<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#002060;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060">Hi Axel,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060">I believe that the bug is in your stringToSign calculation. For non-AEAD algorithms, such as AES CBC, it should be:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in">String stringToSign = encodedJwtHeaderSegment + "." + encodedJwtKeySegment
<span style="background:yellow;mso-highlight:yellow">+ "." + encodedJwtInitializationVectorSegment</span> + "." + encodedJwtCryptoSegment;<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060">And for AEAD algorithms, such as AES GCM, it should be:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in">String stringToSign = encodedJwtHeaderSegment + "." + encodedJwtKeySegment
<span style="background:yellow;mso-highlight:yellow">+ "." + encodedJwtInitializationVectorSegment</span>;<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060">You could see the “Secured Input”, “Secured Input Bytes”, “Additional Authenticated Data”, and “Additional Authenticated Data Bytes” values in the log files
and see if the values you compute match those.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060"> Hope this helps,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060"> -- Mike<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> openid-connect-interop@googlegroups.com [mailto:openid-connect-interop@googlegroups.com]
<b>On Behalf Of </b>Axel Nennker<br>
<b>Sent:</b> Friday, September 07, 2012 11:28 AM<br>
<b>To:</b> openid-connect-interop@googlegroups.com<br>
<b>Cc:</b> ejay@mgi1.com; emmanuel@raviart.com; bcampbell@pingidentity.com; openid-specs-ab@lists.openid.net<br>
<b>Subject:</b> Re: Updated JWE encryption examples<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">I get the same CIK and CEK. <br>
I can encrypt and decrypt and the things that don't have added randomness are the same.<br>
<br>
The other way round gives me headaches. I can decrypt and get the same cleartext. I made sure (again) that I have the same CIK and CEK but the integrity check fails.<br>
I guess that is a problem with my implementation.<br>
String stringToSign = encodedJwtHeaderSegment + "." + encodedJwtKeySegment + "." + encodedJwtCryptoSegment;<br>
byte[] bytes = JcBase.doMac(mac, cik, stringToSign.getBytes());<br>
mac is SHA256Digest, cik is your CIK<br>
<br>
For today I give up to see the difference.<br>
<br>
cheers<br>
Axel<br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal">2012/9/5 Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>><o:p></o:p></p>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Yes. The int and kdf parameters will be removed from the next draft.<br>
<br>
Thanks,<br>
-- Mike<o:p></o:p></span></p>
</div>
</div>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="2" width="100%" align="center">
</div>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:
</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><a href="mailto:Axel.Nennker@telekom.de" target="_blank">Axel.Nennker@telekom.de</a></span><br>
<b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Sent: </span>
</b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">9/4/2012 1:53 PM</span><br>
<b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">To: </span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Mike Jones;
<a href="mailto:ejay@mgi1.com" target="_blank">ejay@mgi1.com</a>; <a href="mailto:emmanuel@raviart.com" target="_blank">
emmanuel@raviart.com</a>; <a href="mailto:bcampbell@pingidentity.com" target="_blank">
bcampbell@pingidentity.com</a></span><br>
<b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Cc: </span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><a href="mailto:openid-connect-interop@googlegroups.com" target="_blank">openid-connect-interop@googlegroups.com</a>;
<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a></span><br>
<b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Subject: </span>
</b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">RE: Updated JWE encryption examples</span><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#1F497D">I will finish this tomorrow. Is the “int” parameter removed from the header altogether? Kdf too?</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#1F497D">I checked the changes into the jsoncrypto repository but my development laptop crashed and I could not complete all tests.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#1F497D">Axel</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Mike Jones [mailto:<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>]
<br>
<b>Sent:</b> Tuesday, September 04, 2012 8:56 PM<br>
<b>To:</b> Edmund Jay; Emmanuel Raviart; Brian Campbell; Nennker, Axel<br>
<b>Cc:</b> <a href="mailto:openid-connect-interop@googlegroups.com" target="_blank">
openid-connect-interop@googlegroups.com</a>; <a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">
openid-specs-ab@lists.openid.net</a><br>
<b>Subject:</b> Re: Updated JWE encryption examples</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#002060">Have any of you tried decrypting these updated examples? I plan on using them in the next release of the JWE spec, but would like confirmation that
they’re correct.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#002060"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#002060"> Thanks again,</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#002060"> -- Mike</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#002060"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a href="mailto:openid-connect-interop@googlegroups.com" target="_blank">openid-connect-interop@googlegroups.com</a> [mailto:<a href="mailto:openid-connect-interop@googlegroups.com" target="_blank">openid-connect-interop@googlegroups.com</a>]
<b>On Behalf Of </b>Mike Jones<br>
<b>Sent:</b> Wednesday, August 29, 2012 10:12 PM<br>
<b>To:</b> Edmund Jay; Emmanuel Raviart; Brian Campbell; Axel Nennker<br>
<b>Cc:</b> <a href="mailto:openid-connect-interop@googlegroups.com" target="_blank">
openid-connect-interop@googlegroups.com</a>; <a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">
openid-specs-ab@lists.openid.net</a><br>
<b>Subject:</b> Updated JWE encryption examples</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Here’s updated encryption examples incorporating the proposed JWE/JWA changes. In summary, changes in these computations are:<o:p></o:p></p>
<p><span style="font-family:Symbol">·</span><span style="font-size:7.0pt">
</span>Updated the Concat KDF calculation, per yesterday’s e-mail<o:p></o:p></p>
<p><span style="font-family:Symbol">·</span><span style="font-size:7.0pt">
</span>Consolidated the “enc”, “int”, and “kdf” parameters into a composite “enc” parameter, with new AES CBC “enc” values
<span style="color:#1F497D">“A128CBC+HS256” and “A256CBC+HS512”</span><o:p></o:p></p>
<p><span style="font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="color:#1F497D">Moved initialization vector out of the header into its own dot-separated parameter value (to save space and to factor it out for the JSON Serialization), with the JWE representation becoming header.encryptedKey.initializationVector.ciphertext.integrityValue</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">The examples attached are:<o:p></o:p></p>
<p><span style="font-family:Symbol">·</span><span style="font-size:7.0pt">
</span>JWE.log: Will be used to create the new AES-CBC example in Section 3.2 and Appendix A.2 of the JWE specification<o:p></o:p></p>
<p><span style="font-family:Symbol">·</span><span style="font-size:7.0pt">
</span>JWE2.log: Will be used to create the new AES-GCM example in Section 3.1 and Appendix A.1 of the JWE specification<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">It would be great if any of you can verify that you can decrypt these results!<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> Thanks again,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> -- Mike<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>