span><span class='info'>Crockford, D., &ldquo;The application/json Media Type for JavaScript Object Notation (JSON),&rdquo; July&nbsp;2006.</span><span>)</span></a> [RFC4627] data structures. The JWE
encryption mechanisms are independent of the type of content
being encrypted. A related signature capability is described
in a separate JSON Web Signature (JWS) <a class='info' href='#JWS'>[JWS]<span> (</span><span class='info'>Jones, M., Balfanz, D., Bradley, J., Goland, Y., Panzer, J., Sakimura, N., and P. Tarjan, &ldquo;JSON Web Signature (JWS),&rdquo; October&nbsp;2011.</span><span>)</span></a>
in a separate JSON Web Signature (JWS) <a class='info' href='#JWS'>[JWS]<span> (</span><span class='info'>Jones, M., Balfanz, D., Bradley, J., Goland, Y., Panzer, J., Sakimura, N., and P. Tarjan, &ldquo;JSON Web Signature (JWS),&rdquo; December&nbsp;2011.</span><span>)</span></a>
specification.
 
</p>
321,7 → 321,7
</dd>
<dt>JWE Header</dt>
<dd>
A string containing a JSON object that describes the
A string representing a JSON object that describes the
encryption operations applied to create the JWE Encrypted
Key and the JWE Ciphertext.
 
373,7 → 373,7
described in <a class='info' href='#RFC4648'>RFC 4648<span> (</span><span class='info'>Josefsson, S., &ldquo;The Base16, Base32, and Base64 Data Encodings,&rdquo; October&nbsp;2006.</span><span>)</span></a> [RFC4648],
Section 5, with the (non URL-safe) '=' padding characters
omitted, as permitted by Section 3.2. (See Appendix C of
<a class='info' href='#JWS'>[JWS]<span> (</span><span class='info'>Jones, M., Balfanz, D., Bradley, J., Goland, Y., Panzer, J., Sakimura, N., and P. Tarjan, &ldquo;JSON Web Signature (JWS),&rdquo; October&nbsp;2011.</span><span>)</span></a> for notes on implementing base64url
<a class='info' href='#JWS'>[JWS]<span> (</span><span class='info'>Jones, M., Balfanz, D., Bradley, J., Goland, Y., Panzer, J., Sakimura, N., and P. Tarjan, &ldquo;JSON Web Signature (JWS),&rdquo; December&nbsp;2011.</span><span>)</span></a> for notes on implementing base64url
encoding without padding.)
 
</dd>
393,8 → 393,7
base64url-encoded for transmission, and typically represented
as the concatenation of the encoded strings in that order,
with the three strings being separated by period ('.')
characters, as is done when used in JSON Web Tokens (JWTs)
<a class='info' href='#JWT'>[JWT]<span> (</span><span class='info'>Jones, M., Balfanz, D., Bradley, J., Goland, Y., Panzer, J., Sakimura, N., and P. Tarjan, &ldquo;JSON Web Token (JWT),&rdquo; October&nbsp;2011.</span><span>)</span></a>.
characters.
 
</p>
<p>
446,9 → 445,11
"x5t":"7noOPq-hJ1_hCnvWh6IeYI2w9Q0"}</pre></div>
<p>
Base64url encoding the bytes of the UTF-8 representation of
the JWE Header yields this Encoded JWE Header value:
the JWE Header yields this Encoded JWE Header value
(with line breaks for display purposes only):
 
</p><div style='display: table; width: 0; margin-left: 3em; margin-right: auto'><pre>TBD</pre></div>
</p><div style='display: table; width: 0; margin-left: 3em; margin-right: auto'><pre>eyJhbGciOiJSU0ExXzUiLA0KICJlbmMiOiJBMjU2R0NNIiwNCiAiaXYiOiJfXzc5
X1B2Ni1mZyIsDQogIng1dCI6Ijdub09QcS1oSjFfaENudldoNkllWUkydzlRMCJ9</pre></div>
<p>
TBD: Finish this example by showing generation of a Content
Encryption Key (CEK), using the CEK to encrypt the Plaintext
463,19 → 464,15
JWE Header</h3>
 
<p>
The members of the JWE Header describe the encryption applied
to the Plaintext. Implementations MUST understand the
The members of the JSON object represented by the JWE Header
describe the encryption applied to the Plaintext and optionally
additional properties of the JWE.
The Header Parameter Names within this object MUST be unique.
Implementations MUST understand the
entire contents of the header; otherwise, the JWE MUST be
rejected for processing.
 
</p>
<p>
The member names within the JWE Header are referred to as
Header Parameter Names. These names MUST be unique. The
corresponding values are referred to as Header Parameter
Values.
 
</p>
<a name="ReservedHeaderParameterName"></a><br /><hr />
<table summary="layout" cellpadding="0" cellspacing="2" class="TOCbug" align="right"><tr><td class="TOCbug"><a href="#toc">&nbsp;TOC&nbsp;</a></td></tr></table>
<a name="rfc.section.4.1"></a><h3>4.1.&nbsp;
507,10 → 504,9
<td align="left">
The <tt>alg</tt> (algorithm) header
parameter identifies the cryptographic algorithm used to
secure the JWE Encrypted Key. A list of reserved <tt>alg</tt> values is presented in <a class='info' href='#AlgTable'>Table&nbsp;3<span> (</span><span class='info'>JWE Reserved alg Parameter Values</span><span>)</span></a>.
secure the JWE Encrypted Key. A list of defined <tt>alg</tt> values is presented in <a class='info' href='#AlgTable'>Table&nbsp;3<span> (</span><span class='info'>JWE Defined &quot;alg&quot; Parameter Values</span><span>)</span></a>.
The processing of the <tt>alg</tt>
(algorithm) header parameter requires that the value of
the <tt>alg</tt> header parameter MUST
(algorithm) header parameter requires that the value MUST
be one that is both supported and for which there exists a
key for use with that algorithm associated with the
intended recipient. The <tt>alg</tt>
526,12 → 522,11
The <tt>enc</tt> (encryption
method) header parameter identifies the symmetric
encryption algorithm used to secure the Ciphertext. A
list of reserved <tt>enc</tt> values is
presented in <a class='info' href='#EncTable'>Table&nbsp;4<span> (</span><span class='info'>JWE Reserved enc Parameter Values</span><span>)</span></a>. The
list of defined <tt>enc</tt> values is
presented in <a class='info' href='#EncTable'>Table&nbsp;4<span> (</span><span class='info'>JWE Defined &quot;enc&quot; Parameter Values</span><span>)</span></a>. The
processing of the <tt>enc</tt>
(encryption method) header parameter requires that the
value of the <tt>enc</tt> header
parameter MUST be one that is supported. The <tt>enc</tt> value is case sensitive. This
value MUST be one that is supported. The <tt>enc</tt> value is case sensitive. This
header parameter is REQUIRED.
</td>
</tr>
555,9 → 550,9
value created by the originator for the use in ECDH-ES
<a class='info' href='#RFC6090'>RFC 6090<span> (</span><span class='info'>McGrew, D., Igoe, K., and M. Salter, &ldquo;Fundamental Elliptic Curve Cryptography Algorithms,&rdquo; February&nbsp;2011.</span><span>)</span></a> [RFC6090]
encryption. This key is represented in the same manner as
a JSON Web Key <a class='info' href='#JWK'>[JWK]<span> (</span><span class='info'>Jones, M., &ldquo;JSON Web Key (JWK),&rdquo; October&nbsp;2011.</span><span>)</span></a> JWK Key Object value,
containing <tt>curve</tt>, <tt>x</tt>, and <tt>y</tt>
members. The inclusion of the JWK Key Object <tt>algorithm</tt> member is OPTIONAL.
a JSON Web Key <a class='info' href='#JWK'>[JWK]<span> (</span><span class='info'>Jones, M., &ldquo;JSON Web Key (JWK),&rdquo; December&nbsp;2011.</span><span>)</span></a> JWK Key Object value,
containing <tt>crv</tt> (curve), <tt>x</tt>, and <tt>y</tt>
members. The inclusion of the JWK Key Object <tt>alg</tt> (algorithm) member is OPTIONAL.
This header parameter is OPTIONAL.
</td>
</tr>
589,7 → 584,7
which corresponds to the key that was used to encrypt the
JWE.
The keys MUST be encoded as described in the JSON Web Key
(JWK) <a class='info' href='#JWK'>[JWK]<span> (</span><span class='info'>Jones, M., &ldquo;JSON Web Key (JWK),&rdquo; October&nbsp;2011.</span><span>)</span></a> specification.
(JWK) <a class='info' href='#JWK'>[JWK]<span> (</span><span class='info'>Jones, M., &ldquo;JSON Web Key (JWK),&rdquo; December&nbsp;2011.</span><span>)</span></a> specification.
The protocol used to acquire the resource MUST provide
integrity protection. An HTTP GET request to retrieve the
certificate MUST use TLS <a class='info' href='#RFC2818'>RFC
711,7 → 706,7
defined in the IANA JSON Web Encryption Header Parameters
registry or be defined as a URI that contains a collision
resistant namespace. In each case, the definer of the name
or value MUST take reasonable precautions to make sure they
or value needs to take reasonable precautions to make sure they
are in control of the part of the namespace they use to
define the header parameter name.
 
781,13 → 776,16
 
</li>
<li>
Create the JWE Header containing the encryption
Create a JWE Header containing the encryption
parameters used.
Note that white space is explicitly allowed
in the representation and no canonicalization is performed
before encoding.
 
</li>
<li>
Base64url encoded the UTF-8 representation of the JWE
Header to create the Encoded JWE Header.
Base64url encode the bytes of the UTF-8 representation of
the JWE Header to create the Encoded JWE Header.
 
</li>
<li>
884,7 → 882,7
In the asymmetric encryption mode, the CEK is encrypted
under the recipient's public key. The asymmetric encryption
modes defined for use with this in this specification are
listed in in <a class='info' href='#AlgTable'>Table&nbsp;3<span> (</span><span class='info'>JWE Reserved alg Parameter Values</span><span>)</span></a>.
listed in in <a class='info' href='#AlgTable'>Table&nbsp;3<span> (</span><span class='info'>JWE Defined &quot;alg&quot; Parameter Values</span><span>)</span></a>.
 
</p>
<a name="sec.symmetric_encryption"></a><br /><hr />
897,7 → 895,7
a symmetric key shared between the sender and receiver.
 
The symmetric encryption modes defined for use with this in
this specification are listed in in <a class='info' href='#AlgTable'>Table&nbsp;3<span> (</span><span class='info'>JWE Reserved alg Parameter Values</span><span>)</span></a>.
this specification are listed in in <a class='info' href='#AlgTable'>Table&nbsp;3<span> (</span><span class='info'>JWE Defined &quot;alg&quot; Parameter Values</span><span>)</span></a>.
For GCM, the random 64-bit IV is prepended to the ciphertext.
 
</p>
930,9 → 928,9
 
</p>
<p>
The table below <a class='info' href='#AlgTable'>Table&nbsp;3<span> (</span><span class='info'>JWE Reserved alg Parameter Values</span><span>)</span></a> is the set of
The table below <a class='info' href='#AlgTable'>Table&nbsp;3<span> (</span><span class='info'>JWE Defined &quot;alg&quot; Parameter Values</span><span>)</span></a> is the set of
<tt>alg</tt> header parameter values that
are reserved by this specification. These algorithms are used
are defined by this specification. These algorithms are used
to encrypt the CEK, which produces the JWE Encrypted Key.
 
</p><br /><hr class="insert" />
982,12 → 980,12
</tr>
</table>
<br clear="all" />
<table border="0" cellpadding="0" cellspacing="2" align="center"><tr><td align="center"><font face="monaco, MS Sans Serif" size="1"><b>&nbsp;Table 3: JWE Reserved alg Parameter Values&nbsp;</b></font><br /></td></tr></table><hr class="insert" />
<table border="0" cellpadding="0" cellspacing="2" align="center"><tr><td align="center"><font face="monaco, MS Sans Serif" size="1"><b>&nbsp;Table 3: JWE Defined "alg" Parameter Values&nbsp;</b></font><br /></td></tr></table><hr class="insert" />
 
<p>
The table below <a class='info' href='#EncTable'>Table&nbsp;4<span> (</span><span class='info'>JWE Reserved enc Parameter Values</span><span>)</span></a> is the set of
The table below <a class='info' href='#EncTable'>Table&nbsp;4<span> (</span><span class='info'>JWE Defined &quot;enc&quot; Parameter Values</span><span>)</span></a> is the set of
<tt>enc</tt> header parameter values that
are reserved by this specification. These algorithms are used
are defined by this specification. These algorithms are used
to encrypt the Plaintext, which produces the Ciphertext.
 
</p><br /><hr class="insert" />
1021,7 → 1019,7
</tr>
</table>
<br clear="all" />
<table border="0" cellpadding="0" cellspacing="2" align="center"><tr><td align="center"><font face="monaco, MS Sans Serif" size="1"><b>&nbsp;Table 4: JWE Reserved enc Parameter Values&nbsp;</b></font><br /></td></tr></table><hr class="insert" />
<table border="0" cellpadding="0" cellspacing="2" align="center"><tr><td align="center"><font face="monaco, MS Sans Serif" size="1"><b>&nbsp;Table 4: JWE Defined "enc" Parameter Values&nbsp;</b></font><br /></td></tr></table><hr class="insert" />
 
<p>
Of these algorithms, only RSA-PKCS1-1.5 with 2048 bit keys,
1038,7 → 1036,7
Encrypting a JWE with TBD</h3>
 
<p>
TBD: Descriptions of the particulars of each specified
TBD: Descriptions of the particulars of using each specified
algorithm go here.
 
</p>
1054,8 → 1052,11
header parameter values SHOULD either be defined in the IANA
JSON Web Encryption Algorithms registry or be a URI that
contains a collision resistant namespace. In particular,
the use of algorithm identifiers defined in <a class='info' href='#W3C.REC-xmlenc-core-20021210'>[W3C.REC&#8209;xmlenc&#8209;core&#8209;20021210]<span> (</span><span class='info'>Eastlake, D. and J. Reagle, &ldquo;XML Encryption Syntax and Processing,&rdquo; December&nbsp;2002.</span><span>)</span></a>, <a class='info' href='#W3C.CR-xmlenc-core1-20110303'>[W3C.CR&#8209;xmlenc&#8209;core1&#8209;20110303]<span> (</span><span class='info'>Hirsch, F., Reagle, J., Eastlake, D., and T. Roessler, &ldquo;XML Encryption Syntax and Processing Version 1.1,&rdquo; March&nbsp;2011.</span><span>)</span></a>, and related
specifications is permitted.
it is permissible to use the algorithm identifiers defined in
<a class='info' href='#W3C.REC-xmlenc-core-20021210'>XML Encryption<span> (</span><span class='info'>Eastlake, D. and J. Reagle, &ldquo;XML Encryption Syntax and Processing,&rdquo; December&nbsp;2002.</span><span>)</span></a> [W3C.REC&#8209;xmlenc&#8209;core&#8209;20021210],
<a class='info' href='#W3C.CR-xmlenc-core1-20110303'>XML Encryption 1.1<span> (</span><span class='info'>Hirsch, F., Roessler, T., Reagle, J., and D. Eastlake, &ldquo;XML Encryption Syntax and Processing Version 1.1,&rdquo; March&nbsp;2011.</span><span>)</span></a> [W3C.CR&#8209;xmlenc&#8209;core1&#8209;20110303],
and related specifications as <tt>alg</tt>
and <tt>enc</tt> values.
 
</p>
<a name="IANA"></a><br /><hr />
1083,12 → 1084,12
</li>
<li>
A new IANA registry entitled "JSON Web Encryption
Algorithms" for reserved values used with the <tt>alg</tt> and <tt>enc</tt> header parameter values, as
Algorithms" for values used with the <tt>alg</tt> and <tt>enc</tt> header parameters is
defined in <a class='info' href='#MoreAlgs'>Section&nbsp;9.2<span> (</span><span class='info'>Additional Algorithms</span><span>)</span></a>. Inclusion in
the registry is RFC Required in the <a class='info' href='#RFC5226'>RFC 5226<span> (</span><span class='info'>Narten, T. and H. Alvestrand, &ldquo;Guidelines for Writing an IANA Considerations Section in RFCs,&rdquo; May&nbsp;2008.</span><span>)</span></a> [RFC5226] sense. The registry will
record the <tt>alg</tt> or <tt>enc</tt> value and a pointer to the RFC
that defines it. This specification defines inclusion of
the algorithm values defined in <a class='info' href='#AlgTable'>Table&nbsp;3<span> (</span><span class='info'>JWE Reserved alg Parameter Values</span><span>)</span></a> and <a class='info' href='#EncTable'>Table&nbsp;4<span> (</span><span class='info'>JWE Reserved enc Parameter Values</span><span>)</span></a>.
the algorithm values defined in <a class='info' href='#AlgTable'>Table&nbsp;3<span> (</span><span class='info'>JWE Defined &quot;alg&quot; Parameter Values</span><span>)</span></a> and <a class='info' href='#EncTable'>Table&nbsp;4<span> (</span><span class='info'>JWE Defined &quot;enc&quot; Parameter Values</span><span>)</span></a>.
 
</li>
</ul><p>
1184,6 → 1185,7
Consider whether we want to define composite
signing/encryption operations (as was the consensus to do
at IIW, as documented at http://self-issued.info/?p=378).
This would provide both confidentiality and integrity.
 
</li>
<li>
1252,11 → 1254,6
 
</li>
<li>
Consider whether a media type should be proposed, such as
"application/jwe".
 
</li>
<li>
Should we define the use of RFC 5649 key wrapping
functions, which allow arbitrary key sizes, in addition to
the current use of RFC 3394 key wrapping functions, which
1279,9 → 1276,9
<tr><td class="author-text" valign="top"><a name="FIPS-197">[FIPS-197]</a></td>
<td class="author-text">National Institute of Standards and Technology (NIST), &ldquo;Advanced Encryption Standard (AES),&rdquo; FIPS&nbsp;PUB 197, November&nbsp;2001.</td></tr>
<tr><td class="author-text" valign="top"><a name="JWK">[JWK]</a></td>
<td class="author-text"><a href="mailto:mbj@microsoft.com">Jones, M.</a>, &ldquo;<a href="http://self-issued.info/docs/draft-jones-json-web-key.html">JSON Web Key (JWK)</a>,&rdquo; October&nbsp;2011.</td></tr>
<td class="author-text"><a href="mailto:mbj@microsoft.com">Jones, M.</a>, &ldquo;<a href="http://tools.ietf.org/html/draft-jones-json-web-key">JSON Web Key (JWK)</a>,&rdquo; December&nbsp;2011.</td></tr>
<tr><td class="author-text" valign="top"><a name="JWS">[JWS]</a></td>
<td class="author-text"><a href="mailto:mbj@microsoft.com">Jones, M.</a>, <a href="mailto:balfanz@google.com">Balfanz, D.</a>, <a href="mailto:ve7jtb@ve7jtb.com">Bradley, J.</a>, <a href="mailto:yarong@microsoft.com">Goland, Y.</a>, <a href="mailto:jpanzer@google.com">Panzer, J.</a>, <a href="mailto:n-sakimura@nri.co.jp">Sakimura, N.</a>, and <a href="mailto:pt@fb.com">P. Tarjan</a>, &ldquo;<a href="http://self-issued.info/docs/draft-jones-json-web-signature.html">JSON Web Signature (JWS)</a>,&rdquo; October&nbsp;2011.</td></tr>
<td class="author-text"><a href="mailto:mbj@microsoft.com">Jones, M.</a>, <a href="mailto:balfanz@google.com">Balfanz, D.</a>, <a href="mailto:ve7jtb@ve7jtb.com">Bradley, J.</a>, <a href="mailto:yarong@microsoft.com">Goland, Y.</a>, <a href="mailto:jpanzer@google.com">Panzer, J.</a>, <a href="mailto:n-sakimura@nri.co.jp">Sakimura, N.</a>, and <a href="mailto:pt@fb.com">P. Tarjan</a>, &ldquo;<a href="http://tools.ietf.org/html/draft-jones-json-web-signature">JSON Web Signature (JWS)</a>,&rdquo; December&nbsp;2011.</td></tr>
<tr><td class="author-text" valign="top"><a name="NIST-800-38A">[NIST-800-38A]</a></td>
<td class="author-text">National Institute of Standards and Technology (NIST), &ldquo;Recommendation for Block Cipher Modes of Operation,&rdquo; NIST&nbsp;PUB 800-38A, December&nbsp;2001.</td></tr>
<tr><td class="author-text" valign="top"><a name="NIST-800-38D">[NIST-800-38D]</a></td>
1319,8 → 1316,6
<td class="author-text">Dierks, T. and E. Rescorla, &ldquo;<a href="http://tools.ietf.org/html/rfc5246">The Transport Layer Security (TLS) Protocol Version 1.2</a>,&rdquo; RFC&nbsp;5246, August&nbsp;2008 (<a href="http://www.rfc-editor.org/rfc/rfc5246.txt">TXT</a>).</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC5280">[RFC5280]</a></td>
<td class="author-text">Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, &ldquo;<a href="http://tools.ietf.org/html/rfc5280">Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</a>,&rdquo; RFC&nbsp;5280, May&nbsp;2008 (<a href="http://www.rfc-editor.org/rfc/rfc5280.txt">TXT</a>).</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC5785">[RFC5785]</a></td>
<td class="author-text">Nottingham, M. and E. Hammer-Lahav, &ldquo;<a href="http://tools.ietf.org/html/rfc5785">Defining Well-Known Uniform Resource Identifiers (URIs)</a>,&rdquo; RFC&nbsp;5785, April&nbsp;2010 (<a href="http://www.rfc-editor.org/rfc/rfc5785.txt">TXT</a>).</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC6090">[RFC6090]</a></td>
<td class="author-text">McGrew, D., Igoe, K., and M. Salter, &ldquo;<a href="http://tools.ietf.org/html/rfc6090">Fundamental Elliptic Curve Cryptography Algorithms</a>,&rdquo; RFC&nbsp;6090, February&nbsp;2011 (<a href="http://www.rfc-editor.org/rfc/rfc6090.txt">TXT</a>).</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC6125">[RFC6125]</a></td>
1338,13 → 1333,11
<tr><td class="author-text" valign="top"><a name="JSS">[JSS]</a></td>
<td class="author-text">Bradley, J. and N. Sakimura (editor), &ldquo;<a href="http://jsonenc.info/jss/1.0/">JSON Simple Sign</a>,&rdquo; September&nbsp;2010.</td></tr>
<tr><td class="author-text" valign="top"><a name="JWT">[JWT]</a></td>
<td class="author-text"><a href="mailto:mbj@microsoft.com">Jones, M.</a>, <a href="mailto:balfanz@google.com">Balfanz, D.</a>, <a href="mailto:ve7jtb@ve7jtb.com">Bradley, J.</a>, <a href="mailto:yarong@microsoft.com">Goland, Y.</a>, <a href="mailto:jpanzer@google.com">Panzer, J.</a>, <a href="mailto:n-sakimura@nri.co.jp">Sakimura, N.</a>, and <a href="mailto:pt@fb.com">P. Tarjan</a>, &ldquo;<a href="http://self-issued.info/docs/draft-jones-json-web-token.html">JSON Web Token (JWT)</a>,&rdquo; October&nbsp;2011.</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC3275">[RFC3275]</a></td>
<td class="author-text">Eastlake, D., Reagle, J., and D. Solo, &ldquo;<a href="http://tools.ietf.org/html/rfc3275">(Extensible Markup Language) XML-Signature Syntax and Processing</a>,&rdquo; RFC&nbsp;3275, March&nbsp;2002 (<a href="http://www.rfc-editor.org/rfc/rfc3275.txt">TXT</a>).</td></tr>
<td class="author-text"><a href="mailto:mbj@microsoft.com">Jones, M.</a>, <a href="mailto:balfanz@google.com">Balfanz, D.</a>, <a href="mailto:ve7jtb@ve7jtb.com">Bradley, J.</a>, <a href="mailto:yarong@microsoft.com">Goland, Y.</a>, <a href="mailto:jpanzer@google.com">Panzer, J.</a>, <a href="mailto:n-sakimura@nri.co.jp">Sakimura, N.</a>, and <a href="mailto:pt@fb.com">P. Tarjan</a>, &ldquo;<a href="http://tools.ietf.org/html/draft-jones-json-web-token">JSON Web Token (JWT)</a>,&rdquo; December&nbsp;2011.</td></tr>
<tr><td class="author-text" valign="top"><a name="RFC5652">[RFC5652]</a></td>
<td class="author-text">Housley, R., &ldquo;<a href="http://tools.ietf.org/html/rfc5652">Cryptographic Message Syntax (CMS)</a>,&rdquo; STD&nbsp;70, RFC&nbsp;5652, September&nbsp;2009 (<a href="http://www.rfc-editor.org/rfc/rfc5652.txt">TXT</a>).</td></tr>
<tr><td class="author-text" valign="top"><a name="W3C.CR-xmlenc-core1-20110303">[W3C.CR-xmlenc-core1-20110303]</a></td>
<td class="author-text">Hirsch, F., Reagle, J., Eastlake, D., and T. Roessler, &ldquo;<a href="http://www.w3.org/TR/2011/CR-xmlenc-core1-20110303">XML Encryption Syntax and Processing Version 1.1</a>,&rdquo; World Wide Web Consortium CR&nbsp;CR-xmlenc-core1-20110303, March&nbsp;2011 (<a href="http://www.w3.org/TR/2011/CR-xmlenc-core1-20110303">HTML</a>).</td></tr>
<td class="author-text">Hirsch, F., Roessler, T., Reagle, J., and D. Eastlake, &ldquo;<a href="http://www.w3.org/TR/2011/CR-xmlenc-core1-20110303">XML Encryption Syntax and Processing Version 1.1</a>,&rdquo; World Wide Web Consortium CR&nbsp;CR-xmlenc-core1-20110303, March&nbsp;2011 (<a href="http://www.w3.org/TR/2011/CR-xmlenc-core1-20110303">HTML</a>).</td></tr>
<tr><td class="author-text" valign="top"><a name="W3C.REC-xmlenc-core-20021210">[W3C.REC-xmlenc-core-20021210]</a></td>
<td class="author-text">Eastlake, D. and J. Reagle, &ldquo;<a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210">XML Encryption Syntax and Processing</a>,&rdquo; World Wide Web Consortium Recommendation&nbsp;REC-xmlenc-core-20021210, December&nbsp;2002 (<a href="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210">HTML</a>).</td></tr>
</table>
1390,49 → 1383,47
This appendix contains a table cross-referencing the <tt>alg</tt> and <tt>enc</tt>
values used in this specification with the equivalent
identifiers used by other standards and software packages.
See <a class='info' href='#RFC3275'>XML DSIG<span> (</span><span class='info'>Eastlake, D., Reagle, J., and D. Solo, &ldquo;(Extensible Markup Language) XML-Signature Syntax and Processing,&rdquo; March&nbsp;2002.</span><span>)</span></a> [RFC3275] and <a class='info' href='#JCA'>Java Cryptography Architecture<span> (</span><span class='info'>Oracle, &ldquo;Java Cryptography Architecture,&rdquo; 2011.</span><span>)</span></a> [JCA] for more
See
<a class='info' href='#W3C.REC-xmlenc-core-20021210'>XML Encryption<span> (</span><span class='info'>Eastlake, D. and J. Reagle, &ldquo;XML Encryption Syntax and Processing,&rdquo; December&nbsp;2002.</span><span>)</span></a> [W3C.REC&#8209;xmlenc&#8209;core&#8209;20021210],
<a class='info' href='#W3C.CR-xmlenc-core1-20110303'>XML Encryption 1.1<span> (</span><span class='info'>Hirsch, F., Roessler, T., Reagle, J., and D. Eastlake, &ldquo;XML Encryption Syntax and Processing Version 1.1,&rdquo; March&nbsp;2011.</span><span>)</span></a> [W3C.CR&#8209;xmlenc&#8209;core1&#8209;20110303],
and <a class='info' href='#JCA'>Java Cryptography Architecture<span> (</span><span class='info'>Oracle, &ldquo;Java Cryptography Architecture,&rdquo; 2011.</span><span>)</span></a> [JCA] for more
information about the names defined by those documents.
 
 
</p><br /><hr class="insert" />
<a name="algxreftable"></a>
<table class="full" align="center" border="0" cellpadding="2" cellspacing="2">
<col align="left"><col align="left"><col align="left"><col align="left"><col align="left">
<tr><th align="left">Algorithm</th><th align="left">JWE</th><th align="left">XML ENC</th><th align="left">JCA</th><th align="left">OID</th></tr>
<col align="left"><col align="left"><col align="left"><col align="left">
<tr><th align="left">Algorithm</th><th align="left">JWE</th><th align="left">XML ENC</th><th align="left">JCA</th></tr>
<tr>
<td align="left">RSA using RSA-PKCS1-1.5 padding</td>
<td align="left">RSA1_5</td>
<td align="left">http://www.w3.org/2001/04/xmlenc#rsa-1_5</td>
<td align="left">RSA/ECB/PKCS1Padding</td>
<td align="left">TBD</td>
</tr>
<tr>
<td align="left">RSA using Optimal Asymmetric Encryption Padding (OAEP)</td>
<td align="left">RSA-OAEP</td>
<td align="left">http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</td>
<td align="left">RSA/ECB/OAEPWithSHA-1AndMGF1Padding</td>
<td align="left">TBD</td>
</tr>
<tr>
<td align="left">Elliptic Curve Diffie-Hellman Ephemeral Static</td>
<td align="left">ECDH-ES</td>
<td align="left">http://www.w3.org/2009/xmlenc11#ECDH-ES</td>
<td align="left">TBD</td>
<td align="left">TBD</td>
</tr>
<tr>
<td align="left">Advanced Encryption Standard (AES) Key Wrap Algorithm <a class='info' href='#RFC3394'>RFC 3394<span> (</span><span class='info'>Schaad, J. and R. Housley, &ldquo;Advanced Encryption Standard (AES) Key Wrap Algorithm,&rdquo; September&nbsp;2002.</span><span>)</span></a> [RFC3394] using 128 bit keys</td>
<td align="left">A128KW</td>
<td align="left">http://www.w3.org/2001/04/xmlenc#kw-aes128</td>
<td align="left">TBD</td>
<td align="left">TBD</td>
</tr>
<tr>
<td align="left">Advanced Encryption Standard (AES) Key Wrap Algorithm <a class='info' href='#RFC3394'>RFC 3394<span> (</span><span class='info'>Schaad, J. and R. Housley, &ldquo;Advanced Encryption Standard (AES) Key Wrap Algorithm,&rdquo; September&nbsp;2002.</span><span>)</span></a> [RFC3394] using 256 bit keys</td>
<td align="left">A256KW</td>
<td align="left">http://www.w3.org/2001/04/xmlenc#kw-aes256</td>
<td align="left">TBD</td>
<td align="left">TBD</td>
</tr>
<tr>
<td align="left">Advanced Encryption Standard (AES) using 128 bit keys in
1440,7 → 1431,6
<td align="left">A128CBC</td>
<td align="left">http://www.w3.org/2001/04/xmlenc#aes128-cbc</td>
<td align="left">AES/CBC/PKCS5Padding</td>
<td align="left">TBD</td>
</tr>
<tr>
<td align="left">Advanced Encryption Standard (AES) using 256 bit keys in
1448,7 → 1438,6
<td align="left">A256CBC</td>
<td align="left">http://www.w3.org/2001/04/xmlenc#aes256-cbc</td>
<td align="left">AES/CBC/PKCS5Padding</td>
<td align="left">TBD</td>
</tr>
<tr>
<td align="left">Advanced Encryption Standard (AES) using 128 bit keys in
1456,7 → 1445,6
<td align="left">A128GCM</td>
<td align="left">http://www.w3.org/2009/xmlenc11#aes128-gcm</td>
<td align="left">AES/GCM/NoPadding</td>
<td align="left">TBD</td>
</tr>
<tr>
<td align="left">Advanced Encryption Standard (AES) using 256 bit keys in
1464,7 → 1452,6
<td align="left">A256GCM</td>
<td align="left">http://www.w3.org/2009/xmlenc11#aes256-gcm</td>
<td align="left">AES/GCM/NoPadding</td>
<td align="left">TBD</td>
</tr>
</table>
<br clear="all" />
1479,7 → 1466,9
Solutions for encrypting JSON content were also explored by
<a class='info' href='#JSS'>[JSS]<span> (</span><span class='info'>Bradley, J. and N. Sakimura (editor), &ldquo;JSON Simple Sign,&rdquo; September&nbsp;2010.</span><span>)</span></a> and <a class='info' href='#I-D.rescorla-jsms'>[I&#8209;D.rescorla&#8209;jsms]<span> (</span><span class='info'>Rescorla, E. and J. Hildebrand, &ldquo;JavaScript Message Security Format,&rdquo; March&nbsp;2011.</span><span>)</span></a>,
both of which significantly influenced this draft. This draft
attempts to explicitly reuse as much from <a class='info' href='#W3C.CR-xmlenc-core1-20110303'>[W3C.CR&#8209;xmlenc&#8209;core1&#8209;20110303]<span> (</span><span class='info'>Hirsch, F., Reagle, J., Eastlake, D., and T. Roessler, &ldquo;XML Encryption Syntax and Processing Version 1.1,&rdquo; March&nbsp;2011.</span><span>)</span></a> and <a class='info' href='#RFC5652'>RFC 5652<span> (</span><span class='info'>Housley, R., &ldquo;Cryptographic Message Syntax (CMS),&rdquo; September&nbsp;2009.</span><span>)</span></a> [RFC5652] as possible, while utilizing
attempts to explicitly reuse as much from
<a class='info' href='#W3C.CR-xmlenc-core1-20110303'>XML Encryption 1.1<span> (</span><span class='info'>Hirsch, F., Roessler, T., Reagle, J., and D. Eastlake, &ldquo;XML Encryption Syntax and Processing Version 1.1,&rdquo; March&nbsp;2011.</span><span>)</span></a> [W3C.CR&#8209;xmlenc&#8209;core1&#8209;20110303]
and <a class='info' href='#RFC5652'>RFC 5652<span> (</span><span class='info'>Housley, R., &ldquo;Cryptographic Message Syntax (CMS),&rdquo; September&nbsp;2009.</span><span>)</span></a> [RFC5652] as possible, while utilizing
simple compact JSON-based data structures.
 
</p>
1496,6 → 1485,31
Document History</h3>
 
<p>
-02
</p>
<ul class="text">
<li>
Update to use short JWK Key Object names in Ephemeral
Public Keys.
 
</li>
<li>
Moved "MUST" requirements from the Overview to later in
the spec.
 
</li>
<li>
Respect line length restrictions in examples.
 
</li>
<li>
Applied other editorial improvements.
 
</li>
</ul><p>
 
</p>
<p>
-01
</p>
<ul class="text">
1536,7 → 1550,7
First encryption draft based upon consensus decisions at
IIW documented at http://self-issued.info/?p=378. The
ability to provide encryption for JSON Web Tokens (JWTs)
<a class='info' href='#JWT'>[JWT]<span> (</span><span class='info'>Jones, M., Balfanz, D., Bradley, J., Goland, Y., Panzer, J., Sakimura, N., and P. Tarjan, &ldquo;JSON Web Token (JWT),&rdquo; October&nbsp;2011.</span><span>)</span></a> is a primary use case.
<a class='info' href='#JWT'>[JWT]<span> (</span><span class='info'>Jones, M., Balfanz, D., Bradley, J., Goland, Y., Panzer, J., Sakimura, N., and P. Tarjan, &ldquo;JSON Web Token (JWT),&rdquo; December&nbsp;2011.</span><span>)</span></a> is a primary use case.
 
</li>
</ul><p>
1.0/draft-jones-json-web-encryption.pdf Cannot display: file marked as a binary type. svn:mime-type = application/octet-stream