On May 24, 2013, at 12:40 PM, Richard Barnes <[email protected]> wrote: > Dear JOSE, > > At the interim, it seemed like there was agreement on key wrapping at least > in the case of wrapping a JWK-structured key (as opposed to a bare > symmetric key). Namely, we agreed to use JWE to wrap the JWK structure. > > It seems to me that it would be prudent to add this recommendation as a > section in JWK. Since we're defining private key attributes, we should > define in the same document how to protect them. > > """ > X. Wrapped Key Format > > A wrapped key is a JWE object with a key as its payload, encoded as a > serialized JWK object. The "cty" attribute of a wrapped key MUST be set to > the JWK MIME type, "application/jwk+json". The processing of wrapped keys > is identical to normal JWE processing. > """ > > Do people find that to be sufficient text to explain how to generate and > process wrapped keys (as JWK within JWE)? > >
That looks reasonable to me, provided it is paired with one or two complete examples. - m&m Matt Miller < [email protected] > Cisco Systems, Inc. > > P.S. The astute reader will note that this text is adapted > from draft-barnes-jose-key-wrapping-01 > <http://tools.ietf.org/html/draft-barnes-jose-key-wrapping-01#section-2> > This is not an accident. I'm proposing to first address the question of > key wrapping in general; then we can talk about whether we want to > special-case symmetric keys with no attributes.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
