[Openid-specs-ab] jwe aes gcm in java

Mike Jones Michael.Jones at microsoft.com
Wed Nov 2 17:32:13 UTC 2011 

Thanks, Axel.  That's very cool!

I'd like to reproduce this and publish an example in the spec.  A few questions.  First, what is the key used?  When I publish an example, that will need to be part of the example so people have all the information to reproduce it.

This example doesn't appear to be using the encoding in the current JWE spec<http://self-issued.info/docs/draft-jones-json-web-encryption.html>.  For starters, there are only two segments (there's no JWE encrypted key), and there's no "enc" (encryption method) parameter .  Would it be possible for you to update your code to match the current spec?  After that, I'd love to check it against a F# or C# implementation.

If you could use these parameters from Section 3.1, that would be great!  Or I'm open to other ones.  (Don't bother with the "x5t" parameter, however. I made that one up!):
   {"alg":"RSA1_5",
    "enc":"A256GCM",
    "iv":"__79_Pv6-fg",

Thanks again!

                                                            -- Mike

From: Axel.Nennker at telekom.de [mailto:Axel.Nennker at telekom.de]
Sent: Wednesday, November 02, 2011 9:08 AM
To: Mike Jones
Cc: openid-specs-ab at lists.openid.net; rrichards at cdatazone.org
Subject: jwe aes gcm in java

Mike,

I implemented AESGCM in Java. The parameters for my example are:

The keybytes are: byte[] N = Hex.decode("cafebabefacedbaddecaf888");
The jweHeader is: {"alg":"A128GCM","iv":"yv66vvrO263eyviI"}

AESGCM jwtHeaderSegment base64:  eyJhbGciOiJBMTI4R0NNIiwiaXYiOiJ5djY2dnZyTzI2M2V5dmlJIn0
AESGCM jwtCryptoSegment base64:  H7I-QNvM8VtMylQfBbbqyrT8xiFcVv-7CZTn-dkXr10dpIOmzjMbqjmbqevK2aAoRu4s5DhU8dbeu8SbRJTCDYYAkYfOo_Hc5NY6B5-VwhnOWc0sres
Result JWE:  eyJhbGciOiJBMTI4R0NNIiwiaXYiOiJ5djY2dnZyTzI2M2V5dmlJIn0.H7I-QNvM8VtMylQfBbbqyrT8xiFcVv-7CZTn-dkXr10dpIOmzjMbqjmbqevK2aAoRu4s5DhU8dbeu8SbRJTCDYYAkYfOo_Hc5NY6B5-VwhnOWc0sres
The code is here:
http://code.google.com/p/openinfocard/source/browse/trunk/src/org/xmldap/json/WebToken.java
The JUNIT tests are here:
http://code.google.com/p/openinfocard/source/browse/trunk/testsrc/org/xmldap/json/WebTokenTest.java

Maybe you could verify my example with your F# code.
Rob: Could you please check with your php?

Cheers
Axel


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20111102/b14913ac/attachment.html>

More information about the Openid-specs-ab mailing list