{"id":1344,"date":"2015-03-03T02:38:12","date_gmt":"2015-03-03T10:38:12","guid":{"rendered":"https:\/\/self-issued.info\/?p=1344"},"modified":"2015-03-03T02:38:12","modified_gmt":"2015-03-03T10:38:12","slug":"key-managed-json-web-signature-kmjws-specification","status":"publish","type":"post","link":"https:\/\/self-issued.info\/?p=1344","title":{"rendered":"Key Managed JSON Web Signature (KMJWS) specification"},"content":{"rendered":"

\"IETF<\/span>I took a little time today and wrote a short draft specifying a JWS-like object that uses key management for the MAC key used to integrity protect the payload. We had considered doing this in JOSE issue #2<\/a> but didn’t do so at the time because of lack of demand. However, I wanted to get this down now to demonstrate that it is easy to do and specify a way to do it, should demand develop in the future — possibly after the JOSE working group<\/a> has been closed. See http:\/\/tools.ietf.org\/html\/draft-jones-jose-key-managed-json-web-signature-00<\/a> or https:\/\/self-issued.info\/docs\/draft-jones-jose-key-managed-json-web-signature-00.html<\/a>.<\/p>\n

This spec reuses key management functionality already present in the JWE spec<\/a> and MAC functionality already present in the JWS spec<\/a>. The result is essentially a JWS with an Encrypted Key value added, and a new “mac<\/code>” Header Parameter value representing the MAC algorithm used. (Like JWE, the key management algorithm is carried in the “alg<\/code>” Header Parameter value.)<\/p>\n

I also wrote this now as possible input into our thinking on options for creating a CBOR<\/a> JOSE mapping. If there are CBOR use cases needing managed MAC keys, this could help us reason about ways to structure the solution.<\/p>\n

Yes, the spec name and abbreviation are far from catchy. Better naming ideas would be great.<\/p>\n

Feedback welcomed.<\/p>\n","protected":false},"excerpt":{"rendered":"

I took a little time today and wrote a short draft specifying a JWS-like object that uses key management for the MAC key used to integrity protect the payload. We had considered doing this in JOSE issue #2 but didn’t do so at the time because of lack of demand. However, I wanted to get […]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[28,27,25],"tags":[],"class_list":["post-1344","post","type-post","status-publish","format-standard","hentry","category-cryptography","category-json","category-specifications"],"_links":{"self":[{"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/posts\/1344","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/self-issued.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1344"}],"version-history":[{"count":2,"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/posts\/1344\/revisions"}],"predecessor-version":[{"id":1346,"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/posts\/1344\/revisions\/1346"}],"wp:attachment":[{"href":"https:\/\/self-issued.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1344"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/self-issued.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1344"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/self-issued.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1344"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}