JSON Web Encryption JSON Serialization (JWE-JS)Microsoftmbj@microsoft.comhttp://self-issued.info/
Security
JOSE Working GroupRFCRequest for CommentsI-DInternet-DraftJavaScript Object NotationJSONJSON Web TokenJWTJSON Web SignatureJWSJSON Web EncryptionJWEJSON Web KeyJWKJSON Web AlgorithmsJWA
The JSON Web Encryption JSON Serialization (JWE-JS) is a means
of representing encrypted content using JSON data structures.
This specification describes a means of representing
secured content as a JSON data object
(as opposed to the JWE specification, which uses a
compact serialization with a URL-safe representation).
It enables the same content to be encrypted to multiple
parties (unlike JWE).
Cryptographic algorithms and identifiers used with this
specification are enumerated in the separate
JSON Web Algorithms (JWA) specification.
The JSON Serialization for related digital signature and HMAC
functionality is described in the separate
JSON Web Signature JSON Serialization (JWS-JS) specification.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described
in RFC 2119.
The JSON Web Encryption JSON Serialization (JWE-JS) is a format for
representing encrypted content as a
JSON RFC 4627 object.
It enables the same content to be encrypted to multiple parties
(unlike JWE .)
The encryption mechanisms are independent of the type of
content being encrypted.
Cryptographic algorithms and identifiers used with this
specification are enumerated in the separate
JSON Web Algorithms (JWA) specification.
The JSON Serialization for related digital signature and HMAC
functionality is described in the separate
JSON Web Signature JSON Serialization (JWS-JS)
specification.
This specification uses the same terminology as the
JSON Web Encryption (JWE)
specification.
The JSON Serialization represents encrypted content as a JSON
object with members for each of four constituent parts: a
headers member whose value is a
non-empty array of Encoded JWE Header values, an encrypted_keys member whose value is a
non-empty array of Encoded JWE Encrypted Key values, a ciphertext member whose value is an
Encoded JWE Ciphertext value, and an integrity_values member whose value is a
non-empty array of Encoded JWE Integrity Value values. The
number of elements in each of the arrays MUST be the same.
Unlike the compact serialization used by JWEs, content using
the JSON Serialization MAY be encrypted to more than one
recipient. Each recipient requires:
a JWE Header value specifying the cryptographic parameters
used to encrypt the JWE Encrypted Key to that recipient
and the parameters used to encrypt the plaintext to
produce the JWE Ciphertext; these values are represented
as Encoded JWE Header values that are elements of the
non-empty array contained in the headers member.
a JWE Encrypted Key value; these values are represented as
Encoded JWE Encrypted Key values that are corresponding
elements of the non-empty array contained in the encrypted_keys member.
a JWE Integrity Value that ensures the integrity of
the Ciphertext and the parameters used to create it; these
values are represented as Encoded JWE Integrity Value
values that are corresponding elements of the non-empty
array contained in the integrity_values member.
Therefore, the syntax is:
The contents of the Encoded JWE Header, Encoded JWE Encrypted
Key, Encoded JWE Ciphertext, and Encoded JWE Integrity Value
values are exactly as
specified in JSON Web Encryption (JWE) .
They are interpreted and validated in the same manner, with
each corresponding headers,
encrypted_keys, and integrity_values value being created
or validated together. The arrays MUST have the same number
of elements.
The i'th JWE Encrypted Key value and the
i'th JWE Integrity Value are computed using the
parameters of i'th JWE Header value in the same manner
described in the JWE specification. This has the desirable
result that each Encoded JWE Encrypted Key value in the encrypted_keys array and
each Encoded JWE Integrity Value in the integrity_values array
are identical to the
values that would have been computed for the same header and
payload in a JWE, as is the JWE Ciphertext value.
All recipients use the same JWE Ciphertext value, resulting in
potentially significant space savings if the message is large.
Therefore, all header parameters that specify the treatment of
the JWE Ciphertext value MUST be the same for all recipients.
In particular, this means that the enc (encryption method) header parameter
value in the JWE Header for each recipient MUST be the same,
as MUST be the iv (initialization
vector) value (when required for the algorithm).
This section contains an example using the JWE JSON
Serialization. This example demonstrates the capability for
encrypting the same plaintext to multiple recipients.
Two recipients are present in this example: the first using the
RSA-PKCS1_1.5 algorithm to produce the JWE Encrypted Key
and the second using the ECDH-ES algorithm to produce the
JWE Encrypted Key. The Plaintext is encrypted
using the AES-256-CBC algorithm to produce the JWE Ciphertext.
The two Decoded JWE Header Segments used are:
and:
The complete JSON Web Encryption JSON Serialization (JWE-JS)
for these values is as follows
(with line breaks for display purposes only):
TBD: Finish this example.
This specification makes no requests of IANA.
The security considerations for this specification are the
same as those for the JSON Web Encryption (JWE) specification.
The following items remain to be done in this draft:
Complete the example.
Track changes that occur in the JWE spec.
JSON Web Encryption (JWE)Microsoftmbj@microsoft.comhttp://self-issued.info/RTFM, Inc.ekr@rtfm.comCisco Systems, Inc.jhildebr@cisco.comJSON Web Algorithms (JWA)Microsoftmbj@microsoft.comhttp://self-issued.info/JSON Web Signature JSON Serialization (JWS-JS)Microsoftmbj@microsoft.comhttp://self-issued.info/independentve7jtb@ve7jtb.comNomura Research Instituten-sakimura@nri.co.jpJSON Simple EncryptionindependentNomura Research Institute
JSON serializations for encrypted content were previously explored by
JSON Simple Encryption and
JavaScript Message Security
Format.
-01
Tracked changes between JOSE JWE draft -00 and -01, which
added an integrity check for non-AEAD algorithms.
-00
Created the initial version incorporating JOSE working
group input and drawing from the JSON Serialization
previously proposed in draft-jones-json-web-token-01.