General JWE JSON Serialization using direct encryption is indeed rather
awkward given it's always only for a single recipient.
I interpret that as saying that when Direct Encryption mode is used with
> General JWE JSON Serialization, then there should be "recipients" field,
> where value is [{}] (array of 1 empty object).
>
Not necessarily, it depends on which of the JOSE header locations is used
to indicate the JWE alg and enc. A JWE Per-Recipient Unprotected Header can
be used which would mean it's not an empty object in that array. Although
with a single recipient there's no point in using anything but the JWE
Protected Header.
I've composed a quick demonstration of the different results here
<https://gist.github.com/panva/a5e3cd3b1dca7a73b9f73fda3caed167>.
It would appear that rfc7520.html#section-5.6.4 is incorrect and should
either say "Only the flattened JWE JSON Serialization is presented." and
"The resulting JWE object using the flattened JWE JSON Serialization:" or
show both with the only difference being the "recipients": [{}] inclusion.
The very accompanying cookbook (
https://github.com/ietf-jose/cookbook/blob/master/jwe/5_6.direct_encryption_using_aes-gcm.json)
does indeed only have json_flat (flattened serialization) and NOT json
(which would be the general serialization).
S pozdravem,
*Filip Skokan*
On Sat, 10 Feb 2024 at 10:49, Ilari Liusvaara <[email protected]>
wrote:
> I was looking at how various serializations work in Direct Encryption
> mode. RFC7520 (Examples of Protecting Content Using JSON Object Signing
> and Encryption (JOSE)) has an example. But, I noticed the following:
>
>
> RFC7516 (JSON Web Encryption (JWE)) has the following in section 7.2.1.
> (General JWE JSON Serialization Syntax):
>
> ------------------------------------------------------------------------
> recipients
> The "recipients" member value MUST be an array of JSON objects.
> Each object contains information specific to a single recipient.
> This member MUST be present with exactly one array element per
> recipient, even if some or all of the array element values are the
> empty JSON object "{}" (which can happen when all Header Parameter
> values are shared between all recipients and when no encrypted key
> is used, such as when doing Direct Encryption).
> ------------------------------------------------------------------------
>
> I interpret that as saying that when Direct Encryption mode is used with
> General JWE JSON Serialization, then there should be "recipients" field,
> where value is [{}] (array of 1 empty object).
>
> Also, section 5.2. (Message Decryption) only seems to makes sense if JWE
> JSON Serialization always has at least one recipient.
>
>
>
> But RFC7520 says in section 5.6.4. (Output Results) that:
>
> ------------------------------------------------------------------------
> Only the general JWE JSON Serialization is presented because the
> flattened JWE JSON Serialization is identical.
> ------------------------------------------------------------------------
>
> Because flattened JWE JSON Serialization does not have "recipients"
> field, that would imply that "recipients" is also absent in general JWE
> JSON Serialization. And indeed, the example shown in figure 137, which
> is allegedly general JWE JSON Serialization only has fields "protected",
> "iv", "ciphertext" and "tag". No "recipients".
>
> That looks incompatible with the RFC7516 interpretation above, so
> presumably either the interpretation or the example is wrong. So which
> one is wrong?
>
>
> I also took a look at reported errata for RFC7520. There are two,
> however, neither is about section 5.6. (one is 5.7., and the other is
> about 5.9.). Neither does any reported errata for RFC7516 seem
> relevant.
>
>
>
>
> -Ilari
>
> _______________________________________________
> jose mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/jose
>
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
