[Openid-specs-ab] Updated JWE encryption examples
ejay at mgi1.com
Wed Sep 5 19:24:26 UTC 2012
I've got the following results with your examples :
I'm unable to get the same encrypted key using either the private or public part
of the given key. However, I am able to decrypt your encrypted key with no
problem. Since it's only using PCKS1-v1_5, I believe I should be able to get the
same encrypted key value.
The CEK and CIK and ciphertext results are the same.
Using your encrypted key gives me the same results for the integrity value.
Due to the RSA-OAEP algorithm, I can only perform decryption on your encrypted
key. The decrypted value matches yourCMK.
Using your AAD, the I was able to successfully decrypt and verify your data.
From: Mike Jones <Michael.Jones at microsoft.com>
To: Edmund Jay <ejay at mgi1.com>; Emmanuel Raviart <emmanuel at raviart.com>; Brian
Campbell <bcampbell at pingidentity.com>; Axel Nennker <Axel.Nennker at telekom.de>
Cc: "openid-connect-interop at googlegroups.com"
<openid-connect-interop at googlegroups.com>; "openid-specs-ab at lists.openid.net"
<openid-specs-ab at lists.openid.net>
Sent: Tue, September 4, 2012 11:56:28 AM
Subject: Re: Updated JWE encryption examples
Have any of you tried decrypting these updated examples? I plan on using them
in the next release of the JWE spec, but would like confirmation that they’re
From:openid-connect-interop at googlegroups.com
[mailto:openid-connect-interop at googlegroups.com] On Behalf Of Mike Jones
Sent: Wednesday, August 29, 2012 10:12 PM
To: Edmund Jay; Emmanuel Raviart; Brian Campbell; Axel Nennker
Cc: openid-connect-interop at googlegroups.com; openid-specs-ab at lists.openid.net
Subject: Updated JWE encryption examples
Here’s updated encryption examples incorporating the proposed JWE/JWA changes.
In summary, changes in these computations are:
· Updated the Concat KDF calculation, per yesterday’s e-mail
· Consolidated the “enc”, “int”, and “kdf” parameters into a composite
“enc” parameter, with new AES CBC “enc” values “A128CBC+HS256” and
· Moved initialization vector out of the header into its own
dot-separated parameter value (to save space and to factor it out for the JSON
Serialization), with the JWE representation becoming
The examples attached are:
· JWE.log: Will be used to create the new AES-CBC example in Section
3.2 and Appendix A.2 of the JWE specification
· JWE2.log: Will be used to create the new AES-GCM example in Section
3.1 and Appendix A.1 of the JWE specification
It would be great if any of you can verify that you can decrypt these results!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab