<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Verifiable examples are always nice to have, especially for catching
    horrible implementation bugs, such as the oct JWK thumbprint compute
    bug which Brian reported :)<br>
    <br>
    I promptly added them to the Nimbus lib test suite.<br>
    <br>
<a class="moz-txt-link-freetext" href="https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3415a620a36eaeb79bc307b68484afac7a2156d8">https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3415a620a36eaeb79bc307b68484afac7a2156d8</a><br>
    <br>
    <div class="moz-cite-prefix">On 23.09.2015 01:58, Brian Campbell
      wrote:<br>
    </div>
    <blockquote
cite="mid:CA+k3eCQwnEj9r_n6iqEDxiPiJinOAHiBqEfactxfH0xCch4mCw@mail.gmail.com"
      type="cite">
      <pre wrap="">No, not really. I was just looking to validate my own implementation and
using (abusing) these lists seemed like a decent way to do it.

I mean, from a developer's perspective, I find examples that can be used to
validate implementation to be extremely useful.  But, at this point, RFC
7638 is probably just fine as it is.

On Tue, Sep 22, 2015 at 1:45 PM, Jim Schaad <a class="moz-txt-link-rfc2396E" href="mailto:ietf@augustcellars.com"><ietf@augustcellars.com></a> wrote:

</pre>
      <blockquote type="cite">
        <pre wrap="">Brian,



Are you thinking that the set of examples should be expanded?



Jim





*From:* jose [<a class="moz-txt-link-freetext" href="mailto:jose-bounces@ietf.org">mailto:jose-bounces@ietf.org</a>] *On Behalf Of *Brian Campbell
*Sent:* Tuesday, September 22, 2015 10:47 AM
*To:* Manger, James <a class="moz-txt-link-rfc2396E" href="mailto:James.H.Manger@team.telstra.com"><James.H.Manger@team.telstra.com></a>
*Cc:* <a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab@lists.openid.net"><openid-specs-ab@lists.openid.net></a> <a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab@lists.openid.net"><openid-specs-ab@lists.openid.net></a>;
<a class="moz-txt-link-abbreviated" href="mailto:jose@ietf.org">jose@ietf.org</a>
*Subject:* Re: [jose] [Openid-specs-ab] JWK Thumbprint / RFC 7638



Thanks James. That's still useful validation.

For whatever it's worth, shortly after I sent the message yesterday I
noticed the nimbus library announced support for JWK thumbprints. So I
compared some results with that implementation. Nimbus had a small defect
calculating thumbprints for "oct" key types but, once that was fixed, also
produced the same results. So I'm reasonably confident these examples are
correct.





On Mon, Sep 21, 2015 at 6:09 PM, Manger, James <
<a class="moz-txt-link-abbreviated" href="mailto:James.H.Manger@team.telstra.com">James.H.Manger@team.telstra.com</a>> wrote:

I got the same results, Brian — though using some manual tools, not a
proper library.



--

James Manger



*From:* Openid-specs-ab [<a class="moz-txt-link-freetext" href="mailto:openid-specs-ab-bounces@lists.openid.net">mailto:openid-specs-ab-bounces@lists.openid.net</a>] *On
Behalf Of *Brian Campbell
*Sent:* Tuesday, 22 September 2015 1:43 AM
*To:* <a class="moz-txt-link-abbreviated" href="mailto:jose@ietf.org">jose@ietf.org</a>; <a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab@lists.openid.net"><openid-specs-ab@lists.openid.net></a>
*Subject:* [Openid-specs-ab] JWK Thumbprint / RFC 7638



I added JWK Thumbprint support to my JOSE/JWT library
<a class="moz-txt-link-rfc2396E" href="https://bitbucket.org/b_c/jose4j"><https://bitbucket.org/b_c/jose4j></a> this morning. Does anyone else have an
implementation handy?

The example in section 3.1
<a class="moz-txt-link-rfc2396E" href="http://tools.ietf.org/html/rfc7638#section-3.1"><http://tools.ietf.org/html/rfc7638#section-3.1></a> provided a nice
opportunity to check my work with an "RSA" key type. However, there are no
examples for "EC" or "oct" keys. While it should be pretty straightforward
to implement, for me anyway, dumb little mistakes are certainly within the
realm of possibility. So, if anyone would like to check their work against
mine, a few JWKs followed by the base64url encoded SHA-256 hash of the RFC
7638 thumbprint are below. I'd be interested to hear if folks can
(hopefully) reproduce the same results.


{"kty":"oct",
 "k":"ZW8Eg8TiwoT2YamLJfC2leYpLgLmUAh_PcMHqRzBnMg"}
7WWD36NF4WCpPaYtK47mM4o0a5CCeOt01JXSuMayv5g


{"kty":"EC",
 "x":"CEuRLUISufhcjrj-32N0Bvl3KPMiHH9iSw4ohN9jxrA",
 "y":"EldWz_iXSK3l_S7n4w_t3baxos7o9yqX0IjzG959vHc",
 "crv":"P-256"}
j4UYwo9wrtllSHaoLDJNh7MhVCL8t0t8cGPPzChpYDs


{"kty":"EC",

 "x":"Aeq3uMrb3iCQEt0PzSeZMmrmYhsKP5DM1oMP6LQzTFQY9-F3Ab45xiK4AJxltXEI-87g3gRwId88hTyHgq180JDt",

 "y":"ARA0lIlrZMEzaXyXE4hjEkc50y_JON3qL7HSae9VuWpOv_2kit8p3pyJBiRb468_U5ztLT7FvDvtimyS42trhDTu",
 "crv":"P-521"}
rz4Ohmpxg-UOWIWqWKHlOe0bHSjNUFlHW5vwG_M7qYg


{"kty":"EC",
 "x":"2jCG5DmKUql9YPn7F2C-0ljWEbj8O8-vn5Ih1k7Wzb-y3NpBLiG1BiRa392b1kcQ",
 "y":"7Ragi9rT-5tSzaMbJlH_EIJl6rNFfj4V4RyFM5U2z4j1hesX5JXa8dWOsE-5wPIl",
 "crv":"P-384"}
vZtaWIw-zw95JNzzURg1YB7mWNLlm44YZDZzhrPNetM


{"kty":"oct","k":"NGbwp1rC4n85A1SaNxoHow"}
5_qb56G0OJDw-lb5mkDaWS4MwuY0fatkn9LkNqUHqMk



</pre>
      </blockquote>
      <pre wrap="">
</pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
Vladimir Dzhuvinov :: <a class="moz-txt-link-abbreviated" href="mailto:vladimir@connect2id.com">vladimir@connect2id.com</a></pre>
  </body>
</html>