[Openid-specs-ab] JSON Web Key (JWK) draft -01

Anthony Nadalin tonynad at microsoft.com
Tue Jul 26 15:03:13 UTC 2011


I think that with the encryption spec we already have use for private keys and need a way to describe these, don’t see the rational for only doing public keys

From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Anthony Nadalin
Sent: Tuesday, July 26, 2011 6:45 AM
To: Mike Jones; openid-specs-ab at lists.openid.net
Cc: John Panzer; Brian Eaton; 蔡健
Subject: Re: [Openid-specs-ab] JSON Web Key (JWK) draft -01

On ECDSA keys, there is a difference between the public and private keys, this should be noted in the structure as noted in [X9-63], [SP800-56A].

The RSA key structure seems to be only for public keys but does not actually say that and also not sure that we only need public keys, should be supportive of public and private

The key structure is also lacking as it should contain the following:
Key Format Type
Key compression type
Key Value
Crypto Alg
Crypto Length
Key Wrapping Data (if we want to support these methods)

The key format type should contain:
Key Material
Various Attributes

From: openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net> [mailto:openid-specs-ab-bounces at lists.openid.net]<mailto:[mailto:openid-specs-ab-bounces at lists.openid.net]> On Behalf Of Mike Jones
Sent: Monday, July 25, 2011 9:09 PM
To: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>
Cc: John Panzer; Brian Eaton; 蔡健
Subject: [Openid-specs-ab] JSON Web Key (JWK) draft -01


I’ve published JSON Web Key (JWK)<http://self-issued.info/docs/draft-jones-json-web-key.html> draft -01<http://self-issued.info/docs/draft-jones-json-web-key-01.html>. It contains the following changes:

*         Changed “algorithm” member value for Elliptic Curve keys from “ECDSA” to “EC”, since Elliptic Curve keys can be used with more algorithms than just the Elliptic Curve Digital Signature Algorithm (ECDSA).

*         Added OPTIONAL “use” member to identify intended key usage, especially since the same Elliptic Curve key should not be used for both signing and encryption operations.



The specification is available at these locations:

*         http://www.ietf.org/internet-drafts/draft-jones-json-web-key-01.txt

*         http://www.ietf.org/internet-drafts/draft-jones-json-web-key-01.xml

*         http://self-issued.info/docs/draft-jones-json-web-key-01.html

*         http://self-issued.info/docs/draft-jones-json-web-key-01.txt

*         http://self-issued.info/docs/draft-jones-json-web-key-01.xml

*         http://self-issued.info/docs/draft-jones-json-web-key.html (will point to new versions as they are posted)

*         http://self-issued.info/docs/draft-jones-json-web-key.txt (will point to new versions as they are posted)

*         http://self-issued.info/docs/draft-jones-json-web-key.xml (will point to new versions as they are posted)

*         http://svn.openid.net/repos/specifications/json_web_key/1.0/ (Subversion repository, with html, txt, and html versions available)

The need for this change was identified while writing the JSON Web Encryption (JWE) draft.

                                                            -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110726/3e8e2d0c/attachment.html>


More information about the Openid-specs-ab mailing list