<div dir="ltr"><div><div>Thanks James. That's still useful validation.  <br><br></div>For whatever it's worth, shortly after I sent the message yesterday I noticed the nimbus library announced support for JWK thumbprints. So I compared some results with that implementation. Nimbus had a small defect calculating thumbprints for "oct" key types but, once that was fixed, also produced the same results. So I'm reasonably confident these examples are correct. <br></div><div><div><br><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 21, 2015 at 6:09 PM, Manger, James <span dir="ltr"><<a href="mailto:James.H.Manger@team.telstra.com" target="_blank">James.H.Manger@team.telstra.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div link="blue" vlink="purple" lang="EN-AU"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I got the same results, Brian — though using some manual tools, not a proper library.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">--<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">James Manger<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm"><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"" lang="EN-US">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"" lang="EN-US"> Openid-specs-ab [mailto:<a href="mailto:openid-specs-ab-bounces@lists.openid.net" target="_blank">openid-specs-ab-bounces@lists.openid.net</a>] <b>On Behalf Of </b>Brian Campbell<br><b>Sent:</b> Tuesday, 22 September 2015 1:43 AM<br><b>To:</b> <a href="mailto:jose@ietf.org" target="_blank">jose@ietf.org</a>; <<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a>><br><b>Subject:</b> [Openid-specs-ab] JWK Thumbprint / RFC 7638<u></u><u></u></span></p></div><div><div class="h5"><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">I added JWK Thumbprint support to my <a href="https://bitbucket.org/b_c/jose4j" target="_blank">JOSE/JWT library</a> this morning. Does anyone else have an implementation handy?<br><br>The <a href="http://tools.ietf.org/html/rfc7638#section-3.1" target="_blank">example in section 3.1</a> provided a nice opportunity to check my work with an "RSA" key type. However, there are no examples for "EC" or "oct" keys. While it should be pretty straightforward to implement, for me anyway, dumb little mistakes are certainly within the realm of possibility. So, if anyone would like to check their work against mine, a few JWKs followed by the base64url encoded SHA-256 hash of the RFC 7638 thumbprint are below. I'd be interested to hear if folks can (hopefully) reproduce the same results.<u></u><u></u></p><div><p class="MsoNormal"><span style="font-family:"Courier New""><br>{"kty":"oct",<br> "k":"ZW8Eg8TiwoT2YamLJfC2leYpLgLmUAh_PcMHqRzBnMg"}<br>7WWD36NF4WCpPaYtK47mM4o0a5CCeOt01JXSuMayv5g<br><br><br>{"kty":"EC",<br> "x":"CEuRLUISufhcjrj-32N0Bvl3KPMiHH9iSw4ohN9jxrA",<br> "y":"EldWz_iXSK3l_S7n4w_t3baxos7o9yqX0IjzG959vHc",<br> "crv":"P-256"}<br>j4UYwo9wrtllSHaoLDJNh7MhVCL8t0t8cGPPzChpYDs<br><br><br>{"kty":"EC",<br> "x":"Aeq3uMrb3iCQEt0PzSeZMmrmYhsKP5DM1oMP6LQzTFQY9-F3Ab45xiK4AJxltXEI-87g3gRwId88hTyHgq180JDt",<br> "y":"ARA0lIlrZMEzaXyXE4hjEkc50y_JON3qL7HSae9VuWpOv_2kit8p3pyJBiRb468_U5ztLT7FvDvtimyS42trhDTu",<br> "crv":"P-521"}<br>rz4Ohmpxg-UOWIWqWKHlOe0bHSjNUFlHW5vwG_M7qYg<br><br><br>{"kty":"EC",<br> "x":"2jCG5DmKUql9YPn7F2C-0ljWEbj8O8-vn5Ih1k7Wzb-y3NpBLiG1BiRa392b1kcQ",<br> "y":"7Ragi9rT-5tSzaMbJlH_EIJl6rNFfj4V4RyFM5U2z4j1hesX5JXa8dWOsE-5wPIl",<br> "crv":"P-384"}<br>vZtaWIw-zw95JNzzURg1YB7mWNLlm44YZDZzhrPNetM<br><br><br>{"kty":"oct","k":"NGbwp1rC4n85A1SaNxoHow"}<br>5_qb56G0OJDw-lb5mkDaWS4MwuY0fatkn9LkNqUHqMk</span><u></u><u></u></p></div></div></div></div></div></div></blockquote></div><br></div>