Archive for the 'Cryptography' Category

April 10, 2014
JSON Web Key (JWK) Thumbprint Specification

IETF logoI created a new simple spec that defines a way to create a thumbprint of an arbitrary key, based upon its JWK representation. The abstract of the spec is:

This specification defines a means of computing a thumbprint value (a.k.a. digest) of JSON Web Key (JWK) objects analogous to the x5t (X.509 Certificate SHA-1 Thumbprint) value defined for X.509 certificate objects. This specification also registers the new JSON Web Signature (JWS) and JSON Web Encryption (JWE) Header Parameters and the new JSON Web Key (JWK) member name jkt (JWK SHA-256 Thumbprint) for holding these values.

The desire for this came up in an OpenID Connect context, but it’s of general applicability, so I decided to submit the spec to the JOSE working group. Thanks to James Manger, John Bradley, and Nat Sakimura for the discussions that led up to this spec.

The specification is available at:

An HTML formatted version is also available at:

April 1, 2014
Proof-Of-Possession Semantics for JSON Web Tokens (JWTs)

OAuth logoI’ve written a concise Internet-Draft on proof-of-possession for JWTs with John Bradley and Hannes Tschofenig. Quoting from the abstract:

This specification defines how to express a declaration in a JSON Web Token (JWT) that the presenter of the JWT possesses a particular key and that the recipient can cryptographically confirm proof-of-possession of the key by the presenter. This property is also sometimes described as the presenter being a holder-of-key.

This specification intentionally does not specify the means of communicating the proof-of-possession JWT, nor the messages used to exercise the proof key, as these are necessarily application-specific. Rather, this specification defines a proof-of-possession JWT data structure to be used by other specifications that do define those things.

The specification is available at:

An HTML formatted version is available at:

March 31, 2014
JOSE -25 drafts fixing typos and updating references

IETF logoJOSE -25 drafts have been released that fix a few typos and update the WebCrypto reference to refer to the W3C Last Call draft.

The specifications are available at:

HTML formatted versions are also available at:

Thanks to Antonio Sanso for bringing the typos to our attention.

March 20, 2014
Growing list of OpenID Connect libraries available

OpenID logoAs described in today’s openid.net post, a growing list of OpenID Connect and JWT/JOSE libraries are available. Check them out at http://openid.net/developers/libraries/.

March 18, 2014
JOSE -24 and JWT -19 drafts fixing errors found in examples

IETF logoJOSE -24 drafts have been released that fix two errors found in example values. The JWT -19 draft clarifies that support for Nested JWTs is optional. The JSON reference was also updated to RFC 7159 in all drafts.

The specifications are available at:

HTML formatted versions are also available at:

Thanks to Edmund Jay and Hideki Nara for finding the bugs in the examples.

March 3, 2014
JWT -18 addressing remaining WGLC comments

IETF logoDraft -18 of the JSON Web Token (JWT) spec has been released, which addresses the few remaining outstanding comments from Working Group Last Call (WGLC). All edits were clarifications, rather than normative changes. See the Document History appendix for a description of the changes made.

New -23 versions of the JSON Object Signing and Encryption (JOSE) specs were also released since one clarification made to JWT also applied to JWS.

The specifications are available at:

HTML formatted versions are also available at:

March 2, 2014
JOSE -22 drafts fixing requirements language nits

IETF logoUpdated JOSE and JWT drafts have been published that fix a few instances of incorrect uses of RFC 2119 requirements language, such as changing an occurrence of “MUST not” to “MUST NOT”. These drafts also reference the newly completed JSON specification – RFC 7158.

The specifications are available at:

HTML formatted versions are also available at:

February 14, 2014
JOSE -21 drafts incorporating WGLC feedback

IETF logoJSON Object Signing and Encryption (JOSE) drafts have been published that address the feedback received during Working Group Last Call (WGLC) on the specifications, which ran from January 22 to February 13, 2014. Two breaking (but very local) changes were made as a result of working group discussions:

  • Replaced the JWK key_ops values wrap and unwrap with wrapKey and unwrapKey to match the KeyUsage values defined in the current Web Cryptography API editor’s draft.
  • Compute the PBES2 salt parameter as (UTF8(Alg) || 0×00 || Salt Input), where the p2s Header Parameter encodes the Salt Input value and Alg is the alg Header Parameter value.

A few editorial changes were also made to improve readability. See the Document History sections for the issues addressed by these changes. One parallel editorial change was also made to the JSON Web Token (JWT) specification.

The specifications are available at:

HTML formatted versions are also available at:

Thanks to those of you who provided feedback on the specs during Working Group Last Call.

January 20, 2014
JOSE -20 drafts intended for Working Group Last Call

IETF logoJSON Object Signing and Encryption (JOSE) -20 drafts have been published that incorporate the changes agreed to on last week’s JOSE working group call. Hopefully this brings us to the point of Working Group Last Call.

The only normative changes were to change the name of the “use_details” JWK member to “key_ops” and to clarify that “use” is meant for public key use cases, “key_ops” is meant for use cases in which public, private, or symmetric keys may be present, and that “use” and “key_ops” should not be used together.

The drafts, including JSON Web Token (JWT), now also reference draft-ietf-json-rfc4627bis, rather than RFC 4627.

The drafts are available at:

HTML formatted versions are also available at:

December 29, 2013
JOSE -19 drafts intended for Working Group Last Call

IETF logoJSON Object Signing and Encryption (JOSE) -19 drafts have been published that address all my remaining to-do items for the open issues. I believe the remainder of the issues are either ready to close because of actions already taken in the drafts (the majority of them), require further input to identify any specific remaining proposed actions, if any (a few of them), or will be considered during Working Group Last Call (a few of them). Only editorial changes and one addition were made – no breaking changes.

In short, I believe I have addressed everything needed to bring us to Working Group Last Call for the JWS, JWE, JWK, and JWA specs.

The one addition was to add the optional “use_details” JWK field, as discussed on the JOSE list and the WebCrypto list. While I realize that this proposal hasn’t gotten much review yet (I believe due to the holidays), I wanted to get it in so people can review it in context, and as a concrete step towards meeting a perceived need for additional JWK functionality from the WebCrypto working group. It’s cleanly separable from the rest of the spec, so if the JOSE WG ends up hating it, we can always take it back out and possibly move it to a separate spec. But at least we have a concrete write-up of it now to review.

I also made a one-paragraph change to the JSON Web Token (JWT) spec to reference text in JWE, rather than duplicating it in JWT.

See the History entries for details of the (small number of) changes made.

The drafts are available at:

HTML formatted versions are also available at:

November 12, 2013
JOSE -18 and JWT -13 drafts continuing to address open issues

IETF logoJSON Object Signing and Encryption (JOSE) -18 and JSON Web Token (JWT) -13 drafts have been published. The JOSE drafts contain changes to address 34 of the 43 currently open issues. The JWT draft addresses several of the working group last call (WGLC) comments. No breaking changes were made to any of the specifications. The most visible change is that all registries now include Description fields – a change that was requested in JWT WGLC.

See the Document History appendices for more details on the changes made and issues addressed.

The drafts are available at:

HTML formatted versions are also available at:

October 7, 2013
JOSE -17 and JWT -12 drafts reducing duplicated text

IETF logoJSON Object Signing and Encryption (JOSE) -17 and JSON Web Token (JWT) -12 drafts have been published with editorial changes that reduce duplicated text between the JOSE specs. Also, the “typ” and “cty” header parameters were revised to always refer to media type values. The text about which serializations are mandatory to implement was updated. Finally, thanks to Matt Miller for supplying an encryption example using PBES2.

See the Document History appendices for more details on the changes made and issues addressed.

The drafts are available at:

HTML formatted versions are also available at:

September 15, 2013
JOSE -16 drafts addressing 45 editorial and minor issues

IETF logoJSON Object Signing and Encryption (JOSE) -16 drafts have been published that address 45 editorial and minor issues. See the Document History sections for lists of the specific issues addressed. Thanks to Jim Schaad for again meeting with me in person to go over proposed text changes in my working drafts before these specifications were published.

One breaking change was made: When doing ECDH-ES key agreement, the AlgorithmID value used in the KDF computation now has a length prefix. So for instance, the representation of the “enc” value “A128GCM” is now prefixed by the number 7, represented as a 32-bit big-endian value, when used as the AlgorithmID value. (Such prefixes were already in place for the other variable-length KDF parameters.)

The drafts are available at:

HTML formatted versions are also available at:

September 3, 2013
JOSE -15 drafts addressing 37 editorial and minor issues

IETF logoJSON Object Signing and Encryption (JOSE) -15 drafts have been published that address 37 editorial and minor issues filed by Jim Schaad. See the Document History sections for lists of the specific issues addressed. Thanks to Jim for meeting with me in person to go over proposed text changes in my working drafts before these specifications were published. We also agreed on a number of additional proposed resolutions that will be addressed in the next set of drafts published.

The one substantive change worth noting is that when multiple signatures or encryption recipients are present, it is now up to the application whether to reject the entire JWS or JWE when some, but not all of the signature or encryption validations fail. (Previously, if any validation failed, the entire JWS or JWE was always rejected.)

The drafts are available at:

HTML formatted versions are also available at:

July 29, 2013
JOSE -14 and JWT -11 drafts with additional algorithms and examples published

IETF logoJSON Object Signing and Encryption (JOSE) -14 drafts have been published that incorporate minor updates requested by the working group since the last working group call. The primary change was adding algorithm identifiers for AES algorithms using 192 bit keys; supporting these algorithms is optional. The only breaking changes were to the password-based encryption algorithm parameter representation. This version adds an example ECDH-ES Key Agreement computation.

The JSON Web Token (JWT) -11 draft adds a Nested JWT example – in which the claims are first signed, and then encrypted.

The drafts are available at:

HTML formatted versions are also available at:

July 15, 2013
JOSE -13 drafts

IETF logoThe JSON Object Signing and Encryption (JOSE) -13 drafts are now available, which incorporate issue resolutions agreed to on today’s JOSE working group call. The only breaking change was to the JWS JSON Serialization, by making all header parameters be per-signature (which is actually a simplification and makes it more parallel to the JWS Compact Serialization). Algorithms were added to JWA for key encryption with AES GCM and for password-based encryption. An optional “aad” (Additional Authenticated Data) member was added to the JWE JSON Serialization.

Thanks to Matt Miller for the password-based encryption write-up, which is based on draft-miller-jose-jwe-protected-jwk-02.

The drafts are available at:

HTML formatted versions are also available at:

July 14, 2013
JWT draft -10

IETF logoJSON Web Token (JWT) draft -10 allows Claims to be replicated as Header Parameters in encrypted JWTs as needed by applications that require an unencrypted representation of specific Claims. This draft is available at http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-10, with an HTML formatted version also available at http://self-issued.info/docs/draft-ietf-oauth-json-web-token-10.html.

July 14, 2013
AES GCM Key Wrapping draft -01

IETF logoI’ve updated the AES GCM Key Wrapping draft to represent the Initialization Vector and Authentication Tag values used as header parameter values so as to be more parallel with their treatment when using AES GCM for content encryption, per working group request. This draft is now available as http://tools.ietf.org/html/draft-jones-jose-aes-gcm-key-wrap-01. It is also available in HTML format at http://self-issued.info/docs/draft-jones-jose-aes-gcm-key-wrap-01.html.

July 14, 2013
JOSE -12 and JWT -09 drafts released

IETF logoThe -12 JSON Object Signing and Encryption (JOSE) drafts have been released incorporating issue resolutions agreed to on the July 1, 2013 working group call and on the mailing list. Most of the changes were editorial improvements suggested by Jim Schaad and Richard Barnes. Changes included clarifying that the “typ” and “cty” header parameters are for use by applications and don’t affect JOSE processing, replacing the MIME types application/jws, application/jwe, application/jws+json, and application/jwe+json with application/jose and application/jose+json, and relaxing language on JSON parsing when duplicate member names are encountered to allow use of ECMAScript JSON parsers. See the history entries for the full set of changes.

Corresponding changes to the JSON Web Token (JWT) spec were also published in draft -09.

The drafts are available at:

HTML formatted versions are also available at:

June 13, 2013
Production Release of Microsoft JWT Support

Microsoft has released production support for the JSON Web Token (JWT). Read about it in Alex Simons’ release announcement and Vittorio Bertocci’s blog post on the JWT support.

Next »