Key Wrapping with AES GCM for JWE
Microsoft
mbj@microsoft.com
http://self-issued.info/
Security
JOSE Working Group
RFC
Request for Comments
I-D
Internet-Draft
JavaScript Object Notation
JSON
JSON Web Encryption
JWE
JSON Web Algorithms
JWA
This specification defines how to encrypt (wrap) keys with the
AES GCM algorithm for JSON Web Encryption (JWE) objects.
This specification defines how to encrypt (wrap) keys with the
AES GCM algorithm
for JSON Web Encryption (JWE)
objects.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as
described in
Key words for use in RFCs to Indicate Requirement Levels .
This specification uses the same terminology as the
JSON Web Encryption (JWE) and
JSON Web Algorithms (JWA)
specifications.
This section defines the specifics of encrypting a
JWE Content Encryption Key (CEK) with
Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM)
using 128 or 256 bit keys.
The alg header parameter values
A128GCMKW or A256GCMKW
are respectively used in this case.
Use of an Initialization Vector of size 96 bits is
REQUIRED with this algorithm.
The Initialization Vector is represented in base64url encoded form
as the iv (initialization vector)
header parameter value.
The Additional Authenticated Data value used is
the empty octet string.
The requested size of the Authentication Tag output MUST be
128 bits, regardless of the key size.
The JWE Encrypted Key value is the Ciphertext output.
The Authentication Tag output is represented in base64url encoded form
as the tag (authentication tag)
header parameter value.
The following Header Parameter Names are used for AES GCM key encryption.
They MAY also be used by other algorithms if so specified
by those algorithm parameter definitions.
The iv (initialization vector)
header parameter value is the base64url encoded representation of the
Initialization Vector value used for the key encryption operation.
This Header Parameter is REQUIRED and MUST be understood and processed
by implementations when these algorithms are used.
The tag (authentication tag)
header parameter value is the base64url encoded representation of the
Authentication Tag value resulting from the key encryption operation.
This Header Parameter is REQUIRED and MUST be understood and processed
by implementations when these algorithms are used.
This specification registers the algorithms defined in
in the
JSON Web Signature and Encryption Algorithms registry .
Algorithm Name: A128GCMKW
Algorithm Usage Location(s): alg
Implementation Requirements: OPTIONAL
Change Controller: IETF
Specification Document(s): of [[ this document ]]
Algorithm Name: A256GCMKW
Algorithm Usage Location(s): alg
Implementation Requirements: OPTIONAL
Change Controller: IETF
Specification Document(s): of [[ this document ]]
This specification registers the Header Parameter Names defined in
in the IANA
JSON Web Signature and Encryption Header Parameters registry
.
Header Parameter Name: iv
Header Parameter Usage Location(s): JWE
Change Controller: IETF
Specification Document(s): of [[ this document ]]
Header Parameter Name: tag
Header Parameter Usage Location(s): JWE
Change Controller: IETF
Specification Document(s): of [[ this document ]]
The security considerations in
and
also apply to this specification.
JSON Web Signature (JWS)
Microsoft
mbj@microsoft.com
http://self-issued.info/
Ping Identity
ve7jtb@ve7jtb.com
Nomura Research Institute
n-sakimura@nri.co.jp
JSON Web Encryption (JWE)
Microsoft
mbj@microsoft.com
http://self-issued.info/
RTFM, Inc.
ekr@rtfm.com
Cisco Systems, Inc.
jhildebr@cisco.com
JSON Web Algorithms (JWA)
Microsoft
mbj@microsoft.com
http://self-issued.info/
Advanced Encryption Standard (AES)
National Institute of Standards and Technology (NIST)
Recommendation for Block Cipher Modes of Operation:
Galois/Counter Mode (GCM) and GMAC
National Institute of Standards and Technology (NIST)
[[ to be removed by the RFC editor before publication as an RFC ]]
-01
Represented Initialization Vector and Authentication Tag values used as
header parameter values so as to be more parallel with their treatment
when using AES GCM for content encryption, per working group request.
-00
Created draft-jones-jose-aes-gcm-key-wrap.