Dear JOSE, At the interim, it seemed like there was agreement on key wrapping at least in the case of wrapping a JWK-structured key (as opposed to a bare symmetric key). Namely, we agreed to use JWE to wrap the JWK structure.
It seems to me that it would be prudent to add this recommendation as a section in JWK. Since we're defining private key attributes, we should define in the same document how to protect them. """ X. Wrapped Key Format A wrapped key is a JWE object with a key as its payload, encoded as a serialized JWK object. The "cty" attribute of a wrapped key MUST be set to the JWK MIME type, "application/jwk+json". The processing of wrapped keys is identical to normal JWE processing. """ Do people find that to be sufficient text to explain how to generate and process wrapped keys (as JWK within JWE)? Thanks, --Richard P.S. The astute reader will note that this text is adapted from draft-barnes-jose-key-wrapping-01 <http://tools.ietf.org/html/draft-barnes-jose-key-wrapping-01#section-2> This is not an accident. I'm proposing to first address the question of key wrapping in general; then we can talk about whether we want to special-case symmetric keys with no attributes.
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
