[jose] General JWE JSON Serialization of Direct Encryption and RFC7520

Sat, 10 Feb 2024 01:49:41 -0800 

I was looking at how various serializations work in Direct Encryption
mode. RFC7520 (Examples of Protecting Content Using JSON Object Signing
and Encryption (JOSE)) has an example. But, I noticed the following:


RFC7516 (JSON Web Encryption (JWE)) has the following in section 7.2.1.
(General JWE JSON Serialization Syntax):

------------------------------------------------------------------------
recipients
      The "recipients" member value MUST be an array of JSON objects.
      Each object contains information specific to a single recipient.
      This member MUST be present with exactly one array element per
      recipient, even if some or all of the array element values are the
      empty JSON object "{}" (which can happen when all Header Parameter
      values are shared between all recipients and when no encrypted key
      is used, such as when doing Direct Encryption).
------------------------------------------------------------------------

I interpret that as saying that when Direct Encryption mode is used with
General JWE JSON Serialization, then there should be "recipients" field,
where value is [{}] (array of 1 empty object).

Also, section 5.2. (Message Decryption) only seems to makes sense if JWE
JSON Serialization always has at least one recipient.



But RFC7520 says in section 5.6.4. (Output Results) that:

------------------------------------------------------------------------
Only the general JWE JSON Serialization is presented because the
flattened JWE JSON Serialization is identical.
------------------------------------------------------------------------

Because flattened JWE JSON Serialization does not have "recipients"
field, that would imply that "recipients" is also absent in general JWE
JSON Serialization. And indeed, the example shown in figure 137, which
is allegedly general JWE JSON Serialization only has fields "protected",
"iv", "ciphertext" and "tag". No "recipients".

That looks incompatible with the RFC7516 interpretation above, so
presumably either the interpretation or the example is wrong. So which
one is wrong?


I also took a look at reported errata for RFC7520. There are two,
however, neither is about section 5.6. (one is 5.7., and the other is
about 5.9.).  Neither does any reported errata for RFC7516 seem
relevant.




-Ilari 

_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose

Reply via email to