Encoding public keys as self-signed certs: That is a hack. Not that I am opposed to hacks but this is too much.
2012/10/29 Mike Jones <[email protected]> > “x5c” helps because you can represent a bare key as a self-signed cert > in PEM format in the “x5c” parameter. The JOSE specs already support > PEM-encoded keys.**** > > ** ** > > -- Mike**** > > ** ** > > *From:* Axel Nennker [mailto:[email protected]] > *Sent:* Wednesday, October 24, 2012 2:14 PM > *To:* Mike Jones > *Cc:* [email protected] > *Subject:* Re: jwk**** > > ** ** > > In the case where I generate the keypair on the fly I do not have an URL > to put in x5u. And a cert in not a public key. I want bare keys. > I don't know how x5u and x5c help here. > > I have the problem that I don't know how to convert (exp,mod) into a > pubkey on one platform (Firefox). I think that PEM is easier. > I think the same might be true an other platforms too. > > Another reason I think that PEM is better is that there are command line > tools to produce PEM-encoded keys while I don't know any tool to produce > (exp, mod). > > --Axel**** > > 2012/10/24 Mike Jones <[email protected]>**** > > To be clear, JWS and JWE already support the use of PEM encoded keys > through the "x5c" and "x5u" parameters. Therefore, I don't see any need to > also add X.509-based key formats to JWK itself.**** > > **** > > -- Mike**** > > **** > > *From:* Axel Nennker [mailto:[email protected]] > *Sent:* Wednesday, October 24, 2012 12:55 PM > *To:* [email protected] > *Cc:* Mike Jones > *Subject:* jwk**** > > **** > > > I think that having more choices other than (xpo, mod) is useful. > I believe that it is easier for me to implement keys in Firefox if I have > PEM encoded keys. > > So the format could be: > > user_jwk : {"pub": > "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4OTqe0p1tgEoOVtDzjQI > yP1Ipo8ivqTIeH4yH9kLzI4fCKx6ggZJ3h9ecj4p5E355umCThN/1doBc/tq18VGlNtyDNxCh45Z1zGYJKwZxaVaWQXlB2gfgnko1D+Zw9KIlipQHtnhJw/qREEIp4YOgaGcSZBCcQQ4DYCOjfTTbKUXSTlrlOgflfgTiyhUFuiKWkoeivwASigL76PtYNYc > n+dlYKYB/vSQ2CY7FtaDcr22EdqUDVPLNg1+K1rsvHvllP7iTnXA5IgxT5JELdrk > KX9Ek68zDzelOaJxs2tbkkwbqSLQfREzQ/yGAIOW9rZVqlaVBEBzUYzREmeybVq3 gwIDAQAB" > } > // PEM encoded public key without linebreaks > > A more general format would be: > > jwk: { "-----BEGIN PUBLIC KEY-----": > "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4OTqe0p1tgEoOVtDzjQI > yP1Ipo8ivqTIeH4yH9kLzI4fCKx6ggZJ3h9ecj4p5E355umCThN/1doBc/tq18VGlNtyDNxCh45Z1zGYJKwZxaVaWQXlB2gfgnko1D+Zw9KIlipQHtnhJw/qREEIp4YOgaGcSZBCcQQ4DYCOjfTTbKUXSTlrlOgflfgTiyhUFuiKWkoeivwASigL76PtYNYc > n+dlYKYB/vSQ2CY7FtaDcr22EdqUDVPLNg1+K1rsvHvllP7iTnXA5IgxT5JELdrk > KX9Ek68zDzelOaJxs2tbkkwbqSLQfREzQ/yGAIOW9rZVqlaVBEBzUYzREmeybVq3 gwIDAQAB" > } > > This general format could be used for private keys too. > > What do you think? > > Axel > > ps: Don't know whether I can post from this email address.... Mike, would > you lease post it if it does appear in your inbox but not on the list. > Thanks.**** > > ** ** >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
