[Openid-specs-ab] Updated JWE encryption examples

Mike Jones Michael.Jones at microsoft.com
Wed Sep 5 06:42:54 UTC 2012


Yes. The int and kdf parameters will be removed from the next draft.

Thanks,
-- Mike

________________________________
From: Axel.Nennker at telekom.de
Sent: 9/4/2012 1:53 PM
To: Mike Jones; ejay at mgi1.com; emmanuel at raviart.com; bcampbell at pingidentity.com
Cc: openid-connect-interop at googlegroups.com; openid-specs-ab at lists.openid.net
Subject: RE: Updated JWE encryption examples

I will finish this tomorrow. Is the “int” parameter removed from the header altogether? Kdf too?
I checked the changes into the jsoncrypto repository but my development laptop crashed and I could not complete all tests.

Axel

From: Mike Jones [mailto:Michael.Jones at microsoft.com]
Sent: Tuesday, September 04, 2012 8:56 PM
To: Edmund Jay; Emmanuel Raviart; Brian Campbell; Nennker, Axel
Cc: openid-connect-interop at googlegroups.com; openid-specs-ab at lists.openid.net
Subject: Re: Updated JWE encryption examples

Have any of you tried decrypting these updated examples?  I plan on using them in the next release of the JWE spec, but would like confirmation that they’re correct.

                                                                Thanks again,
                                                                -- Mike

From: openid-connect-interop at googlegroups.com [mailto:openid-connect-interop at googlegroups.com] On Behalf Of Mike Jones
Sent: Wednesday, August 29, 2012 10:12 PM
To: Edmund Jay; Emmanuel Raviart; Brian Campbell; Axel Nennker
Cc: openid-connect-interop at googlegroups.com; openid-specs-ab at lists.openid.net
Subject: Updated JWE encryption examples

Here’s updated encryption examples incorporating the proposed JWE/JWA changes.  In summary, changes in these computations are:

·         Updated the Concat KDF calculation, per yesterday’s e-mail

·         Consolidated the “enc”, “int”, and “kdf” parameters into a composite “enc” parameter, with new AES CBC “enc” values “A128CBC+HS256” and “A256CBC+HS512”

·         Moved initialization vector out of the header into its own dot-separated parameter value (to save space and to factor it out for the JSON Serialization), with the JWE representation becoming header.encryptedKey.initializationVector.ciphertext.integrityValue

The examples attached are:

·         JWE.log:  Will be used to create the new AES-CBC example in Section 3.2 and Appendix A.2 of the JWE specification

·         JWE2.log:  Will be used to create the new AES-GCM example in Section 3.1 and Appendix A.1 of the JWE specification

It would be great if any of you can verify that you can decrypt these results!

                                                            Thanks again,
                                                            -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120905/2c74f649/attachment.html>


More information about the Openid-specs-ab mailing list