"jose" <[email protected]> wrote on 09/12/2018 02:37:45 PM:
>
> Hello Stefan,
> The JWK format is a template / extensible, so what you suggest will
> technically work. You just need to spec the required / optional
> parameters for the key type.
Right. And find all they ways a PGP key can be represented. I'll make this
dependent on the requirements of a project I am working on, though.
>
> How would PGP benefit from a JWK format?
It's not PGP benefitting from the JWK format, it's more JWE benefiting from
it. OpenPGP is just be an example. Basically I would see JWK be *the* key
format for all kinds of software and hardware (device) keys which would be
capable of doing key unwrapping for JWE. So in the JWE one would encounter
in the recipients part a list of JWK's, each one describing which type of
device can do the key unwrapping along with some other metadata. Hardware
devices could for example be TPMs, smartcards, and hardware security
modules. Based on what device it is, a JWE implementation would invoke the
driver for the unwrapping of a key and feed necessary parameters to it,
such as for example URLs under which a device can be reached, or some
persistent label that is to be used to do an operation with the key. There
could be lots of vendor specific JWK descriptions along with drivers. The
point is that JWK can carry all the metadata for the decryption process
while I would say current key formats do not carry that along.
Stefan
>
> Vladimir
> On 12/09/18 20:11, Stefan Berger wrote:
> Hello!
>
> I was wondering whether it would be possible to define a JWK format
> for OpenPGP
> (RFC 4480, https://tools.ietf.org/html/rfc4880) type of keys.
>
> In particular I would be interested in a JWK representation of
> OpenPGP type of
> keys representing an asymmetric key to which a session key was encrypted
to.
> This is following section "5.1. Public-Key Encrypted Session Key
> Packets (Tag
> 1)" (https://tools.ietf.org/html/rfc4880#page-17). In JWK format
> this could look
> like this:
>
> {
> "kty": "OpenPGP"
> "kid": "0x1234567890abcdef",
> "ver": 3,
> }
>
> Other representations of OpenPGP types of keys are those typical for
> public and
> private keys, though it's not clear whether RSA for example then
> should be some
> form of subtype of PGP.
>
> Regards,
> Stefan Berger
>
>
> _______________________________________________
> jose mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/jose
> [attachment "smime.p7s" deleted by Stefan Berger/Watson/IBM]
> _______________________________________________
> jose mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
