RFC 7520
Examples of Protecting Content Using JSON Object Signing and Encryption (JOSE)
4. JSON Web Signature Examples
The following sections demonstrate how to generate various JWS objects. All of the signature examples use the following payload content (an abridged quote from "The Fellowship of the Ring" [LOTR-FELLOWSHIP]), serialized as UTF-8. The payload is presented here as a series of quoted strings that are concatenated to produce the JWS Payload. The sequence "\xe2\x80\x99" is substituted for (U+2019 RIGHT SINGLE QUOTATION MARK), and quotation marks (U+0022 QUOTATION MARK) are added for readability but are not present in the JWS Payload. "It\xe2\x80\x99s a dangerous business, Frodo, going out your " "door. You step onto the road, and if you don't keep your feet, " "there\xe2\x80\x99s no knowing where you might be swept off " "to." Figure 7: Payload Content Plaintext
The payload -- with the sequence "\xe2\x80\x99" replaced with (U+2019 RIGHT SINGLE QUOTATION MARK) and quotations marks (U+0022 QUOTATION MARK) are removed -- is encoded as UTF-8 and then as base64url [RFC4648]: SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 Figure 8: Payload Content, base64url-encoded4.1. RSA v1.5 Signature
This example illustrates signing content using the "RS256" (RSASSA- PKCS1-v1_5 with SHA-256) algorithm. Note that whitespace is added for readability as described in Section 1.1.4.1.1. Input Factors
The following are supplied before beginning the signing operation: o Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8. o RSA private key; this example uses the key from Figure 4. o "alg" parameter of "RS256".4.1.2. Signing Operation
The following is generated to complete the signing operation: o JWS Protected Header; this example uses the header from Figure 9, encoded using base64url [RFC4648] to produce Figure 10. { "alg": "RS256", "kid": "bilbo.baggins@hobbiton.example" } Figure 9: JWS Protected Header JSON
eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 Figure 10: JWS Protected Header, base64url-encoded The JWS Protected Header (Figure 10) and JWS Payload (Figure 8) are combined as described in Section 5.1 of [JWS] to produce the JWS Signing Input (Figure 11). eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 Figure 11: JWS Signing Input Performing the signature operation over the JWS Signing Input (Figure 11) produces the JWS Signature (Figure 12). MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmK ZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4J IwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8w W1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluP xUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_f cIe8u9ipH84ogoree7vjbU5y18kDquDg Figure 12: JWS Signature, base64url-encoded4.1.3. Output Results
The following compose the resulting JWS object: o JWS Protected Header (Figure 9) o Payload content (Figure 8) o Signature (Figure 12)
The resulting JWS object using the JWS Compact Serialization: eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 . MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmK ZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4J IwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8w W1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluP xUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_f cIe8u9ipH84ogoree7vjbU5y18kDquDg Figure 13: JWS Compact Serialization The resulting JWS object using the general JWS JSON Serialization: { "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m ZiB0by4", "signatures": [ { "protected": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2 dpbnNAaG9iYml0b24uZXhhbXBsZSJ9", "signature": "MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHo xnW2e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII 7PNDi84wnB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0Rnlt uYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPo cSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxU Ahb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJush Z41Axf_fcIe8u9ipH84ogoree7vjbU5y18kDquDg" } ] } Figure 14: General JWS JSON Serialization
The resulting JWS object using the flattened JWS JSON Serialization: { "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m ZiB0by4", "protected": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbn NAaG9iYml0b24uZXhhbXBsZSJ9", "signature": "MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2 e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84w nB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0RnltuYv746iYTh_q HRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPocSadnHXFxnt8Is9U zpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxUAhb6L2aXic1U12podGU0 KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_fcIe8u9ipH84ogore e7vjbU5y18kDquDg" } Figure 15: Flattened JWS JSON Serialization4.2. RSA-PSS Signature
This example illustrates signing content using the "PS384" (RSASSA- PSS with SHA-384) algorithm. Note that RSASSA-PSS uses random data to generate the signature; it might not be possible to exactly replicate the results in this section. Note that whitespace is added for readability as described in Section 1.1.4.2.1. Input Factors
The following are supplied before beginning the signing operation: o Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8. o RSA private key; this example uses the key from Figure 4. o "alg" parameter of "PS384".
4.2.2. Signing Operation
The following is generated to complete the signing operation: o JWS Protected Header; this example uses the header from Figure 16, encoded using base64url [RFC4648] to produce Figure 17. { "alg": "PS384", "kid": "bilbo.baggins@hobbiton.example" } Figure 16: JWS Protected Header JSON eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 Figure 17: JWS Protected Header, base64url-encoded The JWS Protected Header (Figure 17) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 18). eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 Figure 18: JWS Signing Input Performing the signature operation over the JWS Signing Input (Figure 18) produces the JWS Signature (Figure 19). cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2I pN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXU vdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRX e8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT 0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a 6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw Figure 19: JWS Signature, base64url-encoded
4.2.3. Output Results
The following compose the resulting JWS object: o JWS Protected Header (Figure 17) o Payload content (Figure 8) o Signature (Figure 19) The resulting JWS object using the JWS Compact Serialization: eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 . cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2I pN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXU vdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRX e8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT 0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a 6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw Figure 20: JWS Compact Serialization
The resulting JWS object using the general JWS JSON Serialization: { "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m ZiB0by4", "signatures": [ { "protected": "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2 dpbnNAaG9iYml0b24uZXhhbXBsZSJ9", "signature": "cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy 42miAh2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5 dDDItllVo6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz2 8zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vd z0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0q I0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uT OcbH510a6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw" } ] } Figure 21: General JWS JSON Serialization The resulting JWS object using the flattened JWS JSON Serialization: { "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m ZiB0by4", "protected": "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbn NAaG9iYml0b24uZXhhbXBsZSJ9", "signature": "cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42mi Ah2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllV o6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf 8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vdz0TTrxUeT3lm8d9s hnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0qI0n6uiP1aCN_2_jLAeQT lqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a6GYmJUAfmWjwZ6oD 4ifKo8DYM-X72Eaw" } Figure 22: Flattened JWS JSON Serialization
4.3. ECDSA Signature
This example illustrates signing content using the "ES512" (Elliptic Curve Digital Signature Algorithm (ECDSA) with curve P-521 and SHA- 512) algorithm. Note that ECDSA uses random data to generate the signature; it might not be possible to exactly replicate the results in this section. Note that whitespace is added for readability as described in Section 1.1.4.3.1. Input Factors
The following are supplied before beginning the signing operation: o Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8. o EC private key on the curve P-521; this example uses the key from Figure 2. o "alg" parameter of "ES512".4.3.2. Signing Operation
The following is generated before beginning the signature process: o JWS Protected Header; this example uses the header from Figure 23, encoded using base64url [RFC4648] to produce Figure 24. { "alg": "ES512", "kid": "bilbo.baggins@hobbiton.example" } Figure 23: JWS Protected Header JSON eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 Figure 24: JWS Protected Header, base64url-encoded
The JWS Protected Header (Figure 24) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 25). eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 Figure 25: JWS Signing Input Performing the signature operation over the JWS Signing Input (Figure 25) produces the JWS Signature (Figure 26). AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2 Figure 26: JWS Signature, base64url-encoded4.3.3. Output Results
The following compose the resulting JWS object: o JWS Protected Header (Figure 24) o Payload content (Figure 8) o Signature (Figure 26) The resulting JWS object using the JWS Compact Serialization: eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 . AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2 Figure 27: JWS Compact Serialization
The resulting JWS object using the general JWS JSON Serialization: { "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m ZiB0by4", "signatures": [ { "protected": "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2 dpbnNAaG9iYml0b24uZXhhbXBsZSJ9", "signature": "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNl aAjP2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mt PBu_u_sDDyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBp HABlsbEPX6sFY8OcGDqoRuBomu9xQ2" } ] } Figure 28: General JWS JSON Serialization The resulting JWS object using the flattened JWS JSON Serialization: { "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m ZiB0by4", "protected": "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbn NAaG9iYml0b24uZXhhbXBsZSJ9", "signature": "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP 2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sD DyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBpHABlsbEPX6sF Y8OcGDqoRuBomu9xQ2" } Figure 29: Flattened JWS JSON Serialization4.4. HMAC-SHA2 Integrity Protection
This example illustrates integrity protecting content using the "HS256" (HMAC-SHA-256) algorithm. Note that whitespace is added for readability as described in Section 1.1.
4.4.1. Input Factors
The following are supplied before beginning the signing operation: o Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8. o HMAC symmetric key; this example uses the key from Figure 5. o "alg" parameter of "HS256".4.4.2. Signing Operation
The following is generated before completing the signing operation: o JWS Protected Header; this example uses the header from Figure 30, encoded using base64url [RFC4648] to produce Figure 31. { "alg": "HS256", "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" } Figure 30: JWS Protected Header JSON eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9 Figure 31: JWS Protected Header, base64url-encoded The JWS Protected Header (Figure 31) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 32). eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 Figure 32: JWS Signing Input
Performing the signature operation over the JWS Signing Input (Figure 32) produces the JWS Signature (Figure 33). s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0 Figure 33: JWS Signature, base64url-encoded4.4.3. Output Results
The following compose the resulting JWS object: o JWS Protected Header (Figure 31) o Payload content (Figure 8) o Signature (Figure 33) The resulting JWS object using the JWS Compact Serialization: eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 . s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0 Figure 34: JWS Compact Serialization
The resulting JWS object using the general JWS JSON Serialization: { "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m ZiB0by4", "signatures": [ { "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9", "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p 0" } ] } Figure 35: General JWS JSON Serialization The resulting JWS object using the flattened JWS JSON Serialization: { "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m ZiB0by4", "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9", "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0" } Figure 36: Flattened JWS JSON Serialization4.5. Signature with Detached Content
This example illustrates a signature with detached content. This example is identical to other examples in Section 4, except the resulting JWS objects do not include the JWS Payload field. Instead, the application is expected to locate it elsewhere. For example, the signature might be in a metadata section, with the payload being the content. Note that whitespace is added for readability as described in Section 1.1.
4.5.1. Input Factors
The following are supplied before beginning the signing operation: o Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8. o Signing key; this example uses the AES symmetric key from Figure 5. o Signing algorithm; this example uses "HS256".4.5.2. Signing Operation
The following is generated before completing the signing operation: o JWS Protected Header; this example uses the header from Figure 37, encoded using base64url [RFC4648] to produce Figure 38. { "alg": "HS256", "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" } Figure 37: JWS Protected Header JSON eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9 Figure 38: JWS Protected Header, base64url-encoded The JWS Protected Header (Figure 38) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 39). eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 Figure 39: JWS Signing Input
Performing the signature operation over the JWS Signing Input (Figure 39) produces the JWS Signature (Figure 40). s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0 Figure 40: JWS Signature, base64url-encoded4.5.3. Output Results
The following compose the resulting JWS object: o JWS Protected Header (Figure 38) o Signature (Figure 40) The resulting JWS object using the JWS Compact Serialization: eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9 . . s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0 Figure 41: General JWS JSON Serialization The resulting JWS object using the general JWS JSON Serialization: { "signatures": [ { "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9", "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p 0" } ] } Figure 42: General JWS JSON Serialization
The resulting JWS object using the flattened JWS JSON Serialization: { "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9", "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0" } Figure 43: Flattened JWS JSON Serialization4.6. Protecting Specific Header Fields
This example illustrates a signature where only certain Header Parameters are protected. Since this example contains both unprotected and protected Header Parameters, only the general JWS JSON Serialization and flattened JWS JSON Serialization are possible. Note that whitespace is added for readability as described in Section 1.1.4.6.1. Input Factors
The following are supplied before beginning the signing operation: o Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8. o Signing key; this example uses the AES symmetric key from Figure 5. o Signing algorithm; this example uses "HS256".4.6.2. Signing Operation
The following are generated before completing the signing operation: o JWS Protected Header; this example uses the header from Figure 44, encoded using base64url [RFC4648] to produce Figure 45. o JWS Unprotected Header; this example uses the header from Figure 46. { "alg": "HS256" } Figure 44: JWS Protected Header JSON
eyJhbGciOiJIUzI1NiJ9 Figure 45: JWS Protected Header, base64url-encoded { "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" } Figure 46: JWS Unprotected Header JSON The JWS Protected Header (Figure 45) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 47). eyJhbGciOiJIUzI1NiJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 Figure 47: JWS Signing Input Performing the signature operation over the JWS Signing Input (Figure 47) produces the JWS Signature (Figure 48). bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr20 Figure 48: JWS Signature, base64url-encoded4.6.3. Output Results
The following compose the resulting JWS object: o JWS Protected Header (Figure 45) o JWS Unprotected Header (Figure 46) o Payload content (Figure 8) o Signature (Figure 48) The JWS Compact Serialization is not presented because it does not support this use case.
The resulting JWS object using the general JWS JSON Serialization: { "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m ZiB0by4", "signatures": [ { "protected": "eyJhbGciOiJIUzI1NiJ9", "header": { "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" }, "signature": "bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr2 0" } ] } Figure 49: General JWS JSON Serialization The resulting JWS object using the flattened JWS JSON Serialization: { "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m ZiB0by4", "protected": "eyJhbGciOiJIUzI1NiJ9", "header": { "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" }, "signature": "bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr20" } Figure 50: Flattened JWS JSON Serialization4.7. Protecting Content Only
This example illustrates a signature where none of the Header Parameters are protected. Since this example contains only unprotected Header Parameters, only the general JWS JSON Serialization and flattened JWS JSON Serialization are possible. Note that whitespace is added for readability as described in Section 1.1.
4.7.1. Input Factors
The following are supplied before beginning the signing operation: o Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8. o Signing key; this example uses the AES symmetric key from Figure 5. o Signing algorithm; this example uses "HS256".4.7.2. Signing Operation
The following is generated before completing the signing operation: o JWS Unprotected Header; this example uses the header from Figure 51. { "alg": "HS256", "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" } Figure 51: JWS Unprotected Header JSON The empty string (as there is no JWS Protected Header) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 52). . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 Figure 52: JWS Signing Input Performing the signature operation over the JWS Signing Input (Figure 52) produces the JWS Signature (Figure 53). xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZuk Figure 53: JWS Signature, base64url-encoded
4.7.3. Output Results
The following compose the resulting JWS object: o JWS Unprotected Header (Figure 51) o Payload content (Figure 8) o Signature (Figure 53) The JWS Compact Serialization is not presented because it does not support this use case. The resulting JWS object using the general JWS JSON Serialization: { "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m ZiB0by4", "signatures": [ { "header": { "alg": "HS256", "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" }, "signature": "xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZu k" } ] } Figure 54: General JWS JSON Serialization
The resulting JWS object using the flattened JWS JSON Serialization: { "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m ZiB0by4", "header": { "alg": "HS256", "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" }, "signature": "xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZuk" } Figure 55: Flattened JWS JSON Serialization4.8. Multiple Signatures
This example illustrates multiple signatures applied to the same payload. Since this example contains more than one signature, only the JSON General Serialization is possible. Note that whitespace is added for readability as described in Section 1.1.4.8.1. Input Factors
The following are supplied before beginning the signing operation: o Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8. o Signing keys; this example uses the following: * RSA private key from Figure 4 for the first signature * EC private key from Figure 2 for the second signature * AES symmetric key from Figure 5 for the third signature o Signing algorithms; this example uses the following: * "RS256" for the first signature * "ES512" for the second signature * "HS256" for the third signature
4.8.2. First Signing Operation
The following are generated before completing the first signing operation: o JWS Protected Header; this example uses the header from Figure 56, encoded using base64url [RFC4648] to produce Figure 57. o JWS Unprotected Header; this example uses the header from Figure 58. { "alg": "RS256" } Figure 56: Signature #1 JWS Protected Header JSON eyJhbGciOiJSUzI1NiJ9 Figure 57: Signature #1 JWS Protected Header, base64url-encoded { "kid": "bilbo.baggins@hobbiton.example" } Figure 58: Signature #1 JWS Unprotected Header JSON The JWS Protected Header (Figure 57) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 59). eyJhbGciOiJSUzI1NiJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 Figure 59: JWS Signing Input
Performing the signature operation over the JWS Signing Input (Figure 59) produces the JWS Signature (Figure 60). MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5NvyG53uoimic1tcMdSg-qpt rzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFcryNFiHkSw129EghGpwkpxaTn_THJTC glNbADko1MZBCdwzJxwqZc-1RlpO2HibUYyXSwO97BSe0_evZKdjvvKSgsIqjy tKSeAMbhMBdMma622_BG5t4sdbuCHtFjp9iJmkio47AIwqkZV1aIZsv33uPUqB BCXbYoQJwt7mxPftHmNlGoOSMxR_3thmXTCm4US-xiNOyhbm8afKK64jU6_TPt QHiJeQJxz9G3Tx-083B745_AfYOnlC9w Figure 60: JWS Signature #1, base64url-encoded The following is the assembled first signature serialized as JSON: { "protected": "eyJhbGciOiJSUzI1NiJ9", "header": { "kid": "bilbo.baggins@hobbiton.example" }, "signature": "MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5NvyG53u oimic1tcMdSg-qptrzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFcryNFiHkS w129EghGpwkpxaTn_THJTCglNbADko1MZBCdwzJxwqZc-1RlpO2HibUY yXSwO97BSe0_evZKdjvvKSgsIqjytKSeAMbhMBdMma622_BG5t4sdbuC HtFjp9iJmkio47AIwqkZV1aIZsv33uPUqBBCXbYoQJwt7mxPftHmNlGo OSMxR_3thmXTCm4US-xiNOyhbm8afKK64jU6_TPtQHiJeQJxz9G3Tx-0 83B745_AfYOnlC9w" } Figure 61: Signature #1 JSON4.8.3. Second Signing Operation
The following is generated before completing the second signing operation: o JWS Unprotected Header; this example uses the header from Figure 62. { "alg": "ES512", "kid": "bilbo.baggins@hobbiton.example" } Figure 62: Signature #2 JWS Unprotected Header JSON
The empty string (as there is no JWS Protected Header) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 63). . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 Figure 63: JWS Signing Input Performing the signature operation over the JWS Signing Input (Figure 63) produces the JWS Signature (Figure 64). ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhcdCoFZFFjfISu0Cdkn9Yb dlmi54ho0x924DUz8sK7ZXkhc7AFM8ObLfTvNCrqcI3Jkl2U5IX3utNhODH6v7 xgy1Qahsn0fyb4zSAkje8bAWz4vIfj5pCMYxxm4fgV3q7ZYhm5eD Figure 64: JWS Signature #2, base64url-encoded The following is the assembled second signature serialized as JSON: { "header": { "alg": "ES512", "kid": "bilbo.baggins@hobbiton.example" }, "signature": "ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhcdCoF ZFFjfISu0Cdkn9Ybdlmi54ho0x924DUz8sK7ZXkhc7AFM8ObLfTvNCrq cI3Jkl2U5IX3utNhODH6v7xgy1Qahsn0fyb4zSAkje8bAWz4vIfj5pCM Yxxm4fgV3q7ZYhm5eD" } Figure 65: Signature #2 JSON
4.8.4. Third Signing Operation
The following is generated before completing the third signing operation: o JWS Protected Header; this example uses the header from Figure 66, encoded using base64url [RFC4648] to produce Figure 67. { "alg": "HS256", "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037" } Figure 66: Signature #3 JWS Protected Header JSON eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9 Figure 67: Signature #3 JWS Protected Header, base64url-encoded The JWS Protected Header (Figure 67) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 68). eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 Figure 68: JWS Signing Input Performing the signature operation over the JWS Signing Input (Figure 68) produces the JWS Signature (Figure 69). s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0 Figure 69: JWS Signature #3, base64url-encoded
The following is the assembled third signature serialized as JSON: { "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9", "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0" } Figure 70: Signature #3 JSON4.8.5. Output Results
The following compose the resulting JWS object: o Payload content (Figure 8) o Signature #1 JSON (Figure 61) o Signature #2 JSON (Figure 65) o Signature #3 JSON (Figure 70) The JWS Compact Serialization is not presented because it does not support this use case; the flattened JWS JSON Serialization is not presented because there is more than one signature.
The resulting JWS object using the general JWS JSON Serialization: { "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m ZiB0by4", "signatures": [ { "protected": "eyJhbGciOiJSUzI1NiJ9", "header": { "kid": "bilbo.baggins@hobbiton.example" }, "signature": "MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5Nvy G53uoimic1tcMdSg-qptrzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFc ryNFiHkSw129EghGpwkpxaTn_THJTCglNbADko1MZBCdwzJxwqZc -1RlpO2HibUYyXSwO97BSe0_evZKdjvvKSgsIqjytKSeAMbhMBdM ma622_BG5t4sdbuCHtFjp9iJmkio47AIwqkZV1aIZsv33uPUqBBC XbYoQJwt7mxPftHmNlGoOSMxR_3thmXTCm4US-xiNOyhbm8afKK6 4jU6_TPtQHiJeQJxz9G3Tx-083B745_AfYOnlC9w" }, { "header": { "alg": "ES512", "kid": "bilbo.baggins@hobbiton.example" }, "signature": "ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhc dCoFZFFjfISu0Cdkn9Ybdlmi54ho0x924DUz8sK7ZXkhc7AFM8Ob LfTvNCrqcI3Jkl2U5IX3utNhODH6v7xgy1Qahsn0fyb4zSAkje8b AWz4vIfj5pCMYxxm4fgV3q7ZYhm5eD" }, { "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9", "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p 0" } ] } Figure 71: General JWS JSON Serialization
5. JSON Web Encryption Examples
The following sections demonstrate how to generate various JWE objects. All of the encryption examples (unless otherwise noted) use the following Plaintext content (an abridged quote from "The Fellowship of the Ring" [LOTR-FELLOWSHIP]), serialized as UTF-8. The Plaintext is presented here as a series of quoted strings that are concatenated to produce the JWE Plaintext. The sequence "\xe2\x80\x93" is substituted for (U+2013 EN DASH), and quotation marks (U+0022 QUOTATION MARK) are added for readability but are not present in the JWE Plaintext. "You can trust us to stick with you through thick and " "thin\xe2\x80\x93to the bitter end. And you can trust us to " "keep any secret of yours\xe2\x80\x93closer than you keep it " "yourself. But you cannot trust us to let you face trouble " "alone, and go off without a word. We are your friends, Frodo." Figure 72: Plaintext Content5.1. Key Encryption Using RSA v1.5 and AES-HMAC-SHA2
This example illustrates encrypting content using the "RSA1_5" (RSAES-PKCS1-v1_5) key encryption algorithm and the "A128CBC-HS256" (AES-128-CBC-HMAC-SHA-256) content encryption algorithm. Note that RSAES-PKCS1-v1_5 uses random data to generate the ciphertext; it might not be possible to exactly replicate the results in this section. Note that only the RSA public key is necessary to perform the encryption. However, the example includes the RSA private key to allow readers to validate the output. Note that whitespace is added for readability as described in Section 1.1.5.1.1. Input Factors
The following are supplied before beginning the encryption process: o Plaintext content; this example uses the content from Figure 72. o RSA public key; this example uses the key from Figure 73.
o "alg" parameter of "RSA1_5". o "enc" parameter of "A128CBC-HS256". { "kty": "RSA", "kid": "frodo.baggins@hobbiton.example", "use": "enc", "n": "maxhbsmBtdQ3CNrKvprUE6n9lYcregDMLYNeTAWcLj8NnPU9XIYegT HVHQjxKDSHP2l-F5jS7sppG1wgdAqZyhnWvXhYNvcM7RfgKxqNx_xAHx 6f3yy7s-M9PSNCwPC2lh6UAkR4I00EhV9lrypM9Pi4lBUop9t5fS9W5U NwaAllhrd-osQGPjIeI1deHTwx-ZTHu3C60Pu_LJIl6hKn9wbwaUmA4c R5Bd2pgbaY7ASgsjCUbtYJaNIHSoHXprUdJZKUMAzV0WOKPfA6OPI4oy pBadjvMZ4ZAj3BnXaSYsEZhaueTXvZB4eZOAjIyh2e_VOIKVMsnDrJYA VotGlvMQ", "e": "AQAB", "d": "Kn9tgoHfiTVi8uPu5b9TnwyHwG5dK6RE0uFdlpCGnJN7ZEi963R7wy bQ1PLAHmpIbNTztfrheoAniRV1NCIqXaW_qS461xiDTp4ntEPnqcKsyO 5jMAji7-CL8vhpYYowNFvIesgMoVaPRYMYT9TW63hNM0aWs7USZ_hLg6 Oe1mY0vHTI3FucjSM86Nff4oIENt43r2fspgEPGRrdE6fpLc9Oaq-qeP 1GFULimrRdndm-P8q8kvN3KHlNAtEgrQAgTTgz80S-3VD0FgWfgnb1PN miuPUxO8OpI9KDIfu_acc6fg14nsNaJqXe6RESvhGPH2afjHqSy_Fd2v pzj85bQQ", "p": "2DwQmZ43FoTnQ8IkUj3BmKRf5Eh2mizZA5xEJ2MinUE3sdTYKSLtaE oekX9vbBZuWxHdVhM6UnKCJ_2iNk8Z0ayLYHL0_G21aXf9-unynEpUsH 7HHTklLpYAzOOx1ZgVljoxAdWNn3hiEFrjZLZGS7lOH-a3QQlDDQoJOJ 2VFmU", "q": "te8LY4-W7IyaqH1ExujjMqkTAlTeRbv0VLQnfLY2xINnrWdwiQ93_V F099aP1ESeLja2nw-6iKIe-qT7mtCPozKfVtUYfz5HrJ_XY2kfexJINb 9lhZHMv5p1skZpeIS-GPHCC6gRlKo1q-idn_qxyusfWv7WAxlSVfQfk8 d6Et0", "dp": "UfYKcL_or492vVc0PzwLSplbg4L3-Z5wL48mwiswbpzOyIgd2xHTH QmjJpFAIZ8q-zf9RmgJXkDrFs9rkdxPtAsL1WYdeCT5c125Fkdg317JV RDo1inX7x2Kdh8ERCreW8_4zXItuTl_KiXZNU5lvMQjWbIw2eTx1lpsf lo0rYU", "dq": "iEgcO-QfpepdH8FWd7mUFyrXdnOkXJBCogChY6YKuIHGc_p8Le9Mb pFKESzEaLlN1Ehf3B6oGBl5Iz_ayUlZj2IoQZ82znoUrpa9fVYNot87A CfzIG7q9Mv7RiPAderZi03tkVXAdaBau_9vs5rS-7HMtxkVrxSUvJY14 TkXlHE", "qi": "kC-lzZOqoFaZCr5l0tOVtREKoVqaAYhQiqIRGL-MzS4sCmRkxm5vZ lXYx6RtE1n_AagjqajlkjieGlxTTThHD8Iga6foGBMaAr5uR1hGQpSc7 Gl7CF1DZkBJMTQN6EshYzZfxW08mIO8M6Rzuh0beL6fG9mkDcIyPrBXx 2bQ_mM" } Figure 73: RSA 2048-Bit Key, in JWK Format
(NOTE: While the key includes the private parameters, only the public parameters "e" and "n" are necessary for the encryption operation.)5.1.2. Generated Factors
The following are generated before encrypting: o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 74. o Initialization Vector; this example uses the Initialization Vector from Figure 75. 3qyTVhIWt5juqZUCpfRqpvauwB956MEJL2Rt-8qXKSo Figure 74: Content Encryption Key, base64url-encoded bbd5sTkYwhAIqfHsx8DayA Figure 75: Initialization Vector, base64url-encoded5.1.3. Encrypting the Key
Performing the key encryption operation over the CEK (Figure 74) with the RSA key (Figure 73) results in the following Encrypted Key: laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePF vG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2G Xfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcG TSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8Vl zNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOh MBs9M8XL223Fg47xlGsMXdfuY-4jaqVw Figure 76: Encrypted Key, base64url-encoded
5.1.4. Encrypting the Content
The following is generated before encrypting the Plaintext: o JWE Protected Header; this example uses the header from Figure 77, encoded using base64url [RFC4648] to produce Figure 78. { "alg": "RSA1_5", "kid": "frodo.baggins@hobbiton.example", "enc": "A128CBC-HS256" } Figure 77: JWE Protected Header JSON eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0 Figure 78: JWE Protected Header, base64url-encoded Performing the content encryption operation on the Plaintext (Figure 72) using the following: o CEK (Figure 74); o Initialization Vector (Figure 75); and o JWE Protected Header (Figure 77) as authenticated data produces the following: o Ciphertext from Figure 79. o Authentication Tag from Figure 80. 0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_r aa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8O WzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZV yeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0 zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2 O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VW i7lzA6BP430m Figure 79: Ciphertext, base64url-encoded kvKuFBXHe5mQr4lqgobAUg Figure 80: Authentication Tag, base64url-encoded
5.1.5. Output Results
The following compose the resulting JWE object: o JWE Protected Header (Figure 78) o Encrypted Key (Figure 76) o Initialization Vector (Figure 75) o Ciphertext (Figure 79) o Authentication Tag (Figure 80) The resulting JWE object using the JWE Compact Serialization: eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0 . laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePF vG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2G Xfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcG TSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8Vl zNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOh MBs9M8XL223Fg47xlGsMXdfuY-4jaqVw . bbd5sTkYwhAIqfHsx8DayA . 0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_r aa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8O WzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZV yeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0 zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2 O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VW i7lzA6BP430m . kvKuFBXHe5mQr4lqgobAUg Figure 81: JWE Compact Serialization
The resulting JWE object using the general JWE JSON Serialization: { "recipients": [ { "encrypted_key": "laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzf TihJBuuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai_ _3TDON395H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WX C2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt 36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8 VlzNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx 1BpyIfgvfjOhMBs9M8XL223Fg47xlGsMXdfuY-4jaqVw" } ], "protected": "eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW 5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In 0", "iv": "bbd5sTkYwhAIqfHsx8DayA", "ciphertext": "0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62 JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wn I3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc 2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtm RdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0y KVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4c tHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP4 30m", "tag": "kvKuFBXHe5mQr4lqgobAUg" } Figure 82: General JWE JSON Serialization
The resulting JWE object using the flattened JWE JSON Serialization: { "protected": "eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW 5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In 0", "encrypted_key": "laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJ Buuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai__3TDON39 5H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WXC2F5Xbb71ClQ 1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt36r1Kt3OSj7EyBQX oZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8VlzNmoxaGMny3YnGir5W f6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOhMBs9M8XL223F g47xlGsMXdfuY-4jaqVw", "iv": "bbd5sTkYwhAIqfHsx8DayA", "ciphertext": "0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62 JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wn I3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc 2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtm RdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0y KVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4c tHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP4 30m", "tag": "kvKuFBXHe5mQr4lqgobAUg" } Figure 83: Flattened JWE JSON Serialization
(page 45 continued on part 3)
