On Fri, Jul 07, 2017 at 09:05:38AM +0200, Anders Rundgren wrote: > On 2017-07-06 23:07, Vladimir Dzhuvinov wrote: > > Great! > > > > The "k" parameter appears to be mandatory for "oct" JWKs. How can we > > reconcile that with the p11 spec? Ideas? > > > > https://tools.ietf.org/html/rfc7518#section-6.4.1 > > It gets even more fun with OKP JWKs:
Actually from what I can gather, RSA and OKP require the private key material for private keys. EC and OCT do not (at least I can't find explicit language saying they have to). So sounds like updating to RFC 7518 and RFC 8037 is in order. (Of course, I don't think presently OKP keys can be used with PKCS#11, but that is due to lack of specification, so it could change...) -Ilari _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
