[Openid-specs-ab] Updated JWE encryption examples

Mike Jones Michael.Jones at microsoft.com
Thu Aug 30 05:11:53 UTC 2012


Here's updated encryption examples incorporating the proposed JWE/JWA changes.  In summary, changes in these computations are:

*        Updated the Concat KDF calculation, per yesterday's e-mail

*        Consolidated the "enc", "int", and "kdf" parameters into a composite "enc" parameter, with new AES CBC "enc" values "A128CBC+HS256" and "A256CBC+HS512"

*        Moved initialization vector out of the header into its own dot-separated parameter value (to save space and to factor it out for the JSON Serialization), with the JWE representation becoming header.encryptedKey.initializationVector.ciphertext.integrityValue

The examples attached are:

*        JWE.log:  Will be used to create the new AES-CBC example in Section 3.2 and Appendix A.2 of the JWE specification

*        JWE2.log:  Will be used to create the new AES-GCM example in Section 3.1 and Appendix A.1 of the JWE specification

It would be great if any of you can verify that you can decrypt these results!

                                                            Thanks again,
                                                            -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120830/98f71a56/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: JWE.log
Type: application/octet-stream
Size: 11928 bytes
Desc: JWE.log
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120830/98f71a56/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: JWE2.log
Type: application/octet-stream
Size: 10987 bytes
Desc: JWE2.log
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120830/98f71a56/attachment-0003.obj>


More information about the Openid-specs-ab mailing list