| JOSE Working Group | M. Miller |
| Internet-Draft | Cisco Systems, Inc. |
| Intended status: Informational | October 23, 2014 |
| Expires: April 26, 2015 |
Examples of Protecting Content using JavaScript Object Signing and Encryption (JOSE)
draft-ietf-jose-cookbook-04
This document contains a set of examples using JavaScript Object Signing and Encryption (JOSE) technology to protect data. These examples present a representative sampling JSON Web Key (JWK) objects, as well as various JSON Web Signature (JWS) and JSON Web Encryption (JWE) results given similar inputs.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 26, 2015.
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
The JavaScript Object Signing and Encryption (JOSE) technologies – JSON Web Signature (JWS) [I-D.ietf-jose-json-web-signature], JSON Web Encryption (JWE) [I-D.ietf-jose-json-web-encryption], JSON Web Key (JWK) [I-D.ietf-jose-json-web-key], and JSON Web Algorithms (JWA) [I-D.ietf-jose-json-web-algorithms] – collectively can be used to encrypt and/or sign content using a variety of algorithms. While the full set of permutations is extremely large, and might be daunting to some, it is expected that most applications will only use a small set of algorithms to meet their needs.
This document provides a number of examples of signing or encrypting content using JOSE. While not exhaustive, it does compile a representative sample of JOSE features. As much as possible, the same signature payload or encryption plaintext content is used to illustrate differences in various signing and encryption results.
This document also provides a number of example JWK objects. These examples illustrate the distinguishing properties of various key types, and emphasize important characteristics. Most of the JWK examples are then used in the signature or encryption examples that follow.
This document separates data that are expected to be input to an implementation of JOSE from data that are expected to be generated by an implementation of JOSE. Each example, wherever possible, provides enough information to both replicate the results of this document or to validate the results by running its inverse operation (e.g., signature results can be validated by performing the JWS verify). However, some algorithms inherently use random data and therefore computations employing them cannot be exactly replicated; such cases are explicitly stated in the relevant sections.
All instances of binary octet strings are represented using [RFC4648] base64url encoding.
Wherever possible, the examples include both the Compact and JSON serializations.
All of the examples in this document have whitespace added to improve formatting and readability. Except for JWE plaintext or JWS payload content, whitespace is not part of the cryptographic operations nor the exchange results.
Unless otherwise noted, the JWE plaintext or JWS payload content does include “ “ (U+0020 SPACE) characters. Line breaks (U+000A LINE FEED) replace “ “ (U+0020 SPACE) characters to improve readability but are not present in the JWE plaintext or JWS payload.
This document inherits terminology regarding JSON Web Signature (JWS) technology from [I-D.ietf-jose-json-web-signature], terminology regarding JSON Web Encryption (JWE) technology from [I-D.ietf-jose-json-web-encryption], terminology regarding JSON Web Key (JWK) technology from [I-D.ietf-jose-json-web-key], and terminology regarding algorithms from [I-D.ietf-jose-json-web-algorithms].
The following sections demonstrate how to represent various JWK and JWK-set objects.
This example illustrates an Elliptic Curve public key. This example is the corollary to Figure 2.
Note that whitespace is added for readability as described in Section 1.1.
{
"kty": "EC",
"kid": "bilbo.baggins@hobbiton.example",
"use": "sig",
"crv": "P-521",
"x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9
A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
"y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVy
SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1"
}
Figure 1: Elliptic Curve P-521 Public Key
The field “kty” value of “EC” identifies this as an elliptic curve key. The field “crv” identifies the curve, which is curve P-521 for this example. The fields “x” and “y” values are the base64url-encoded X and Y coordinates (respectively).
The values of the fields “x” and “y” decoded are the octets necessary to represent each full coordinate to the order of the curve. For a key over curve P-521, the values of the fields “x” and “y” are exactly 66 octets in length when decoded, padded with leading zero (0x00) octets to reach the expected length.
This example illustrates an Elliptic Curve private key. This example is the progenitor to Figure 1.
Note that whitespace is added for readability as described in Section 1.1.
{
"kty": "EC",
"kid": "bilbo.baggins@hobbiton.example",
"use": "sig",
"crv": "P-521",
"x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9
A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
"y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVy
SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1",
"d": "AAhRON2r9cqXX1hg-RoI6R1tX5p2rUAYdmpHZoC1XNM56KtscrX6zb
KipQrCW9CGZH3T4ubpnoTKLDYJ_fF3_rJt"
}
Figure 2: Elliptic Curve P-521 Private Key
The field “kty” value of “EC” identifies this as an elliptic curve key. The field “crv” identifies the curve, which is curve P-521 (also known as SECG curve secp521r1) for this example. The fields “x” and “y” values are the base64url-encoded X and Y coordiates (respectively). The field “d” value is the base64url-encoded private key.
The values of the fields “d”, “x”, and “y” decoded are the octets necessary to represent the private key or each full coordinate (respectively) to the order of the curve. For a key over curve “P-521”, the values of the “d”, “x”, and “y” fields are each exactly 66 octets in length when decoded, padded with leading zero (0x00) octets to reach the expected length.
This example illustrates an RSA private key. This example is the corollary to Figure 4.
Note that whitespace is added for readability as described in Section 1.1.
{
"kty": "RSA",
"kid": "bilbo.baggins@hobbiton.example",
"use": "sig",
"n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT
-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqV
wGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-
oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde
3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuC
LqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5g
HdrNP5zw",
"e": "AQAB"
}
Figure 3: RSA 2048-bit Public Key
The field “kty” value of “RSA” identifies this as a RSA key. The fields “n” and “e” values are the modulus and (public) exponent (respectively) using the minimum octets necessary.
For a 2048-bit key, the field “n” value is 256 octets in length when decoded.
This example illustrates an RSA private key. This example is the progenitor to Figure 3.
Note that whitespace is added for readability as described in Section 1.1.
{
"kty": "RSA",
"kid": "bilbo.baggins@hobbiton.example",
"use": "sig",
"n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT
-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqV
wGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-
oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde
3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuC
LqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5g
HdrNP5zw",
"e": "AQAB",
"d": "bWUC9B-EFRIo8kpGfh0ZuyGPvMNKvYWNtB_ikiH9k20eT-O1q_I78e
iZkpXxXQ0UTEs2LsNRS-8uJbvQ-A1irkwMSMkK1J3XTGgdrhCku9gRld
Y7sNA_AKZGh-Q661_42rINLRCe8W-nZ34ui_qOfkLnK9QWDDqpaIsA-b
MwWWSDFu2MUBYwkHTMEzLYGqOe04noqeq1hExBTHBOBdkMXiuFhUq1BU
6l-DqEiWxqg82sXt2h-LMnT3046AOYJoRioz75tSUQfGCshWTBnP5uDj
d18kKhyv07lhfSJdrPdM5Plyl21hsFf4L_mHCuoFau7gdsPfHPxxjVOc
OpBrQzwQ",
"p": "3Slxg_DwTXJcb6095RoXygQCAZ5RnAvZlno1yhHtnUex_fp7AZ_9nR
aO7HX_-SFfGQeutao2TDjDAWU4Vupk8rw9JR0AzZ0N2fvuIAmr_WCsmG
peNqQnev1T7IyEsnh8UMt-n5CafhkikzhEsrmndH6LxOrvRJlsPp6Zv8
bUq0k",
"q": "uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs6grT
8bR_cu0Dm1MZwWmtdqDyI95HrUeq3MP15vMMON8lHTeZu2lmKvwqW7an
V5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxHlSqAZ192zB3pVFJ0
s7pFc",
"dp": "B8PVvXkvJrj2L-GYQ7v3y9r6Kw5g9SahXBwsWUzp19TVlgI-YV85q
1NIb1rxQtD-IsXXR3-TanevuRPRt5OBOdiMGQp8pbt26gljYfKU_E9xn
-RULHz0-ed9E9gXLKD4VGngpz-PfQ_q29pk5xWHoJp009Qf1HvChixRX
59ehik",
"dq": "CLDmDGduhylc9o7r84rEUVn7pzQ6PF83Y-iBZx5NT-TpnOZKF1pEr
AMVeKzFEl41DlHHqqBLSM0W1sOFbwTxYWZDm6sI6og5iTbwQGIC3gnJK
bi_7k_vJgGHwHxgPaX2PnvP-zyEkDERuf-ry4c_Z11Cq9AqC2yeL6kdK
T1cYF8",
"qi": "3PiqvXQN0zwMeE-sBvZgi289XP9XCQF3VWqPzMKnIgQp7_Tugo6-N
ZBKCQsMf3HaEGBjTVJs_jcK8-TRXvaKe-7ZMaQj8VfBdYkssbu0NKDDh
jJ-GtiseaDVWt7dcH0cfwxgFUHpQh7FoCrjFJ6h6ZEpMF6xmujs4qMpP
z8aaI4"
}
Figure 4: RSA 2048-bit Private Key
The field “kty” value of “RSA” identifies this as a RSA key. The fields “n” and “e” values are the base64url-encoded modulus and (public) exponent (respectively) using the minimum number of octets necessary. The field “d” value is the base64url-encoded private exponent using the minimum number of octets necessary. The fields “p”, “q”, “dp”, “dq”, and “qi” are the base64url-encoded additional private information using the minimum number of octets necessary.
For a 2048-bit key, the fields “n” and “d” values are 256 octets in length when decoded.
This example illustrates a symmetric octet key used for computing MACs.
Note that whitespace is added for readability as described in Section 1.1.
{
"kty": "oct",
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037",
"use": "sig",
"alg": "HS256",
"k": "hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"
}
Figure 5: AES 256-bit symmetric signing key
The field “kty” value of “oct” identifies this as a symmetric key. The field “k” value is the symmetric key.
When used for the signing algorithm “HS256” (HMAC-SHA256), the field “k” value is 32 octets (or more) in length when decoded, padded with leading zero (0x00) octets to reach the minimum expected length.
This example illustrates a symmetric octet key used for encryption.
Note that whitespace is added for readability as described in Section 1.1.
{
"kty": "oct",
"kid": "1e571774-2e08-40da-8308-e8d68773842d",
"use": "enc",
"alg": "A256GCM",
"k": "AAPapAv4LbFbiVawEjagUBluYqN5rhna-8nuldDvOx8"
}
Figure 6: AES 256-bit symmetric encryption key
The field “kty” value of “oct” identifies this as a symmetric key. The field “k” value is the symmetric key.
For the content encryption algorithm “A256GCM”, the field “k” value is exactly 32 octets in length when decoded, padded with leading zero (0x00) octets to reach the expected length.
The following sections demonstrate how to generate various JWS objects.
All of the succeeding examples use the following payload plaintext, serialized as UTF-8. The sequence “\xe2\x80\x99” is substituted for (U+2019 RIGHT SINGLE QUOTATION MARK), and line breaks (U+000A LINE FEED) replace some instances “ “ (U+0020 SPACE) to improve readability:
It\xe2\x80\x99s a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there\xe2\x80\x99s no knowing where you might be swept off to.
Figure 7: Payload content plaintext
The Payload – with the sequence “\xe2\x80\x99” replaced with (U+2019 RIGHT SINGLE QUOTATION MARK) and line breaks (U+000A LINE FEED) replaced with “ “ (U+0020 SPACE) – encoded as UTF-8 then as [RFC4648] base64url:
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 8: Payload content, base64url-encoded
This example illustrates signing content using the “RS256” (RSASSA-PKCS1-v1_5 with SHA-256) algorithm.
Note that whitespace is added for readability as described in Section 1.1.
The following are supplied before beginning the signing operation:
The following are generated to complete the signing operation:
{
"alg": "RS256",
"kid": "bilbo.baggins@hobbiton.example"
}
Figure 9: JWS Protected Header JSON
eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9
Figure 10: JWS Protected Header, base64url-encoded
The JWS Protected Header (Figure 10) and Payload content (Figure 8) are combined as described in section 5.1 of [I-D.ietf-jose-json-web-signature] to produce the JWS Signing Input Figure 11.
eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 11: JWS Signing Input
Performing the signature operation over the JWS Signing Input (Figure 11) produces the signature Figure 12.
MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmK ZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4J IwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8w W1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluP xUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_f cIe8u9ipH84ogoree7vjbU5y18kDquDg
Figure 12: Signature, base64url-encoded
The following compose the resulting JWS object:
The resulting JWS object using the Compact serialization:
eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 . MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmK ZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4J IwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8w W1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluP xUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_f cIe8u9ipH84ogoree7vjbU5y18kDquDg
Figure 13: Compact Serialization
The resulting JWS object using the JSON serialization:
{
"payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
ZiB0by4",
"signatures": [
{
"protected": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2
dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
"signature": "MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHo
xnW2e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII
7PNDi84wnB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0Rnlt
uYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPo
cSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxU
Ahb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJush
Z41Axf_fcIe8u9ipH84ogoree7vjbU5y18kDquDg"
}
]
}
Figure 14: JSON Serialization
This example illustrates signing content using the “PS256” (RSASSA-PSS with SHA-256) algorithm.
Note that RSASSA-PSS uses random data to generate the signature; it might not be possible to exactly replicate the results in this section.
Note that whitespace is added for readability as described in Section 1.1.
The following are supplied before beginning the signing operation:
The following are generated to complete the signing operation:
{
"alg": "PS384",
"kid": "bilbo.baggins@hobbiton.example"
}
Figure 15: JWS Protected Header JSON
eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9
Figure 16: JWS Protected Header, base64url-encoded
The JWS Protected Header (Figure 16) and Payload content (Figure 8) are combined as described in [I-D.ietf-jose-json-web-signature] to produce the JWS Signing Input Figure 17.
eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 17: JWS Signing Input
Performing the signature operation over the JWS Signing Input (Figure 17) produces the signature Figure 18.
cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2I pN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXU vdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRX e8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT 0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a 6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw
Figure 18: Signature, base64url-encoded
The following compose the resulting JWS object:
The resulting JWS object using the Compact serialization:
eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 . cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2I pN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXU vdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRX e8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT 0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a 6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw
Figure 19: Compact Serialization
The resulting JWS object using the JSON serialization:
{
"payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
ZiB0by4",
"signatures": [
{
"protected": "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2
dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
"signature": "cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy
42miAh2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5
dDDItllVo6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz2
8zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vd
z0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0q
I0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uT
OcbH510a6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw"
}
]
}
Figure 20: JSON Serialization
This example illustrates signing content using the “ES512” (ECDSA with curve P-521 and SHA-512) algorithm.
Note that ECDSA uses random data to generate the signature; it might not be possible to exactly replicate the results in this section.
Note that whitespace is added for readability as described in Section 1.1.
The following are supplied before beginning the signing operation:
The following are generated before beginning the signature process:
{
"alg": "ES512",
"kid": "bilbo.baggins@hobbiton.example"
}
Figure 21: JWS Protected Header JSON
eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9
Figure 22: JWS Protected Header, base64url-encoded
The JWS Protected Header (Figure 22) and Payload content (Figure 8) are combined as described in [I-D.ietf-jose-json-web-signature] to produce the JWS Signing Input Figure 23.
eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 23: JWS Signing Input
Performing the signature operation over the JWS Signing Input (Figure 23) produces the signature Figure 24.
AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2
Figure 24: Signature, base64url-encoded
The following compose the resulting JWS object:
The resulting JWS object using the Compact serialization:
eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 . AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2
Figure 25: Compact Serialization
The resulting JWS object using the JSON serialization:
{
"payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
ZiB0by4",
"signatures": [
{
"protected": "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2
dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
"signature": "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNl
aAjP2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mt
PBu_u_sDDyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBp
HABlsbEPX6sFY8OcGDqoRuBomu9xQ2"
}
]
}
Figure 26: JSON Serialization
This example illustrates integrity protecting content using the “HS256” (HMAC-SHA-256) algorithm.
Note that whitespace is added for readability as described in Section 1.1.
The following are supplied before beginning the signing operation:
The following are generated before completing the signing operation:
{
"alg": "HS256",
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
Figure 27: JWS Protected Header JSON
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9
Figure 28: JWS Protected Header, base64url-encoded
The JWS Protected Header (Figure 28) and Payload content (Figure 8) are combined as described in [I-D.ietf-jose-json-web-signature] to produce the JWS Signing Input Figure 29.
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 29: JWS Signing Input
Performing the signature operation over the JWS Signing Input (Figure 29) produces the signature Figure 30.
s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
Figure 30: Signature, base64url-encoded
The following compose the resulting JWS object:
The resulting JWS object using the Compact serialization:
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 . s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
Figure 31: Compact Serialization
The resulting JWS object using the JSON serialization:
{
"payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
ZiB0by4",
"signatures": [
{
"protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
"signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
0"
}
]
}
Figure 32: JSON Serialization
This example illustrates a detached signature. This example is identical others, except the resulting JWS objects do not include the Payload content. Instead, the application is expected to locate it elsewhere. For example, the signature might be in a meta-data section, with the payload being the content.
Note that whitespace is added for readability as described in Section 1.1.
The following are supplied before beginning the signing operation:
The following are generated before completing the signing operation:
The JWS Protected Header parameters:
{
"alg": "HS256",
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
Figure 33: JWS Protected Header JSON
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9
Figure 34: JWS Protected Header, base64url-encoded
The JWS Protected Header (Figure 34) and Payload content (Figure 8) are combined as described in [I-D.ietf-jose-json-web-signature] to produce the JWS Signing Input Figure 35.
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 35: JWS Signing Input
Performing the signature operation over the JWS Signing Input (Figure 35) produces the signature Figure 36.
s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
Figure 36: Signature, base64url-encoded
The following compose the resulting JWS object:
The resulting JWS object using the Compact serialization:
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9 . . s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
Figure 37: JSON Serialization
The resulting JWS object using the JSON serialization:
{
"signatures": [
{
"protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
"signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
0"
}
]
}
Figure 38: JSON Serialization
This example illustrates a signature where only certain header parameters are protected. Since this example contains both unprotected and protected header parameters, only the JSON serialization is possible.
Note that whitespace is added for readability as described in Section 1.1.
The following are supplied before beginning the signing operation:
The following are generated before completing the signing operation:
The JWS Protected Header parameters:
{
"alg": "HS256"
}
Figure 39: JWS Protected Header JSON
eyJhbGciOiJIUzI1NiJ9
Figure 40: JWS Protected Header, base64url-encoded
{
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
Figure 41: JWS Unprotected Header JSON
The JWS Protected Header (Figure 40) and Payload content (Figure 8) are combined as described in [I-D.ietf-jose-json-web-signature] to produce the JWS Signing Input Figure 42.
eyJhbGciOiJIUzI1NiJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 42: JWS Signing Input
Performing the signature operation over the JWS Signing Input (Figure 42) produces the signature Figure 43.
bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr20
Figure 43: Signature, base64url-encoded
The following compose the resulting JWS object:
The compact serialization is not presented because it does not support this use case.
The resulting JWS object using the JSON serialization:
{
"payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
ZiB0by4",
"signatures": [
{
"protected": "eyJhbGciOiJIUzI1NiJ9",
"header": {
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
},
"signature": "bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr2
0"
}
]
}
Figure 44: JSON Serialization
This example illustrates a signature where none of the header parameters are protected. Since this example contains only unprotected header parameters, only the JSON serialization is possible.
Note that whitespace is added for readability as described in Section 1.1.
The following are supplied before beginning the signing operation:
The following are generated before completing the signing operation:
{
"alg": "HS256",
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
Figure 45: JWS Unprotected Header JSON
The empty string (as there is no JWS Protected Header) and Payload content (Figure 8) are combined as described in [I-D.ietf-jose-json-web-signature] to produce the JWS Signing Input Figure 46.
. SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 46: JWS Signing Input
Performing the signature operation over the JWS Signing Input (Figure 46) produces the signature Figure 47.
xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZuk
Figure 47: Signature, base64url-encoded
The following compose the resulting JWS object:
The compact serialization is not presented because it does not support this use case.
The resulting JWS object using the JSON serialization:
{
"payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
ZiB0by4",
"signatures": [
{
"header": {
"alg": "HS256",
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
},
"signature": "xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZu
k"
}
]
}
JSON Serialization
This example illustrates multiple signatures applied to the same payload. Since this example contains more than one signature, only the JSON serialization is possible.
Note that whitespace is added for readability as described in Section 1.1.
The following are supplied before beginning the signing operation:
The following are generated before completing the first signing operation:
{
"alg": "RS256"
}
Figure 48: Signature #1 JWS Protected Header JSON
eyJhbGciOiJSUzI1NiJ9
Figure 49: Signature #1 JWS Protected Header, base64url-encoded
{
"kid": "bilbo.baggins@hobbiton.example"
}
Figure 50: Signature #1 JWS Unprotected Header JSON
The JWS Protected Header (Figure 49) and Payload content (Figure 8) are combined as described in [I-D.ietf-jose-json-web-signature] to produce the JWS Signing Input Figure 51.
eyJhbGciOiJSUzI1NiJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 51: JWS Signing Input
Performing the signature operation over the JWS Signing Input (Figure 51) produces the signature Figure 52.
MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5NvyG53uoimic1tcMdSg-qpt rzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFcryNFiHkSw129EghGpwkpxaTn_THJTC glNbADko1MZBCdwzJxwqZc-1RlpO2HibUYyXSwO97BSe0_evZKdjvvKSgsIqjy tKSeAMbhMBdMma622_BG5t4sdbuCHtFjp9iJmkio47AIwqkZV1aIZsv33uPUqB BCXbYoQJwt7mxPftHmNlGoOSMxR_3thmXTCm4US-xiNOyhbm8afKK64jU6_TPt QHiJeQJxz9G3Tx-083B745_AfYOnlC9w
Figure 52: Signature #1, base64url-encoded
The following is the assembled first signature serialized as JSON:
{
"protected": "eyJhbGciOiJSUzI1NiJ9",
"header": {
"kid": "bilbo.baggins@hobbiton.example"
},
"signature": "MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5NvyG53u
oimic1tcMdSg-qptrzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFcryNFiHkS
w129EghGpwkpxaTn_THJTCglNbADko1MZBCdwzJxwqZc-1RlpO2HibUY
yXSwO97BSe0_evZKdjvvKSgsIqjytKSeAMbhMBdMma622_BG5t4sdbuC
HtFjp9iJmkio47AIwqkZV1aIZsv33uPUqBBCXbYoQJwt7mxPftHmNlGo
OSMxR_3thmXTCm4US-xiNOyhbm8afKK64jU6_TPtQHiJeQJxz9G3Tx-0
83B745_AfYOnlC9w"
}
Figure 53: Signature #1 JSON
The following are generated before completing the second signing operation:
{
"alg": "ES512",
"kid": "bilbo.baggins@hobbiton.example"
}
Figure 54: Signature #2 JWS Unprotected Header JSON
The empty string (as there is no JWS Protected Header) and Payload content (Figure 8) are combined as described in [I-D.ietf-jose-json-web-signature] to produce the JWS Signing Input Figure 55.
. SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 55: JWS Signing Input
Performing the signature operation over the JWS Signing Input (Figure 55) produces the signature Figure 56.
ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhcdCoFZFFjfISu0Cdkn9Yb dlmi54ho0x924DUz8sK7ZXkhc7AFM8ObLfTvNCrqcI3Jkl2U5IX3utNhODH6v7 xgy1Qahsn0fyb4zSAkje8bAWz4vIfj5pCMYxxm4fgV3q7ZYhm5eD
Figure 56: Signature #2, base64url-encoded
The following is the assembled second signature serialized as JSON:
{
"header": {
"alg": "ES512",
"kid": "bilbo.baggins@hobbiton.example"
},
"signature": "ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhcdCoF
ZFFjfISu0Cdkn9Ybdlmi54ho0x924DUz8sK7ZXkhc7AFM8ObLfTvNCrq
cI3Jkl2U5IX3utNhODH6v7xgy1Qahsn0fyb4zSAkje8bAWz4vIfj5pCM
Yxxm4fgV3q7ZYhm5eD"
}
Figure 57: Signature #2 JSON
The following are generated before completing the third signing operation:
{
"alg": "HS256",
"kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
Figure 58: Signature #3 JWS Protected Header JSON
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9
Figure 59: Signature #3 JWS Protected Header, base64url-encoded
The JWS Protected Header (Figure 59) and Payload content (Figure 8) are combined as described in [I-D.ietf-jose-json-web-signature] to produce the JWS Signing Input Figure 60.
eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 60: JWS Signing Input
Performing the signature operation over the JWS Signing Input (Figure 60) produces the signature Figure 61.
s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
Figure 61: Signature #3, base64url-encoded
The following is the assembled third signature serialized as JSON:
{
"protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW
ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
"signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"
}
Figure 62: Signature #3 JSON
The following compose the resulting JWS object:
The compact serialization is not presented because it does not support this use case.
The resulting JWS object using the JSON serialization:
{
"payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
ZiB0by4",
"signatures": [
{
"protected": "eyJhbGciOiJSUzI1NiJ9",
"header": {
"kid": "bilbo.baggins@hobbiton.example"
},
"signature": "MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5Nvy
G53uoimic1tcMdSg-qptrzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFc
ryNFiHkSw129EghGpwkpxaTn_THJTCglNbADko1MZBCdwzJxwqZc
-1RlpO2HibUYyXSwO97BSe0_evZKdjvvKSgsIqjytKSeAMbhMBdM
ma622_BG5t4sdbuCHtFjp9iJmkio47AIwqkZV1aIZsv33uPUqBBC
XbYoQJwt7mxPftHmNlGoOSMxR_3thmXTCm4US-xiNOyhbm8afKK6
4jU6_TPtQHiJeQJxz9G3Tx-083B745_AfYOnlC9w"
},
{
"header": {
"alg": "ES512",
"kid": "bilbo.baggins@hobbiton.example"
},
"signature": "ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhc
dCoFZFFjfISu0Cdkn9Ybdlmi54ho0x924DUz8sK7ZXkhc7AFM8Ob
LfTvNCrqcI3Jkl2U5IX3utNhODH6v7xgy1Qahsn0fyb4zSAkje8b
AWz4vIfj5pCMYxxm4fgV3q7ZYhm5eD"
},
{
"protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
"signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
0"
}
]
}
Figure 63: JSON Serialization
The following sections demonstrate how to generate various JWE objects.
All of the succeeding examples (unless otherwise noted) use the following plaintext content, serialized as UTF-8. The sequence “\xe2\x80\x93” is substituted for (U+2013 EN DASH), and line breaks (U+000A LINE FEED) replace some instances of “ “ (U+0020 SPACE) characters to improve formatting:
You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.
Figure 64: Plaintext content
This example illustrates encrypting content using the “RSA1_5” (RSAES-PKCS1-v1_5) key encryption algorithm and the “A128CBC-HS256” (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.
Note that RSAES-PKCS1-v1_5 uses random data to generate the ciphertext; it might not be possible to exactly replicate the results in this section.
Note that whitespace is added for readability as described in Section 1.1.
The following are supplied before beginning the encryption process:
{
"kty": "RSA",
"kid": "frodo.baggins@hobbiton.example",
"use": "enc",
"n": "maxhbsmBtdQ3CNrKvprUE6n9lYcregDMLYNeTAWcLj8NnPU9XIYegT
HVHQjxKDSHP2l-F5jS7sppG1wgdAqZyhnWvXhYNvcM7RfgKxqNx_xAHx
6f3yy7s-M9PSNCwPC2lh6UAkR4I00EhV9lrypM9Pi4lBUop9t5fS9W5U
NwaAllhrd-osQGPjIeI1deHTwx-ZTHu3C60Pu_LJIl6hKn9wbwaUmA4c
R5Bd2pgbaY7ASgsjCUbtYJaNIHSoHXprUdJZKUMAzV0WOKPfA6OPI4oy
pBadjvMZ4ZAj3BnXaSYsEZhaueTXvZB4eZOAjIyh2e_VOIKVMsnDrJYA
VotGlvMQ",
"e": "AQAB",
"d": "Kn9tgoHfiTVi8uPu5b9TnwyHwG5dK6RE0uFdlpCGnJN7ZEi963R7wy
bQ1PLAHmpIbNTztfrheoAniRV1NCIqXaW_qS461xiDTp4ntEPnqcKsyO
5jMAji7-CL8vhpYYowNFvIesgMoVaPRYMYT9TW63hNM0aWs7USZ_hLg6
Oe1mY0vHTI3FucjSM86Nff4oIENt43r2fspgEPGRrdE6fpLc9Oaq-qeP
1GFULimrRdndm-P8q8kvN3KHlNAtEgrQAgTTgz80S-3VD0FgWfgnb1PN
miuPUxO8OpI9KDIfu_acc6fg14nsNaJqXe6RESvhGPH2afjHqSy_Fd2v
pzj85bQQ",
"p": "2DwQmZ43FoTnQ8IkUj3BmKRf5Eh2mizZA5xEJ2MinUE3sdTYKSLtaE
oekX9vbBZuWxHdVhM6UnKCJ_2iNk8Z0ayLYHL0_G21aXf9-unynEpUsH
7HHTklLpYAzOOx1ZgVljoxAdWNn3hiEFrjZLZGS7lOH-a3QQlDDQoJOJ
2VFmU",
"q": "te8LY4-W7IyaqH1ExujjMqkTAlTeRbv0VLQnfLY2xINnrWdwiQ93_V
F099aP1ESeLja2nw-6iKIe-qT7mtCPozKfVtUYfz5HrJ_XY2kfexJINb
9lhZHMv5p1skZpeIS-GPHCC6gRlKo1q-idn_qxyusfWv7WAxlSVfQfk8
d6Et0",
"dp": "UfYKcL_or492vVc0PzwLSplbg4L3-Z5wL48mwiswbpzOyIgd2xHTH
QmjJpFAIZ8q-zf9RmgJXkDrFs9rkdxPtAsL1WYdeCT5c125Fkdg317JV
RDo1inX7x2Kdh8ERCreW8_4zXItuTl_KiXZNU5lvMQjWbIw2eTx1lpsf
lo0rYU",
"dq": "iEgcO-QfpepdH8FWd7mUFyrXdnOkXJBCogChY6YKuIHGc_p8Le9Mb
pFKESzEaLlN1Ehf3B6oGBl5Iz_ayUlZj2IoQZ82znoUrpa9fVYNot87A
CfzIG7q9Mv7RiPAderZi03tkVXAdaBau_9vs5rS-7HMtxkVrxSUvJY14
TkXlHE",
"qi": "kC-lzZOqoFaZCr5l0tOVtREKoVqaAYhQiqIRGL-MzS4sCmRkxm5vZ
lXYx6RtE1n_AagjqajlkjieGlxTTThHD8Iga6foGBMaAr5uR1hGQpSc7
Gl7CF1DZkBJMTQN6EshYzZfxW08mIO8M6Rzuh0beL6fG9mkDcIyPrBXx
2bQ_mM"
}
Figure 65: RSA 2048-bit Key, in JWK format
(NOTE: While the key includes the private parameters, only the public parameters “e” and “n” are necessary for the encryption operation.)
The following are generated before encrypting:
3qyTVhIWt5juqZUCpfRqpvauwB956MEJL2Rt-8qXKSo
Figure 66: Content Encryption Key, base64url-encoded
bbd5sTkYwhAIqfHsx8DayA
Figure 67: Initialization Vector, base64url-encoded
Performing the key encryption operation over the CEK (Figure 66) with the RSA key (Figure 65) results in the following encrypted key:
laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePF vG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2G Xfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcG TSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8Vl zNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOh MBs9M8XL223Fg47xlGsMXdfuY-4jaqVw
Figure 68: Encrypted Key, base64url-encoded
The following are generated before encrypting the plaintext:
{
"alg": "RSA1_5",
"kid": "frodo.baggins@hobbiton.example",
"enc": "A128CBC-HS256"
}
Figure 69: JWE Protected Header JSON
eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0
Figure 70: JWE Protected Header, base64url-encoded
Performing the content encryption operation on the Plaintext (Figure 64) using the following:
produces the following:
0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_r aa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8O WzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZV yeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0 zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2 O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VW i7lzA6BP430m
Figure 71: Ciphertext, base64url-encoded
kvKuFBXHe5mQr4lqgobAUg
Figure 72: Authentication Tag, base64url-encoded
The following compose the resulting JWE object:
The resulting JWE object using the Compact serialization:
eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0 . laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePF vG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2G Xfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcG TSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8Vl zNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOh MBs9M8XL223Fg47xlGsMXdfuY-4jaqVw . bbd5sTkYwhAIqfHsx8DayA . 0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_r aa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8O WzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZV yeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0 zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2 O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VW i7lzA6BP430m . kvKuFBXHe5mQr4lqgobAUg
Figure 73: Compact Serialization
The resulting JWE object using the JSON serialization:
{
"recipients": [
{
"encrypted_key": "laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzf
TihJBuuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai_
_3TDON395H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WX
C2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt
36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8
VlzNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx
1BpyIfgvfjOhMBs9M8XL223Fg47xlGsMXdfuY-4jaqVw"
}
],
"protected": "eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW
5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In
0",
"iv": "bbd5sTkYwhAIqfHsx8DayA",
"ciphertext": "0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62
JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wn
I3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc
2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtm
RdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0y
KVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4c
tHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP4
30m",
"tag": "kvKuFBXHe5mQr4lqgobAUg"
}
Figure 74: JSON Serialization
This example illustrates encrypting content using the “RSA-OAEP” (RSAES-OAEP) key encryption algorithm and the “A256GCM” (AES-GCM) content encryption algorithm.
Note that RSAES-OAEP uses random data to generate the ciphertext; it might not be possible to exactly replicate the results in this section.
Note that whitespace is added for readability as described in Section 1.1.
The following are supplied before beginning the encryption process:
{
"kty": "RSA",
"kid": "samwise.gamgee@hobbiton.example",
"use": "enc",
"n": "wbdxI55VaanZXPY29Lg5hdmv2XhvqAhoxUkanfzf2-5zVUxa6prHRr
I4pP1AhoqJRlZfYtWWd5mmHRG2pAHIlh0ySJ9wi0BioZBl1XP2e-C-Fy
XJGcTy0HdKQWlrfhTm42EW7Vv04r4gfao6uxjLGwfpGrZLarohiWCPnk
Nrg71S2CuNZSQBIPGjXfkmIy2tl_VWgGnL22GplyXj5YlBLdxXp3XeSt
sqo571utNfoUTU8E4qdzJ3U1DItoVkPGsMwlmmnJiwA7sXRItBCivR4M
5qnZtdw-7v4WuR4779ubDuJ5nalMv2S66-RPcnFAzWSKxtBDnFJJDGIU
e7Tzizjg1nms0Xq_yPub_UOlWn0ec85FCft1hACpWG8schrOBeNqHBOD
FskYpUc2LC5JA2TaPF2dA67dg1TTsC_FupfQ2kNGcE1LgprxKHcVWYQb
86B-HozjHZcqtauBzFNV5tbTuB-TpkcvJfNcFLlH3b8mb-H_ox35FjqB
SAjLKyoeqfKTpVjvXhd09knwgJf6VKq6UC418_TOljMVfFTWXUxlnfhO
OnzW6HSSzD1c9WrCuVzsUMv54szidQ9wf1cYWf3g5qFDxDQKis99gcDa
iCAwM3yEBIzuNeeCa5dartHDb1xEB_HcHSeYbghbMjGfasvKn0aZRsnT
yC0xhWBlsolZE",
"e": "AQAB",
"alg": "RSA-OAEP",
"d": "n7fzJc3_WG59VEOBTkayzuSMM780OJQuZjN_KbH8lOZG25ZoA7T4Bx
cc0xQn5oZE5uSCIwg91oCt0JvxPcpmqzaJZg1nirjcWZ-oBtVk7gCAWq
-B3qhfF3izlbkosrzjHajIcY33HBhsy4_WerrXg4MDNE4HYojy68TcxT
2LYQRxUOCf5TtJXvM8olexlSGtVnQnDRutxEUCwiewfmmrfveEogLx9E
A-KMgAjTiISXxqIXQhWUQX1G7v_mV_Hr2YuImYcNcHkRvp9E7ook0876
DhkO8v4UOZLwA1OlUX98mkoqwc58A_Y2lBYbVx1_s5lpPsEqbbH-nqIj
h1fL0gdNfihLxnclWtW7pCztLnImZAyeCWAG7ZIfv-Rn9fLIv9jZ6r7r
-MSH9sqbuziHN2grGjD_jfRluMHa0l84fFKl6bcqN1JWxPVhzNZo01yD
F-1LiQnqUYSepPf6X3a2SOdkqBRiquE6EvLuSYIDpJq3jDIsgoL8Mo1L
oomgiJxUwL_GWEOGu28gplyzm-9Q0U0nyhEf1uhSR8aJAQWAiFImWH5W
_IQT9I7-yrindr_2fWQ_i1UgMsGzA7aOGzZfPljRy6z-tY_KuBG00-28
S_aWvjyUc-Alp8AUyKjBZ-7CWH32fGWK48j1t-zomrwjL_mnhsPbGs0c
9WsWgRzI-K8gE",
"p": "7_2v3OQZzlPFcHyYfLABQ3XP85Es4hCdwCkbDeltaUXgVy9l9etKgh
vM4hRkOvbb01kYVuLFmxIkCDtpi-zLCYAdXKrAK3PtSbtzld_XZ9nlsY
a_QZWpXB_IrtFjVfdKUdMz94pHUhFGFj7nr6NNxfpiHSHWFE1zD_AC3m
Y46J961Y2LRnreVwAGNw53p07Db8yD_92pDa97vqcZOdgtybH9q6uma-
RFNhO1AoiJhYZj69hjmMRXx-x56HO9cnXNbmzNSCFCKnQmn4GQLmRj9s
fbZRqL94bbtE4_e0Zrpo8RNo8vxRLqQNwIy85fc6BRgBJomt8QdQvIgP
gWCv5HoQ",
"q": "zqOHk1P6WN_rHuM7ZF1cXH0x6RuOHq67WuHiSknqQeefGBA9PWs6Zy
KQCO-O6mKXtcgE8_Q_hA2kMRcKOcvHil1hqMCNSXlflM7WPRPZu2qCDc
qssd_uMbP-DqYthH_EzwL9KnYoH7JQFxxmcv5An8oXUtTwk4knKjkIYG
RuUwfQTus0w1NfjFAyxOOiAQ37ussIcE6C6ZSsM3n41UlbJ7TCqewzVJ
aPJN5cxjySPZPD3Vp01a9YgAD6a3IIaKJdIxJS1ImnfPevSJQBE79-EX
e2kSwVgOzvt-gsmM29QQ8veHy4uAqca5dZzMs7hkkHtw1z0jHV90epQJ
JlXXnH8Q",
"dp": "19oDkBh1AXelMIxQFm2zZTqUhAzCIr4xNIGEPNoDt1jK83_FJA-xn
x5kA7-1erdHdms_Ef67HsONNv5A60JaR7w8LHnDiBGnjdaUmmuO8XAxQ
J_ia5mxjxNjS6E2yD44USo2JmHvzeeNczq25elqbTPLhUpGo1IZuG72F
ZQ5gTjXoTXC2-xtCDEUZfaUNh4IeAipfLugbpe0JAFlFfrTDAMUFpC3i
XjxqzbEanflwPvj6V9iDSgjj8SozSM0dLtxvu0LIeIQAeEgT_yXcrKGm
pKdSO08kLBx8VUjkbv_3Pn20Gyu2YEuwpFlM_H1NikuxJNKFGmnAq9Lc
nwwT0jvoQ",
"dq": "S6p59KrlmzGzaQYQM3o0XfHCGvfqHLYjCO557HYQf72O9kLMCfd_1
VBEqeD-1jjwELKDjck8kOBl5UvohK1oDfSP1DleAy-cnmL29DqWmhgwM
1ip0CCNmkmsmDSlqkUXDi6sAaZuntyukyflI-qSQ3C_BafPyFaKrt1fg
dyEwYa08pESKwwWisy7KnmoUvaJ3SaHmohFS78TJ25cfc10wZ9hQNOrI
ChZlkiOdFCtxDqdmCqNacnhgE3bZQjGp3n83ODSz9zwJcSUvODlXBPc2
AycH6Ci5yjbxt4Ppox_5pjm6xnQkiPgj01GpsUssMmBN7iHVsrE7N2iz
nBNCeOUIQ",
"qi": "FZhClBMywVVjnuUud-05qd5CYU0dK79akAgy9oX6RX6I3IIIPckCc
iRrokxglZn-omAY5CnCe4KdrnjFOT5YUZE7G_Pg44XgCXaarLQf4hl80
oPEf6-jJ5Iy6wPRx7G2e8qLxnh9cOdf-kRqgOS3F48Ucvw3ma5V6KGMw
QqWFeV31XtZ8l5cVI-I3NzBS7qltpUVgz2Ju021eyc7IlqgzR98qKONl
27DuEES0aK0WE97jnsyO27Yp88Wa2RiBrEocM89QZI1seJiGDizHRUP4
UZxw9zsXww46wy0P6f9grnYp7t8LkyDDk8eoI4KX6SNMNVcyVS9IWjlq
8EzqZEKIA"
}
Figure 75: RSA 4096-bit Key
(NOTE: While the key includes the private parameters, only the public parameters “e” and “n” are necessary for the encryption operation.)
The following are generated before encrypting:
mYMfsggkTAm0TbvtlFh2hyoXnbEzJQjMxmgLN3d8xXA
Figure 76: Content Encryption Key, base64url-encoded
-nBoKLH0YkLZPSI9
Figure 77: Initialization Vector, base64url-encoded
Performing the key encryption operation over the CEK (Figure 76)) with the RSA key (Figure 75) produces the following encrypted key:
rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQi beYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyu cvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58 -Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8Bpx KdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pK IIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7 pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe3 8UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU 06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5 Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDR s
Figure 78: Encrypted Key, base64url-encoded
The following are generated before encrypting the plaintext:
{
"alg": "RSA-OAEP",
"kid": "samwise.gamgee@hobbiton.example",
"enc": "A256GCM"
}
Figure 79: JWE Protected Header JSON
eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG 9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0
Figure 80: JWE Protected Header, base64url-encoded
Performing the content encryption operation over the Plaintext (Figure 64) with the following:
produces the following:
o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgR L-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEw P7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8 iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML 7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSV maPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw
Figure 81: Ciphertext, base64url-encoded
UCGiqJxhBI3IFVdPalHHvA
Figure 82: Authentication Tag, base64url-encoded
The following compose the resulting JWE object:
The resulting JWE object using the Compact serialization:
eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG 9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0 . rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQi beYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyu cvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58 -Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8Bpx KdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pK IIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7 pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe3 8UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU 06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5 Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDR s . -nBoKLH0YkLZPSI9 . o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgR L-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEw P7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8 iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML 7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSV maPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw . UCGiqJxhBI3IFVdPalHHvA
Figure 83: Compact Serialization
The resulting JWE object using the JSON serialization:
{
"recipients": [
{
"encrypted_key": "rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNu
h7lCiud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-Bb
tsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4
v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzM
uo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8B
pxKdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1
asnuHtVMt2pKIIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq
5pGqFmW2k8zpO878TRlZx7pZfPYDSXZyS0CfKKkMozT_qiCwZTSz
4duYnt8hS4Z9sGthXn9uDqd6wycMagnQfOTs_lycTWmY-aqWVDKh
jYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe38UjQb0lvXn
1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU
06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8a
KaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xD
EdHAVCGRzN3woEI2ozDRs"
}
],
"protected": "eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2
FtZ2VlQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0",
"iv": "-nBoKLH0YkLZPSI9",
"ciphertext": "o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6
UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYx
rXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lh
hNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz
6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7a
CflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525Dx
DfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw",
"tag": "UCGiqJxhBI3IFVdPalHHvA"
}
Figure 84: JSON Serialization
The example illustrates encrypting content using the “PBES2-HS512+A256KW” (PBES2 Password-based Encryption using HMAC-SHA-512 and AES-256-KeyWrap) key encryption algorithm with the “A128CBC-HS256” (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.
Note that whitespace is added for readability as described in Section 1.1.
The following are supplied before beginning the encryption process:
{
"keys": [
{
"kty": "oct",
"kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
"use": "enc",
"alg": "A128GCM",
"k": "XctOhJAkA-pD9Lh7ZgW_2A"
},
{
"kty": "oct",
"kid": "81b20965-8332-43d9-a468-82160ad91ac8",
"use": "enc",
"alg": "A128KW",
"k": "GZy6sIZ6wl9NJOKB-jnmVQ"
},
{
"kty": "oct",
"kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
"use": "enc",
"alg": "A256GCMKW",
"k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8"
}
]
}
Figure 85: Plaintext Content
entrap_o\xe2\x80\x93peter_long\xe2\x80\x93credit_tun
Figure 86: Password
The following are generated before encrypting:
uwsjJXaBK407Qaf0_zpcpmr1Cs0CC50hIUEyGNEt3m0
Figure 87: Content Encryption Key, base64url-encoded
VBiCzVHNoLiR3F4V82uoTQ
Figure 88: Initialization Vector, base64url-encoded
The following are generated before encrypting the CEK:
8Q1SzinasR3xchYz6ZZcHA
Figure 89: Salt, base64url-encoded
Performing the key encryption operation over the CEK (Figure 87)) with the following:
produces the following encrypted key:
d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g
Figure 90: Encrypted Key, base64url-encoded
The following are generated before encrypting the content:
{
"alg": "PBES2-HS512+A256KW",
"p2s": "8Q1SzinasR3xchYz6ZZcHA",
"p2c": 8192,
"cty": "jwk-set+json",
"enc": "A128CBC-HS256"
}
Figure 91: JWE Protected Header JSON
eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3 hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJl bmMiOiJBMTI4Q0JDLUhTMjU2In0
Figure 92: JWE Protected Header, base64url-encoded
Performing the content encryption operation over the Plaintext (Figure 85) with the the following:
produces the following:
23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IR sfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6l TF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb 6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL _SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKd PQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrok AKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N- zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V 3kobXZ77ulMwDs4p
Figure 93: Ciphertext, base64url-encoded
0HlwodAhOCILG5SQ2LQ9dg
Figure 94: Authentication Tag, base64url-encoded
The following compose the resulting JWE object:
The resulting JWE object using the Compact serialization:
eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3 hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJl bmMiOiJBMTI4Q0JDLUhTMjU2In0 . d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g . VBiCzVHNoLiR3F4V82uoTQ . 23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IR sfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6l TF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb 6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL _SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKd PQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrok AKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N- zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V 3kobXZ77ulMwDs4p . 0HlwodAhOCILG5SQ2LQ9dg
Figure 95: Compact Serialization
The resulting JWE object using the JSON serialization:
{
"recipients": [
{
"encrypted_key": "pmKVzwf89K3dfkQqbERUTC0F2jGXD6tTQVmtnV
puKUK2J4Xx2RkkLw"
}
],
"protected": "eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOi
I4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOi
Jqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
"iv": "VBiCzVHNoLiR3F4V82uoTQ",
"ciphertext": "23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2
nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpD
jEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_
hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz42
4givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ
7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru
5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUe
RdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5
tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdT
w8V3kobXZ77ulMwDs4p",
"tag": "0HlwodAhOCILG5SQ2LQ9dg"
}
Figure 96: JSON Serialization
This example illustrates encrypting content using the “ECDH-ES+A128KW” (Elliptic Curve Diffie-Hellman Ephemeral-Static with AES-128-KeyWrap) key encryption algorithm and the “A128GCM” (AES-GCM) content encryption algorithm.
Note that whitespace is added for readability as described in Section 1.1.
The following are supplied before beginning the encryption process:
{
"kty": "EC",
"kid": "peregrin.took@tuckborough.example",
"use": "enc",
"crv": "P-384",
"x": "YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGaQL
pe2FpxBmu2",
"y": "A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D5-
SkgaFL1ETP",
"d": "iTx2pk7wW-GqJkHcEkFQb2EFyYcO7RugmaW3mRrQVAOUiPommT0Idn
YK2xDlZh-j"
}
Figure 97: Elliptic Curve P-384 Key, in JWK format
(NOTE: While the key includes the private parameters, only the public parameters “crv”, “x”, and “y” are necessary for the encryption operation.)
The following are generated before encrypting:
Nou2ueKlP70ZXDbq9UrRwg
Figure 98: Content Encryption Key, base64url-encoded
mH-G2zVqgztUtnW_
Figure 99: Initialization Vector, base64url-encoded
To encrypt the Content Encryption Key, the following are generated:
{
"kty": "EC",
"crv": "P-384",
"x": "uBo4kHPw6kbjx5l0xowrd_oYzBmaz-GKFZu4xAFFkbYiWgutEK6iuE
DsQ6wNdNg3",
"y": "sp3p5SGhZVC2faXumI-e9JU2Mo8KpoYrFDr5yPNVtW4PgEwZOyQTA-
JdaY8tb7E0",
"d": "D5H4Y_5PSKZvhfVFbcCYJOtcGZygRgfZkpsBr59Icmmhe9sW6nkZ8W
fwhinUfWJg"
}
Figure 100: Ephemeral Elliptic Curve P-384 Key, in JWK format
Performing the key encryption operation over the CEK (Figure 98) with the following:
produces the following JWE encrypted key:
0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2
Figure 101: Encrypted Key, base64url-encoded
The following are generated before encrypting the content:
{
"alg": "ECDH-ES+A128KW",
"kid": "peregrin.took@tuckborough.example",
"epk": {
"kty": "EC",
"crv": "P-384",
"x": "uBo4kHPw6kbjx5l0xowrd_oYzBmaz-GKFZu4xAFFkbYiWgutEK6i
uEDsQ6wNdNg3",
"y": "sp3p5SGhZVC2faXumI-e9JU2Mo8KpoYrFDr5yPNVtW4PgEwZOyQT
A-JdaY8tb7E0"
},
"enc": "A128GCM"
}
Figure 102: JWE Protected Header JSON
eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdH Vja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAt Mzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NH hBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMy ZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWT h0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0
Figure 103: JWE Protected Header, base64url-encoded
Performing the content encryption operation on the Plaintext (Figure 64) using the following:
produces the following:
tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cP WJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0 IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkc Y9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w0 3XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu 07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ
Figure 104: Ciphertext, base64url-encoded
WuGzxmcreYjpHGJoa17EBg
Figure 105: Authentication Tag, base64url-encoded
The following compose the resulting JWE object:
The resulting JWE object using the Compact serialization:
eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdH Vja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAt Mzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NH hBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMy ZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWT h0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0 . 0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2 . mH-G2zVqgztUtnW_ . tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cP WJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0 IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkc Y9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w0 3XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu 07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ . WuGzxmcreYjpHGJoa17EBg
Figure 106: Compact Serialization
The resulting JWE object using the JSON serialization:
{
"recipients": [
{
"encrypted_key": "0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2"
}
],
"protected": "eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcm
VncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdH
kiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bD
B4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUT
Z3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3
BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbm
MiOiJBMTI4R0NNIn0",
"iv": "mH-G2zVqgztUtnW_",
"ciphertext": "tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz
5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzs
XaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05
jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93Y
cdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkU
ZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVn
tRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ",
"tag": "WuGzxmcreYjpHGJoa17EBg"
}
Figure 107: JSON Serialization
This example illustrates encrypting content using the “ECDH-ES” (Elliptic Curve Diffie-Hellman Ephemeral-Static) key agreement algorithm and the “A128CBC-HS256” (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.
Note that whitespace is added for readability as described in Section 1.1.
The following are supplied before beginning the encryption process:
{
"kty": "EC",
"kid": "meriadoc.brandybuck@buckland.example",
"use": "enc",
"crv": "P-256",
"x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
"y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
"d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8"
}
Figure 108: Elliptic Curve P-256 Key
(NOTE: While the key includes the private parameters, only the public parameters “crv”, “x”, and “y” are necessary for the encryption operation.)
The following are generated before encrypting:
yc9N8v5sYyv3iGQT926IUg
Figure 109: Initialization Vector, base64url-encoded
NOTE: The Content Encryption Key (CEK) is not randomly generated; instead it is determined using key agreement.
The following are generated to agree on a CEK:
{
"kty": "EC",
"crv": "P-256",
"x": "mPUKT_bAWGHIhg0TpjjqVsP1rXWQu_vwVOHHtNkdYoA",
"y": "8BQAsImGeAS46fyWw5MhYfGTT0IjBpFw2SS34Dv4Irs",
"d": "AtH35vJsQ9SGjYfOsjUxYXQKrPH3FjZHmEtSKoSN8cM"
}
Figure 110: Ephemeral public key, in JWK format
Performing the ECDH operation using the static EC public key (Figure 108) over the ephemeral private key Figure 110) produces the following CEK:
hzHdlfQIAEehb8Hrd_mFRhKsKLEzPfshfXs9l6areCc
Figure 111: Agreed-to Content Encryption Key, base64url-encoded
The following are generated before encrypting the content:
{
"alg": "ECDH-ES",
"kid": "meriadoc.brandybuck@buckland.example",
"epk": {
"kty": "EC",
"crv": "P-256",
"x": "mPUKT_bAWGHIhg0TpjjqVsP1rXWQu_vwVOHHtNkdYoA",
"y": "8BQAsImGeAS46fyWw5MhYfGTT0IjBpFw2SS34Dv4Irs"
},
"enc": "A128CBC-HS256"
}
Figure 112: JWE Protected Header JSON
eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidW NrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYi LCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqanFWc1AxclhXUXVfdndWT0hIdE5rZF lvQSIsInkiOiI4QlFBc0ltR2VBUzQ2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0 RHY0SXJzIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ
Figure 113: JWE Protected Header, base64url-encoded
Performing the content encryption operation on the Plaintext (Figure 64) using the following:
produces the following:
BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9 IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_e vAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7- IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI -sD5PZ3l4NDCCei9XkoIAfsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7 MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ61 95_JGG2m9Csg
Figure 114: Ciphertext, base64url-encoded
WCCkNa-x4BeB9hIDIfFuhg
Figure 115: Authentication Tag, base64url-encoded
The following compose the resulting JWE object:
the resulting JWE object using the Compact serialization:
eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidW NrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYi LCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqanFWc1AxclhXUXVfdndWT0hIdE5rZF lvQSIsInkiOiI4QlFBc0ltR2VBUzQ2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0 RHY0SXJzIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ . . yc9N8v5sYyv3iGQT926IUg . BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9 IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_e vAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7- IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI -sD5PZ3l4NDCCei9XkoIAfsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7 MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ61 95_JGG2m9Csg . WCCkNa-x4BeB9hIDIfFuhg
Figure 116: Compact Serialization
the resulting JWE object using the JSON serialization:
{
"protected": "eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYn
JhbmR5YnVja0BidWNrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6Ik
VDIiwiY3J2IjoiUC0yNTYiLCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqan
FWc1AxclhXUXVfdndWT0hIdE5rZFlvQSIsInkiOiI4QlFBc0ltR2VBUz
Q2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0RHY0SXJzIn0sImVuYyI6Ik
ExMjhDQkMtSFMyNTYifQ",
"iv": "yc9N8v5sYyv3iGQT926IUg",
"ciphertext": "BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4O
PKbWE1zSTEFjDfhU9IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEs
DIqAYtskTTmzmzNa-_q4F_evAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolq
ZSF3xGNNkpOMQKF1Cl8i8wjzRli7-IXgyirlKQsbhhqRzkv8IcY6aHl2
4j03C-AR2le1r7URUhArM79BY8soZU0lzwI-sD5PZ3l4NDCCei9XkoIA
fsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7MsFfI_K767G9C9A
zp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ6195_JGG2m9
Csg",
"tag": "WCCkNa-x4BeB9hIDIfFuhg"
}
Figure 117: JSON Serialization
This example illustrates encrypting content using a previously exchanged key directly and the “A128GCM” (AES-GCM) content encryption algorithm.
Note that whitespace is added for readability as described in Section 1.1.
The following are supplied before beginning the encryption process:
{
"kty": "oct",
"kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
"use": "enc",
"alg": "A128GCM",
"k": "XctOhJAkA-pD9Lh7ZgW_2A"
}
Figure 118: AES 128-bit key, in JWK format
The following are generated before encrypting:
refa467QzzKx6QAB
Figure 119: Initialization Vector, base64url-encoded
The following are generated before encrypting the content:
{
"alg": "dir",
"kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
"enc": "A128GCM"
}
Figure 120: JWE Protected Header JSON
Encoded as [RFC4648] base64url:
eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MT diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0
Figure 121: JWE Protected Header, base64url-encoded
Performing the encryption operation on the Plaintext (Figure 64) using the following:
produces the following:
JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJoBcW29rHP8yZOZG7Y hLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zM DB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_ BIwCPTjb9o0SbdcdREEMJMyZBH8ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5 g-NJsUPbjk29-s7LJAGb15wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSIn ZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp
Figure 122: Ciphertext, base64url-encoded
vbb32Xvllea2OtmHAdccRQ
Figure 123: Authentication Tag, base64url-encoded
The following compose the resulting JWE object:
The resulting JWE object using the Compact serialization:
eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MT diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0 . . refa467QzzKx6QAB . JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJoBcW29rHP8yZOZG7Y hLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zM DB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_ BIwCPTjb9o0SbdcdREEMJMyZBH8ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5 g-NJsUPbjk29-s7LJAGb15wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSIn ZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp . vbb32Xvllea2OtmHAdccRQ
Figure 124: Compact Serialization
The resulting JWE object using the JSON serialization:
{
"protected": "eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLT
Q1Y2YtODY3Mi02MTdiNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0",
"iv": "refa467QzzKx6QAB",
"ciphertext": "JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJ
oBcW29rHP8yZOZG7YhLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9
HRUYkshtrMmIUAyGmUnd9zMDB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdc
qMyiBoCO-FBdE-Nceb4h3-FtBP-c_BIwCPTjb9o0SbdcdREEMJMyZBH8
ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5g-NJsUPbjk29-s7LJAGb1
5wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSInZI-wjsY0yu3cT4_
aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp",
"tag": "vbb32Xvllea2OtmHAdccRQ"
}
Figure 125: JSON Serialization
This example illustrates encrypting content using the “A256GCMKW” (AES-256-GCM-KeyWrap) key encryption algorithm with the “A128CBC-HS256” (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.
Note that whitespace is added for readability as described in Section 1.1.
The following are supplied before beginning the encryption process:
{
"kty": "oct",
"kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
"use": "enc",
"alg": "A256GCMKW",
"k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8"
}
Figure 126: AES 256-bit Key
The following are generated before encrypting: