JSON Private KeyMicrosoftmbj@microsoft.comhttp://self-issued.info/
Security
JOSE Working GroupRFCRequest for CommentsI-DInternet-DraftJavaScript Object NotationJSONJSON Web KeyJWKJSON Web AlgorithmsJWA
The JSON Private Key specification extends the
JSON Web Key (JWK) and
JSON Web Algorithms (JWA)
specifications to define a
JavaScript Object Notation (JSON)
representation of private keys.
The JSON Private Key specification extends the
JSON Web Key (JWK) and
JSON Web Algorithms (JWA)
specifications to define a
JavaScript Object Notation (JSON)
representation of private keys.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as
described in
Key words for use in RFCs to Indicate Requirement Levels .
This specification uses the same terminology as the
JSON Web Key (JWK) and
JSON Web Algorithms (JWA)
specifications.
This section defines additional JSON Web Key parameters
that enable JWKs to represent private keys.
When the JWK alg
member value is EC,
the following member MAY be used to represent
an Elliptic Curve private key:
The d (ECC private key) member contains
the Elliptic Curve private key value.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The array representation MUST not be shortened
to omit any leading zero bytes.
For instance, when representing 521 bit integers,
the byte array to be base64url encoded MUST contain 66 bytes,
including any leading zero bytes.
When the JWK alg
member value is RSA,
the following member MAY be used to represent
an RSA private key:
The pri (private exponent) member contains
the private exponent value for the RSA private key.
It is represented as the base64url encoding of the
value's unsigned big endian representation as a byte array.
The array representation MUST not be shortened
to omit any leading zero bytes.
For instance, when representing 2048 bit integers,
the byte array to be base64url encoded MUST contain 256 bytes,
including any leading zero bytes.
The following example JWK Set contains two keys represented
as JWKs containing both public and private key values:
one using an Elliptic Curve algorithm and
a second one using an RSA algorithm.
This example extends the example in
Section 3 of ,
adding private key values.
(Line breaks are for display purposes only.)
This specification registers the parameter names defined in
and in the
IANA JSON Web Key Parameters registry .
Parameter Name: d
Change Controller: IETF
Specification Document(s): of [[ this document ]]
Parameter Name: pri
Change Controller: IETF
Specification Document(s): of [[ this document ]]
The security considerations for this specification are the
same as those for the
JSON Web Key (JWK) specification and
the portion of the JSON Web Algorithms (JWA)
specification that pertains to key representations.
JSON Web Key (JWK)Microsoftmbj@microsoft.comhttp://self-issued.info/JSON Web Algorithms (JWA)Microsoftmbj@microsoft.comhttp://self-issued.info/
[[ to be removed by the RFC editor before publication as an RFC ]]
-00
Created draft-jones-jose-json-private-key to facilitate discussion
of the question from the W3C WebCrypto WG to the IETF JOSE WG of whether
JOSE plans to support a format for representing private keys.