RFC 7520
Examples of Protecting Content Using JSON Object Signing and Encryption (JOSE)
5.9. Compressed Content
This example illustrates encrypting content that is first compressed. It reuses the AES symmetric key, key encryption algorithm, and content encryption algorithm from Section 5.8. Note that whitespace is added for readability as described in Section 1.1.5.9.1. Input Factors
The following are supplied before beginning the encryption process: o Plaintext content; this example uses the content from Figure 72. o Recipient encryption key; this example uses the key from Figure 151. o Key encryption algorithm; this example uses "A128KW". o Content encryption algorithm; this example uses "A128GCM". o "zip" parameter of "DEF".5.9.2. Generated Factors
The following are generated before encrypting: o Compressed Plaintext from the original Plaintext content; compressing Figure 72 using the DEFLATE [RFC1951] algorithm produces the compressed Plaintext from Figure 162. o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 163. o Initialization Vector; this example uses the Initialization Vector from Figure 164. bY_BDcIwDEVX-QNU3QEOrIA4pqlDokYxchxVvbEDGzIJbioOSJwc-f___HPjBu 8KVFpVtAplVE1-wZo0YjNZo3C7R5v72pV5f5X382VWjYQpqZKAyjziZOr2B7kQ PSy6oZIXUnDYbVKN4jNXi2u0yB7t1qSHTjmMODf9QgvrDzfTIQXnyQRuUya4zI WG3vTOdir0v7BRHFYWq3k1k1A_gSDJqtcBF-GZxw8 Figure 162: Compressed Plaintext, base64url-encoded
hC-MpLZSuwWv8sexS6ydfw Figure 163: Content Encryption Key, base64url-encoded p9pUq6XHY0jfEZIl Figure 164: Initialization Vector, base64url-encoded5.9.3. Encrypting the Key
Performing the key encryption operation over the CEK (Figure 163) with the AES symmetric key (Figure 151) produces the following Encrypted Key: 5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi Figure 165: Encrypted Key, base64url-encoded5.9.4. Encrypting the Content
The following is generated before encrypting the content: o JWE Protected Header; this example uses the header from Figure 166, encoded to base64url [RFC4648] as Figure 167. { "alg": "A128KW", "kid": "81b20965-8332-43d9-a468-82160ad91ac8", "enc": "A128GCM", "zip": "DEF" } Figure 166: JWE Protected Header JSON eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC 04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0 Figure 167: JWE Protected Header, base64url-encoded
Performing the content encryption operation over the compressed Plaintext (Figure 162, encoded as an octet string) with the following: o CEK (Figure 163); o Initialization Vector (Figure 164); and o JWE Protected Header (Figure 167) as authenticated data produces the following: o Ciphertext from Figure 168. o Authentication Tag from Figure 169. HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6VB8hry57tDZ61jXyez SPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0 m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDHj0aBMG6152PsM-w5E_o2B3jDbrYBK hpYA7qi3AyijnCJ7BP9rr3U8kxExCpG3mK420TjOw Figure 168: Ciphertext, base64url-encoded VILuUwuIxaLVmh5X-T7kmA Figure 169: Authentication Tag, base64url-encoded5.9.5. Output Results
The following compose the resulting JWE object: o JWE Protected Header (Figure 167) o Encrypted Key (Figure 165) o Initialization Vector (Figure 164) o Ciphertext (Figure 168) o Authentication Tag (Figure 169)
The resulting JWE object using the JWE Compact Serialization: eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC 04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0 . 5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi . p9pUq6XHY0jfEZIl . HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6VB8hry57tDZ61jXyez SPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0 m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDHj0aBMG6152PsM-w5E_o2B3jDbrYBK hpYA7qi3AyijnCJ7BP9rr3U8kxExCpG3mK420TjOw . VILuUwuIxaLVmh5X-T7kmA Figure 170: JWE Compact Serialization The resulting JWE object using the general JWE JSON Serialization: { "recipients": [ { "encrypted_key": "5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi" } ], "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIi wiemlwIjoiREVGIn0", "iv": "p9pUq6XHY0jfEZIl", "ciphertext": "HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6V B8hry57tDZ61jXyezSPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWG ml8blyiMQmOn9J--XhhlYg0m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDH j0aBMG6152PsM-w5E_o2B3jDbrYBKhpYA7qi3AyijnCJ7BP9rr3U8kxE xCpG3mK420TjOw", "tag": "VILuUwuIxaLVmh5X-T7kmA" } Figure 171: General JWE JSON Serialization
The resulting JWE object using the flattened JWE JSON Serialization: { "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIi wiemlwIjoiREVGIn0", "encrypted_key": "5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi", "iv": "p9pUq6XHY0jfEZIl", "ciphertext": "HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6V B8hry57tDZ61jXyezSPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWG ml8blyiMQmOn9J--XhhlYg0m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDH j0aBMG6152PsM-w5E_o2B3jDbrYBKhpYA7qi3AyijnCJ7BP9rr3U8kxE xCpG3mK420TjOw", "tag": "VILuUwuIxaLVmh5X-T7kmA" } Figure 172: Flattened JWE JSON Serialization5.10. Including Additional Authenticated Data
This example illustrates encrypting content that includes additional authenticated data. As this example includes an additional top-level property not present in the JWE Compact Serialization, only the flattened JWE JSON Serialization and general JWE JSON Serialization are possible. Note that whitespace is added for readability as described in Section 1.1.5.10.1. Input Factors
The following are supplied before beginning the encryption process: o Plaintext content; this example uses the content from Figure 72. o Recipient encryption key; this example uses the key from Figure 151. o Key encryption algorithm; this example uses "A128KW". o Content encryption algorithm; this example uses "A128GCM". o Additional Authenticated Data; this example uses a vCard [RFC7095] from Figure 173, serialized to UTF-8.
[ "vcard", [ [ "version", {}, "text", "4.0" ], [ "fn", {}, "text", "Meriadoc Brandybuck" ], [ "n", {}, "text", [ "Brandybuck", "Meriadoc", "Mr.", "" ] ], [ "bday", {}, "text", "TA 2982" ], [ "gender", {}, "text", "M" ] ] ] Figure 173: Additional Authenticated Data, in JSON Format NOTE: Whitespace between JSON values was added for readability.5.10.2. Generated Factors
The following are generated before encrypting: o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 174. o Initialization Vector; this example uses the Initialization Vector from Figure 175. o Encoded Additional Authenticated Data (AAD); this example uses the Additional Authenticated Data from Figure 173, encoded to base64url [RFC4648] as Figure 176. 75m1ALsYv10pZTKPWrsqdg Figure 174: Content Encryption Key, base64url-encoded veCx9ece2orS7c_N Figure 175: Initialization Vector, base64url-encoded WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuIix7fS widGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4iLHt9LCJ0ZXh0Iixb IkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbImJkYXkiLHt9LC J0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV4dCIsIk0iXV1d Figure 176: Additional Authenticated Data, base64url-encoded
5.10.3. Encrypting the Key
Performing the key encryption operation over the CEK (Figure 174) with the AES symmetric key (Figure 151) produces the following Encrypted Key: 4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X Figure 177: Encrypted Key, base64url-encoded5.10.4. Encrypting the Content
The following is generated before encrypting the content: o JWE Protected Header; this example uses the header from Figure 178, encoded to base64url [RFC4648] as Figure 179. { "alg": "A128KW", "kid": "81b20965-8332-43d9-a468-82160ad91ac8", "enc": "A128GCM" } Figure 178: JWE Protected Header JSON eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC 04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0 Figure 179: JWE Protected Header, base64url-encoded Performing the content encryption operation over the Plaintext with the following: o CEK (Figure 174); o Initialization Vector (Figure 175); and o Concatenation of the JWE Protected Header (Figure 179), ".", and the base64url [RFC4648] encoding of Figure 173 as authenticated data produces the following: o Ciphertext from Figure 180. o Authentication Tag from Figure 181.
Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0Ui8p74SchQP8xygM1 oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14T_4NFqF-p2Mx8zkbKxI7oPK 8KNarFbyxIDvICNqBLba-v3uzXBdB89fzOI-Lv4PjOFAQGHrgv1rjXAmKbgkft 9cB4WeyZw8MldbBhc-V_KWZslrsLNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4a q3FXBxOxCys35PhCdaggy2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHr RDQeHyMRoBljoV3X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV Figure 180: Ciphertext, base64url-encoded vOaH_Rajnpy_3hOtqvZHRA Figure 181: Authentication Tag, base64url-encoded5.10.5. Output Results
The following compose the resulting JWE object: o JWE Protected Header (Figure 179) o Encrypted Key (Figure 177) o Initialization Vector (Figure 175) o Additional Authenticated Data (Figure 176) o Ciphertext (Figure 180) o Authentication Tag (Figure 181) The JWE Compact Serialization is not presented because it does not support this use case.
The resulting JWE object using the general JWE JSON Serialization: { "recipients": [ { "encrypted_key": "4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X" } ], "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn 0", "iv": "veCx9ece2orS7c_N", "aad": "WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxb ImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4i LHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIs IiJdXSxbImJkYXkiLHt9LCJ0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVy Iix7fSwidGV4dCIsIk0iXV1d", "ciphertext": "Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0 Ui8p74SchQP8xygM1oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14 T_4NFqF-p2Mx8zkbKxI7oPK8KNarFbyxIDvICNqBLba-v3uzXBdB89fz OI-Lv4PjOFAQGHrgv1rjXAmKbgkft9cB4WeyZw8MldbBhc-V_KWZslrs LNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4aq3FXBxOxCys35PhCdaggy 2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHrRDQeHyMRoBljoV3 X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV", "tag": "vOaH_Rajnpy_3hOtqvZHRA" } Figure 182: General JWE JSON Serialization
The resulting JWE object using the flattened JWE JSON Serialization: { "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn 0", "encrypted_key": "4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X", "aad": "WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxb ImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4i LHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIs IiJdXSxbImJkYXkiLHt9LCJ0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVy Iix7fSwidGV4dCIsIk0iXV1d", "iv": "veCx9ece2orS7c_N", "ciphertext": "Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0 Ui8p74SchQP8xygM1oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14 T_4NFqF-p2Mx8zkbKxI7oPK8KNarFbyxIDvICNqBLba-v3uzXBdB89fz OI-Lv4PjOFAQGHrgv1rjXAmKbgkft9cB4WeyZw8MldbBhc-V_KWZslrs LNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4aq3FXBxOxCys35PhCdaggy 2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHrRDQeHyMRoBljoV3 X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV", "tag": "vOaH_Rajnpy_3hOtqvZHRA" } Figure 183: Flattened JWE JSON Serialization5.11. Protecting Specific Header Fields
This example illustrates encrypting content where only certain JOSE Header Parameters are protected. As this example includes parameters in the JWE Shared Unprotected Header, only the general JWE JSON Serialization and flattened JWE JSON Serialization are possible. Note that whitespace is added for readability as described in Section 1.1.5.11.1. Input Factors
The following are supplied before beginning the encryption process: o Plaintext content; this example uses the content from Figure 72. o Recipient encryption key; this example uses the key from Figure 151. o Key encryption algorithm; this example uses "A128KW". o Content encryption algorithm; this example uses "A128GCM".
5.11.2. Generated Factors
The following are generated before encrypting: o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 184. o Initialization Vector; this example uses the Initialization Vector from Figure 185. WDgEptBmQs9ouUvArz6x6g Figure 184: Content Encryption Key, base64url-encoded WgEJsDS9bkoXQ3nR Figure 185: Initialization Vector, base64url-encoded5.11.3. Encrypting the Key
Performing the key encryption operation over the CEK (Figure 184) with the AES symmetric key (Figure 151) produces the following Encrypted Key: jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H Figure 186: Encrypted Key, base64url-encoded5.11.4. Encrypting the Content
The following is generated before encrypting the content: o JWE Protected Header; this example uses the header from Figure 187, encoded to base64url [RFC4648] as Figure 188. { "enc": "A128GCM" } Figure 187: JWE Protected Header JSON eyJlbmMiOiJBMTI4R0NNIn0 Figure 188: JWE Protected Header, base64url-encoded
Performing the content encryption operation over the Plaintext with the following: o CEK (Figure 184); o Initialization Vector (Figure 185); and o JWE Protected Header (Figure 188) as authenticated data produces the following: o Ciphertext from Figure 189. o Authentication Tag from Figure 190. lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2DM3swKkjOwQyZtWsFL YMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9OCCJ1IHAolUv4MyOt80MoPb8 fZYbNKqplzYJgIL58g8N2v46OgyG637d6uuKPwhAnTGm_zWhqc_srOvgiLkzyF XPq1hBAURbc3-8BqeRb48iR1-_5g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nO WL4teUPS8yHLbWeL83olU4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWL Hs1NqBbre0dEwK3HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf Figure 189: Ciphertext, base64url-encoded fNYLqpUe84KD45lvDiaBAQ Figure 190: Authentication Tag, base64url-encoded5.11.5. Output Results
The following compose the resulting JWE object: o JWE Shared Unprotected Header (Figure 191) o JWE Protected Header (Figure 188) o Encrypted Key (Figure 186) o Initialization Vector (Figure 185) o Ciphertext (Figure 189) o Authentication Tag (Figure 190) The JWE Compact Serialization is not presented because it does not support this use case.
The following JWE Shared Unprotected Header is generated before assembling the output results: { "alg": "A128KW", "kid": "81b20965-8332-43d9-a468-82160ad91ac8" } Figure 191: JWE Shared Unprotected Header JSON The resulting JWE object using the general JWE JSON Serialization: { "recipients": [ { "encrypted_key": "jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H" } ], "unprotected": { "alg": "A128KW", "kid": "81b20965-8332-43d9-a468-82160ad91ac8" }, "protected": "eyJlbmMiOiJBMTI4R0NNIn0", "iv": "WgEJsDS9bkoXQ3nR", "ciphertext": "lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2D M3swKkjOwQyZtWsFLYMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9O CCJ1IHAolUv4MyOt80MoPb8fZYbNKqplzYJgIL58g8N2v46OgyG637d6 uuKPwhAnTGm_zWhqc_srOvgiLkzyFXPq1hBAURbc3-8BqeRb48iR1-_5 g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nOWL4teUPS8yHLbWeL83olU 4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWLHs1NqBbre0dEwK3 HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf", "tag": "fNYLqpUe84KD45lvDiaBAQ" } Figure 192: General JWE JSON Serialization
The resulting JWE object using the flattened JWE JSON Serialization: { "protected": "eyJlbmMiOiJBMTI4R0NNIn0", "unprotected": { "alg": "A128KW", "kid": "81b20965-8332-43d9-a468-82160ad91ac8" }, "encrypted_key": "jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H", "iv": "WgEJsDS9bkoXQ3nR", "ciphertext": "lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2D M3swKkjOwQyZtWsFLYMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9O CCJ1IHAolUv4MyOt80MoPb8fZYbNKqplzYJgIL58g8N2v46OgyG637d6 uuKPwhAnTGm_zWhqc_srOvgiLkzyFXPq1hBAURbc3-8BqeRb48iR1-_5 g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nOWL4teUPS8yHLbWeL83olU 4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWLHs1NqBbre0dEwK3 HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf", "tag": "fNYLqpUe84KD45lvDiaBAQ" } Figure 193: Flattened JWE JSON Serialization5.12. Protecting Content Only
This example illustrates encrypting content where none of the JOSE header parameters are protected. As this example includes parameters only in the JWE Shared Unprotected Header, only the flattened JWE JSON Serialization and general JWE JSON Serialization are possible. Note that whitespace is added for readability as described in Section 1.1.5.12.1. Input Factors
The following are supplied before beginning the encryption process: o Plaintext content; this example uses the content from Figure 72. o Recipient encryption key; this example uses the key from Figure 151. o Key encryption algorithm; this example uses "A128KW". o Content encryption algorithm; this example uses "A128GCM".
5.12.2. Generated Factors
The following are generated before encrypting: o AES symmetric key as the Content Encryption Key; this example the key from Figure 194. o Initialization Vector; this example uses the Initialization Vector from Figure 195. KBooAFl30QPV3vkcZlXnzQ Figure 194: Content Encryption Key, base64url-encoded YihBoVOGsR1l7jCD Figure 195: Initialization Vector, base64url-encoded5.12.3. Encrypting the Key
Performing the key encryption operation over the CEK (Figure 194) with the AES symmetric key (Figure 151) produces the following Encrypted Key: 244YHfO_W7RMpQW81UjQrZcq5LSyqiPv Figure 196: Encrypted Key, base64url-encoded5.12.4. Encrypting the Content
Performing the content encryption operation over the Plaintext (Figure 72) using the following: o CEK (Figure 194); o Initialization Vector (Figure 195); and o Empty string as authenticated data produces the following: o Ciphertext from Figure 197. o Authentication Tag from Figure 198.
qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-arsVCPaIeFwQfzrSS 6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHFSP3eqQPb4Ic1SDSqyXjw_L3 svybhHYUGyQuTmUQEDjgjJfBOifwHIsDsRPeBz1NomqeifVPq5GTCWFo5k_MNI QURR2Wj0AHC2k7JZfu2iWjUHLF8ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISO a6O73yPZtL04k_1FI7WDfrb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z 4KX9lfz1cne31N4-8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF Figure 197: Ciphertext, base64url-encoded e2m0Vm7JvjK2VpCKXS-kyg Figure 198: Authentication Tag, base64url-encoded5.12.5. Output Results
The JWE Compact Serialization is not presented because it does not support this use case. The following JWE Shared Unprotected Header is generated before assembling the output results: { "alg": "A128KW", "kid": "81b20965-8332-43d9-a468-82160ad91ac8", "enc": "A128GCM" } Figure 199: JWE Shared Unprotected Header JSON The following compose the resulting JWE object: o JWE Shared Unprotected Header (Figure 199) o Encrypted Key (Figure 196) o Initialization Vector (Figure 195) o Ciphertext (Figure 197) o Authentication Tag (Figure 198)
The resulting JWE object using the general JWE JSON Serialization: { "recipients": [ { "encrypted_key": "244YHfO_W7RMpQW81UjQrZcq5LSyqiPv" } ], "unprotected": { "alg": "A128KW", "kid": "81b20965-8332-43d9-a468-82160ad91ac8", "enc": "A128GCM" }, "iv": "YihBoVOGsR1l7jCD", "ciphertext": "qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq- arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHF SP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDs RPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8 ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDf rb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4 -8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF", "tag": "e2m0Vm7JvjK2VpCKXS-kyg" } Figure 200: General JWE JSON Serialization The resulting JWE object using the flattened JWE JSON Serialization: { "unprotected": { "alg": "A128KW", "kid": "81b20965-8332-43d9-a468-82160ad91ac8", "enc": "A128GCM" }, "encrypted_key": "244YHfO_W7RMpQW81UjQrZcq5LSyqiPv", "iv": "YihBoVOGsR1l7jCD", "ciphertext": "qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq- arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHF SP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDs RPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8 ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDf rb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4 -8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF", "tag": "e2m0Vm7JvjK2VpCKXS-kyg" } Figure 201: Flattened JWE JSON Serialization
5.13. Encrypting to Multiple Recipients
This example illustrates encryption content for multiple recipients. As this example has multiple recipients, only the general JWE JSON Serialization is possible. Note that RSAES-PKCS1-v1_5 uses random data to generate the ciphertext; it might not be possible to exactly replicate the results in this section. Note that whitespace is added for readability as described in Section 1.1.5.13.1. Input Factors
The following are supplied before beginning the encryption process: o Plaintext content; this example uses the Plaintext from Figure 72. o Recipient keys; this example uses the following: * The RSA public key from Figure 73 for the first recipient. * The EC public key from Figure 108 for the second recipient. * The AES symmetric key from Figure 138 for the third recipient. o Key encryption algorithms; this example uses the following: * "RSA1_5" for the first recipient. * "ECDH-ES+A256KW" for the second recipient. * "A256GCMKW" for the third recipient. o Content encryption algorithm; this example uses "A128CBC-HS256".5.13.2. Generated Factors
The following are generated before encrypting: o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 202. o Initialization Vector; this example uses the Initialization Vector from Figure 203.
zXayeJ4gvm8NJr3IUInyokTUO-LbQNKEhe_zWlYbdpQ Figure 202: Content Encryption Key, base64url-encoded VgEIHY20EnzUtZFl2RpB1g Figure 203: Initialization Vector, base64url-encoded5.13.3. Encrypting the Key to the First Recipient
Performing the "RSA1_5" key encryption operation over the CEK (Figure 202) with the first recipient's RSA key (Figure 73) produces the following Encrypted Key: dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zjwj4w6Y5G4XJQsNNIBiqyvUUA OcpL7S7-cFe7Pio7gV_Q06WmCSa-vhW6me4bWrBf7cHwEQJdXihidAYWVajJIa KMXMvFRMV6iDlRr076DFthg2_AV0_tSiV6xSEIFqt1xnYPpmP91tc5WJDOGb-w qjw0-b-S1laS11QVbuP78dQ7Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbeYS rRicJK5xodvWgkpIdkMHo4LvdhRRvzoKzlic89jFWPlnBq_V4n5trGuExtp_-d bHcGlihqc_wGgho9fLMK8JOArYLcMDNQ Figure 204: Recipient #1 Encrypted Key, base64url-encoded The following is generated after encrypting the CEK for the first recipient: o Recipient JWE Unprotected Header from Figure 205. { "alg": "RSA1_5", "kid": "frodo.baggins@hobbiton.example" } Figure 205: Recipient #1 JWE Per-Recipient Unprotected Header JSON
The following is the assembled first recipient JSON: { "encrypted_key": "dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zjwj4w 6Y5G4XJQsNNIBiqyvUUAOcpL7S7-cFe7Pio7gV_Q06WmCSa-vhW6me4b WrBf7cHwEQJdXihidAYWVajJIaKMXMvFRMV6iDlRr076DFthg2_AV0_t SiV6xSEIFqt1xnYPpmP91tc5WJDOGb-wqjw0-b-S1laS11QVbuP78dQ7 Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbeYSrRicJK5xodvWgkpIdk MHo4LvdhRRvzoKzlic89jFWPlnBq_V4n5trGuExtp_-dbHcGlihqc_wG gho9fLMK8JOArYLcMDNQ", "header": { "alg": "RSA1_5", "kid": "frodo.baggins@hobbiton.example" } } Figure 206: Recipient #1 JSON5.13.4. Encrypting the Key to the Second Recipient
The following is generated before encrypting the CEK for the second recipient: o Ephemeral EC private key on the same curve as the EC public key; this example uses the private key from Figure 207. { "kty": "EC", "crv": "P-384", "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xAn2Dt MRb25Ma2CX", "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pOMbw9 1fzZ84pbfm", "d": "1DKHfTv-PiifVw2VBHM_ZiVcwOMxkOyANS_lQHJcrDxVY3jhVCvZPw MxJKIE793C" } Figure 207: Ephemeral Private Key for Recipient #2, in JWK Format
Performing the "ECDH-ES+A256KW" key encryption operation over the CEK (Figure 202) with the following: o Static Elliptic Curve public key (Figure 108). o Ephemeral Elliptic Curve private key (Figure 207). produces the following Encrypted Key: ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHixJuw_elY4gSSId_w Figure 208: Recipient #2 Encrypted Key, base64url-encoded The following is generated after encrypting the CEK for the second recipient: o Recipient JWE Unprotected Header from Figure 209. { "alg": "ECDH-ES+A256KW", "kid": "peregrin.took@tuckborough.example", "epk": { "kty": "EC", "crv": "P-384", "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xAn2 DtMRb25Ma2CX", "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pOMb w91fzZ84pbfm" } } Figure 209: Recipient #2 JWE Per-Recipient Unprotected Header JSON
The following is the assembled second recipient JSON: { "encrypted_key": "ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHixJuw _elY4gSSId_w", "header": { "alg": "ECDH-ES+A256KW", "kid": "peregrin.took@tuckborough.example", "epk": { "kty": "EC", "crv": "P-384", "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xA n2DtMRb25Ma2CX", "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pO Mbw91fzZ84pbfm" } } } Figure 210: Recipient #2 JSON5.13.5. Encrypting the Key to the Third Recipient
The following is generated before encrypting the CEK for the third recipient: o Initialization Vector for key wrapping; this example uses the Initialization Vector from Figure 211. AvpeoPZ9Ncn9mkBn Figure 211: Recipient #2 Initialization Vector for Key Wrapping, base64url-encoded Performing the "A256GCMKW" key encryption operation over the CEK (Figure 202) with the following: o AES symmetric key (Figure 138); and o Initialization Vector (Figure 211) produces the following: o Encrypted Key from Figure 212. o Authentication Tag from Figure 213.
a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-WyTpS1E Figure 212: Recipient #3 Encrypted Key, base64url-encoded 59Nqh1LlYtVIhfD3pgRGvw Figure 213: Recipient #3 Authentication Tag from Key Wrapping, base64url-encoded The following is generated after encrypting the CEK for the third recipient: o Recipient JWE Unprotected Header; this example uses the header from Figure 214. { "alg": "A256GCMKW", "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d", "tag": "59Nqh1LlYtVIhfD3pgRGvw", "iv": "AvpeoPZ9Ncn9mkBn" } Figure 214: Recipient #3 JWE Per-Recipient Unprotected Header JSON The following is the assembled third recipient JSON: { "encrypted_key": "a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-WyTpS1 E", "header": { "alg": "A256GCMKW", "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d", "tag": "59Nqh1LlYtVIhfD3pgRGvw", "iv": "AvpeoPZ9Ncn9mkBn" } } Figure 215: Recipient #3 JSON5.13.6. Encrypting the Content
The following is generated before encrypting the content: o JWE Protected Header; this example uses the header from Figure 216, encoded to base64url [RFC4648] as Figure 217.
{ "enc": "A128CBC-HS256" } Figure 216: JWE Protected Header JSON eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0 Figure 217: JWE Protected Header, base64url-encoded Performing the content encryption operation over the Plaintext (Figure 72) with the following: o CEK (Figure 202), o Initialization Vector (Figure 203), and o JWE Protected Header (Figure 217) as the authenticated data produces the following: o Ciphertext from Figure 218. o Authentication Tag from Figure 219. ajm2Q-OpPXCr7-MHXicknb1lsxLdXxK_yLds0KuhJzfWK04SjdxQeSw2L9mu3a _k1C55kCQ_3xlkcVKC5yr__Is48VOoK0k63_QRM9tBURMFqLByJ8vOYQX0oJW4 VUHJLmGhF-tVQWB7Kz8mr8zeE7txF0MSaP6ga7-siYxStR7_G07Thd1jh-zGT0 wxM5g-VRORtq0K6AXpLlwEqRp7pkt2zRM0ZAXqSpe1O6FJ7FHLDyEFnD-zDIZu kLpCbzhzMDLLw2-8I14FQrgi-iEuzHgIJFIJn2wh9Tj0cg_kOZy9BqMRZbmYXM Y9YQjorZ_P_JYG3ARAIF3OjDNqpdYe-K_5Q5crGJSDNyij_ygEiItR5jssQVH2 ofDQdLChtazE Figure 218: Ciphertext, base64url-encoded BESYyFN7T09KY7i8zKs5_g Figure 219: Authentication Tag, base64url-encoded
The following is generated after encrypting the Plaintext:
o JWE Shared Unprotected Header parameters; this example uses the
header from Figure 220.
{
"cty": "text/plain"
}
Figure 220: JWE Shared Unprotected Header JSON
5.13.7. Output Results
The following compose the resulting JWE object:
o Recipient #1 JSON (Figure 206)
o Recipient #2 JSON (Figure 210)
o Recipient #3 JSON (Figure 215)
o Initialization Vector (Figure 203)
o Ciphertext (Figure 218)
o Authentication Tag (Figure 219)
The JWE Compact Serialization is not presented because it does not
support this use case; the flattened JWE JSON Serialization is not
presented because there is more than one recipient.
The resulting JWE object using the general JWE JSON Serialization:
{
"recipients": [
{
"encrypted_key": "dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zj
wj4w6Y5G4XJQsNNIBiqyvUUAOcpL7S7-cFe7Pio7gV_Q06WmCSa-
vhW6me4bWrBf7cHwEQJdXihidAYWVajJIaKMXMvFRMV6iDlRr076
DFthg2_AV0_tSiV6xSEIFqt1xnYPpmP91tc5WJDOGb-wqjw0-b-S
1laS11QVbuP78dQ7Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbe
YSrRicJK5xodvWgkpIdkMHo4LvdhRRvzoKzlic89jFWPlnBq_V4n
5trGuExtp_-dbHcGlihqc_wGgho9fLMK8JOArYLcMDNQ",
"header": {
"alg": "RSA1_5",
"kid": "frodo.baggins@hobbiton.example"
}
},
{
"encrypted_key": "ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHi
xJuw_elY4gSSId_w",
"header": {
"alg": "ECDH-ES+A256KW",
"kid": "peregrin.took@tuckborough.example",
"epk": {
"kty": "EC",
"crv": "P-384",
"x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhs
E2xAn2DtMRb25Ma2CX",
"y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEj
I1pOMbw91fzZ84pbfm"
}
}
},
{
"encrypted_key": "a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-Wy
TpS1E",
"header": {
"alg": "A256GCMKW",
"kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
"tag": "59Nqh1LlYtVIhfD3pgRGvw",
"iv": "AvpeoPZ9Ncn9mkBn"
}
}
],
"unprotected": {
"cty": "text/plain"
},
"protected": "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
"iv": "VgEIHY20EnzUtZFl2RpB1g", "ciphertext": "ajm2Q-OpPXCr7-MHXicknb1lsxLdXxK_yLds0KuhJzfWK 04SjdxQeSw2L9mu3a_k1C55kCQ_3xlkcVKC5yr__Is48VOoK0k63_QRM 9tBURMFqLByJ8vOYQX0oJW4VUHJLmGhF-tVQWB7Kz8mr8zeE7txF0MSa P6ga7-siYxStR7_G07Thd1jh-zGT0wxM5g-VRORtq0K6AXpLlwEqRp7p kt2zRM0ZAXqSpe1O6FJ7FHLDyEFnD-zDIZukLpCbzhzMDLLw2-8I14FQ rgi-iEuzHgIJFIJn2wh9Tj0cg_kOZy9BqMRZbmYXMY9YQjorZ_P_JYG3 ARAIF3OjDNqpdYe-K_5Q5crGJSDNyij_ygEiItR5jssQVH2ofDQdLCht azE", "tag": "BESYyFN7T09KY7i8zKs5_g" } Figure 221: General JWE JSON Serialization6. Nesting Signatures and Encryption
This example illustrates nesting a JSON Web Signature (JWS) structure within a JSON Web Encryption (JWE) structure. The signature uses the "PS256" (RSASSA-PSS) algorithm; the encryption uses the "RSA-OAEP" (RSAES-OAEP) key encryption algorithm and the "A128GCM" (AES-GCM) content encryption algorithm. Note that RSASSA-PSS uses random data to generate the signature, and RSAES-OAEP uses random data to generate the ciphertext; it might not be possible to exactly replicate the results in this section. Note that whitespace is added for readability as described in Section 1.1.6.1. Signing Input Factors
The following are supplied before beginning the signing operation: o Payload content; this example uses the JSON Web Token [JWT] content from Figure 222, encoded as base64url [RFC4648] to produce Figure 223. o RSA private key; this example uses the key from Figure 224. o "alg" parameter of "PS256". { "iss": "hobbiton.example", "exp": 1300819380, "http://example.com/is_root": true } Figure 222: Payload Content, in JSON Format
eyJpc3MiOiJob2JiaXRvbi5leGFtcGxlIiwiZXhwIjoxMzAwODE5MzgwLCJodH RwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZX0 Figure 223: Payload Content, base64url-encoded { "kty": "RSA", "kid": "hobbiton.example", "use": "sig", "n": "kNrPIBDXMU6fcyv5i-QHQAQ-K8gsC3HJb7FYhYaw8hXbNJa-t8q0lD KwLZgQXYV-ffWxXJv5GGrlZE4GU52lfMEegTDzYTrRQ3tepgKFjMGg6I y6fkl1ZNsx2gEonsnlShfzA9GJwRTmtKPbk1s-hwx1IU5AT-AIelNqBg cF2vE5W25_SGGBoaROVdUYxqETDggM1z5cKV4ZjDZ8-lh4oVB07bkac6 LQdHpJUUySH_Er20DXx30Kyi97PciXKTS-QKXnmm8ivyRCmux22ZoPUi nd2BKC5OiG4MwALhaL2Z2k8CsRdfy-7dg7z41Rp6D0ZeEvtaUp4bX4aK raL4rTfw", "e": "AQAB", "d": "ZLe_TIxpE9-W_n2VBa-HWvuYPtjvxwVXClJFOpJsdea8g9RMx34qEO EtnoYc2un3CZ3LtJi-mju5RAT8YSc76YJds3ZVw0UiO8mMBeG6-iOnvg obobNx7K57-xjTJZU72EjOr9kB7z6ZKwDDq7HFyCDhUEcYcHFVc7iL_6 TibVhAhOFONWlqlJgEgwVYd0rybNGKifdnpEbwyHoMwY6HM1qvnEFgP7 iZ0YzHUT535x6jj4VKcdA7ZduFkhUauysySEW7mxZM6fj1vdjJIy9LD1 fIz30Xv4ckoqhKF5GONU6tNmMmNgAD6gIViyEle1PrIxl1tBhCI14bRW -zrpHgAQ", "p": "yKWYoNIAqwMRQlgIBOdT1NIcbDNUUs2Rh-pBaxD_mIkweMt4Mg-0-B 2iSYvMrs8horhonV7vxCQagcBAATGW-hAafUehWjxWSH-3KccRM8toL4 e0q7M-idRDOBXSoe7Z2-CV2x_ZCY3RP8qp642R13WgXqGDIM4MbUkZSj cY9-c", "q": "uND4o15V30KDzf8vFJw589p1vlQVQ3NEilrinRUPHkkxaAzDzccGgr WMWpGxGFFnNL3w5CqPLeU76-5IVYQq0HwYVl0hVXQHr7sgaGu-483Ad3 ENcL23FrOnF45m7_2ooAstJDe49MeLTTQKrSIBl_SKvqpYvfSPTczPcZ kh9Kk", "dp": "jmTnEoq2qqa8ouaymjhJSCnsveUXnMQC2gAneQJRQkFqQu-zV2PKP KNbPvKVyiF5b2-L3tM3OW2d2iNDyRUWXlT7V5l0KwPTABSTOnTqAmYCh Gi8kXXdlhcrtSvXldBakC6saxwI_TzGGY2MVXzc2ZnCvCXHV4qjSxOrf P3pHFU", "dq": "R9FUvU88OVzEkTkXl3-5-WusE4DjHmndeZIlu3rifBdfLpq_P-iWP BbGaq9wzQ1c-J7SzCdJqkEJDv5yd2C7rnZ6kpzwBh_nmL8zscAk1qsun nt9CJGAYz7-sGWy1JGShFazfP52ThB4rlCJ0YuEaQMrIzpY77_oLAhpm DA0hLk", "qi": "S8tC7ZknW6hPITkjcwttQOPLVmRfwirRlFAViuDb8NW9CrV_7F2Oq UZCqmzHTYAumwGFHI1WVRep7anleWaJjxC_1b3fq_al4qH3Pe-EKiHg6 IMazuRtZLUROcThrExDbF5dYbsciDnfRUWLErZ4N1Be0bnxYuPqxwKd9 QZwMo0" } Figure 224: RSA 2048-Bit Private Key, in JWK Format
6.2. Signing Operation
The following is generated to complete the signing operation: o JWS Protected Header; this example uses the header from Figure 225, encoded using base64url [RFC4648] to produce Figure 226. { "alg": "PS256", "typ": "JWT" } Figure 225: JWS Protected Header JSON eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9 Figure 226: JWS Protected Header, base64url-encoded Performing the signature operation over the combined JWS Protected Header (Figure 226) and payload content (Figure 222) produces the following signature: dPpMqwRZxFYi1UfcDAaf8M99o7kwUWtiXZ-ByvVuJih4MhJ_aZqciprz0OWaIA kIvn1qskChirjKvY9ESZNUCP4JjvfyPS-nqjJxYoA5ztWOyFk2cZNIPXjcJXSQ wXPO9tEe-v4VSqgD0aKHqPxYog4N6Cz1lKph1U1sYDSI67_bLL7elg_vkjfMp5 _W5l5LuUYGMeh6hxQIaIUXf9EwV2JmvTMuZ-vBOWy0Sniy1EFo72CRTvmtrIf5 AROo5MNliY3KtUxeP-SOmD-LEYwW9SlkohYzMVAZDDOrVbv7KVRHpeYNaK75KE QqdCEEkS_rskZS-Qtt_nlegTWh1mEYaA Figure 227: JWS Signature, base64url-encoded6.3. Signing Output
The following compose the resulting JWS object: o JWS Protected Header (Figure 226) o Payload content (Figure 223) o Signature (Figure 227)
The resulting JWS object using the JWS Compact Serialization (which is the plaintext input to the following encryption operation): eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9 . eyJpc3MiOiJob2JiaXRvbi5leGFtcGxlIiwiZXhwIjoxMzAwODE5MzgwLCJodH RwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZX0 . dPpMqwRZxFYi1UfcDAaf8M99o7kwUWtiXZ-ByvVuJih4MhJ_aZqciprz0OWaIA kIvn1qskChirjKvY9ESZNUCP4JjvfyPS-nqjJxYoA5ztWOyFk2cZNIPXjcJXSQ wXPO9tEe-v4VSqgD0aKHqPxYog4N6Cz1lKph1U1sYDSI67_bLL7elg_vkjfMp5 _W5l5LuUYGMeh6hxQIaIUXf9EwV2JmvTMuZ-vBOWy0Sniy1EFo72CRTvmtrIf5 AROo5MNliY3KtUxeP-SOmD-LEYwW9SlkohYzMVAZDDOrVbv7KVRHpeYNaK75KE QqdCEEkS_rskZS-Qtt_nlegTWh1mEYaA Figure 228: JWS Compact Serialization6.4. Encryption Input Factors
The following are supplied before beginning the encryption process: o Plaintext content; this example uses the content from Figure 228. o RSA public key; this example uses the key from Figure 84. o "alg" parameter of "RSA-OAEP". o "enc" parameter of "A128GCM".6.5. Encryption Generated Factors
The following are generated before encrypting: o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 229. o Initialization Vector; this example uses the Initialization Vector from Figure 230. 0RHSNYwN-6-2QBGsYTZLSQ Figure 229: Content Encryption Key, base64url-encoded GbX1i9kXz0sxXPmA Figure 230: Initialization Vector, base64url-encoded
6.6. Encrypting the Key
Performing the key encryption operation over the CEK (Figure 229) with the RSA key (Figure 84) produces the following Encrypted Key: a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurCyrBg3I7YhCRYjphDOOS4 E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4g zMedpiJHQVeyI-zkZV7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21 O0ul4YxSHV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5I R7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDU F_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-I apSjVFnMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAa mBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDhi1smxS_X_x pkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_GnVrNwlK7Lgxw6FSQvDO 0 Figure 231: Encrypted Key, base64url-encoded6.7. Encrypting the Content
The following is generated before encrypting the Plaintext: o JWE Protected Header; this example uses the header from Figure 232, encoded using base64url [RFC4648] to produce Figure 233. { "alg": "RSA-OAEP", "cty": "JWT", "enc": "A128GCM" } Figure 232: JWE Protected Header JSON eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYyI6IkExMjhHQ00ifQ Figure 233: JWE Protected Header, base64url-encoded
Performing the content encryption operation over the Plaintext (Figure 228) with the following: o CEK (Figure 229); o Initialization Vector (Figure 230); and o JWE Protected Header (Figure 233) as authenticated data produces the following: o Ciphertext from Figure 234. o Authentication Tag from Figure 235. SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBNgCe2OFMf66cSJ8k2Q kxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAvVLsAXB0_UTCBGyBg3C2bWLX qZlfJAAoJRUPRk-BimYZY81zVBuIhc7HsQePCpu33SzMsFHjn4lP_idrJz_glZ TNgKDt8zdnUPauKTKDNOH1DD4fuzvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9C hMPqW1QNhzuX_Zul3bvrJwr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEa ulV18l4Fg9tLejdkAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2 zI3Q_1sYjKUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUr lx4gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gYjLf hn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5XmnwZMyNc 9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMxtlMizR88NKU1WkB siXMCjy1Noue7MD-ShDp5dmM Figure 234: Ciphertext, base64url-encoded KnIKEhN8U-3C9s4gtSpjSw Figure 235: Authentication Tag, base64url-encoded6.8. Encryption Output
The following compose the resulting JWE object: o JWE Protected Header (Figure 233) o Encrypted Key (Figure 231) o Initialization Vector (Figure 230) o Ciphertext (Figure 234) o Authentication Tag (Figure 235)
The resulting JWE object using the JWE Compact Serialization: eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYyI6IkExMjhHQ00ifQ . a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurCyrBg3I7YhCRYjphDOOS4 E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4g zMedpiJHQVeyI-zkZV7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21 O0ul4YxSHV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5I R7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDU F_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-I apSjVFnMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAa mBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDhi1smxS_X_x pkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_GnVrNwlK7Lgxw6FSQvDO 0 . GbX1i9kXz0sxXPmA . SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBNgCe2OFMf66cSJ8k2Q kxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAvVLsAXB0_UTCBGyBg3C2bWLX qZlfJAAoJRUPRk-BimYZY81zVBuIhc7HsQePCpu33SzMsFHjn4lP_idrJz_glZ TNgKDt8zdnUPauKTKDNOH1DD4fuzvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9C hMPqW1QNhzuX_Zul3bvrJwr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEa ulV18l4Fg9tLejdkAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2 zI3Q_1sYjKUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUr lx4gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gYjLf hn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5XmnwZMyNc 9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMxtlMizR88NKU1WkB siXMCjy1Noue7MD-ShDp5dmM . KnIKEhN8U-3C9s4gtSpjSw Figure 236: JWE Compact Serialization
The resulting JWE object using the general JWE JSON Serialization: { "recipients": [ { "encrypted_key": "a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVh jurCyrBg3I7YhCRYjphDOOS4E7rXbr2Fn6NyQq-A-gqT0FXqNjVO GrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4gzMedpiJHQVeyI-zkZV 7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21O0ul4YxS HV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e 5IR7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5 o6yV64x6yzDUF_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBq XxXvIjLeZivjNkzogCq3-IapSjVFnMjBxjpYLT8muaawo1yy1XXM uinIpNcOY3n4KKrXLrCcteX85m4IIHMZa38s1Hpr56fPPseMA-Jl tmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAamBKOYwfk7J hLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDh i1smxS_X_xpkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_ GnVrNwlK7Lgxw6FSQvDO0" } ], "protected": "eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYy I6IkExMjhHQ00ifQ", "iv": "GbX1i9kXz0sxXPmA", "ciphertext": "SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBN gCe2OFMf66cSJ8k2QkxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAv VLsAXB0_UTCBGyBg3C2bWLXqZlfJAAoJRUPRk-BimYZY81zVBuIhc7Hs QePCpu33SzMsFHjn4lP_idrJz_glZTNgKDt8zdnUPauKTKDNOH1DD4fu zvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9ChMPqW1QNhzuX_Zul3bvrJ wr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEaulV18l4Fg9tLejd kAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2zI3Q_1sYj KUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUrlx4 gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gY jLfhn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5 XmnwZMyNc9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMx tlMizR88NKU1WkBsiXMCjy1Noue7MD-ShDp5dmM", "tag": "KnIKEhN8U-3C9s4gtSpjSw" } Figure 237: General JWE JSON Serialization
The resulting JWE object using the flattened JWE JSON Serialization: { "encrypted_key": "a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurC yrBg3I7YhCRYjphDOOS4E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13 mwy7RoYhjTkBEC6P7sMYMXXx4gzMedpiJHQVeyI-zkZV7A9matpgevAJ WrXzOUysYGTtwoSN6gtUVtlLaivjvb21O0ul4YxSHV-ByK1kyeetRp_f uYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5IR7nany-25_UmC2uros NkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDUF_5JCIdl-Qv6 H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-IapSjVF nMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3 kJusAamBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15q JIEXNJtqnblpymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TX uPC8yDDhi1smxS_X_xpkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX 2Fo_GnVrNwlK7Lgxw6FSQvDO0", "protected": "eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYy I6IkExMjhHQ00ifQ", "iv": "GbX1i9kXz0sxXPmA", "ciphertext": "SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBN gCe2OFMf66cSJ8k2QkxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAv VLsAXB0_UTCBGyBg3C2bWLXqZlfJAAoJRUPRk-BimYZY81zVBuIhc7Hs QePCpu33SzMsFHjn4lP_idrJz_glZTNgKDt8zdnUPauKTKDNOH1DD4fu zvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9ChMPqW1QNhzuX_Zul3bvrJ wr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEaulV18l4Fg9tLejd kAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2zI3Q_1sYj KUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUrlx4 gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gY jLfhn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5 XmnwZMyNc9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMx tlMizR88NKU1WkBsiXMCjy1Noue7MD-ShDp5dmM", "tag": "KnIKEhN8U-3C9s4gtSpjSw" } Figure 238: Flattened JWE JSON Serialization
7. Security Considerations
This document is designed to provide examples for developers to use in checking their implementations. As such, it does not follow some of the security considerations and recommendations in the core documents (i.e., [JWS], [JWE], [JWK], and [JWA]). For instance: o it does not always generate a new CEK value for every encrypted example; o it does not always generate a new Initialization Vector (IV) value for every encrypted example; and o it does not always generate a new ephemeral key for every ephemeral key example. For each example, data that is expected to be generated for each signing or encryption operation is isolated to sections titled "Generated Factors".8. References
8.1. Normative References
[JWA] Jones, M., "JSON Web Algorithms (JWA)", RFC 7518, DOI 10.17487/RFC7518, May 2015, <http://www.rfc-editor.org/info/rfc7518>. [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", RFC 7516, DOI 10.17487/RFC7516, May 2015, <http://www.rfc-editor.org/info/rfc7516>. [JWK] Jones, M., "JSON Web Key (JWK)", RFC 7517, DOI 10.17487/RFC7517, May 2015, <http://www.rfc-editor.org/info/rfc7517>. [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May 2015, <http://www.rfc-editor.org/info/rfc7515>. [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006, <http://www.rfc-editor.org/info/rfc4648>.
8.2. Informative References
[JWT] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015, <http://www.rfc-editor.org/info/rfc7519>. [LOTR-FELLOWSHIP] Tolkien, J., "The Fellowship of the Ring", HarperCollins Publishers, ePub Edition, ISBN 9780061952838, March 2009. [RFC1951] Deutsch, P., "DEFLATE Compressed Data Format Specification version 1.3", RFC 1951, DOI 10.17487/RFC1951, May 1996, <http://www.rfc-editor.org/info/rfc1951>. [RFC7095] Kewisch, P., "jCard: The JSON Format for vCard", RFC 7095, DOI 10.17487/RFC7095, January 2014, <http://www.rfc-editor.org/info/rfc7095>.Acknowledgements
Most of the examples herein use quotes and character names found in the novel "The Fellowship of the Ring" [LOTR-FELLOWSHIP], written by J. R. R. Tolkien. Thanks to Richard Barnes, Brian Campbell, Mike Jones, and Jim Schaad for their input and review of the text. Thanks to Brian Campbell for verifying the Compact Serialization examples.Author's Address
Matthew Miller Cisco Systems, Inc. EMail: mamille2@cisco.com