Sorry for bringing up this thread again but apparently the answer was a bit more convoluted than I thought :-(
For RSA the answer is YES but for EC it is NO: http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18#section-6.2.1 I found out that when converting my JCS implementation from Java to JavaScript because only in the JavaScript version I had to deal with SPKIs at the ASN.1 level: https://code.google.com/p/openkeystore/source/browse/javascript/trunk/src/crypto/KeySerializing.js There may be a bug here: https://bitbucket.org/nimbusds/nimbus-jose-jwt/src/6d6938b94f7a6051636bf654864a78b708fa392f/src/main/java/com/nimbusds/jose/jwk/ECKey.java#cl-727 This is the test-vector that caused my original code to fail: var p521_spki = 'MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBCCAc9n4N7ZOr_tTu\ _wAOmPKi4qTp5X3su6O3010hxmBYj9zI4u_0dm6UZa0LsjdfvcAET6vH3mEApvGKpDWrRsAA_nJhyQ20ca7Nn0Zvyiq54FfCAblGK7kuduF\ BTPkxv9eOjiaeGp7V_f3qV1kxS_Il2LY7Tc5l2GSlW_-SzYKxgek'; FWIW, I have kept the "CryptoBinary" approach in JCS since compatibility with other systems is only needed on the SPKI level. There are other quirks in JWK like mixing Base64URL and Base64 which I also didn't see the point with. Cheers Anders On 2013-12-10 22:17, Anders Rundgren wrote: > On 2013-12-10 21:41, Brian Campbell wrote: >> I am likewise a non-cryptographer but that's my code so I guess I should >> comment :) >> >> The understanding of that part of the specs comes from the text, "... >> represented as the base64url encoding of the value's unsigned big endian >> representation as an octet sequence." The spec drafts have been updated >> over time and the appearances of that text have moved around since I wrote >> that code but I think the intent hasn't changed The text is currently used >> in each of the parameters for RSA keys >> http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18#section-6.3. >> The same text was there for EC keys as well but recently was change to >> reference SEC1 (which I'm told is basically the same for for prime curves). > > Brian, thank very much for pointing me to the right places! > I'm happy to see that I'm still on the right track :-) > > Cheers > Anders > >> >> >> >> >> On Fri, Dec 6, 2013 at 10:05 PM, Anders Rundgren >> <[email protected] <mailto:[email protected]>> wrote: >> >> Well, a peek in another JOSE implementation seems to verify that this is >> an _implicit_ (understood) part of the specification: >> >> >> https://bitbucket.org/b_c/jose4j/src/b782e9638a84431a58234b7258c2186da4e8189f/src/main/java/org/jose4j/keys/BigEndianBigInteger.java >> >> As a non-cryptographer I interpret this as: X and Y for EC public keys >> must always be positive and this is also the case for RSA public exponent >> and modulus. >> >> In an early version of an XML DSig implementation of mine I occasionally >> got run-time errors which was how I found out about ds:CryptoBinary... >> >> Anders >> >> >> On 2013-12-01 18:00, Anders Rundgren wrote: >> > Hi List >> > >> > Pardon a non-cryptographer, but does JWK have a counterpart to >> > http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary >> > ? >> > >> > If not, why? >> > >> > From what I can deduct the following implementation use CryptoBinary >> for both EC and RSA public keys: >> > >> > >> https://bitbucket.org/nimbusds/nimbus-jose-jwt/src/6d6938b94f7a6051636bf654864a78b708fa392f/src/main/java/com/nimbusds/jose/util/BigIntegerUtils.java?at=master >> > >> > thanx, >> > Anders >> > >> >> _______________________________________________ >> jose mailing list >> [email protected] <mailto:[email protected]> >> https://www.ietf.org/mailman/listinfo/jose >> >> > _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
