I am not aware of any work being done for that purpose. I am not sure why you would use a JWK rather than a URI, but I can see some possibilities.
Jim -----Original Message----- From: jose [mailto:[email protected]] On Behalf Of Nathaniel McCallum Sent: Wednesday, June 28, 2017 5:41 AM To: [email protected] Subject: [jose] PKCS#11 Support for JWKs Has there been any interest in standardizing this? The Jose project[0] has some initial working code (not yet published). We are using the (new, standardized) "p11" attribute in JWKs to replace the absence of private key material. The value of this attribute is the URI to the key as defined by p11-kit[1]. Thus, when a JWK which lacks private key material but contains "p11" is used for a decryption or signing process, we forward this request to the PKCS#11 module. Does anyone have interest in working with me on a standard for this (or something similar)? Nathaniel [0]: https://github.com/latchset/jose [1]: https://github.com/p11-glue/p11-kit _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
