[Openid-specs-ab] jwe aes gcm in java

Thu Nov 3 15:36:21 UTC 2011

Mike,

here is the example with the fixed iv and the RSA keypair from your JWS spec. x5t is computed from that public key:
rsa15AesGcm256 fixed IV = __79_Pv6-fg
jwtHeaderSegment: rsa15AesGcm256 fixed IV
{"alg":"RSA1_5","iv":"__79_Pv6-fg","x5t":"b9E8JDWjYefFiM0X9V9a098Bd6ZsFyemogCEX016uIw","enc":"A256GCM"}

jwtHeaderSegment: rsa15AesGcm256 fixed IV eyJhbGciOiJSU0ExXzUiLCJpdiI6Il9fNzlfUHY2LWZnIiwieDV0IjoiYjlFOEpEV2pZZWZGaU0wWDlWOWEwOThCZDZac0Z5ZW1vZ0NFWDAxNnVJdyIsImVuYyI6IkEyNTZHQ00ifQ

rsa15AesGcm256 fixed IV jwtSymmetricKeySegment base64:
enMQutbR-QI7P_dIqMVEKwPJsdsn9b2JOSQJm-AeGhB6dE1V-dwl2VlbcAIPlnAH1VofTU9hH9AdbCwDA0AYrtCZ4awncIvG2ba7sulx-wuJjrrT6rI1ieWB3bZsRPfhHe2wLHfBOko8PQHGLPgzA8p766LT4egQDLhCf_0NOznAgtmMM_0C8iYLWrc1IjeTuU7bWP_MGA65d8hJz7gdiqjD-RyYvCCjRNHOYfCFDLX3lKMJ4k3nHD7xJ0PK8QpPtUxGhYhWz9S2o5atEzvuaClHmluxK54s_IxJ91WM1m7Xzyt1sIUUkcexwtRhMBsA6bt2c4p6IoKIwaywlzqEHQ

rsa15AesGcm256 fixed IV jwtCryptoSegment base64:
IEU4u2veTCxiMMj0E1q8MiJ-7sVyWCtUNaXo4l_3IEuCAHI05Rv0ZKRtiBrNjJBYl9T8ymQ2dIvf2U4ubz9QkZx6PJhv7oRUGbapGlgtiwlkSM8SodU

The JWE is then jwtHeaderSegment.jwtSymmetricKeySegment.jwtCryptoSegment

The jwt is the one from your spec:
  String joeStr = "{\"iss\":\"joe\",\r\n" +
      " \"exp\":1300819380,\r\n" +
      " \"http://example.com/is_root\<http://example.com/is_root/>":true}";

The values (from your signature spec A2.1) for the RSA keypair are:

      final byte[] n = {(byte)161, (byte)248, (byte)22, (byte)10, (byte)226, (byte)227, (byte)201, (byte)180, (byte)101, (byte)206, (byte)141, (byte)45, (byte)101, (byte)98, (byte)99, (byte)54, (byte)43, (byte)146, (byte)125, (byte)190, (byte)41, (byte)225, (byte)240, (byte)36, (byte)119, (byte)252, (byte)22, (byte)37, (byte)204, (byte)144, (byte)161, (byte)54, (byte)227, (byte)139, (byte)217, (byte)52, (byte)151, (byte)197, (byte)182, (byte)234, (byte)99, (byte)221, (byte)119, (byte)17, (byte)230, (byte)124, (byte)116, (byte)41, (byte)249, (byte)86, (byte)176, (byte)251, (byte)138, (byte)143, (byte)8, (byte)154, (byte)220, (byte)75, (byte)105, (byte)137, (byte)60, (byte)193, (byte)51, (byte)63, (byte)83, (byte)237, (byte)208, (byte)25, (byte)184, (byte)119, (byte)132, (byte)37, (byte)47, (byte)236, (byte)145, (byte)79, (byte)228, (byte)133, (byte)119, (byte)105, (byte)89, (byte)75, (byte)234, (byte)66, (byte)128, (byte)211, (byte)44, (byte)15, (byte)85, (byte)191, (byte)98, (byte)148, (byte)79, (byte)19, (byte)3, (byte)150, (byte)188, (byte)110, (byte)155, (byte)223, (byte)110, (byte)189, (byte)210, (byte)189, (byte)163, (byte)103, (byte)142, (byte)236, (byte)160, (byte)198, (byte)104, (byte)247, (byte)1, (byte)179, (byte)141, (byte)191, (byte)251, (byte)56, (byte)200, (byte)52, (byte)44, (byte)226, (byte)254, (byte)109, (byte)39, (byte)250, (byte)222, (byte)74, (byte)90, (byte)72, (byte)116, (byte)151, (byte)157, (byte)212, (byte)185, (byte)207, (byte)154, (byte)222, (byte)196, (byte)199, (byte)91, (byte)5, (byte)133, (byte)44, (byte)44, (byte)15, (byte)94, (byte)248, (byte)165, (byte)193, (byte)117, (byte)3, (byte)146, (byte)249, (byte)68, (byte)232, (byte)237, (byte)100, (byte)193, (byte)16, (byte)198, (byte)182, (byte)71, (byte)96, (byte)154, (byte)164, (byte)120, (byte)58, (byte)235, (byte)156, (byte)108, (byte)154, (byte)215, (byte)85, (byte)49, (byte)48, (byte)80, (byte)99, (byte)139, (byte)131, (byte)102, (byte)92, (byte)111, (byte)111, (byte)122, (byte)130, (byte)163, (byte)150, (byte)112, (byte)42, (byte)31, (byte)100, (byte)27, (byte)130, (byte)211, (byte)235, (byte)242, (byte)57, (byte)34, (byte)25, (byte)73, (byte)31, (byte)182, (byte)134, (byte)135, (byte)44, (byte)87, (byte)22, (byte)245, (byte)10, (byte)248, (byte)53, (byte)141, (byte)154, (byte)139, (byte)157, (byte)23, (byte)195, (byte)64, (byte)114, (byte)143, (byte)127, (byte)135, (byte)216, (byte)154, (byte)24, (byte)216, (byte)252, (byte)171, (byte)103, (byte)173, (byte)132, (byte)89, (byte)12, (byte)46, (byte)207, (byte)117, (byte)147, (byte)57, (byte)54, (byte)60, (byte)7, (byte)3, (byte)77, (byte)111, (byte)96, (byte)111, (byte)158, (byte)33, (byte)224, (byte)84, (byte)86, (byte)202, (byte)229, (byte)233, (byte)161};
      final byte[] e = {1, 0, 1};
      final byte[] d = {18, (byte)174, (byte)113, (byte)164, (byte)105, (byte)205, (byte)10, (byte)43, (byte)195, (byte)126, (byte)82, (byte)108, (byte)69, (byte)0, (byte)87, (byte)31, (byte)29, (byte)97, (byte)117, (byte)29, (byte)100, (byte)233, (byte)73, (byte)112, (byte)123, (byte)98, (byte)89, (byte)15, (byte)157, (byte)11, (byte)165, (byte)124, (byte)150, (byte)60, (byte)64, (byte)30, (byte)63, (byte)207, (byte)47, (byte)44, (byte)211, (byte)189, (byte)236, (byte)136, (byte)229, (byte)3, (byte)191, (byte)198, (byte)67, (byte)155, (byte)11, (byte)40, (byte)200, (byte)47, (byte)125, (byte)55, (byte)151, (byte)103, (byte)31, (byte)82, (byte)19, (byte)238, (byte)216, (byte)193, (byte)90, (byte)37, (byte)216, (byte)213, (byte)206, (byte)160, (byte)2, (byte)94, (byte)227, (byte)171, (byte)46, (byte)139, (byte)127, (byte)121, (byte)33, (byte)111, (byte)198, (byte)59, (byte)234, (byte)86, (byte)39, (byte)83, (byte)180, (byte)6, (byte)68, (byte)198, (byte)161, (byte)81, (byte)39, (byte)217, (byte)178, (byte)149, (byte)69, (byte)64, (byte)160, (byte)187, (byte)225, (byte)163, (byte)5, (byte)86, (byte)152, (byte)45, (byte)78, (byte)159, (byte)222, (byte)95, (byte)100, (byte)37, (byte)241, (byte)77, (byte)75, (byte)113, (byte)52, (byte)65, (byte)181, (byte)93, (byte)199, (byte)59, (byte)155, (byte)74, (byte)237, (byte)204, (byte)146, (byte)172, (byte)227, (byte)146, (byte)126, (byte)55, (byte)245, (byte)125, (byte)12, (byte)253, (byte)94, (byte)117, (byte)129, (byte)250, (byte)81, (byte)44, (byte)143, (byte)73, (byte)97, (byte)169, (byte)235, (byte)11, (byte)128, (byte)248, (byte)168, (byte)7, (byte)70, (byte)114, (byte)138, (byte)85, (byte)255, (byte)70, (byte)71, (byte)31, (byte)52, (byte)37, (byte)6, (byte)59, (byte)157, (byte)83, (byte)100, (byte)47, (byte)94, (byte)222, (byte)30, (byte)132, (byte)214, (byte)19, (byte)8, (byte)26, (byte)250, (byte)92, (byte)34, (byte)208, (byte)81, (byte)40, (byte)91, (byte)214, (byte)59, (byte)148, (byte)59, (byte)86, (byte)93, (byte)137, (byte)138, (byte)5, (byte)104, (byte)84, (byte)19, (byte)229, (byte)60, (byte)60, (byte)108, (byte)101, (byte)37, (byte)255, (byte)31, (byte)227, (byte)78, (byte)61, (byte)220, (byte)112, (byte)240, (byte)213, (byte)100, (byte)80, (byte)253, (byte)164, (byte)139, (byte)161, (byte)46, (byte)16, (byte)78, (byte)157, (byte)235, (byte)159, (byte)184, (byte)24, (byte)129, (byte)225, (byte)196, (byte)189, (byte)242, (byte)93, (byte)146, (byte)71, (byte)244, (byte)80, (byte)200, (byte)101, (byte)146, (byte)121, (byte)104, (byte)231, (byte)115, (byte)52, (byte)244, (byte)65, (byte)79, (byte)117, (byte)167, (byte)80, (byte)225, (byte)57, (byte)84, (byte)110, (byte)58, (byte)138, (byte)115, (byte)157};

      BigInteger N = new BigInteger(1, n);
      BigInteger E = new BigInteger(1, e);
      BigInteger D = new BigInteger(1, d);

      KeyFactory keyFactory = KeyFactory.getInstance("RSA");
      RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(N, E);
      RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(N, D);
      rsaPublicKey = (RSAPublicKey) keyFactory.generatePublic(pubKeySpec);
      rsaPrivKey = (RSAPrivateKey) keyFactory.generatePrivate(privKeySpec);
Hope this helps.
Axel
The code is here:
http://code.google.com/p/openinfocard/source/browse/trunk/src/org/xmldap/json/WebToken.java
The JUNIT tests are here:
http://code.google.com/p/openinfocard/source/browse/trunk/testsrc/org/xmldap/json/WebTokenTest.java

From: Mike Jones [mailto:Michael.Jones at microsoft.com]
Sent: Mittwoch, 2. November 2011 18:32
To: Nennker, Axel
Cc: openid-specs-ab at lists.openid.net; rrichards at cdatazone.org
Subject: RE: jwe aes gcm in java

Thanks, Axel.  That's very cool!

I'd like to reproduce this and publish an example in the spec.  A few questions.  First, what is the key used?  When I publish an example, that will need to be part of the example so people have all the information to reproduce it.

This example doesn't appear to be using the encoding in the current JWE spec<http://self-issued.info/docs/draft-jones-json-web-encryption.html>.  For starters, there are only two segments (there's no JWE encrypted key), and there's no "enc" (encryption method) parameter .  Would it be possible for you to update your code to match the current spec?  After that, I'd love to check it against a F# or C# implementation.

If you could use these parameters from Section 3.1, that would be great!  Or I'm open to other ones.  (Don't bother with the "x5t" parameter, however. I made that one up!):
   {"alg":"RSA1_5",
    "enc":"A256GCM",
    "iv":"__79_Pv6-fg",

Thanks again!

                                                            -- Mike

From: Axel.Nennker at telekom.de [mailto:Axel.Nennker at telekom.de]
Sent: Wednesday, November 02, 2011 9:08 AM
To: Mike Jones
Cc: openid-specs-ab at lists.openid.net; rrichards at cdatazone.org
Subject: jwe aes gcm in java

Mike,

I implemented AESGCM in Java. The parameters for my example are:

The keybytes are: byte[] N = Hex.decode("cafebabefacedbaddecaf888");
The jweHeader is: {"alg":"A128GCM","iv":"yv66vvrO263eyviI"}

AESGCM jwtHeaderSegment base64:  eyJhbGciOiJBMTI4R0NNIiwiaXYiOiJ5djY2dnZyTzI2M2V5dmlJIn0
AESGCM jwtCryptoSegment base64:  H7I-QNvM8VtMylQfBbbqyrT8xiFcVv-7CZTn-dkXr10dpIOmzjMbqjmbqevK2aAoRu4s5DhU8dbeu8SbRJTCDYYAkYfOo_Hc5NY6B5-VwhnOWc0sres
Result JWE:  eyJhbGciOiJBMTI4R0NNIiwiaXYiOiJ5djY2dnZyTzI2M2V5dmlJIn0.H7I-QNvM8VtMylQfBbbqyrT8xiFcVv-7CZTn-dkXr10dpIOmzjMbqjmbqevK2aAoRu4s5DhU8dbeu8SbRJTCDYYAkYfOo_Hc5NY6B5-VwhnOWc0sres
The code is here:
http://code.google.com/p/openinfocard/source/browse/trunk/src/org/xmldap/json/WebToken.java
The JUNIT tests are here:
http://code.google.com/p/openinfocard/source/browse/trunk/testsrc/org/xmldap/json/WebTokenTest.java

Maybe you could verify my example with your F# code.
Rob: Could you please check with your php?

Cheers
Axel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20111103/796b878f/attachment.html>