JSON Private and Symmetric KeyMicrosoftmbj@microsoft.comhttp://self-issued.info/
Security
JOSE Working GroupRFCRequest for CommentsI-DInternet-DraftJavaScript Object NotationJSONJSON Web KeyJWKJSON Web AlgorithmsJWA
The JSON Private Key specification extends the
JSON Web Key (JWK) and
JSON Web Algorithms (JWA)
specifications to define
JavaScript Object Notation (JSON)
representations of private keys and symmetric keys.
The JSON Private Key specification extends the
JSON Web Key (JWK) and
JSON Web Algorithms (JWA)
specifications to define
JavaScript Object Notation (JSON)
representations of private and symmetric keys.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as
described in
Key words for use in RFCs to Indicate Requirement Levels .
This specification uses the same terminology as the
JSON Web Key (JWK) and
JSON Web Algorithms (JWA)
specifications.
This section defines additional JSON Web Key parameters
that enable JWKs to represent private keys.
When the JWK kty
member value is EC,
the following member MAY be used to represent
an Elliptic Curve private key:
The d (ECC private key) member contains
the Elliptic Curve private key value.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The array representation MUST not be shortened
to omit any leading zero bytes.
For instance, when representing 521 bit integers,
the byte array to be base64url encoded MUST contain 66 bytes,
including any leading zero bytes.
When the JWK kty
member value is RSA,
the following member MAY be used to represent
an RSA private key:
The d (private exponent) member contains
the private exponent value for the RSA private key.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The array representation MUST not be shortened
to omit any leading zero bytes.
For instance, when representing 2048 bit integers,
the byte array to be base64url encoded MUST contain 256 bytes,
including any leading zero bytes.
The p (first prime factor) member contains
the first prime factor, a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The q (second prime factor) member contains
the second prime factor, a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The dp (first factor CRT exponent)
member contains the Chinese Remainder Theorem (CRT) exponent
of the first factor, a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The dq (second factor CRT exponent)
member contains the Chinese Remainder Theorem (CRT) exponent
of the second factor, a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The dp (first CRT coefficient)
member contains the Chinese Remainder Theorem (CRT)
coefficient of the second factor, a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The oth (other primes info)
member contains an array of information about any third and subsequent
primes, should they exist.
When only two primes have been used (the normal case),
this parameter MUST be omitted.
When three or more primes have been used, the number of array
elements MUST be the number of primes used minus two.
Each array element MUST be an object with the following members:
The r (prime factor) parameter
within an oth array member
represents the value of a subsequent prime factor,
a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The d (Factor CRT Exponent) parameter
within an oth array member
represents the CRT exponent of the corresponding prime factor,
a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The t (factor CRT coefficient) parameter
within an oth array member
represents the CRT coefficient of the corresponding prime factor,
a positive integer.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
When the JWK kty
member value is oct (octet sequence),
the following member MAY be used to represent
a symmetric key (or another key whose value is a single octet sequence):
The k (key value) member contains
the value of the symmetric (or other single-valued) key.
It is represented as the base64url encoding of the
octet sequence containing the key value.
The following example JWK Set contains two keys represented
as JWKs containing both public and private key values:
one using an Elliptic Curve algorithm and
a second one using an RSA algorithm.
This example extends the example in
Section 3 of ,
adding private key values.
(Line breaks are for display purposes only.)
The following example JWK Set contains two symmetric keys represented
as JWKs:
one designated as being for use with the AES Key Wrap algorithm and
a second one that is an HMAC key.
(Line breaks are for display purposes only.)
This specification registers the key type defined in
in the
IANA JSON Web Key Types registry .
"kty" Parameter Value: oct
Implementation Requirements: RECOMMENDED+
Change Controller: IETF
Specification Document(s): of [[ this document ]]
This specification registers the parameter names defined in
, ,
and in the
IANA JSON Web Key Parameters registry .
Parameter Name: d
Change Controller: IETF
Specification Document(s): of [[ this document ]]
Parameter Name: d
Change Controller: IETF
Specification Document(s): of [[ this document ]]
Parameter Name: p
Change Controller: IETF
Specification Document(s): of [[ this document ]]
Parameter Name: q
Change Controller: IETF
Specification Document(s): of [[ this document ]]
Parameter Name: dp
Change Controller: IETF
Specification Document(s): of [[ this document ]]
Parameter Name: dq
Change Controller: IETF
Specification Document(s): of [[ this document ]]
Parameter Name: qi
Change Controller: IETF
Specification Document(s): of [[ this document ]]
Parameter Name: oth
Change Controller: IETF
Specification Document(s): of [[ this document ]]
Parameter Name: k
Change Controller: IETF
Specification Document(s): of [[ this document ]]
All of the security issues faced by any cryptographic application
must be faced by a JWS/JWE/JWK agent. Among these issues are protecting
the user's private and symmetric keys, preventing various attacks, and helping the
user avoid mistakes such as inadvertently encrypting a message for
the wrong recipient. The entire list of security considerations is
beyond the scope of this document.
Private and symmetric keys must be protected from disclosure
to unintended parties. One recommended means of doing so is
to encrypt JWKs or JWK Sets containing them by using the JWK
or JWK Set value as the plaintext of a JWE.
A key is no more trustworthy than the method by which it was received.
The security considerations in
RFC 3447 and RFC 6030
about protecting private and symmetric keys also apply to this specification.
JSON Web Key (JWK)Microsoftmbj@microsoft.comhttp://self-issued.info/JSON Web Algorithms (JWA)Microsoftmbj@microsoft.comhttp://self-issued.info/
John Bradley and James Manger contributed to the contents of this specification.
[[ to be removed by the RFC editor before publication as an RFC ]]
-00
Created draft-jones-jose-json-private-and-symmetric-key from
draft-jones-jose-json-private-key, adding a representation for
symmetric keys.
Tracked parameter changes and additions in the JWK spec.
Recommend encryption of JWKs and JWK Sets containing
private or symmetric keys as JWEs.
Added seriesInfo information to Internet Draft references.
draft-jones-jose-json-private-key-01
Changed the names of the RSA key parameters
so that the identifiers are the same as those used in RFC 3447.
Added the RSA private key fields enabling Chinese Remainder Theorem (CRT)
calculations, based upon their use in RFC 3447.
draft-jones-jose-json-private-key-00
Created draft-jones-jose-json-private-key to facilitate discussion
of the question from the W3C WebCrypto WG to the IETF JOSE WG of whether
JOSE plans to support a format for representing private keys.