Hey Sergey, JWK isn't necessarily tied to JWE or JWS. It can be used to represent the public key that was used to encrypt a JWE (so that the recipient can look up the private key), or the public key that should be used to verify a JWS. But it can also be used in other contexts. For example, WebCrypto uses JWK (among others) as a format for serializing keys. https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#subtlecrypto-interface-datatypes
As that link suggests, JWK is effectively the same as the PKCS#8 format for private keys and the SubjectPublicKeyInfo format for public keys -- just in JSON instead of ASN.1. It's a way to ship a key from one place to another, for whatever reason you need to do that. Hope that helps, --Richard On Thu, Aug 14, 2014 at 5:51 AM, Sergey Beryozkin <[email protected]> wrote: > Hi, > > This is very likely a newbie question. What is the role of JWK ? > According to [1] it is "... a (JSON) data structure that represents a > cryptographic key". > > I can see plenty examples of JWK in the JWE specification. JWS and JWE > headers can have a "jwk" property representing a given JWK. > > What confuses me is that the examples in JWE use JWK to describe the > private parts of a given key. For example, when we talk about the RSA OAEP > key encryption, JWK would show a private exponent of a given RSA key (JWE > A1). Same for Aes Wrap secret key (JWE A3). Etc. > > So clearly one would not use a "jwk" JWE header to pass around a JWK > representation of the key which was used to encrypt the content encryption > key. > > So I'm thinking a JWK is: > - a convenient way to describe a cryptographic key for JWE/JWS > specifications to refer to it in the spec examples. > - perhaps there's a long-term vision that the key stores would support JWK > format directly ? > - JWK is a 'container' for various key properties, some of those 'public' > properties can be passed around as a JWE/JWS header; > > Am I on the right track, can someone please clarify it further ? > > Thanks, Sergey > > > [1] http://tools.ietf.org/html/draft-ietf-jose-json-web-key-31#section-1 > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
