ステータス:
INFORMATIONAL
原文:
RFC 7520
その他の情報:
Datatracker|Info page

RFC 7520

Examples of Protecting Content Using JSON Object Signing and Encryption (JOSE)

RFC 7520

JSONオブジェクト署名および暗号化(JOSE)を使用してコンテンツを保護する例

Abstract

概要

This document contains a set of examples using JSON Object Signing and Encryption (JOSE) technology to protect data. These examples present a representative sampling of JSON Web Key (JWK) objects as well as various JSON Web Signature (JWS) and JSON Web Encryption (JWE) results given similar inputs.

このドキュメントには、JSONオブジェクト署名および暗号化(JOSE)技術を使用してデータを保護するための一連の例が含まれています。これらの例は、JSON Web Key(JWK)オブジェクトの代表的なサンプリングと、類似の入力に対して与えられるさまざまなJSON Web Signature(JWS)およびJSON Web Encryption(JWE)の結果を示しています。

Status of This Memo

このメモのステータス

This document is not an Internet Standards Track specification; it is published for informational purposes.

このドキュメントは、インターネット標準トラック仕様ではありません。情報提供のために公開されています。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.

このドキュメントは、インターネットエンジニアリングタスクフォース(IETF)の成果物です。IETFコミュニティの合意を表しています。公開レビューを受け、インターネットエンジニアリングステアリンググループ(IESG)によって公開承認されました。IESGによって承認されたすべてのドキュメントがインターネット標準の候補となるわけではなく、RFC 5741のセクション2を参照してください。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7520.

このドキュメントの現在の状況、正誤表、およびフィードバック方法に関する情報については、http://www.rfc-editor.org/info/rfc7520 を参照してください。

Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.

Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

この文書は、BCP 78およびIETFドキュメントに関するIETFトラストの法的規定(https://trustee.ietf.org/license-info)にしたがう必要があります。これらの文書をよく確認し、この文書に関するあなたの権利と制限を説明しています。この文書から抽出されたコードコンポーネントには、Trust Legal Provisionsのセクション4.eに記載されているSimplified BSD Licenseのテキストが含まれている必要があり、Simplified BSD Licenseに記載されているように保証なしで提供されます。

Table of Contents

目次

1. Introduction

1. はじめに

The JSON Object Signing and Encryption (JOSE) technologies -- JSON Web Signature [JWS], JSON Web Encryption [JWE], JSON Web Key [JWK], and JSON Web Algorithms [JWA] -- can be used collectively to encrypt and/or sign content using a variety of algorithms. While the full set of permutations is extremely large, and might be daunting to some, it is expected that most applications will only use a small set of algorithms to meet their needs.

JSON Object Signing and Encryption(JOSE)技術 - JSON Web Signature [JWS]、JSON Web Encryption [JWE]、JSON Web Key [JWK]、およびJSON Web Algorithms [JWA] - は、さまざまなアルゴリズムを使用してコンテンツを暗号化および/または署名するために共同で使用できます。全ての組み合わせは非常に多岐にわたり、一部の人にとっては困難かもしれませんが、ほとんどのアプリケーションは、必要なニーズを満たすために、ごくわずかなアルゴリズムしか使用しないことが期待されています。

This document provides a number of examples of signing or encrypting content using JOSE. While not exhaustive, it does compile a representative sampling of JOSE features. As much as possible, the same signature payload or encryption plaintext content is used to illustrate differences in various signing and encryption results.

このドキュメントには、JOSEを使用してコンテンツを署名または暗号化するための多数の例が提供されています。網羅的ではありませんが、JOSEの機能の代表的なサンプリングをまとめています。可能な限り、同じ署名ペイロードまたは暗号化プレーンテキストコンテンツを使用して、さまざまな署名および暗号化結果の違いを説明しています。

This document also provides a number of example JWK objects. These examples illustrate the distinguishing properties of various key types and emphasize important characteristics. Most of the JWK examples are then used in the signature or encryption examples that follow.

このドキュメントには、多数のJWKオブジェクトの例も提供されています。これらの例は、さまざまなキータイプの識別特性を示し、重要な特性を強調しています。JWKのほとんどの例は、後続する署名または暗号化の例で使用されます。

All of the examples contained herein are available in a machine- readable format at <https://github.com/ietf-jose/cookbook>.

ここに含まれるすべての例は、機械可読形式で <https://github.com/ietf-jose/cookbook> から利用できます。

1.1. Conventions Used in This Document

1.1. このドキュメントで使用される規約

This document separates data that are expected to be input to an implementation of JOSE from data that are expected to be generated by an implementation of JOSE. Each example, wherever possible, provides enough information both to replicate the results of this document and to validate the results by running its inverse operation (e.g., signature results can be validated by performing the JWS verify). However, some algorithms inherently use random data; therefore, computations employing them cannot be exactly replicated. Such cases are explicitly stated in the relevant sections.

このドキュメントでは、JOSEの実装に入力されることが期待されるデータと、JOSEの実装によって生成されることが期待されるデータを区別しています。できる限り、各例は、このドキュメントの結果を再現し、逆操作を実行してその結果を検証するために十分な情報を提供します(たとえば、署名結果はJWS verifyを実行することで検証できます)。ただし、一部のアルゴリズムは本質的にランダムデータを使用するため、それらを使用する計算は正確に再現できません。そのような場合は、関連するセクションで明示的に述べられています。

All instances of binary octet strings are represented using base64url [RFC4648] encoding.

バイナリオクテット文字列のすべてのインスタンスは、base64urlエンコーディングを使用して表されます。[RFC4648]

Wherever possible and unless otherwise noted, the examples include the JWS or JWE Compact Serialization, general JWS or JWE JSON Serialization, and flattened JWS or JWE JSON Serialization.

可能な限り、特に注釈がない限り、例にはJWSまたはJWE Compact Serialization、一般的なJWSまたはJWE JSON Serialization、およびフラット化されたJWSまたはJWE JSON Serializationが含まれます。

All of the examples in this document have whitespace added to improve formatting and readability. Except for JWE Plaintext or JWS Payload content, whitespace is not part of the cryptographic operations nor the exchange results.

このドキュメントのすべての例には、書式設定と可読性を向上させるために空白が追加されています。JWE PlaintextまたはJWS Payloadコンテンツを除き、空白は暗号操作や交換結果の一部ではありません。

Unless otherwise noted, the JWE Plaintext or JWS Payload content does include " " (U+0020 SPACE) characters. Line breaks (U+000A LINE FEED) replace some " " (U+0020 SPACE) characters to improve readability but are not present in the JWE Plaintext or JWS Payload.

特に注釈がない限り、JWE PlaintextまたはJWS Payloadコンテンツには「 」(U+0020 SPACE)文字が含まれます。可読性を向上させるために、一部の「 」(U+0020 SPACE)文字は改行(U+000A LINE FEED)に置き換えられていますが、JWE PlaintextまたはJWS Payloadには含まれていません。

2. Terminology

2. 用語

This document inherits terminology regarding JSON Web Signature (JWS) technology from [JWS], terminology regarding JSON Web Encryption (JWE) technology from [JWE], terminology regarding JSON Web Key (JWK) technology from [JWK], and terminology regarding algorithms from [JWA].

このドキュメントは、JSON Web Signature(JWS)技術に関する用語を[JWS]、JSON Web Encryption(JWE)技術に関する用語を[JWE]、JSON Web Key(JWK)技術に関する用語を[JWK]、およびアルゴリズムに関する用語を[JWA]から継承します。

3. JSON Web Key Examples

3. JSON Web Keyの例

The following sections demonstrate how to represent various JWK and JWK Set objects.

以下のセクションでは、さまざまなJWKおよびJWKセットオブジェクトの表現方法を示します。

3.1. EC Public Key

3.1. EC公開鍵

This example illustrates an Elliptic Curve (EC) public key. This example is the public key corresponding to the private key in Figure 2.

この例は、楕円曲線(EC)公開鍵を示しています。この例は、図2の秘密鍵に対応する公開鍵です。

Note that whitespace is added for readability as described in Section 1.1.

注意:セクション1.1で説明されているように、可読性のために空白が追加されています。

{
  "kty": "EC",
  "kid": "bilbo.baggins@hobbiton.example",
  "use": "sig",
  "crv": "P-521",
  "x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9
      A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
  "y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVy
      SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1"
}
Figure 1: Elliptic Curve P-521 Public Key 

{
  "kty": "EC",
  "kid": "bilbo.baggins@hobbiton.example",
  "use": "sig",
  "crv": "P-521",
  "x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9
      A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
  "y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVy
      SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1"
}
Figure 1: 楕円曲線P-521公開鍵

The field "kty" value of "EC" identifies this as an Elliptic Curve key. The field "crv" identifies the curve, which is curve P-521 for this example. The values of the fields "x" and "y" are the base64url-encoded X and Y coordinates (respectively).

"kty"フィールドの値が"EC"であることで、これが楕円曲線鍵であることが識別されます。"crv"フィールドは、この例では曲線P-521を識別します。"x"フィールドと"y"フィールドの値は、それぞれX座標とY座標のbase64urlエンコードされた値です。

The values of the fields "x" and "y" decoded are the octets necessary to represent each full coordinate to the order of the curve. For a key over curve P-521, the values of the fields "x" and "y" are exactly 66 octets in length when decoded, padded with leading zero (0x00) octets to reach the expected length.

"x"フィールドと"y"フィールドの値は、曲線の順序に必要なオクテットで各座標を表すために必要なオクテットです。曲線P-521の鍵の場合、"x"フィールドと"y"フィールドの値は、デコード時に正確に66オクテットの長さであり、期待される長さに達するために先頭にゼロ(0x00)オクテットでパディングされます。

3.2. EC Private Key

3.2. EC秘密鍵

This example illustrates an Elliptic Curve private key. This example is the private key corresponding to the public key in Figure 1.

この例は、楕円曲線(EC)秘密鍵を示しています。この例は、図1の公開鍵に対応する秘密鍵です。

Note that whitespace is added for readability as described in Section 1.1.

注意:セクション1.1で説明されているように、可読性のために空白が追加されています。

{
  "kty": "EC",
  "kid": "bilbo.baggins@hobbiton.example",
  "use": "sig",
  "crv": "P-521",
  "x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9
      A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
  "y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVy
      SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1",
  "d": "AAhRON2r9cqXX1hg-RoI6R1tX5p2rUAYdmpHZoC1XNM56KtscrX6zb
      KipQrCW9CGZH3T4ubpnoTKLDYJ_fF3_rJt"
}
Figure 2: Elliptic Curve P-521 Private Key 

{
  "kty": "EC",
  "kid": "bilbo.baggins@hobbiton.example",
  "use": "sig",
  "crv": "P-521",
  "x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9
      A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
  "y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVy
      SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1",
  "d": "AAhRON2r9cqXX1hg-RoI6R1tX5p2rUAYdmpHZoC1XNM56KtscrX6zb
      KipQrCW9CGZH3T4ubpnoTKLDYJ_fF3_rJt"
}
Figure 2: 楕円曲線P-521秘密鍵

The field "kty" value of "EC" identifies this as an Elliptic Curve key. The field "crv" identifies the curve, which is curve P-521 (also known as SECG curve secp521r1) for this example. The values of the fields "x" and "y" are the base64url-encoded X and Y coordinates (respectively). The field "d" value is the base64url-encoded private key.

"kty"フィールドの値が"EC"であることで、これが楕円曲線鍵であることが識別されます。"crv"フィールドは、この例では曲線P-521を識別します(またはSECG曲線secp521r1)。"x"フィールドと"y"フィールドの値は、それぞれX座標とY座標のbase64urlエンコードされた値です。"d"フィールドの値は、base64urlエンコードされた秘密鍵です。

The values of the fields "d", "x", and "y" decoded are the octets necessary to represent the private key or each full coordinate (respectively) to the order of the curve. For a key over curve P-521, the values of the "d", "x", and "y" fields are each exactly 66 octets in length when decoded, padded with leading zero (0x00) octets to reach the expected length.

"d"、"x"、および"y"フィールドの値は、それぞれ秘密鍵または各完全座標を表すために必要な曲線の順序に必要なオクテットです。曲線P-521の鍵の場合、"d"、"x"、および"y"フィールドの値は、デコード時に正確に66オクテットの長さであり、期待される長さに達するために先頭にゼロ(0x00)オクテットでパディングされます。

3.3. RSA Public Key

3.3. RSA公開鍵

This example illustrates an RSA public key. This example is the public key corresponding to the private key in Figure 4.

この例は、RSA公開鍵を示しています。この例は、図4の秘密鍵に対応する公開鍵です。

Note that whitespace is added for readability as described in Section 1.1.

注意:セクション1.1で説明されているように、可読性のために空白が追加されています。

{
  "kty": "RSA",
  "kid": "bilbo.baggins@hobbiton.example",
  "use": "sig",
  "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT
      -O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqV
      wGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-
      oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde
      3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuC
      LqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5g
      HdrNP5zw",
  "e": "AQAB"
}
Figure 3: RSA 2048-Bit Public Key 

{
  "kty": "RSA",
  "kid": "bilbo.baggins@hobbiton.example",
  "use": "sig",
  "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT
      -O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqV
      wGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-
      oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde
      3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuC
      LqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5g
      HdrNP5zw",
  "e": "AQAB"
}
Figure 3: RSA 2048ビット公開鍵

The field "kty" value of "RSA" identifies this as an RSA key. The fields "n" and "e" values are the modulus and (public) exponent (respectively) using the minimum octets necessary.

"kty"フィールドの値が"RSA"であることで、これがRSA鍵であることが識別されます。"n"フィールドと"e"フィールドの値は、それぞれ最小限のオクテットを使用してモジュラスと(公開)指数を表します。

For a 2048-bit key, the field "n" value is 256 octets in length when decoded.

2048ビットの鍵の場合、「n」フィールドの値は、デコード時に256オクテットの長さになります。

3.4. RSA Private Key

3.4. RSA秘密鍵

This example illustrates an RSA private key. This example is the private key corresponding to the public key in Figure 3.

この例は、RSA秘密鍵を示しています。この例は、図3の公開鍵に対応する秘密鍵です。

Note that whitespace is added for readability as described in Section 1.1.

注意:セクション1.1で説明されているように、可読性のために空白が追加されています。

{
  "kty": "RSA",
  "kid": "bilbo.baggins@hobbiton.example",
  "use": "sig",
  "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT
      -O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqV
      wGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-
      oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde
      3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuC
      LqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5g
      HdrNP5zw",
  "e": "AQAB",
  "d": "bWUC9B-EFRIo8kpGfh0ZuyGPvMNKvYWNtB_ikiH9k20eT-O1q_I78e
      iZkpXxXQ0UTEs2LsNRS-8uJbvQ-A1irkwMSMkK1J3XTGgdrhCku9gRld
      Y7sNA_AKZGh-Q661_42rINLRCe8W-nZ34ui_qOfkLnK9QWDDqpaIsA-b
      MwWWSDFu2MUBYwkHTMEzLYGqOe04noqeq1hExBTHBOBdkMXiuFhUq1BU
      6l-DqEiWxqg82sXt2h-LMnT3046AOYJoRioz75tSUQfGCshWTBnP5uDj
      d18kKhyv07lhfSJdrPdM5Plyl21hsFf4L_mHCuoFau7gdsPfHPxxjVOc
      OpBrQzwQ",
  "p": "3Slxg_DwTXJcb6095RoXygQCAZ5RnAvZlno1yhHtnUex_fp7AZ_9nR
      aO7HX_-SFfGQeutao2TDjDAWU4Vupk8rw9JR0AzZ0N2fvuIAmr_WCsmG
      peNqQnev1T7IyEsnh8UMt-n5CafhkikzhEsrmndH6LxOrvRJlsPp6Zv8
      bUq0k",
  "q": "uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs6grT
      8bR_cu0Dm1MZwWmtdqDyI95HrUeq3MP15vMMON8lHTeZu2lmKvwqW7an
      V5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxHlSqAZ192zB3pVFJ0
      s7pFc",
  "dp": "B8PVvXkvJrj2L-GYQ7v3y9r6Kw5g9SahXBwsWUzp19TVlgI-YV85q
      1NIb1rxQtD-IsXXR3-TanevuRPRt5OBOdiMGQp8pbt26gljYfKU_E9xn
      -RULHz0-ed9E9gXLKD4VGngpz-PfQ_q29pk5xWHoJp009Qf1HvChixRX
      59ehik",
  "dq": "CLDmDGduhylc9o7r84rEUVn7pzQ6PF83Y-iBZx5NT-TpnOZKF1pEr
      AMVeKzFEl41DlHHqqBLSM0W1sOFbwTxYWZDm6sI6og5iTbwQGIC3gnJK
      bi_7k_vJgGHwHxgPaX2PnvP-zyEkDERuf-ry4c_Z11Cq9AqC2yeL6kdK
      T1cYF8",
  "qi": "3PiqvXQN0zwMeE-sBvZgi289XP9XCQF3VWqPzMKnIgQp7_Tugo6-N
      ZBKCQsMf3HaEGBjTVJs_jcK8-TRXvaKe-7ZMaQj8VfBdYkssbu0NKDDh
      jJ-GtiseaDVWt7dcH0cfwxgFUHpQh7FoCrjFJ6h6ZEpMF6xmujs4qMpP
      z8aaI4"
}
Figure 4: RSA 2048-Bit Private Key 

{
  "kty": "RSA",
  "kid": "bilbo.baggins@hobbiton.example",
  "use": "sig",
  "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT
      -O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqV
      wGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-
      oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde
      3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuC
      LqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5g
      HdrNP5zw",
  "e": "AQAB",
  "d": "bWUC9B-EFRIo8kpGfh0ZuyGPvMNKvYWNtB_ikiH9k20eT-O1q_I78e
      iZkpXxXQ0UTEs2LsNRS-8uJbvQ-A1irkwMSMkK1J3XTGgdrhCku9gRld
      Y7sNA_AKZGh-Q661_42rINLRCe8W-nZ34ui_qOfkLnK9QWDDqpaIsA-b
      MwWWSDFu2MUBYwkHTMEzLYGqOe04noqeq1hExBTHBOBdkMXiuFhUq1BU
      6l-DqEiWxqg82sXt2h-LMnT3046AOYJoRioz75tSUQfGCshWTBnP5uDj
      d18kKhyv07lhfSJdrPdM5Plyl21hsFf4L_mHCuoFau7gdsPfHPxxjVOc
      OpBrQzwQ",
  "p": "3Slxg_DwTXJcb6095RoXygQCAZ5RnAvZlno1yhHtnUex_fp7AZ_9nR
      aO7HX_-SFfGQeutao2TDjDAWU4Vupk8rw9JR0AzZ0N2fvuIAmr_WCsmG
      peNqQnev1T7IyEsnh8UMt-n5CafhkikzhEsrmndH6LxOrvRJlsPp6Zv8
      bUq0k",
  "q": "uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs6grT
      8bR_cu0Dm1MZwWmtdqDyI95HrUeq3MP15vMMON8lHTeZu2lmKvwqW7an
      V5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxHlSqAZ192zB3pVFJ0
      s7pFc",
  "dp": "B8PVvXkvJrj2L-GYQ7v3y9r6Kw5g9SahXBwsWUzp19TVlgI-YV85q
      1NIb1rxQtD-IsXXR3-TanevuRPRt5OBOdiMGQp8pbt26gljYfKU_E9xn
      -RULHz0-ed9E9gXLKD4VGngpz-PfQ_q29pk5xWHoJp009Qf1HvChixRX
      59ehik",
  "dq": "CLDmDGduhylc9o7r84rEUVn7pzQ6PF83Y-iBZx5NT-TpnOZKF1pEr
      AMVeKzFEl41DlHHqqBLSM0W1sOFbwTxYWZDm6sI6og5iTbwQGIC3gnJK
      bi_7k_vJgGHwHxgPaX2PnvP-zyEkDERuf-ry4c_Z11Cq9AqC2yeL6kdK
      T1cYF8",
  "qi": "3PiqvXQN0zwMeE-sBvZgi289XP9XCQF3VWqPzMKnIgQp7_Tugo6-N
      ZBKCQsMf3HaEGBjTVJs_jcK8-TRXvaKe-7ZMaQj8VfBdYkssbu0NKDDh
      jJ-GtiseaDVWt7dcH0cfwxgFUHpQh7FoCrjFJ6h6ZEpMF6xmujs4qMpP
      z8aaI4"
}
Figure 4: RSA 2048ビット秘密鍵

The field "kty" value of "RSA" identifies this as an RSA key. The fields "n" and "e" values are the base64url-encoded modulus and (public) exponent (respectively) using the minimum number of octets necessary. The field "d" value is the base64url-encoded private exponent using the minimum number of octets necessary. The fields "p", "q", "dp", "dq", and "qi" are the base64url-encoded additional private information using the minimum number of octets necessary.

"kty"フィールドの値が"RSA"であることで、これがRSA鍵であることが識別されます。"n"フィールドと"e"フィールドの値は、それぞれ最小限のオクテットを使用してモジュラスと(公開)指数を表します。"d"フィールドの値は、最小限のオクテットを使用して秘密指数を表すbase64urlエンコードされた値です。"p"、"q"、"dp"、"dq"、および"qi"フィールドは、最小限のオクテットを使用して追加の秘密情報を表すbase64urlエンコードされた値です。

For a 2048-bit key, the field "n" is 256 octets in length when decoded, and the field "d" is not longer than 256 octets in length when decoded.

2048ビットの鍵の場合、「n」フィールドの値は、デコード時に256オクテットの長さになります。「d」フィールドの値は、デコード時に256オクテットを超える長さになりません。

3.5. Symmetric Key (MAC Computation)

3.5. 対称鍵(MAC計算)

This example illustrates a symmetric key used for computing Message Authentication Codes (MACs).

この例は、メッセージ認証コード(MAC)の計算に使用される対称鍵を示しています。

Note that whitespace is added for readability as described in Section 1.1.

注意:セクション1.1で説明されているように、可読性のために空白が追加されています。

{
  "kty": "oct",
  "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037",
  "use": "sig",
  "alg": "HS256",
  "k": "hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"
}
Figure 5: HMAC SHA-256 Symmetric Key 

{
  "kty": "oct",
  "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037",
  "use": "sig",
  "alg": "HS256",
  "k": "hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"
}
Figure 5: HMAC SHA-256 対称鍵

The field "kty" value of "oct" identifies this as a symmetric key. The field "k" value is the symmetric key.

"kty"フィールドの値が"oct"であることで、これが対称鍵であることが識別されます。"k"フィールドの値は、対称鍵です。

When used for the signing algorithm "HS256" (HMAC-SHA256), the field "k" value is 32 octets (or more) in length when decoded, padded with leading zero (0x00) octets to reach the minimum expected length.

"HS256"(HMAC-SHA256)の署名アルゴリズムで使用する場合、"k"フィールドの値は、デコード時に32オクテット(またはそれ以上)の長さであり、期待される最小長に達するために先頭にゼロ(0x00)オクテットでパディングされます。

3.6. Symmetric Key (Encryption)

3.6. 対称鍵(暗号化)

This example illustrates a symmetric key used for encryption.

この例は、暗号化に使用される対称鍵を示しています。

Note that whitespace is added for readability as described in Section 1.1.

注意:セクション1.1で説明されているように、可読性のために空白が追加されています。

{
  "kty": "oct",
  "kid": "1e571774-2e08-40da-8308-e8d68773842d",
  "use": "enc",
  "alg": "A256GCM",
  "k": "AAPapAv4LbFbiVawEjagUBluYqN5rhna-8nuldDvOx8"
}
Figure 6: AES 256-Bit Symmetric Encryption Key 

{
  "kty": "oct",
  "kid": "1e571774-2e08-40da-8308-e8d68773842d",
  "use": "enc",
  "alg": "A256GCM",
  "k": "AAPapAv4LbFbiVawEjagUBluYqN5rhna-8nuldDvOx8"
}
Figure 6: AES 256ビット対称暗号化鍵

The field "kty" value of "oct" identifies this as a symmetric key. The field "k" value is the symmetric key.

"kty"フィールドの値が"oct"であることで、これが対称鍵であることが識別されます。"k"フィールドの値は、対称鍵です。

For the content encryption algorithm "A256GCM", the field "k" value is exactly 32 octets in length when decoded, padded with leading zero (0x00) octets to reach the expected length.

"A256GCM"のコンテンツ暗号化アルゴリズムの場合、"k"フィールドの値は、デコード時に正確に32オクテットの長さであり、期待される長さに達するために先頭にゼロ(0x00)オクテットでパディングされます。

4. JSON Web Signature Examples

4. JSON Web Signatureの例

The following sections demonstrate how to generate various JWS objects.

以下のセクションでは、さまざまなJWSオブジェクトの生成方法を示します。

All of the signature examples use the following payload content (an abridged quote from "The Fellowship of the Ring" [LOTR-FELLOWSHIP]), serialized as UTF-8. The payload is presented here as a series of quoted strings that are concatenated to produce the JWS Payload. The sequence "\xe2\x80\x99" is substituted for (U+2019 RIGHT SINGLE QUOTATION MARK), and quotation marks (U+0022 QUOTATION MARK) are added for readability but are not present in the JWS Payload.

すべての署名例では、UTF-8でシリアル化された以下のペイロードコンテンツ(「指輪の仲間」[LOTR-FELLOWSHIP]からの抜粋引用)が使用されます。ペイロードは、連結された引用符で表される一連の引用符のシリーズとしてここに示されます。シーケンス「\xe2\x80\x99」は(U+2019 RIGHT SINGLE QUOTATION MARK)に置き換えられ、引用符(U+0022 QUOTATION MARK)が可読性のために追加されますが、JWSペイロードには含まれません。

"It\xe2\x80\x99s a dangerous business, Frodo, going out your "
"door. You step onto the road, and if you don't keep your feet, "
"there\xe2\x80\x99s no knowing where you might be swept off "
"to."
Figure 7: Payload Content Plaintext 

"It\xe2\x80\x99s a dangerous business, Frodo, going out your "
"door. You step onto the road, and if you don't keep your feet, "
"there\xe2\x80\x99s no knowing where you might be swept off "
"to."
Figure 7: ペイロードコンテンツプレーンテキスト

The payload -- with the sequence "\xe2\x80\x99" replaced with (U+2019 RIGHT SINGLE QUOTATION MARK) and quotations marks (U+0022 QUOTATION MARK) are removed -- is encoded as UTF-8 and then as base64url [RFC4648]:

ペイロードは、UTF-8でエンコードされ、シーケンス「\xe2\x80\x99」が(U+2019 RIGHT SINGLE QUOTATION MARK)に置き換えられ、引用符(U+0022 QUOTATION MARK)が削除され、次にbase64url [RFC4648] でエンコードされます。

SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 8: Payload Content, base64url-encoded 

SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 8: ペイロードコンテンツ、base64urlエンコード済み

4.1. RSA v1.5 Signature

4.1. RSA v1.5署名

This example illustrates signing content using the "RS256" (RSASSA- PKCS1-v1_5 with SHA-256) algorithm.

この例は、「RS256」(SHA-256を使用したRSASSA-PKCS1-v1_5)アルゴリズムを使用してコンテンツに署名する方法を示しています。

Note that whitespace is added for readability as described in Section 1.1.

注意:セクション1.1で説明されているように、可読性のために空白が追加されています。

4.1.1. Input Factors

4.1.1. 入力要素

The following are supplied before beginning the signing operation:

以下の要素は、署名操作を開始する前に提供されます:

  • Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8.
  • ペイロードコンテンツ。この例では、Figure 7からのコンテンツを使用し、base64url [RFC4648]を使用してFigure 8を生成します。
  • RSA private key; this example uses the key from Figure 4.
  • RSA秘密鍵。この例では、Figure 4からの鍵を使用します。
  • "alg" parameter of "RS256".
  • "RS256"の"alg"パラメーター。

4.1.2. Signing Operation

4.1.2. 署名操作

The following is generated to complete the signing operation:

以下のものが生成され、署名操作を完了します:

  • JWS Protected Header; this example uses the header from Figure 9, encoded using base64url [RFC4648] to produce Figure 10.
  • JWS保護ヘッダー。この例では、Figure 9からのヘッダーを使用し、base64url [RFC4648]を使用してFigure 10を生成します。

{
  "alg": "RS256",
  "kid": "bilbo.baggins@hobbiton.example"
}
Figure 9: JWS Protected Header JSON 

{
  "alg": "RS256",
  "kid": "bilbo.baggins@hobbiton.example"
}
Figure 9: JWS保護ヘッダーJSON 

eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
Figure 10: JWS Protected Header, base64url-encoded 

eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
Figure 10: JWS保護ヘッダー、base64urlエンコード済み

The JWS Protected Header (Figure 10) and JWS Payload (Figure 8) are combined as described in Section 5.1 of [JWS] to produce the JWS Signing Input (Figure 11).

JWS保護ヘッダー(Figure 10)とJWSペイロード(Figure 8)は、[JWS]のセクション5.1で説明されているように結合され、JWS署名入力(Figure 11)が生成されます。

eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 11: JWS Signing Input 

eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 11: JWS署名入力

Performing the signature operation over the JWS Signing Input (Figure 11) produces the JWS Signature (Figure 12).

JWS署名入力(Figure 11)に対して署名操作を実行すると、JWS署名(Figure 12)が生成されます。

MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmK
ZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4J
IwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8w
W1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluP
xUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_f
cIe8u9ipH84ogoree7vjbU5y18kDquDg
Figure 12: JWS Signature, base64url-encoded 

MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmK
ZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4J
IwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8w
W1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluP
xUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_f
cIe8u9ipH84ogoree7vjbU5y18kDquDg
Figure 12: JWS署名、base64urlエンコード済み

4.1.3. Output Results

4.1.3. 出力結果

The following compose the resulting JWS object:

以下のものが結果としてのJWSオブジェクトを構成します:

  • JWS Protected Header (Figure 9)
  • JWS保護ヘッダー (図9)
  • Payload content (Figure 8)
  • ペイロード内容 (図8)
  • Signature (Figure 12) The resulting JWS object using the JWS Compact Serialization:
  • 署名 (図12) JWS Compact Serializationを使用した場合の結果JWSオブジェクト:

eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
.
MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmK
ZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4J
IwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8w
W1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluP
xUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_f
cIe8u9ipH84ogoree7vjbU5y18kDquDg
Figure 13: JWS Compact Serialization 

eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
.
MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmK
ZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4J
IwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8w
W1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluP
xUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_f
cIe8u9ipH84ogoree7vjbU5y18kDquDg
Figure 13: JWS Compact Serialization

The resulting JWS object using the general JWS JSON Serialization:

General JWS JSON Serializationを使用した場合の結果JWSオブジェクト:

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "signatures": [
    {
      "protected": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2
          dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
      "signature": "MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHo
          xnW2e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII
          7PNDi84wnB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0Rnlt
          uYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPo
          cSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxU
          Ahb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJush
          Z41Axf_fcIe8u9ipH84ogoree7vjbU5y18kDquDg"
    }
  ]
}
Figure 14: General JWS JSON Serialization 

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "signatures": [
    {
      "protected": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2
          dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
      "signature": "MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHo
          xnW2e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII
          7PNDi84wnB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0Rnlt
          uYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPo
          cSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxU
          Ahb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJush
          Z41Axf_fcIe8u9ipH84ogoree7vjbU5y18kDquDg"
    }
  ]
}
Figure 14: General JWS JSON Serialization

The resulting JWS object using the flattened JWS JSON Serialization:

Flattened JWS JSON Serializationを使用した場合の結果JWSオブジェクト:

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "protected": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbn
      NAaG9iYml0b24uZXhhbXBsZSJ9",
  "signature": "MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2
      e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84w
      nB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0RnltuYv746iYTh_q
      HRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPocSadnHXFxnt8Is9U
      zpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxUAhb6L2aXic1U12podGU0
      KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_fcIe8u9ipH84ogore
      e7vjbU5y18kDquDg"
}
Figure 15: Flattened JWS JSON Serialization 

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "protected": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbn
      NAaG9iYml0b24uZXhhbXBsZSJ9",
  "signature": "MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2
      e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84w
      nB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0RnltuYv746iYTh_q
      HRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPocSadnHXFxnt8Is9U
      zpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxUAhb6L2aXic1U12podGU0
      KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_fcIe8u9ipH84ogore
      e7vjbU5y18kDquDg"
}
Figure 15: Flattened JWS JSON Serialization

4.2. RSA-PSS Signature

4.2. RSA-PSS署名

This example illustrates signing content using the "PS384" (RSASSA- PSS with SHA-384) algorithm.

この例は、「PS384」(SHA-384を使用したRSASSA-PSS)アルゴリズムを使用してコンテンツに署名する方法を示しています。

Note that RSASSA-PSS uses random data to generate the signature; it might not be possible to exactly replicate the results in this section.

RSASSA-PSSはランダムデータを使用して署名を生成するため、このセクションの結果を完全に再現することはできない場合があります。

Note that whitespace is added for readability as described in Section 1.1.

注意:セクション1.1で説明されているように、可読性のために空白が追加されています。

4.2.1. Input Factors

4.2.1. 入力要素

The following are supplied before beginning the signing operation:

以下の要素は、署名操作を開始する前に提供されます:

  • Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8.
  • ペイロードコンテンツ。この例では、Figure 7からのコンテンツを使用し、base64url [RFC4648]を使用してFigure 8を生成します。
  • RSA private key; this example uses the key from Figure 4.
  • RSA秘密鍵。この例では、Figure 4からの鍵を使用します。
  • "alg" parameter of "PS384".
  • "PS384"の"alg"パラメーター。

4.2.2. Signing Operation

4.2.2. 署名操作

The following is generated to complete the signing operation:

以下のものが生成され、署名操作を完了します:

  • JWS Protected Header; this example uses the header from Figure 16, encoded using base64url [RFC4648] to produce Figure 17.
  • JWS保護ヘッダー。この例では、Figure 16からのヘッダーを使用し、base64url [RFC4648]を使用してFigure 17を生成します。

{
  "alg": "PS384",
  "kid": "bilbo.baggins@hobbiton.example"
}
Figure 16: JWS Protected Header JSON 

{
  "alg": "PS384",
  "kid": "bilbo.baggins@hobbiton.example"
}
Figure 16: JWS保護ヘッダーJSON 

eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
Figure 17: JWS Protected Header, base64url-encoded 

eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
Figure 17: JWS保護ヘッダー、base64urlエンコード済み

The JWS Protected Header (Figure 17) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 18).

JWS保護ヘッダー(Figure 17)とJWSペイロード(Figure 8)は、[JWS]のセクション5.1で説明されているように結合され、JWS署名入力(Figure 18)が生成されます。

eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 18: JWS Signing Input 

eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 18: JWS署名入力

Performing the signature operation over the JWS Signing Input (Figure 18) produces the JWS Signature (Figure 19).

JWS署名入力(Figure 18)に対して署名操作を実行すると、JWS署名(Figure 19)が生成されます。

cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2I
pN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXU
vdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRX
e8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT
0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a
6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw
Figure 19: JWS Signature, base64url-encoded 

cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2I
pN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXU
vdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRX
e8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT
0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a
6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw
Figure 19: JWS署名、base64urlエンコード

4.2.3. Output Results

4.2.3. 出力結果

The following compose the resulting JWS object:

以下は、結果として得られるJWSオブジェクトを構成します:

  • JWS Protected Header (Figure 17)
  • JWS保護ヘッダー(Figure 17)
  • Payload content (Figure 8)
  • ペイロードコンテンツ(Figure 8)
  • Signature (Figure 19)
  • 署名(Figure 19)

The resulting JWS object using the JWS Compact Serialization:

JWS Compact Serializationを使用した結果のJWSオブジェクト:

eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
.
cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2I
pN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXU
vdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRX
e8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT
0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a
6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw
Figure 20: JWS Compact Serialization 

eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
.
cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2I
pN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXU
vdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRX
e8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT
0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a
6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw
Figure 20: JWS Compact Serialization

The resulting JWS object using the general JWS JSON Serialization:

一般的なJWS JSONシリアル化を使用した結果のJWSオブジェクトを示しています。

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "signatures": [
    {
      "protected": "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2
          dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
      "signature": "cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy
          42miAh2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5
          dDDItllVo6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz2
          8zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vd
          z0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0q
          I0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uT
          OcbH510a6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw"
    }
  ]
}
Figure 21: General JWS JSON Serialization 

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "signatures": [
    {
      "protected": "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2
          dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
      "signature": "cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy
          42miAh2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5
          dDDItllVo6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz2
          8zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vd
          z0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0q
          I0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uT
          OcbH510a6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw"
    }
  ]
}
Figure 21: 一般的なJWS JSONシリアル化

The resulting JWS object using the flattened JWS JSON Serialization:

フラット化されたJWS JSONシリアル化を使用した結果のJWSオブジェクトを示しています。

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "protected": "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbn
      NAaG9iYml0b24uZXhhbXBsZSJ9",
  "signature": "cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42mi
      Ah2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllV
      o6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf
      8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vdz0TTrxUeT3lm8d9s
      hnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0qI0n6uiP1aCN_2_jLAeQT
      lqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a6GYmJUAfmWjwZ6oD
      4ifKo8DYM-X72Eaw"
}
Figure 22: Flattened JWS JSON Serialization 

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "protected": "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbn
      NAaG9iYml0b24uZXhhbXBsZSJ9",
  "signature": "cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42mi
      Ah2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllV
      o6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf
      8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vdz0TTrxUeT3lm8d9s
      hnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0qI0n6uiP1aCN_2_jLAeQT
      lqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a6GYmJUAfmWjwZ6oD
      4ifKo8DYM-X72Eaw"
}
Figure 22: フラット化されたJWS JSONシリアル化

4.3. ECDSA Signature

4.3. ECDSA署名

This example illustrates signing content using the "ES512" (Elliptic Curve Digital Signature Algorithm (ECDSA) with curve P-521 and SHA- 512) algorithm.

この例は、"ES512"(曲線P-521とSHA-512を使用した楕円曲線デジタル署名アルゴリズム(ECDSA))アルゴリズムを使用してコンテンツに署名する方法を示しています。

Note that ECDSA uses random data to generate the signature; it might not be possible to exactly replicate the results in this section.

ECDSAはランダムなデータを使用して署名を生成することに注意してください。このセクションの結果を完全に再現することは可能ではないかもしれません。

Note that whitespace is added for readability as described in Section 1.1.

セクション1.1で説明されているように、読みやすさのために空白が追加されていることに注意してください。

4.3.1. Input Factors

4.3.1. 入力要素

The following are supplied before beginning the signing operation:

以下は、署名操作を開始する前に提供されます:

  • Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8.
  • ペイロードコンテンツ; この例では、図7のコンテンツを使用し、base64url [RFC4648]を使用してエンコードして図8を生成します。
  • EC private key on the curve P-521; this example uses the key from Figure 2.
  • P-521曲線上のECプライベートキー; この例では、図2のキーを使用します。
  • "alg" parameter of "ES512".
  • "alg"パラメーターは"ES512"です。

4.3.2. Signing Operation

4.3.2. 署名操作

The following is generated before beginning the signature process:

署名プロセスを開始する前に以下が生成されます:

  • JWS Protected Header; this example uses the header from Figure 23, encoded using base64url [RFC4648] to produce Figure 24.
  • JWS保護ヘッダー; この例では、図23のヘッダーを使用し、base64url [RFC4648]を使用してエンコードして図24を生成します。

{
  "alg": "ES512",
  "kid": "bilbo.baggins@hobbiton.example"
}
Figure 23: JWS Protected Header JSON 

{
  "alg": "ES512",
  "kid": "bilbo.baggins@hobbiton.example"
}
Figure 23: JWS Protected Header JSON 

eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
Figure 24: JWS Protected Header, base64url-encoded 

eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
Figure 24: JWS Protected Header, base64url-encoded

The JWS Protected Header (Figure 24) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 25).

JWS保護ヘッダー(図24)とJWSペイロード(図8)は、[JWS]で説明されているように組み合わせられ、JWS署名入力(図25)を生成します。

eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 25: JWS Signing Input 

eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 25: JWS Signing Input

Performing the signature operation over the JWS Signing Input (Figure 25) produces the JWS Signature (Figure 26).

JWS署名入力(図25)に対して署名操作を実行すると、JWS署名(図26)が生成されます。

AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb
u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv
AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2
Figure 26: JWS Signature, base64url-encoded 

AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb
u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv
AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2
Figure 26: JWS署名、base64urlエンコード済み

4.3.3. Output Results

4.3.3. 出力結果

The following compose the resulting JWS object:

以下は、結果として得られるJWSオブジェクトを構成します:

  • JWS Protected Header (Figure 24)
  • JWS保護ヘッダー(図24)
  • Payload content (Figure 8)
  • ペイロードコンテンツ(図8)
  • Signature (Figure 26)
  • 署名(図26)

The resulting JWS object using the JWS Compact Serialization:

JWS Compact Serializationを使用した結果得られるJWSオブジェクト:

eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
.
AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb
u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv
AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2
Figure 27: JWS Compact Serialization 

eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
hhbXBsZSJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
.
AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb
u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv
AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2
Figure 27: JWS Compact Serialization

The resulting JWS object using the general JWS JSON Serialization:

一般的なJWS JSONシリアライゼーションを使用した結果得られるJWSオブジェクト:

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "signatures": [
    {
      "protected": "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2
          dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
      "signature": "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNl
          aAjP2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mt
          PBu_u_sDDyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBp
          HABlsbEPX6sFY8OcGDqoRuBomu9xQ2"
    }
  ]
}
Figure 28: General JWS JSON Serialization 

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "signatures": [
    {
      "protected": "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2
          dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
      "signature": "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNl
          aAjP2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mt
          PBu_u_sDDyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBp
          HABlsbEPX6sFY8OcGDqoRuBomu9xQ2"
    }
  ]
}
Figure 28: 一般的なJWS JSONシリアライゼーション

The resulting JWS object using the flattened JWS JSON Serialization:

Flattened JWS JSON Serializationを使用した結果得られるJWSオブジェクト:

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "protected": "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbn
      NAaG9iYml0b24uZXhhbXBsZSJ9",
  "signature": "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP
      2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sD
      DyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBpHABlsbEPX6sF
      Y8OcGDqoRuBomu9xQ2"
}
Figure 29: Flattened JWS JSON Serialization 

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "protected": "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbn
      NAaG9iYml0b24uZXhhbXBsZSJ9",
  "signature": "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP
      2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sD
      DyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBpHABlsbEPX6sF
      Y8OcGDqoRuBomu9xQ2"
}
Figure 29: Flattened JWS JSON Serialization

4.4. HMAC-SHA2 Integrity Protection

4.4. HMAC-SHA2完全性保護

This example illustrates integrity protecting content using the "HS256" (HMAC-SHA-256) algorithm.

この例は、"HS256"(HMAC-SHA-256)アルゴリズムを使用してコンテンツの完全性を保護する方法を示しています。

Note that whitespace is added for readability as described in Section 1.1.

セクション1.1で説明されているように、読みやすさのために空白が追加されていることに注意してください。

4.4.1. Input Factors

4.4.1. 入力要素

The following are supplied before beginning the signing operation:

以下は、署名操作を開始する前に提供されます:

  • Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8.
  • ペイロードコンテンツ; この例では、図7のコンテンツを使用し、base64url [RFC4648]を使用してエンコードして図8を生成します。
  • HMAC symmetric key; this example uses the key from Figure 5.
  • HMAC対称キー; この例では、図5のキーを使用します。
  • "alg" parameter of "HS256".
  • "alg"パラメーターは"HS256"です。

4.4.2. Signing Operation

4.4.2. 署名操作

The following is generated before completing the signing operation:

署名操作を完了する前に以下が生成されます:

  • JWS Protected Header; this example uses the header from Figure 30, encoded using base64url [RFC4648] to produce Figure 31.
  • JWS保護ヘッダー; この例では、図30のヘッダーを使用し、base64url [RFC4648]を使用してエンコードして図31を生成します。

{
  "alg": "HS256",
  "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
Figure 30: JWS Protected Header JSON 

{
  "alg": "HS256",
  "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
Figure 30: JWS Protected Header JSON 

eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
Figure 31: JWS Protected Header, base64url-encoded 

eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
Figure 31: JWS Protected Header, base64url-encoded

The JWS Protected Header (Figure 31) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 32).

JWS保護ヘッダー(図31)とJWSペイロード(図8)は、[JWS]で説明されているように組み合わせられ、JWS署名入力(図32)を生成します。

eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 32: JWS Signing Input 

eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 32: JWS Signing Input

Performing the signature operation over the JWS Signing Input (Figure 32) produces the JWS Signature (Figure 33).

JWS署名入力(図32)に対して署名操作を実行すると、JWS署名(図33)が生成されます。

s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
Figure 33: JWS Signature, base64url-encoded 

s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
Figure 33: JWS Signature, base64url-encoded

4.4.3. Output Results

4.4.3. 出力結果

The following compose the resulting JWS object:

以下は、結果として得られるJWSオブジェクトを構成します:

  • JWS Protected Header (Figure 31)
  • JWS保護ヘッダー(図31)
  • Payload content (Figure 8)
  • ペイロードコンテンツ(図8)
  • Signature (Figure 33)
  • 署名(図33)

The resulting JWS object using the JWS Compact Serialization:

JWSコンパクトシリアライゼーションを使用した結果得られるJWSオブジェクト:

eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
.
s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
Figure 34: JWS Compact Serialization 

eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
.
s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
Figure 34: JWS Compact Serialization

The resulting JWS object using the general JWS JSON Serialization:

一般的なJWS JSONシリアライゼーションを使用した結果得られるJWSオブジェクト:

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "signatures": [
    {
      "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
          RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
      "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
          0"
    }
  ]
}
Figure 35: General JWS JSON Serialization 

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "signatures": [
    {
      "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
          RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
      "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
          0"
    }
  ]
}
Figure 35: General JWS JSON Serialization

The resulting JWS object using the flattened JWS JSON Serialization:

フラット化されたJWS JSONシリアライゼーションを使用した結果得られるJWSオブジェクト:

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW
      ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
  "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"
}
Figure 36: Flattened JWS JSON Serialization 

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW
      ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
  "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"
}
Figure 36: Flattened JWS JSON Serialization

4.5. Signature with Detached Content

4.5. 切り離されたコンテンツを持つ署名

This example illustrates a signature with detached content. This example is identical to other examples in Section 4, except the resulting JWS objects do not include the JWS Payload field. Instead, the application is expected to locate it elsewhere. For example, the signature might be in a metadata section, with the payload being the content.

この例は、切り離されたコンテンツを持つ署名を示しています。この例は、セクション4の他の例と同一ですが、結果として得られるJWSオブジェクトはJWSペイロードフィールドを含まない点が異なります。代わりに、アプリケーションはそれを他の場所で見つけることが期待されます。例えば、署名はメタデータセクションにあり、ペイロードがコンテンツである可能性があります。

Note that whitespace is added for readability as described in Section 1.1.

セクション1.1で説明されているように、読みやすさのために空白が追加されていることに注意してください。

4.5.1. Input Factors

4.5.1. 入力要素

The following are supplied before beginning the signing operation:

以下は、署名操作を開始する前に提供されます:

  • Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8.
  • ペイロードコンテンツ; この例では、図7のコンテンツを使用し、base64url [RFC4648]を使用してエンコードして図8を生成します。
  • Signing key; this example uses the AES symmetric key from Figure 5.
  • 署名キー; この例では、図5のAES対称キーを使用します。
  • Signing algorithm; this example uses "HS256".
  • 署名アルゴリズム; この例では"HS256"を使用します。

4.5.2. Signing Operation

4.5.2. 署名操作

The following is generated before completing the signing operation:

署名操作を完了する前に以下が生成されます:

  • JWS Protected Header; this example uses the header from Figure 37, encoded using base64url [RFC4648] to produce Figure 38.
  • JWS保護ヘッダー; この例では、図37のヘッダーを使用し、base64url [RFC4648]を使用してエンコードして図38を生成します。

{
  "alg": "HS256",
  "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
Figure 37: JWS Protected Header JSON 

{
  "alg": "HS256",
  "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
Figure 37: JWS Protected Header JSON 

eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
Figure 38: JWS Protected Header, base64url-encoded 

eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
Figure 38: JWS Protected Header, base64url-encoded

The JWS Protected Header (Figure 38) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 39).

JWS保護ヘッダー(図38)とJWSペイロード(図8)は、[JWS]で説明されているように組み合わせられ、JWS署名入力(図39)を生成します。

eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 39: JWS Signing Input 

eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 39: JWS Signing Input

Performing the signature operation over the JWS Signing Input (Figure 39) produces the JWS Signature (Figure 40).

JWS署名入力(図39)に対して署名操作を実行すると、JWS署名(図40)が生成されます。

s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
Figure 40: JWS Signature, base64url-encoded 

s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
Figure 40: JWS Signature, base64url-encoded

4.5.3. Output Results

4.5.3. 出力結果

The following compose the resulting JWS object:

以下は、結果として得られるJWSオブジェクトを構成します:

  • JWS Protected Header (Figure 38)
  • JWS保護ヘッダー(図38)
  • Signature (Figure 40)
  • 署名(図40)

The resulting JWS object using the JWS Compact Serialization:

JWSコンパクトシリアライゼーションを使用した結果得られるJWSオブジェクト:

eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
.
.
s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
Figure 41: General JWS JSON Serialization 

eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
.
.
s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
Figure 41: General JWS JSON Serialization

The resulting JWS object using the general JWS JSON Serialization:

一般的なJWS JSONシリアライゼーションを使用した結果得られるJWSオブジェクト:

{
  "signatures": [
    {
      "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
          RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
      "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
          0"
    }
  ]
}
Figure 42: General JWS JSON Serialization 

{
  "signatures": [
    {
      "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
          RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
      "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
          0"
    }
  ]
}
Figure 42: General JWS JSON Serialization

The resulting JWS object using the flattened JWS JSON Serialization:

フラット化されたJWS JSONシリアライゼーションを使用した結果得られるJWSオブジェクト:

{
  "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW
      ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
  "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"
}
Figure 43: Flattened JWS JSON Serialization 

{
  "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW
      ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
  "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"
}
Figure 43: Flattened JWS JSON Serialization

4.6. Protecting Specific Header Fields

4.6. 特定のヘッダーフィールドの保護

This example illustrates a signature where only certain Header Parameters are protected. Since this example contains both unprotected and protected Header Parameters, only the general JWS JSON Serialization and flattened JWS JSON Serialization are possible.

この例は、特定のヘッダーパラメーターのみが保護される署名を示しています。この例には保護されていないヘッダーパラメーターと保護されたヘッダーパラメーターの両方が含まれているため、一般的なJWS JSONシリアライゼーションとフラット化されたJWS JSONシリアライゼーションのみが可能です。

Note that whitespace is added for readability as described in Section 1.1.

セクション1.1で説明されているように、読みやすさのために空白が追加されていることに注意してください。

4.6.1. Input Factors

4.6.1. 入力要素

The following are supplied before beginning the signing operation:

以下は、署名操作を開始する前に提供されます:

  • Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8.
  • ペイロードコンテンツ; この例では、図7のコンテンツを使用し、base64url [RFC4648]を使用してエンコードして図8を生成します。
  • Signing key; this example uses the AES symmetric key from Figure 5.
  • 署名キー; この例では、図5のAES対称キーを使用します。
  • Signing algorithm; this example uses "HS256".
  • 署名アルゴリズム; この例では"HS256"を使用します。

4.6.2. Signing Operation

4.6.2. 署名操作

The following are generated before completing the signing operation:

署名操作を完了する前に以下が生成されます:

  • JWS Protected Header; this example uses the header from Figure 44, encoded using base64url [RFC4648] to produce Figure 45.
  • JWS保護ヘッダー; この例では、図44のヘッダーを使用し、base64url [RFC4648]を使用してエンコードして図45を生成します。
  • JWS Unprotected Header; this example uses the header from Figure 46.
  • JWS非保護ヘッダー; この例では、図46のヘッダーを使用します。

{
  "alg": "HS256"
}
Figure 44: JWS Protected Header JSON 

{
  "alg": "HS256"
}
Figure 44: JWS Protected Header JSON 

eyJhbGciOiJIUzI1NiJ9
Figure 45: JWS Protected Header, base64url-encoded 

eyJhbGciOiJIUzI1NiJ9
Figure 45: JWS Protected Header, base64url-encoded 

{
  "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
Figure 46: JWS Unprotected Header JSON 

{
  "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
Figure 46: JWS Unprotected Header JSON

The JWS Protected Header (Figure 45) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 47).

JWS保護ヘッダー(図45)とJWSペイロード(図8)は、[JWS]で説明されているように組み合わせられ、JWS署名入力(図47)を生成します。

eyJhbGciOiJIUzI1NiJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 47: JWS Signing Input 

eyJhbGciOiJIUzI1NiJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 47: JWS Signing Input

Performing the signature operation over the JWS Signing Input (Figure 47) produces the JWS Signature (Figure 48).

JWS署名入力(図47)に対して署名操作を実行すると、JWS署名(図48)が生成されます。

bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr20
Figure 48: JWS Signature, base64url-encoded 

bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr20
Figure 48: JWS Signature, base64url-encoded

4.6.3. Output Results

4.6.3. 出力結果

The following compose the resulting JWS object:

以下は、結果として得られるJWSオブジェクトを構成します:

  • JWS Protected Header (Figure 45)
  • JWS保護ヘッダー(図45)
  • JWS Unprotected Header (Figure 46)
  • JWS非保護ヘッダー(図46)
  • Payload content (Figure 8)
  • ペイロードコンテンツ(図8)
  • Signature (Figure 48)
  • 署名(図48)

The JWS Compact Serialization is not presented because it does not support this use case.

このユースケースをサポートしていないため、JWSコンパクトシリアライゼーションは表示されません。

The resulting JWS object using the general JWS JSON Serialization:

一般的なJWS JSONシリアライゼーションを使用した結果得られるJWSオブジェクト:

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "signatures": [
    {
      "protected": "eyJhbGciOiJIUzI1NiJ9",
      "header": {
        "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
      },
      "signature": "bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr2
          0"
    }
  ]
}
Figure 49: General JWS JSON Serialization 

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "signatures": [
    {
      "protected": "eyJhbGciOiJIUzI1NiJ9",
      "header": {
        "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
      },
      "signature": "bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr2
          0"
    }
  ]
}
Figure 49: General JWS JSON Serialization

The resulting JWS object using the flattened JWS JSON Serialization:

フラット化されたJWS JSONシリアライゼーションを使用した結果得られるJWSオブジェクト:

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "protected": "eyJhbGciOiJIUzI1NiJ9",
  "header": {
    "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
  },
  "signature": "bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr20"
}
Figure 50: Flattened JWS JSON Serialization 

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "protected": "eyJhbGciOiJIUzI1NiJ9",
  "header": {
    "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
  },
  "signature": "bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr20"
}
Figure 50: Flattened JWS JSON Serialization

4.7. Protecting Content Only

4.7. コンテンツのみを保護

This example illustrates a signature where none of the Header Parameters are protected. Since this example contains only unprotected Header Parameters, only the general JWS JSON Serialization and flattened JWS JSON Serialization are possible.

この例は、ヘッダーパラメーターが一つも保護されていない署名を示しています。この例には保護されていないヘッダーパラメーターのみが含まれているため、一般的なJWS JSONシリアライゼーションとフラット化されたJWS JSONシリアライゼーションのみが可能です。

Note that whitespace is added for readability as described in Section 1.1.

セクション1.1で説明されているように、読みやすさのために空白が追加されていることに注意してください。

4.7.1. Input Factors

4.7.1. 入力要素

The following are supplied before beginning the signing operation:

以下は、署名操作を開始する前に提供されます:

  • Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8.
  • ペイロードコンテンツ; この例では、図7のコンテンツを使用し、base64url [RFC4648]を使用してエンコードして図8を生成します。
  • Signing key; this example uses the AES symmetric key from Figure 5.
  • 署名キー; この例では、図5のAES対称キーを使用します。
  • Signing algorithm; this example uses "HS256".
  • 署名アルゴリズム; この例では"HS256"を使用します。

4.7.2. Signing Operation

4.7.2. 署名操作

The following is generated before completing the signing operation:

署名操作を完了する前に以下が生成されます:

  • JWS Unprotected Header; this example uses the header from Figure 51.
  • JWS非保護ヘッダー; この例では、図51のヘッダーを使用します。

{
  "alg": "HS256",
  "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
Figure 51: JWS Unprotected Header JSON 

{
  "alg": "HS256",
  "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
Figure 51: JWS Unprotected Header JSON

The empty string (as there is no JWS Protected Header) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 52).

空の文字列(JWS保護ヘッダーがないため)とJWSペイロード(図8)は、[JWS]で説明されているように組み合わせられ、JWS署名入力(図52)を生成します。

.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 52: JWS Signing Input 

.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 52: JWS Signing Input

Performing the signature operation over the JWS Signing Input (Figure 52) produces the JWS Signature (Figure 53).

JWS署名入力(図52)に対して署名操作を実行すると、JWS署名(図53)が生成されます。

xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZuk
Figure 53: JWS Signature, base64url-encoded 

xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZuk
Figure 53: JWS Signature, base64url-encoded

4.7.3. Output Results

4.7.3. 出力結果

The following compose the resulting JWS object:

以下は、結果として得られるJWSオブジェクトを構成します:

  • JWS Unprotected Header (Figure 51)
  • JWS非保護ヘッダー(図51)
  • Payload content (Figure 8)
  • ペイロードコンテンツ(図8)
  • Signature (Figure 53)
  • 署名(図53)

The JWS Compact Serialization is not presented because it does not support this use case.

このユースケースをサポートしていないため、JWSコンパクトシリアライゼーションは表示されません。

The resulting JWS object using the general JWS JSON Serialization:

一般的なJWS JSONシリアライゼーションを使用した結果得られるJWSオブジェクト:

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "signatures": [
    {
      "header": {
        "alg": "HS256",
        "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
      },
      "signature": "xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZu
          k"
    }
  ]
}
Figure 54: General JWS JSON Serialization 

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "signatures": [
    {
      "header": {
        "alg": "HS256",
        "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
      },
      "signature": "xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZu
          k"
    }
  ]
}
Figure 54: General JWS JSON Serialization

The resulting JWS object using the flattened JWS JSON Serialization:

フラット化されたJWS JSONシリアライゼーションを使用した結果得られるJWSオブジェクト:

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "header": {
    "alg": "HS256",
    "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
  },
  "signature": "xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZuk"
}
Figure 55: Flattened JWS JSON Serialization 

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "header": {
    "alg": "HS256",
    "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
  },
  "signature": "xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZuk"
}
Figure 55: Flattened JWS JSON Serialization

4.8. Multiple Signatures

4.8. 複数の署名

This example illustrates multiple signatures applied to the same payload. Since this example contains more than one signature, only the JSON General Serialization is possible.

この例は、同じペイロードに適用された複数の署名を示しています。この例には複数の署名が含まれているため、一般的なJSONシリアライゼーションのみが可能です。

Note that whitespace is added for readability as described in Section 1.1.

セクション1.1で説明されているように、読みやすさのために空白が追加されていることに注意してください。

4.8.1. Input Factors

4.8.1. 入力要素

The following are supplied before beginning the signing operation:

署名操作を開始する前に以下が提供されます:

  • Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8.
  • ペイロードコンテンツ; この例では、図7のコンテンツを使用し、base64url [RFC4648]を使用してエンコードして図8を生成します。
  • Signing keys; this example uses the following:
  • 署名キー; この例では、以下を使用します:

   *  RSA private key from Figure 4 for the first signature


  *  最初の署名のための図4からのRSAプライベートキー


   *  EC private key from Figure 2 for the second signature


  *  二番目の署名のための図2からのECプライベートキー


   *  AES symmetric key from Figure 5 for the third signature


  *  三番目の署名のための図5からのAES対称キー

  • Signing algorithms; this example uses the following:
  • 署名アルゴリズム; この例では以下を使用します:

   *  "RS256" for the first signature


  *  最初の署名のための"RS256"


   *  "ES512" for the second signature


  *  二番目の署名のための"ES512"


   *  "HS256" for the third signature


  *  三番目の署名のための"HS256"

4.8.2. First Signing Operation

4.8.2. 最初の署名操作

The following are generated before completing the first signing operation:

最初の署名操作を完了する前に以下が生成されます:

  • JWS Protected Header; this example uses the header from Figure 56, encoded using base64url [RFC4648] to produce Figure 57.
  • JWS保護ヘッダー; この例では、図56のヘッダーを使用し、base64url [RFC4648]を使用してエンコードして図57を生成します。
  • JWS Unprotected Header; this example uses the header from Figure 58.
  • JWS非保護ヘッダー; この例では、図58のヘッダーを使用します。

{
  "alg": "RS256"
}
Figure 56: Signature #1 JWS Protected Header JSON 

{
  "alg": "RS256"
}
Figure 56: Signature #1 JWS Protected Header JSON 

eyJhbGciOiJSUzI1NiJ9
Figure 57: Signature #1 JWS Protected Header, base64url-encoded 

eyJhbGciOiJSUzI1NiJ9
Figure 57: Signature #1 JWS Protected Header, base64url-encoded 

{
  "kid": "bilbo.baggins@hobbiton.example"
}
Figure 58: Signature #1 JWS Unprotected Header JSON 

{
  "kid": "bilbo.baggins@hobbiton.example"
}
Figure 58: Signature #1 JWS Unprotected Header JSON

The JWS Protected Header (Figure 57) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 59).

JWS保護ヘッダー(図57)とJWSペイロード(図8)は、[JWS]で説明されているように組み合わせられ、JWS署名入力(図59)を生成します。

eyJhbGciOiJSUzI1NiJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 59: JWS Signing Input 

eyJhbGciOiJSUzI1NiJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 59: JWS Signing Input

Performing the signature operation over the JWS Signing Input (Figure 59) produces the JWS Signature (Figure 60).

JWS署名入力(図59)に対して署名操作を実行すると、JWS署名(図60)が生成されます。

MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5NvyG53uoimic1tcMdSg-qpt
rzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFcryNFiHkSw129EghGpwkpxaTn_THJTC
glNbADko1MZBCdwzJxwqZc-1RlpO2HibUYyXSwO97BSe0_evZKdjvvKSgsIqjy
tKSeAMbhMBdMma622_BG5t4sdbuCHtFjp9iJmkio47AIwqkZV1aIZsv33uPUqB
BCXbYoQJwt7mxPftHmNlGoOSMxR_3thmXTCm4US-xiNOyhbm8afKK64jU6_TPt
QHiJeQJxz9G3Tx-083B745_AfYOnlC9w
Figure 60: JWS Signature #1, base64url-encoded 

MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5NvyG53uoimic1tcMdSg-qpt
rzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFcryNFiHkSw129EghGpwkpxaTn_THJTC
glNbADko1MZBCdwzJxwqZc-1RlpO2HibUYyXSwO97BSe0_evZKdjvvKSgsIqjy
tKSeAMbhMBdMma622_BG5t4sdbuCHtFjp9iJmkio47AIwqkZV1aIZsv33uPUqB
BCXbYoQJwt7mxPftHmNlGoOSMxR_3thmXTCm4US-xiNOyhbm8afKK64jU6_TPt
QHiJeQJxz9G3Tx-083B745_AfYOnlC9w
Figure 60: JWS Signature #1, base64url-encoded

The following is the assembled first signature serialized as JSON:

以下は、最初の署名がJSONとしてシリアライズされたものです:

{
  "protected": "eyJhbGciOiJSUzI1NiJ9",
  "header": {
    "kid": "bilbo.baggins@hobbiton.example"
  },
  "signature": "MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5NvyG53u
      oimic1tcMdSg-qptrzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFcryNFiHkS
      w129EghGpwkpxaTn_THJTCglNbADko1MZBCdwzJxwqZc-1RlpO2HibUY
      yXSwO97BSe0_evZKdjvvKSgsIqjytKSeAMbhMBdMma622_BG5t4sdbuC
      HtFjp9iJmkio47AIwqkZV1aIZsv33uPUqBBCXbYoQJwt7mxPftHmNlGo
      OSMxR_3thmXTCm4US-xiNOyhbm8afKK64jU6_TPtQHiJeQJxz9G3Tx-0
      83B745_AfYOnlC9w"
}
Figure 61: Signature #1 JSON 

{
  "protected": "eyJhbGciOiJSUzI1NiJ9",
  "header": {
    "kid": "bilbo.baggins@hobbiton.example"
  },
  "signature": "MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5NvyG53u
      oimic1tcMdSg-qptrzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFcryNFiHkS
      w129EghGpwkpxaTn_THJTCglNbADko1MZBCdwzJxwqZc-1RlpO2HibUY
      yXSwO97BSe0_evZKdjvvKSgsIqjytKSeAMbhMBdMma622_BG5t4sdbuC
      HtFjp9iJmkio47AIwqkZV1aIZsv33uPUqBBCXbYoQJwt7mxPftHmNlGo
      OSMxR_3thmXTCm4US-xiNOyhbm8afKK64jU6_TPtQHiJeQJxz9G3Tx-0
      83B745_AfYOnlC9w"
}
Figure 61: Signature #1 JSON

4.8.3. Second Signing Operation

4.8.3. 二番目の署名操作

The following is generated before completing the second signing operation:

二番目の署名操作を完了する前に以下が生成されます:

  • JWS Unprotected Header; this example uses the header from Figure 62.
  • JWS非保護ヘッダー; この例では、図62のヘッダーを使用します。

{
  "alg": "ES512",
  "kid": "bilbo.baggins@hobbiton.example"
}
Figure 62: Signature #2 JWS Unprotected Header JSON 

{
  "alg": "ES512",
  "kid": "bilbo.baggins@hobbiton.example"
}
Figure 62: Signature #2 JWS Unprotected Header JSON

The empty string (as there is no JWS Protected Header) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 63).

空の文字列(JWS保護ヘッダーがないため)とJWSペイロード(図8)は、[JWS]で説明されているように組み合わせられ、JWS署名入力(図63)を生成します。

.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 63: JWS Signing Input 

.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 63: JWS Signing Input

Performing the signature operation over the JWS Signing Input (Figure 63) produces the JWS Signature (Figure 64).

JWS署名入力(図63)に対して署名操作を実行すると、JWS署名(図64)が生成されます。

ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhcdCoFZFFjfISu0Cdkn9Yb
dlmi54ho0x924DUz8sK7ZXkhc7AFM8ObLfTvNCrqcI3Jkl2U5IX3utNhODH6v7
xgy1Qahsn0fyb4zSAkje8bAWz4vIfj5pCMYxxm4fgV3q7ZYhm5eD
Figure 64: JWS Signature #2, base64url-encoded 

ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhcdCoFZFFjfISu0Cdkn9Yb
dlmi54ho0x924DUz8sK7ZXkhc7AFM8ObLfTvNCrqcI3Jkl2U5IX3utNhODH6v7
xgy1Qahsn0fyb4zSAkje8bAWz4vIfj5pCMYxxm4fgV3q7ZYhm5eD
Figure 64: JWS Signature #2, base64url-encoded

The following is the assembled second signature serialized as JSON:

以下は、組み立てられた二番目の署名がJSONとしてシリアライズされたものです:

{
  "header": {
    "alg": "ES512",
    "kid": "bilbo.baggins@hobbiton.example"
  },
  "signature": "ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhcdCoF
      ZFFjfISu0Cdkn9Ybdlmi54ho0x924DUz8sK7ZXkhc7AFM8ObLfTvNCrq
      cI3Jkl2U5IX3utNhODH6v7xgy1Qahsn0fyb4zSAkje8bAWz4vIfj5pCM
      Yxxm4fgV3q7ZYhm5eD"
}
Figure 65: Signature #2 JSON 

{
  "header": {
    "alg": "ES512",
    "kid": "bilbo.baggins@hobbiton.example"
  },
  "signature": "ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhcdCoF
      ZFFjfISu0Cdkn9Ybdlmi54ho0x924DUz8sK7ZXkhc7AFM8ObLfTvNCrq
      cI3Jkl2U5IX3utNhODH6v7xgy1Qahsn0fyb4zSAkje8bAWz4vIfj5pCM
      Yxxm4fgV3q7ZYhm5eD"
}
Figure 65: Signature #2 JSON

4.8.4. Third Signing Operation

4.8.4. 三番目の署名操作

The following is generated before completing the third signing operation:

三番目の署名操作を完了する前に以下が生成されます:

  • JWS Protected Header; this example uses the header from Figure 66, encoded using base64url [RFC4648] to produce Figure 67.
  • JWS保護ヘッダー; この例では、図66のヘッダーを使用し、base64url [RFC4648]を使用してエンコードして図67を生成します。

{
  "alg": "HS256",
  "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
Figure 66: Signature #3 JWS Protected Header JSON 

{
  "alg": "HS256",
  "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
}
Figure 66: Signature #3 JWS Protected Header JSON 

eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
Figure 67: Signature #3 JWS Protected Header, base64url-encoded 

eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
Figure 67: Signature #3 JWS Protected Header, base64url-encoded

The JWS Protected Header (Figure 67) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 68).

JWS保護ヘッダー(図67)とJWSペイロード(図8)は、[JWS]で説明されているように組み合わせられ、JWS署名入力(図68)を生成します。

eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 68: JWS Signing Input 

eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
VlZjMxNGJjNzAzNyJ9
.
SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
Figure 68: JWS署名入力

Performing the signature operation over the JWS Signing Input (Figure 68) produces the JWS Signature (Figure 69).

JWS署名入力(図68)に対して署名操作を実行すると、JWS署名(図69)が生成されます。

s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
Figure 69: JWS Signature #3, base64url-encoded 

s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
Figure 69: JWS署名 #3、base64urlエンコード済み

The following is the assembled third signature serialized as JSON:

以下は、組み立てられた三番目の署名がJSONとしてシリアライズされたものです:

{
  "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW
      ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
  "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"
}
Figure 70: Signature #3 JSON 

{
  "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW
      ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
  "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"
}
Figure 70: 署名 #3 JSON

4.8.5. Output Results

4.8.5. 出力結果

The following compose the resulting JWS object:

以下の要素が結果のJWSオブジェクトを構成します:

  • Payload content (Figure 8)
  • ペイロード内容 (図8)
  • Signature #1 JSON (Figure 61)
  • 署名#1のJSON (図61)
  • Signature #2 JSON (Figure 65)
  • 署名#2のJSON (図65)
  • Signature #3 JSON (Figure 70)
  • 署名#3のJSON (図70)

The JWS Compact Serialization is not presented because it does not support this use case; the flattened JWS JSON Serialization is not presented because there is more than one signature.

JWS Compact Serializationはこのユースケースをサポートしていないため、表示されません。また、署名が1つ以上あるため、フラット化されたJWS JSON Serializationも表示されません。

The resulting JWS object using the general JWS JSON Serialization:

一般的なJWS JSON Serializationを使用した結果のJWSオブジェクト:

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "signatures": [
    {
      "protected": "eyJhbGciOiJSUzI1NiJ9",
      "header": {
        "kid": "bilbo.baggins@hobbiton.example"
      },
      "signature": "MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5Nvy
          G53uoimic1tcMdSg-qptrzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFc
          ryNFiHkSw129EghGpwkpxaTn_THJTCglNbADko1MZBCdwzJxwqZc
          -1RlpO2HibUYyXSwO97BSe0_evZKdjvvKSgsIqjytKSeAMbhMBdM
          ma622_BG5t4sdbuCHtFjp9iJmkio47AIwqkZV1aIZsv33uPUqBBC
          XbYoQJwt7mxPftHmNlGoOSMxR_3thmXTCm4US-xiNOyhbm8afKK6
          4jU6_TPtQHiJeQJxz9G3Tx-083B745_AfYOnlC9w"
    },
    {
      "header": {
        "alg": "ES512",
        "kid": "bilbo.baggins@hobbiton.example"
      },
      "signature": "ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhc
          dCoFZFFjfISu0Cdkn9Ybdlmi54ho0x924DUz8sK7ZXkhc7AFM8Ob
          LfTvNCrqcI3Jkl2U5IX3utNhODH6v7xgy1Qahsn0fyb4zSAkje8b
          AWz4vIfj5pCMYxxm4fgV3q7ZYhm5eD"
    },
    {
      "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
          RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
      "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
          0"
    }
  ]
}
Figure 71: General JWS JSON Serialization 

{
  "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
      Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
      ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
      gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
      ZiB0by4",
  "signatures": [
    {
      "protected": "eyJhbGciOiJSUzI1NiJ9",
      "header": {
        "kid": "bilbo.baggins@hobbiton.example"
      },
      "signature": "MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5Nvy
          G53uoimic1tcMdSg-qptrzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFc
          ryNFiHkSw129EghGpwkpxaTn_THJTCglNbADko1MZBCdwzJxwqZc
          -1RlpO2HibUYyXSwO97BSe0_evZKdjvvKSgsIqjytKSeAMbhMBdM
          ma622_BG5t4sdbuCHtFjp9iJmkio47AIwqkZV1aIZsv33uPUqBBC
          XbYoQJwt7mxPftHmNlGoOSMxR_3thmXTCm4US-xiNOyhbm8afKK6
          4jU6_TPtQHiJeQJxz9G3Tx-083B745_AfYOnlC9w"
    },
    {
      "header": {
        "alg": "ES512",
        "kid": "bilbo.baggins@hobbiton.example"
      },
      "signature": "ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhc
          dCoFZFFjfISu0Cdkn9Ybdlmi54ho0x924DUz8sK7ZXkhc7AFM8Ob
          LfTvNCrqcI3Jkl2U5IX3utNhODH6v7xgy1Qahsn0fyb4zSAkje8b
          AWz4vIfj5pCMYxxm4fgV3q7ZYhm5eD"
    },
    {
      "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
          RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
      "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
          0"
    }
  ]
}
Figure 71: General JWS JSON Serialization

5. JSON Web Encryption Examples

5. JSON Web暗号化の例

The following sections demonstrate how to generate various JWE objects.

以下のセクションでは、さまざまなJWEオブジェクトを生成する方法を示します。

All of the encryption examples (unless otherwise noted) use the following Plaintext content (an abridged quote from "The Fellowship of the Ring" [LOTR-FELLOWSHIP]), serialized as UTF-8. The Plaintext is presented here as a series of quoted strings that are concatenated to produce the JWE Plaintext. The sequence "\xe2\x80\x93" is substituted for (U+2013 EN DASH), and quotation marks (U+0022 QUOTATION MARK) are added for readability but are not present in the JWE Plaintext.

すべての暗号化の例(特に注記がない限り)は、以下のプレーンテキスト内容("The Fellowship of the Ring" [LOTR-FELLOWSHIP]からの抜粋引用)を使用し、UTF-8としてシリアライズします。プレーンテキストは、JWEプレーンテキストを生成するために連結される一連の引用符で示されます。シーケンス"\xe2\x80\x93"は(U+2013 EN DASH)に置き換えられ、引用符(U+0022 QUOTATION MARK)は可読性のために追加されますが、JWEプレーンテキストには存在しません。

"You can trust us to stick with you through thick and "
"thin\xe2\x80\x93to the bitter end. And you can trust us to "
"keep any secret of yours\xe2\x80\x93closer than you keep it "
"yourself. But you cannot trust us to let you face trouble "
"alone, and go off without a word. We are your friends, Frodo."
Figure 72: Plaintext Content 

"You can trust us to stick with you through thick and "
"thin\xe2\x80\x93to the bitter end. And you can trust us to "
"keep any secret of yours\xe2\x80\x93closer than you keep it "
"yourself. But you cannot trust us to let you face trouble "
"alone, and go off without a word. We are your friends, Frodo."
Figure 72: プレーンテキスト内容

5.1. Key Encryption Using RSA v1.5 and AES-HMAC-SHA2

5.1. RSA v1.5とAES-HMAC-SHA2を使用したキー暗号化

This example illustrates encrypting content using the "RSA1_5" (RSAES-PKCS1-v1_5) key encryption algorithm and the "A128CBC-HS256" (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.

この例では、「RSA1_5」(RSAES-PKCS1-v1_5)キー暗号化アルゴリズムと「A128CBC-HS256」(AES-128-CBC-HMAC-SHA-256)コンテンツ暗号化アルゴリズムを使用してコンテンツを暗号化する方法を示します。

Note that RSAES-PKCS1-v1_5 uses random data to generate the ciphertext; it might not be possible to exactly replicate the results in this section.

RSAES-PKCS1-v1_5はランダムデータを使用して暗号文を生成するため、このセクションの結果を正確に再現することはできないかもしれません。

Note that only the RSA public key is necessary to perform the encryption. However, the example includes the RSA private key to allow readers to validate the output.

暗号化を実行するにはRSA公開鍵だけが必要であることに注意してください。しかし、この例にはRSA秘密鍵が含まれているので、読者が出力を検証できます。

Note that whitespace is added for readability as described in Section 1.1.

セクション1.1で説明されているように、可読性のために空白が追加されていることに注意してください。

5.1.1. Input Factors

5.1.1. 入力要素

The following are supplied before beginning the encryption process:

以下の要素が暗号化プロセスを開始する前に提供されます:

  • Plaintext content; this example uses the content from Figure 72.
  • プレーンテキストの内容; この例では図72の内容を使用します。
  • RSA public key; this example uses the key from Figure 73.
  • RSA公開鍵; この例では図73の鍵を使用します。
  • "alg" parameter of "RSA1_5".
  • "alg"パラメーターは"RSA1_5"。
  • "enc" parameter of "A128CBC-HS256".
  • "enc"パラメーターは"A128CBC-HS256"。

{
  "kty": "RSA",
  "kid": "frodo.baggins@hobbiton.example",
  "use": "enc",
  "n": "maxhbsmBtdQ3CNrKvprUE6n9lYcregDMLYNeTAWcLj8NnPU9XIYegT
      HVHQjxKDSHP2l-F5jS7sppG1wgdAqZyhnWvXhYNvcM7RfgKxqNx_xAHx
      6f3yy7s-M9PSNCwPC2lh6UAkR4I00EhV9lrypM9Pi4lBUop9t5fS9W5U
      NwaAllhrd-osQGPjIeI1deHTwx-ZTHu3C60Pu_LJIl6hKn9wbwaUmA4c
      R5Bd2pgbaY7ASgsjCUbtYJaNIHSoHXprUdJZKUMAzV0WOKPfA6OPI4oy
      pBadjvMZ4ZAj3BnXaSYsEZhaueTXvZB4eZOAjIyh2e_VOIKVMsnDrJYA
      VotGlvMQ",
  "e": "AQAB",
  "d": "Kn9tgoHfiTVi8uPu5b9TnwyHwG5dK6RE0uFdlpCGnJN7ZEi963R7wy
      bQ1PLAHmpIbNTztfrheoAniRV1NCIqXaW_qS461xiDTp4ntEPnqcKsyO
      5jMAji7-CL8vhpYYowNFvIesgMoVaPRYMYT9TW63hNM0aWs7USZ_hLg6
      Oe1mY0vHTI3FucjSM86Nff4oIENt43r2fspgEPGRrdE6fpLc9Oaq-qeP
      1GFULimrRdndm-P8q8kvN3KHlNAtEgrQAgTTgz80S-3VD0FgWfgnb1PN
      miuPUxO8OpI9KDIfu_acc6fg14nsNaJqXe6RESvhGPH2afjHqSy_Fd2v
      pzj85bQQ",
  "p": "2DwQmZ43FoTnQ8IkUj3BmKRf5Eh2mizZA5xEJ2MinUE3sdTYKSLtaE
      oekX9vbBZuWxHdVhM6UnKCJ_2iNk8Z0ayLYHL0_G21aXf9-unynEpUsH
      7HHTklLpYAzOOx1ZgVljoxAdWNn3hiEFrjZLZGS7lOH-a3QQlDDQoJOJ
      2VFmU",
  "q": "te8LY4-W7IyaqH1ExujjMqkTAlTeRbv0VLQnfLY2xINnrWdwiQ93_V
      F099aP1ESeLja2nw-6iKIe-qT7mtCPozKfVtUYfz5HrJ_XY2kfexJINb
      9lhZHMv5p1skZpeIS-GPHCC6gRlKo1q-idn_qxyusfWv7WAxlSVfQfk8
      d6Et0",
  "dp": "UfYKcL_or492vVc0PzwLSplbg4L3-Z5wL48mwiswbpzOyIgd2xHTH
      QmjJpFAIZ8q-zf9RmgJXkDrFs9rkdxPtAsL1WYdeCT5c125Fkdg317JV
      RDo1inX7x2Kdh8ERCreW8_4zXItuTl_KiXZNU5lvMQjWbIw2eTx1lpsf
      lo0rYU",
  "dq": "iEgcO-QfpepdH8FWd7mUFyrXdnOkXJBCogChY6YKuIHGc_p8Le9Mb
      pFKESzEaLlN1Ehf3B6oGBl5Iz_ayUlZj2IoQZ82znoUrpa9fVYNot87A
      CfzIG7q9Mv7RiPAderZi03tkVXAdaBau_9vs5rS-7HMtxkVrxSUvJY14
      TkXlHE",
  "qi": "kC-lzZOqoFaZCr5l0tOVtREKoVqaAYhQiqIRGL-MzS4sCmRkxm5vZ
      lXYx6RtE1n_AagjqajlkjieGlxTTThHD8Iga6foGBMaAr5uR1hGQpSc7
      Gl7CF1DZkBJMTQN6EshYzZfxW08mIO8M6Rzuh0beL6fG9mkDcIyPrBXx
      2bQ_mM"
}
Figure 73: RSA 2048-Bit Key, in JWK Format 

{
  "kty": "RSA",
  "kid": "frodo.baggins@hobbiton.example",
  "use": "enc",
  "n": "maxhbsmBtdQ3CNrKvprUE6n9lYcregDMLYNeTAWcLj8NnPU9XIYegT
      HVHQjxKDSHP2l-F5jS7sppG1wgdAqZyhnWvXhYNvcM7RfgKxqNx_xAHx
      6f3yy7s-M9PSNCwPC2lh6UAkR4I00EhV9lrypM9Pi4lBUop9t5fS9W5U
      NwaAllhrd-osQGPjIeI1deHTwx-ZTHu3C60Pu_LJIl6hKn9wbwaUmA4c
      R5Bd2pgbaY7ASgsjCUbtYJaNIHSoHXprUdJZKUMAzV0WOKPfA6OPI4oy
      pBadjvMZ4ZAj3BnXaSYsEZhaueTXvZB4eZOAjIyh2e_VOIKVMsnDrJYA
      VotGlvMQ",
  "e": "AQAB",
  "d": "Kn9tgoHfiTVi8uPu5b9TnwyHwG5dK6RE0uFdlpCGnJN7ZEi963R7wy
      bQ1PLAHmpIbNTztfrheoAniRV1NCIqXaW_qS461xiDTp4ntEPnqcKsyO
      5jMAji7-CL8vhpYYowNFvIesgMoVaPRYMYT9TW63hNM0aWs7USZ_hLg6
      Oe1mY0vHTI3FucjSM86Nff4oIENt43r2fspgEPGRrdE6fpLc9Oaq-qeP
      1GFULimrRdndm-P8q8kvN3KHlNAtEgrQAgTTgz80S-3VD0FgWfgnb1PN
      miuPUxO8OpI9KDIfu_acc6fg14nsNaJqXe6RESvhGPH2afjHqSy_Fd2v
      pzj85bQQ",
  "p": "2DwQmZ43FoTnQ8IkUj3BmKRf5Eh2mizZA5xEJ2MinUE3sdTYKSLtaE
      oekX9vbBZuWxHdVhM6UnKCJ_2iNk8Z0ayLYHL0_G21aXf9-unynEpUsH
      7HHTklLpYAzOOx1ZgVljoxAdWNn3hiEFrjZLZGS7lOH-a3QQlDDQoJOJ
      2VFmU",
  "q": "te8LY4-W7IyaqH1ExujjMqkTAlTeRbv0VLQnfLY2xINnrWdwiQ93_V
      F099aP1ESeLja2nw-6iKIe-qT7mtCPozKfVtUYfz5HrJ_XY2kfexJINb
      9lhZHMv5p1skZpeIS-GPHCC6gRlKo1q-idn_qxyusfWv7WAxlSVfQfk8
      d6Et0",
  "dp": "UfYKcL_or492vVc0PzwLSplbg4L3-Z5wL48mwiswbpzOyIgd2xHTH
      QmjJpFAIZ8q-zf9RmgJXkDrFs9rkdxPtAsL1WYdeCT5c125Fkdg317JV
      RDo1inX7x2Kdh8ERCreW8_4zXItuTl_KiXZNU5lvMQjWbIw2eTx1lpsf
      lo0rYU",
  "dq": "iEgcO-QfpepdH8FWd7mUFyrXdnOkXJBCogChY6YKuIHGc_p8Le9Mb
      pFKESzEaLlN1Ehf3B6oGBl5Iz_ayUlZj2IoQZ82znoUrpa9fVYNot87A
      CfzIG7q9Mv7RiPAderZi03tkVXAdaBau_9vs5rS-7HMtxkVrxSUvJY14
      TkXlHE",
  "qi": "kC-lzZOqoFaZCr5l0tOVtREKoVqaAYhQiqIRGL-MzS4sCmRkxm5vZ
      lXYx6RtE1n_AagjqajlkjieGlxTTThHD8Iga6foGBMaAr5uR1hGQpSc7
      Gl7CF1DZkBJMTQN6EshYzZfxW08mIO8M6Rzuh0beL6fG9mkDcIyPrBXx
      2bQ_mM"
}
Figure 73: JWK形式のRSA 2048ビットキー

(NOTE: While the key includes the private parameters, only the public parameters "e" and "n" are necessary for the encryption operation.)

(注:キーには秘密パラメーターが含まれていますが、暗号化操作には公開パラメーター「e」と「n」だけが必要です。)

5.1.2. Generated Factors

5.1.2. 生成された要素

The following are generated before encrypting:

以下の要素が暗号化する前に生成されます:

  • AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 74.
  • コンテンツ暗号化キー(CEK)としてのAES対称キー; この例では図74のキーを使用します。
  • Initialization Vector; this example uses the Initialization Vector from Figure 75.
  • 初期化ベクトル; この例では図75の初期化ベクトルを使用します。

3qyTVhIWt5juqZUCpfRqpvauwB956MEJL2Rt-8qXKSo
Figure 74: Content Encryption Key, base64url-encoded 

3qyTVhIWt5juqZUCpfRqpvauwB956MEJL2Rt-8qXKSo
Figure 74: コンテンツ暗号化キー、base64urlエンコード済み 

bbd5sTkYwhAIqfHsx8DayA
Figure 75: Initialization Vector, base64url-encoded 

bbd5sTkYwhAIqfHsx8DayA
Figure 75: 初期化ベクトル、base64urlエンコード済み

5.1.3. Encrypting the Key

5.1.3. キーの暗号化

Performing the key encryption operation over the CEK (Figure 74) with the RSA key (Figure 73) results in the following Encrypted Key:

CEK(図74)に対してRSAキー(図73)を用いてキー暗号化操作を行うと、次のような暗号化キーが得られます:

laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePF
vG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2G
Xfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcG
TSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8Vl
zNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOh
MBs9M8XL223Fg47xlGsMXdfuY-4jaqVw
Figure 76: Encrypted Key, base64url-encoded 

laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePF
vG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2G
Xfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcG
TSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8Vl
zNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOh
MBs9M8XL223Fg47xlGsMXdfuY-4jaqVw
Figure 76: 暗号化キー、base64urlエンコード済み

5.1.4. Encrypting the Content

5.1.4. コンテンツの暗号化

The following is generated before encrypting the Plaintext:

以下のものがプレーンテキストを暗号化する前に生成されます:

  • JWE Protected Header; this example uses the header from Figure 77, encoded using base64url [RFC4648] to produce Figure 78.
  • JWE保護ヘッダー; この例では図77のヘッダーを使用し、base64url [RFC4648]を使用してエンコードして図78を生成します。

{
  "alg": "RSA1_5",
  "kid": "frodo.baggins@hobbiton.example",
  "enc": "A128CBC-HS256"
}
Figure 77: JWE Protected Header JSON 

{
  "alg": "RSA1_5",
  "kid": "frodo.baggins@hobbiton.example",
  "enc": "A128CBC-HS256"
}
Figure 77: JWE保護ヘッダーJSON 

eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm
V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0
Figure 78: JWE Protected Header, base64url-encoded 

eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm
V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0
Figure 78: JWE保護ヘッダー、base64urlエンコード済み

Performing the content encryption operation on the Plaintext (Figure 72) using the following:

以下を使用してプレーンテキスト(図72)に対してコンテンツ暗号化操作を行います:

  • CEK (Figure 74);
  • CEK(図74);
  • Initialization Vector (Figure 75); and
  • 初期化ベクトル(図75); そして
  • JWE Protected Header (Figure 77) as authenticated data
  • 認証データとしてのJWE保護ヘッダー(図77)

produces the following:

以下を生成します:

  • Ciphertext from Figure 79.
  • 図79からの暗号文。
  • Authentication Tag from Figure 80.
  • 図80からの認証タグ。

0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_r
aa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8O
WzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZV
yeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0
zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2
O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VW
i7lzA6BP430m
Figure 79: Ciphertext, base64url-encoded 

0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_r
aa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8O
WzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZV
yeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0
zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2
O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VW
i7lzA6BP430m
Figure 79: 暗号文、base64urlエンコード済み 

kvKuFBXHe5mQr4lqgobAUg
Figure 80: Authentication Tag, base64url-encoded 

kvKuFBXHe5mQr4lqgobAUg
Figure 80: 認証タグ、base64urlエンコード済み

5.1.5. Output Results

5.1.5. 出力結果

The following compose the resulting JWE object:

以下の要素が結果のJWEオブジェクトを構成します:

  • JWE Protected Header (Figure 78)
  • JWE保護ヘッダー(図78)
  • Encrypted Key (Figure 76)
  • 暗号化キー(図76)
  • Initialization Vector (Figure 75)
  • 初期化ベクトル(図75)
  • Ciphertext (Figure 79)
  • 暗号文(図79)
  • Authentication Tag (Figure 80)
  • 認証タグ(図80)

The resulting JWE object using the JWE Compact Serialization:

JWEコンパクトシリアライゼーションを使用した結果のJWEオブジェクト:

eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm
V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0
.
laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePF
vG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2G
Xfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcG
TSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8Vl
zNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOh
MBs9M8XL223Fg47xlGsMXdfuY-4jaqVw
.
bbd5sTkYwhAIqfHsx8DayA
.
0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_r
aa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8O
WzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZV
yeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0
zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2
O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VW
i7lzA6BP430m
.
kvKuFBXHe5mQr4lqgobAUg
Figure 81: JWE Compact Serialization 

eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm
V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0
.
laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePF
vG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2G
Xfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcG
TSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8Vl
zNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOh
MBs9M8XL223Fg47xlGsMXdfuY-4jaqVw
.
bbd5sTkYwhAIqfHsx8DayA
.
0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_r
aa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8O
WzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZV
yeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0
zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2
O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VW
i7lzA6BP430m
.
kvKuFBXHe5mQr4lqgobAUg
Figure 81: JWEコンパクトシリアライゼーション

The resulting JWE object using the general JWE JSON Serialization:

一般的なJWE JSONシリアライゼーションを使用した結果のJWEオブジェクト:

{
  "recipients": [
    {
      "encrypted_key": "laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzf
          TihJBuuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai_
          _3TDON395H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WX
          C2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt
          36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8
          VlzNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx
          1BpyIfgvfjOhMBs9M8XL223Fg47xlGsMXdfuY-4jaqVw"
    }
  ],
  "protected": "eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW
      5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In
      0",
  "iv": "bbd5sTkYwhAIqfHsx8DayA",
  "ciphertext": "0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62
      JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wn
      I3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc
      2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtm
      RdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0y
      KVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4c
      tHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP4
      30m",
  "tag": "kvKuFBXHe5mQr4lqgobAUg"
}
Figure 82: General JWE JSON Serialization 

{
  "recipients": [
    {
      "encrypted_key": "laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzf
          TihJBuuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai_
          _3TDON395H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WX
          C2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt
          36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8
          VlzNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx
          1BpyIfgvfjOhMBs9M8XL223Fg47xlGsMXdfuY-4jaqVw"
    }
  ],
  "protected": "eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW
      5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In
      0",
  "iv": "bbd5sTkYwhAIqfHsx8DayA",
  "ciphertext": "0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62
      JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wn
      I3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc
      2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtm
      RdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0y
      KVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4c
      tHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP4
      30m",
  "tag": "kvKuFBXHe5mQr4lqgobAUg"
}
Figure 82: 一般的なJWE JSONシリアライゼーション

The resulting JWE object using the flattened JWE JSON Serialization:

フラット化されたJWE JSONシリアライゼーションを使用した結果のJWEオブジェクト:

{
  "protected": "eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW
      5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In
      0",
  "encrypted_key": "laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJ
      Buuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai__3TDON39
      5H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WXC2F5Xbb71ClQ
      1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt36r1Kt3OSj7EyBQX
      oZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8VlzNmoxaGMny3YnGir5W
      f6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOhMBs9M8XL223F
      g47xlGsMXdfuY-4jaqVw",
  "iv": "bbd5sTkYwhAIqfHsx8DayA",
  "ciphertext": "0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62
      JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wn
      I3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc
      2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtm
      RdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0y
      KVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4c
      tHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP4
      30m",
  "tag": "kvKuFBXHe5mQr4lqgobAUg"
}
Figure 83: Flattened JWE JSON Serialization 

{
  "protected": "eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW
      5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In
      0",
  "encrypted_key": "laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJ
      Buuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai__3TDON39
      5H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WXC2F5Xbb71ClQ
      1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt36r1Kt3OSj7EyBQX
      oZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8VlzNmoxaGMny3YnGir5W
      f6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOhMBs9M8XL223F
      g47xlGsMXdfuY-4jaqVw",
  "iv": "bbd5sTkYwhAIqfHsx8DayA",
  "ciphertext": "0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62
      JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wn
      I3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc
      2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtm
      RdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0y
      KVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4c
      tHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP4
      30m",
  "tag": "kvKuFBXHe5mQr4lqgobAUg"
}
Figure 83: フラット化されたJWE JSONシリアライゼーション

5.2. Key Encryption Using RSA-OAEP with AES-GCM

5.2. RSA-OAEPとAES-GCMを使用したキー暗号化

This example illustrates encrypting content using the "RSA-OAEP" (RSAES-OAEP) key encryption algorithm and the "A256GCM" (AES-GCM) content encryption algorithm.

この例は、「RSA-OAEP」(RSAES-OAEP)キー暗号化アルゴリズムと「A256GCM」(AES-GCM)コンテンツ暗号化アルゴリズムを使用してコンテンツを暗号化する方法を示しています。

Note that RSAES-OAEP uses random data to generate the ciphertext; it might not be possible to exactly replicate the results in this section.

RSAES-OAEPはランダムデータを使用して暗号文を生成するため、このセクションの結果を正確に再現することは可能ではないかもしれません。

Note that only the RSA public key is necessary to perform the encryption. However, the example includes the RSA private key to allow readers to validate the output.

暗号化を実行するにはRSA公開鍵だけが必要であることに注意してください。しかし、この例には出力を検証するためのRSA秘密鍵も含まれています。

Note that whitespace is added for readability as described in Section 1.1.

セクション1.1で説明されているように、読みやすさのために空白が追加されていることに注意してください。

5.2.1. Input Factors

5.2.1. 入力要素

The following are supplied before beginning the encryption process:

以下の要素が暗号化プロセスを開始する前に提供されます:

  • Plaintext content; this example uses the Plaintext from Figure 72.
  • 平文の内容; この例では、図72の平文を使用します。
  • RSA public key; this example uses the key from Figure 84.
  • RSA公開鍵; この例では、図84の鍵を使用します。
  • "alg" parameter of "RSA-OAEP".
  • "alg"パラメーターは"RSA-OAEP"。
  • "enc" parameter of "A256GCM".
  • "enc"パラメーターは"A256GCM"。

{
  "kty": "RSA",
  "kid": "samwise.gamgee@hobbiton.example",
  "use": "enc",
  "n": "wbdxI55VaanZXPY29Lg5hdmv2XhvqAhoxUkanfzf2-5zVUxa6prHRr
      I4pP1AhoqJRlZfYtWWd5mmHRG2pAHIlh0ySJ9wi0BioZBl1XP2e-C-Fy
      XJGcTy0HdKQWlrfhTm42EW7Vv04r4gfao6uxjLGwfpGrZLarohiWCPnk
      Nrg71S2CuNZSQBIPGjXfkmIy2tl_VWgGnL22GplyXj5YlBLdxXp3XeSt
      sqo571utNfoUTU8E4qdzJ3U1DItoVkPGsMwlmmnJiwA7sXRItBCivR4M
      5qnZtdw-7v4WuR4779ubDuJ5nalMv2S66-RPcnFAzWSKxtBDnFJJDGIU
      e7Tzizjg1nms0Xq_yPub_UOlWn0ec85FCft1hACpWG8schrOBeNqHBOD
      FskYpUc2LC5JA2TaPF2dA67dg1TTsC_FupfQ2kNGcE1LgprxKHcVWYQb
      86B-HozjHZcqtauBzFNV5tbTuB-TpkcvJfNcFLlH3b8mb-H_ox35FjqB
      SAjLKyoeqfKTpVjvXhd09knwgJf6VKq6UC418_TOljMVfFTWXUxlnfhO
      OnzW6HSSzD1c9WrCuVzsUMv54szidQ9wf1cYWf3g5qFDxDQKis99gcDa
      iCAwM3yEBIzuNeeCa5dartHDb1xEB_HcHSeYbghbMjGfasvKn0aZRsnT
      yC0xhWBlsolZE",
  "e": "AQAB",
  "alg": "RSA-OAEP",
  "d": "n7fzJc3_WG59VEOBTkayzuSMM780OJQuZjN_KbH8lOZG25ZoA7T4Bx
      cc0xQn5oZE5uSCIwg91oCt0JvxPcpmqzaJZg1nirjcWZ-oBtVk7gCAWq
      -B3qhfF3izlbkosrzjHajIcY33HBhsy4_WerrXg4MDNE4HYojy68TcxT
      2LYQRxUOCf5TtJXvM8olexlSGtVnQnDRutxEUCwiewfmmrfveEogLx9E
      A-KMgAjTiISXxqIXQhWUQX1G7v_mV_Hr2YuImYcNcHkRvp9E7ook0876
      DhkO8v4UOZLwA1OlUX98mkoqwc58A_Y2lBYbVx1_s5lpPsEqbbH-nqIj
      h1fL0gdNfihLxnclWtW7pCztLnImZAyeCWAG7ZIfv-Rn9fLIv9jZ6r7r
      -MSH9sqbuziHN2grGjD_jfRluMHa0l84fFKl6bcqN1JWxPVhzNZo01yD
      F-1LiQnqUYSepPf6X3a2SOdkqBRiquE6EvLuSYIDpJq3jDIsgoL8Mo1L
      oomgiJxUwL_GWEOGu28gplyzm-9Q0U0nyhEf1uhSR8aJAQWAiFImWH5W
      _IQT9I7-yrindr_2fWQ_i1UgMsGzA7aOGzZfPljRy6z-tY_KuBG00-28
      S_aWvjyUc-Alp8AUyKjBZ-7CWH32fGWK48j1t-zomrwjL_mnhsPbGs0c
      9WsWgRzI-K8gE",
  "p": "7_2v3OQZzlPFcHyYfLABQ3XP85Es4hCdwCkbDeltaUXgVy9l9etKgh
      vM4hRkOvbb01kYVuLFmxIkCDtpi-zLCYAdXKrAK3PtSbtzld_XZ9nlsY
      a_QZWpXB_IrtFjVfdKUdMz94pHUhFGFj7nr6NNxfpiHSHWFE1zD_AC3m
      Y46J961Y2LRnreVwAGNw53p07Db8yD_92pDa97vqcZOdgtybH9q6uma-
      RFNhO1AoiJhYZj69hjmMRXx-x56HO9cnXNbmzNSCFCKnQmn4GQLmRj9s
      fbZRqL94bbtE4_e0Zrpo8RNo8vxRLqQNwIy85fc6BRgBJomt8QdQvIgP
      gWCv5HoQ",
  "q": "zqOHk1P6WN_rHuM7ZF1cXH0x6RuOHq67WuHiSknqQeefGBA9PWs6Zy
      KQCO-O6mKXtcgE8_Q_hA2kMRcKOcvHil1hqMCNSXlflM7WPRPZu2qCDc
      qssd_uMbP-DqYthH_EzwL9KnYoH7JQFxxmcv5An8oXUtTwk4knKjkIYG
      RuUwfQTus0w1NfjFAyxOOiAQ37ussIcE6C6ZSsM3n41UlbJ7TCqewzVJ
      aPJN5cxjySPZPD3Vp01a9YgAD6a3IIaKJdIxJS1ImnfPevSJQBE79-EX
      e2kSwVgOzvt-gsmM29QQ8veHy4uAqca5dZzMs7hkkHtw1z0jHV90epQJ
      JlXXnH8Q",
  "dp": "19oDkBh1AXelMIxQFm2zZTqUhAzCIr4xNIGEPNoDt1jK83_FJA-xn
      x5kA7-1erdHdms_Ef67HsONNv5A60JaR7w8LHnDiBGnjdaUmmuO8XAxQ
      J_ia5mxjxNjS6E2yD44USo2JmHvzeeNczq25elqbTPLhUpGo1IZuG72F
      ZQ5gTjXoTXC2-xtCDEUZfaUNh4IeAipfLugbpe0JAFlFfrTDAMUFpC3i
      XjxqzbEanflwPvj6V9iDSgjj8SozSM0dLtxvu0LIeIQAeEgT_yXcrKGm
      pKdSO08kLBx8VUjkbv_3Pn20Gyu2YEuwpFlM_H1NikuxJNKFGmnAq9Lc
      nwwT0jvoQ",
  "dq": "S6p59KrlmzGzaQYQM3o0XfHCGvfqHLYjCO557HYQf72O9kLMCfd_1
      VBEqeD-1jjwELKDjck8kOBl5UvohK1oDfSP1DleAy-cnmL29DqWmhgwM
      1ip0CCNmkmsmDSlqkUXDi6sAaZuntyukyflI-qSQ3C_BafPyFaKrt1fg
      dyEwYa08pESKwwWisy7KnmoUvaJ3SaHmohFS78TJ25cfc10wZ9hQNOrI
      ChZlkiOdFCtxDqdmCqNacnhgE3bZQjGp3n83ODSz9zwJcSUvODlXBPc2
      AycH6Ci5yjbxt4Ppox_5pjm6xnQkiPgj01GpsUssMmBN7iHVsrE7N2iz
      nBNCeOUIQ",
  "qi": "FZhClBMywVVjnuUud-05qd5CYU0dK79akAgy9oX6RX6I3IIIPckCc
      iRrokxglZn-omAY5CnCe4KdrnjFOT5YUZE7G_Pg44XgCXaarLQf4hl80
      oPEf6-jJ5Iy6wPRx7G2e8qLxnh9cOdf-kRqgOS3F48Ucvw3ma5V6KGMw
      QqWFeV31XtZ8l5cVI-I3NzBS7qltpUVgz2Ju021eyc7IlqgzR98qKONl
      27DuEES0aK0WE97jnsyO27Yp88Wa2RiBrEocM89QZI1seJiGDizHRUP4
      UZxw9zsXww46wy0P6f9grnYp7t8LkyDDk8eoI4KX6SNMNVcyVS9IWjlq
      8EzqZEKIA"
}
Figure 84: RSA 4096-Bit Key 

{
  "kty": "RSA",
  "kid": "samwise.gamgee@hobbiton.example",
  "use": "enc",
  "n": "wbdxI55VaanZXPY29Lg5hdmv2XhvqAhoxUkanfzf2-5zVUxa6prHRr
      I4pP1AhoqJRlZfYtWWd5mmHRG2pAHIlh0ySJ9wi0BioZBl1XP2e-C-Fy
      XJGcTy0HdKQWlrfhTm42EW7Vv04r4gfao6uxjLGwfpGrZLarohiWCPnk
      Nrg71S2CuNZSQBIPGjXfkmIy2tl_VWgGnL22GplyXj5YlBLdxXp3XeSt
      sqo571utNfoUTU8E4qdzJ3U1DItoVkPGsMwlmmnJiwA7sXRItBCivR4M
      5qnZtdw-7v4WuR4779ubDuJ5nalMv2S66-RPcnFAzWSKxtBDnFJJDGIU
      e7Tzizjg1nms0Xq_yPub_UOlWn0ec85FCft1hACpWG8schrOBeNqHBOD
      FskYpUc2LC5JA2TaPF2dA67dg1TTsC_FupfQ2kNGcE1LgprxKHcVWYQb
      86B-HozjHZcqtauBzFNV5tbTuB-TpkcvJfNcFLlH3b8mb-H_ox35FjqB
      SAjLKyoeqfKTpVjvXhd09knwgJf6VKq6UC418_TOljMVfFTWXUxlnfhO
      OnzW6HSSzD1c9WrCuVzsUMv54szidQ9wf1cYWf3g5qFDxDQKis99gcDa
      iCAwM3yEBIzuNeeCa5dartHDb1xEB_HcHSeYbghbMjGfasvKn0aZRsnT
      yC0xhWBlsolZE",
  "e": "AQAB",
  "alg": "RSA-OAEP",
  "d": "n7fzJc3_WG59VEOBTkayzuSMM780OJQuZjN_KbH8lOZG25ZoA7T4Bx
      cc0xQn5oZE5uSCIwg91oCt0JvxPcpmqzaJZg1nirjcWZ-oBtVk7gCAWq
      -B3qhfF3izlbkosrzjHajIcY33HBhsy4_WerrXg4MDNE4HYojy68TcxT
      2LYQRxUOCf5TtJXvM8olexlSGtVnQnDRutxEUCwiewfmmrfveEogLx9E
      A-KMgAjTiISXxqIXQhWUQX1G7v_mV_Hr2YuImYcNcHkRvp9E7ook0876
      DhkO8v4UOZLwA1OlUX98mkoqwc58A_Y2lBYbVx1_s5lpPsEqbbH-nqIj
      h1fL0gdNfihLxnclWtW7pCztLnImZAyeCWAG7ZIfv-Rn9fLIv9jZ6r7r
      -MSH9sqbuziHN2grGjD_jfRluMHa0l84fFKl6bcqN1JWxPVhzNZo01yD
      F-1LiQnqUYSepPf6X3a2SOdkqBRiquE6EvLuSYIDpJq3jDIsgoL8Mo1L
      oomgiJxUwL_GWEOGu28gplyzm-9Q0U0nyhEf1uhSR8aJAQWAiFImWH5W
      _IQT9I7-yrindr_2fWQ_i1UgMsGzA7aOGzZfPljRy6z-tY_KuBG00-28
      S_aWvjyUc-Alp8AUyKjBZ-7CWH32fGWK48j1t-zomrwjL_mnhsPbGs0c
      9WsWgRzI-K8gE",
  "p": "7_2v3OQZzlPFcHyYfLABQ3XP85Es4hCdwCkbDeltaUXgVy9l9etKgh
      vM4hRkOvbb01kYVuLFmxIkCDtpi-zLCYAdXKrAK3PtSbtzld_XZ9nlsY
      a_QZWpXB_IrtFjVfdKUdMz94pHUhFGFj7nr6NNxfpiHSHWFE1zD_AC3m
      Y46J961Y2LRnreVwAGNw53p07Db8yD_92pDa97vqcZOdgtybH9q6uma-
      RFNhO1AoiJhYZj69hjmMRXx-x56HO9cnXNbmzNSCFCKnQmn4GQLmRj9s
      fbZRqL94bbtE4_e0Zrpo8RNo8vxRLqQNwIy85fc6BRgBJomt8QdQvIgP
      gWCv5HoQ",
  "q": "zqOHk1P6WN_rHuM7ZF1cXH0x6RuOHq67WuHiSknqQeefGBA9PWs6Zy
      KQCO-O6mKXtcgE8_Q_hA2kMRcKOcvHil1hqMCNSXlflM7WPRPZu2qCDc
      qssd_uMbP-DqYthH_EzwL9KnYoH7JQFxxmcv5An8oXUtTwk4knKjkIYG
      RuUwfQTus0w1NfjFAyxOOiAQ37ussIcE6C6ZSsM3n41UlbJ7TCqewzVJ
      aPJN5cxjySPZPD3Vp01a9YgAD6a3IIaKJdIxJS1ImnfPevSJQBE79-EX
      e2kSwVgOzvt-gsmM29QQ8veHy4uAqca5dZzMs7hkkHtw1z0jHV90epQJ
      JlXXnH8Q",
  "dp": "19oDkBh1AXelMIxQFm2zZTqUhAzCIr4xNIGEPNoDt1jK83_FJA-xn
      x5kA7-1erdHdms_Ef67HsONNv5A60JaR7w8LHnDiBGnjdaUmmuO8XAxQ
      J_ia5mxjxNjS6E2yD44USo2JmHvzeeNczq25elqbTPLhUpGo1IZuG72F
      ZQ5gTjXoTXC2-xtCDEUZfaUNh4IeAipfLugbpe0JAFlFfrTDAMUFpC3i
      XjxqzbEanflwPvj6V9iDSgjj8SozSM0dLtxvu0LIeIQAeEgT_yXcrKGm
      pKdSO08kLBx8VUjkbv_3Pn20Gyu2YEuwpFlM_H1NikuxJNKFGmnAq9Lc
      nwwT0jvoQ",
  "dq": "S6p59KrlmzGzaQYQM3o0XfHCGvfqHLYjCO557HYQf72O9kLMCfd_1
      VBEqeD-1jjwELKDjck8kOBl5UvohK1oDfSP1DleAy-cnmL29DqWmhgwM
      1ip0CCNmkmsmDSlqkUXDi6sAaZuntyukyflI-qSQ3C_BafPyFaKrt1fg
      dyEwYa08pESKwwWisy7KnmoUvaJ3SaHmohFS78TJ25cfc10wZ9hQNOrI
      ChZlkiOdFCtxDqdmCqNacnhgE3bZQjGp3n83ODSz9zwJcSUvODlXBPc2
      AycH6Ci5yjbxt4Ppox_5pjm6xnQkiPgj01GpsUssMmBN7iHVsrE7N2iz
      nBNCeOUIQ",
  "qi": "FZhClBMywVVjnuUud-05qd5CYU0dK79akAgy9oX6RX6I3IIIPckCc
      iRrokxglZn-omAY5CnCe4KdrnjFOT5YUZE7G_Pg44XgCXaarLQf4hl80
      oPEf6-jJ5Iy6wPRx7G2e8qLxnh9cOdf-kRqgOS3F48Ucvw3ma5V6KGMw
      QqWFeV31XtZ8l5cVI-I3NzBS7qltpUVgz2Ju021eyc7IlqgzR98qKONl
      27DuEES0aK0WE97jnsyO27Yp88Wa2RiBrEocM89QZI1seJiGDizHRUP4
      UZxw9zsXww46wy0P6f9grnYp7t8LkyDDk8eoI4KX6SNMNVcyVS9IWjlq
      8EzqZEKIA"
}
Figure 84: RSA 4096ビットキー

(NOTE: While the key includes the private parameters, only the public parameters "e" and "n" are necessary for the encryption operation.)

(注:キーには秘密パラメーターが含まれていますが、暗号化操作には公開パラメーター「e」と「n」だけが必要です。)

5.2.2. Generated Factors

5.2.2. 生成された要素

The following are generated before encrypting:

以下の要素が暗号化する前に生成されます:

  • AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 85.
  • コンテンツ暗号化キー(CEK)としてのAES対称キー; この例では、図85からのキーを使用します。
  • Initialization Vector; this example uses the Initialization Vector from Figure 86.
  • 初期化ベクトル; この例では、図86からの初期化ベクトルを使用します。

mYMfsggkTAm0TbvtlFh2hyoXnbEzJQjMxmgLN3d8xXA
Figure 85: Content Encryption Key, base64url-encoded 

mYMfsggkTAm0TbvtlFh2hyoXnbEzJQjMxmgLN3d8xXA
Figure 85: コンテンツ暗号化キー、base64urlエンコード 

-nBoKLH0YkLZPSI9
Figure 86: Initialization Vector, base64url-encoded 

-nBoKLH0YkLZPSI9
Figure 86: 初期化ベクトル、base64urlエンコード

5.2.3. Encrypting the Key

5.2.3. キーの暗号化

Performing the key encryption operation over the CEK (Figure 85) with the RSA key (Figure 84) produces the following Encrypted Key:

CEK(図85)に対してRSAキー(図84)を用いてキー暗号化操作を行うと、次のような暗号化キーが生成されます:

rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQi
beYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyu
cvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58
-Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8Bpx
KdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pK
IIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7
pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ
fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe3
8UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU
06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5
Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDR
s
Figure 87: Encrypted Key, base64url-encoded 

rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQi
beYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyu
cvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58
-Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8Bpx
KdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pK
IIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7
pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ
fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe3
8UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU
06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5
Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDR
s
Figure 87: Encrypted Key, base64url-encoded

5.2.4. Encrypting the Content

5.2.4. コンテンツの暗号化

The following is generated before encrypting the Plaintext:

以下のものがプレーンテキストを暗号化する前に生成されます:

  • JWE Protected Header; this example uses the header from Figure 88, encoded using base64url [RFC4648] to produce Figure 89.
  • JWE保護ヘッダー; この例では、図88のヘッダーを使用し、図89のようにbase64url [RFC4648]にエンコードします。

{
  "alg": "RSA-OAEP",
  "kid": "samwise.gamgee@hobbiton.example",
  "enc": "A256GCM"
}
Figure 88: JWE Protected Header JSON 

{
  "alg": "RSA-OAEP",
  "kid": "samwise.gamgee@hobbiton.example",
  "enc": "A256GCM"
}
Figure 88: JWE Protected Header JSON 

eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG
9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0
Figure 89: JWE Protected Header, base64url-encoded 

eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG
9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0
Figure 89: JWE保護ヘッダー、base64urlエンコード

Performing the content encryption operation over the Plaintext (Figure 72) with the following:

以下を使用して平文(図72)に対してコンテンツ暗号化操作を実行します:

  • CEK (Figure 85);
  • CEK(図85);
  • Initialization Vector (Figure 86); and
  • 初期化ベクトル(図86); そして
  • JWE Protected Header (Figure 89) as authenticated data
  • 認証データとしてのJWE保護ヘッダー(図89)

produces the following:

次のものが生成されます:

  • Ciphertext from Figure 90.
  • 図90からの暗号文。
  • Authentication Tag from Figure 91.
  • 図91からの認証タグ。

o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgR
L-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEw
P7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8
iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML
7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSV
maPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw
Figure 90: Ciphertext, base64url-encoded 

o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgR
L-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEw
P7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8
iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML
7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSV
maPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw
Figure 90: 暗号文、base64urlエンコード 

UCGiqJxhBI3IFVdPalHHvA
Figure 91: Authentication Tag, base64url-encoded 

UCGiqJxhBI3IFVdPalHHvA
Figure 91: 認証タグ、base64urlエンコード

5.2.5. Output Results

5.2.5. 出力結果

The following compose the resulting JWE object:

以下の要素が結果のJWEオブジェクトを構成します:

  • JWE Protected Header (Figure 89)
  • JWE保護ヘッダー(図89)
  • Encrypted Key (Figure 87)
  • 暗号化キー(図87)
  • Initialization Vector (Figure 86)
  • 初期化ベクトル(図86)
  • Ciphertext (Figure 90)
  • 暗号文(図90)
  • Authentication Tag (Figure 91) The resulting JWE object using the JWE Compact Serialization:
  • 認証タグ(図91) JWEコンパクトシリアライゼーションを使用した結果のJWEオブジェクト:

eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG
9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0
.
rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQi
beYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyu
cvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58
-Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8Bpx
KdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pK
IIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7
pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ
fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe3
8UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU
06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5
Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDR
s
.
-nBoKLH0YkLZPSI9
.
o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgR
L-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEw
P7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8
iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML
7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSV
maPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw
.
UCGiqJxhBI3IFVdPalHHvA
Figure 92: JWE Compact Serialization 

eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG
9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0
.
rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQi
beYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyu
cvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58
-Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8Bpx
KdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pK
IIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7
pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ
fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe3
8UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU
06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5
Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDR
s
.
-nBoKLH0YkLZPSI9
.
o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgR
L-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEw
P7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8
iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML
7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSV
maPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw
.
UCGiqJxhBI3IFVdPalHHvA
Figure 92: JWE Compact Serialization

The resulting JWE object using the general JWE JSON Serialization:

一般的なJWE JSONシリアライゼーションを使用した結果のJWEオブジェクト:

{
  "recipients": [
    {
      "encrypted_key": "rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNu
          h7lCiud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-Bb
          tsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4
          v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzM
          uo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8B
          pxKdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1
          asnuHtVMt2pKIIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq
          5pGqFmW2k8zpO878TRlZx7pZfPYDSXZyS0CfKKkMozT_qiCwZTSz
          4duYnt8hS4Z9sGthXn9uDqd6wycMagnQfOTs_lycTWmY-aqWVDKh
          jYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe38UjQb0lvXn
          1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU
          06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8a
          KaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xD
          EdHAVCGRzN3woEI2ozDRs"
    }
  ],
  "protected": "eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2
      FtZ2VlQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0",
  "iv": "-nBoKLH0YkLZPSI9",
  "ciphertext": "o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6
      UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYx
      rXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lh
      hNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz
      6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7a
      CflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525Dx
      DfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw",
  "tag": "UCGiqJxhBI3IFVdPalHHvA"
}
Figure 93: General JWE JSON Serialization 

{
  "recipients": [
    {
      "encrypted_key": "rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNu
          h7lCiud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-Bb
          tsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4
          v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzM
          uo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8B
          pxKdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1
          asnuHtVMt2pKIIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq
          5pGqFmW2k8zpO878TRlZx7pZfPYDSXZyS0CfKKkMozT_qiCwZTSz
          4duYnt8hS4Z9sGthXn9uDqd6wycMagnQfOTs_lycTWmY-aqWVDKh
          jYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe38UjQb0lvXn
          1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU
          06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8a
          KaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xD
          EdHAVCGRzN3woEI2ozDRs"
    }
  ],
  "protected": "eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2
      FtZ2VlQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0",
  "iv": "-nBoKLH0YkLZPSI9",
  "ciphertext": "o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6
      UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYx
      rXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lh
      hNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz
      6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7a
      CflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525Dx
      DfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw",
  "tag": "UCGiqJxhBI3IFVdPalHHvA"
}
Figure 93: 一般的なJWE JSONシリアライゼーション

The resulting JWE object using the flattened JWE JSON Serialization:

フラット化されたJWE JSONシリアライゼーションを使用した結果のJWEオブジェクト:

{
  "protected": "eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2
      FtZ2VlQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0",
  "encrypted_key": "rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lC
      iud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2U
      sPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4v1zx2k7O1D89
      mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzMuo3Fn9buEP2yXakL
      XYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8BpxKdUV9ScfJQTcYm6eJE
      Bz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pKIIfux5BC6huI
      vmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7pZfPYD
      SXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ
      fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO
      2AWBe38UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G
      7S2rscw5lQQU06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDP
      Tr6Cbo8aKaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ
      69xDEdHAVCGRzN3woEI2ozDRs",
  "iv": "-nBoKLH0YkLZPSI9",
  "ciphertext": "o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6
      UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYx
      rXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lh
      hNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz
      6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7a
      CflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525Dx
      DfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw",
  "tag": "UCGiqJxhBI3IFVdPalHHvA"
}
Figure 94: Flattened JWE JSON Serialization 

{
  "protected": "eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2
      FtZ2VlQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0",
  "encrypted_key": "rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lC
      iud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2U
      sPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4v1zx2k7O1D89
      mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzMuo3Fn9buEP2yXakL
      XYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8BpxKdUV9ScfJQTcYm6eJE
      Bz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pKIIfux5BC6huI
      vmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7pZfPYD
      SXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ
      fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO
      2AWBe38UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G
      7S2rscw5lQQU06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDP
      Tr6Cbo8aKaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ
      69xDEdHAVCGRzN3woEI2ozDRs",
  "iv": "-nBoKLH0YkLZPSI9",
  "ciphertext": "o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6
      UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYx
      rXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lh
      hNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz
      6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7a
      CflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525Dx
      DfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw",
  "tag": "UCGiqJxhBI3IFVdPalHHvA"
}
Figure 94: フラット化されたJWE JSONシリアライゼーション

5.3. Key Wrap Using PBES2-AES-KeyWrap with AES-CBC-HMAC-SHA2

5.3. PBES2-AES-KeyWrapとAES-CBC-HMAC-SHA2を使用したキーのラップ

The example illustrates encrypting content using the "PBES2-HS512+A256KW" (PBES2 Password-based Encryption using HMAC- SHA-512 and AES-256-KeyWrap) key encryption algorithm with the "A128CBC-HS256" (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.

この例では、"PBES2-HS512+A256KW"(PBES2パスワードベースの暗号化をHMAC-SHA-512とAES-256-KeyWrapで使用)キー暗号化アルゴリズムと、"A128CBC-HS256"(AES-128-CBC-HMAC-SHA-256)コンテンツ暗号化アルゴリズムを使用してコンテンツを暗号化する方法を示しています。

A common use of password-based encryption is the import/export of keys. Therefore, this example uses a JWK Set for the Plaintext content instead of the Plaintext from Figure 72.

パスワードベースの暗号化の一般的な使用例は、キーのインポート/エクスポートです。したがって、この例では、プレーンテキストの内容の代わりにJWKセットを使用しています。

Note that if password-based encryption is used for multiple recipients, it is expected that each recipient use different values for the PBES2 parameters "p2s" and "p2c".

パスワードベースの暗号化が複数の受信者に対して使用される場合、それぞれの受信者がPBES2パラメーター "p2s" と "p2c" の異なる値を使用することが期待されます。

Note that whitespace is added for readability as described in Section 1.1.

セクション1.1で説明されているように、可読性のために空白が追加されています。

5.3.1. Input Factors

5.3.1. 入力要素

The following are supplied before beginning the encryption process:

以下のものが暗号化プロセスを開始する前に提供されます:

  • Plaintext content; this example uses the Plaintext from Figure 95 (NOTE: All whitespace was added for readability).
  • 平文の内容; この例では、図95からの平文を使用しています (注: 全ての空白は可読性のために追加されました)。
  • Password; this example uses the password from Figure 96 -- with the sequence "\xe2\x80\x93" replaced with (U+2013 EN DASH).
  • パスワード; この例では、図96からのパスワードを使用しています -- シーケンス ""\xe2\x80\x93"" は (U+2013 EN DASH) に置き換えられます。
  • "alg" parameter of "PBES2-HS512+A256KW".
  • "alg" パラメーターは "PBES2-HS512+A256KW"。
  • "enc" parameter of "A128CBC-HS256".
  • "enc" パラメーターは "A128CBC-HS256"。

{
  "keys": [
    {
      "kty": "oct",
      "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
      "use": "enc",
      "alg": "A128GCM",
      "k": "XctOhJAkA-pD9Lh7ZgW_2A"
    },
    {
      "kty": "oct",
      "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
      "use": "enc",
      "alg": "A128KW",
      "k": "GZy6sIZ6wl9NJOKB-jnmVQ"
    },
    {
      "kty": "oct",
      "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
      "use": "enc",
      "alg": "A256GCMKW",
      "k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8"
    }
  ]
}
Figure 95: Plaintext Content 

{
  "keys": [
    {
      "kty": "oct",
      "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
      "use": "enc",
      "alg": "A128GCM",
      "k": "XctOhJAkA-pD9Lh7ZgW_2A"
    },
    {
      "kty": "oct",
      "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
      "use": "enc",
      "alg": "A128KW",
      "k": "GZy6sIZ6wl9NJOKB-jnmVQ"
    },
    {
      "kty": "oct",
      "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
      "use": "enc",
      "alg": "A256GCMKW",
      "k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8"
    }
  ]
}
Figure 95: 平文の内容 

entrap_o\xe2\x80\x93peter_long\xe2\x80\x93credit_tun
Figure 96: Password 

entrap_o\xe2\x80\x93peter_long\xe2\x80\x93credit_tun
Figure 96: パスワード

5.3.2. Generated Factors

5.3.2. 生成された要素

The following are generated before encrypting:

以下のものが暗号化する前に生成されます:

  • AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 97.
  • AES対称キーとしてのコンテンツ暗号化キー(CEK); この例では、図97からのキーを使用しています。
  • Initialization Vector; this example uses the Initialization Vector from Figure 98.
  • 初期化ベクトル; この例では、図98からの初期化ベクトルを使用しています。

uwsjJXaBK407Qaf0_zpcpmr1Cs0CC50hIUEyGNEt3m0
Figure 97: Content Encryption Key, base64url-encoded 

uwsjJXaBK407Qaf0_zpcpmr1Cs0CC50hIUEyGNEt3m0
Figure 97: コンテンツ暗号化キー、base64urlエンコード済み 

VBiCzVHNoLiR3F4V82uoTQ
Figure 98: Initialization Vector, base64url-encoded 

VBiCzVHNoLiR3F4V82uoTQ
Figure 98: 初期化ベクトル、base64urlエンコード済み

5.3.3. Encrypting the Key

5.3.3. キーの暗号化

The following are generated before encrypting the CEK:

以下のものがCEKを暗号化する前に生成されます:

  • Salt input; this example uses the salt input from Figure 99.
  • ソルト入力; この例では、図99からのソルト入力を使用しています。
  • Iteration count; this example uses the iteration count 8192.
  • 反復回数; この例では、反復回数8192を使用しています。

8Q1SzinasR3xchYz6ZZcHA
Figure 99: Salt Input, base64url-encoded 

8Q1SzinasR3xchYz6ZZcHA
Figure 99: ソルト入力、base64urlエンコード済み

Performing the key encryption operation over the CEK (Figure 97) with the following:

以下を使用してCEK(図97)に対してキー暗号化操作を実行します:

  • Password (Figure 96);
  • パスワード(図96);
  • Salt input (Figure 99), encoded as an octet string; and
  • ソルト入力(図99)、オクテット文字列としてエンコードされています; そして
  • Iteration count (8192)
  • 反復回数(8192)

produces the following Encrypted Key:

次の暗号化キーを生成します:

d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g
Figure 100: Encrypted Key, base64url-encoded 

d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g
Figure 100: 暗号化キー、base64urlエンコード済み

5.3.4. Encrypting the Content

5.3.4. コンテンツの暗号化

The following is generated before encrypting the content:

以下のものがコンテンツを暗号化する前に生成されます:

  • JWE Protected Header; this example uses the header from Figure 101, encoded using base64url [RFC4648] to produce Figure 102.
  • JWE保護ヘッダー; この例では、図101からのヘッダーを使用し、base64url [RFC4648]を使用してエンコードして図102を生成します。

{
  &quot;alg&quot;: &quot;PBES2-HS512+A256KW&quot;,
  &quot;p2s&quot;: &quot;8Q1SzinasR3xchYz6ZZcHA&quot;,
  &quot;p2c&quot;: 8192,
  &quot;cty&quot;: &quot;jwk-set+json&quot;,
  &quot;enc&quot;: &quot;A128CBC-HS256&quot;
}
Figure 101: JWE Protected Header JSON 

{
  &quot;alg&quot;: &quot;PBES2-HS512+A256KW&quot;,
  &quot;p2s&quot;: &quot;8Q1SzinasR3xchYz6ZZcHA&quot;,
  &quot;p2c&quot;: 8192,
  &quot;cty&quot;: &quot;jwk-set+json&quot;,
  &quot;enc&quot;: &quot;A128CBC-HS256&quot;
}
Figure 101: JWE保護ヘッダーJSON 

eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3
hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJl
bmMiOiJBMTI4Q0JDLUhTMjU2In0
Figure 102: JWE Protected Header, base64url-encoded 

eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3
hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJl
bmMiOiJBMTI4Q0JDLUhTMjU2In0
Figure 102: JWE保護ヘッダー、base64urlエンコード済み

Performing the content encryption operation over the Plaintext (Figure 95) with the following:

以下を使用して平文(図95)に対してコンテンツ暗号化操作を実行します:

  • CEK (Figure 97);
  • CEK(図97);
  • Initialization Vector (Figure 98); and
  • 初期化ベクトル(図98); そして
  • JWE Protected Header (Figure 102) as authenticated data
  • 認証データとしてのJWE保護ヘッダー(図102)

produces the following:

次のものを生成します:

  • Ciphertext from Figure 103.
  • 図103からの暗号文。
  • Authentication Tag from Figure 104.
  • 図104からの認証タグ。

23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IR
sfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6l
TF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb
6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL
_SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKd
PQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrok
AKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-
zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V
3kobXZ77ulMwDs4p
Figure 103: Ciphertext, base64url-encoded 

23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IR
sfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6l
TF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb
6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL
_SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKd
PQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrok
AKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-
zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V
3kobXZ77ulMwDs4p
Figure 103: 暗号文、base64urlエンコード済み 

0HlwodAhOCILG5SQ2LQ9dg
Figure 104: Authentication Tag, base64url-encoded 

0HlwodAhOCILG5SQ2LQ9dg
Figure 104: 認証タグ、base64urlエンコード済み

5.3.5. Output Results

5.3.5. 出力結果

The following compose the resulting JWE object:

以下のものが結果としてのJWEオブジェクトを構成します:

  • JWE Protected Header (Figure 102)
  • JWE保護ヘッダー(図102)
  • Encrypted Key (Figure 100)
  • 暗号化キー(図100)
  • Initialization Vector (Figure 98)
  • 初期化ベクトル(図98)
  • Ciphertext (Figure 103)
  • 暗号文(図103)
  • Authentication Tag (Figure 104) The resulting JWE object using the JWE Compact Serialization:
  • 認証タグ(図104) JWEコンパクトシリアル化を使用した結果としてのJWEオブジェクト:

eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3
hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJl
bmMiOiJBMTI4Q0JDLUhTMjU2In0
.
d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g
.
VBiCzVHNoLiR3F4V82uoTQ
.
23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IR
sfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6l
TF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb
6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL
_SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKd
PQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrok
AKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-
zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V
3kobXZ77ulMwDs4p
.
0HlwodAhOCILG5SQ2LQ9dg
Figure 105: JWE Compact Serialization 

eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3
hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJl
bmMiOiJBMTI4Q0JDLUhTMjU2In0
.
d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g
.
VBiCzVHNoLiR3F4V82uoTQ
.
23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IR
sfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6l
TF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb
6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL
_SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKd
PQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrok
AKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-
zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V
3kobXZ77ulMwDs4p
.
0HlwodAhOCILG5SQ2LQ9dg
Figure 105: JWEコンパクトシリアル化

The resulting JWE object using the general JWE JSON Serialization:

一般的なJWE JSONシリアル化を使用した結果としてのJWEオブジェクト:

{
  "recipients": [
    {
      "encrypted_key": "d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlU
          tFPWdgtURtmeDV1g"
    }
  ],
  "protected": "eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOi
      I4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOi
      Jqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
  "iv": "VBiCzVHNoLiR3F4V82uoTQ",
  "ciphertext": "23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2
      nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpD
      jEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_
      hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz42
      4givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ
      7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru
      5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUe
      RdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5
      tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdT
      w8V3kobXZ77ulMwDs4p",
  "tag": "0HlwodAhOCILG5SQ2LQ9dg"
}
Figure 106: General JWE JSON Serialization 

{
  "recipients": [
    {
      "encrypted_key": "d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlU
          tFPWdgtURtmeDV1g"
    }
  ],
  "protected": "eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOi
      I4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOi
      Jqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
  "iv": "VBiCzVHNoLiR3F4V82uoTQ",
  "ciphertext": "23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2
      nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpD
      jEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_
      hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz42
      4givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ
      7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru
      5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUe
      RdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5
      tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdT
      w8V3kobXZ77ulMwDs4p",
  "tag": "0HlwodAhOCILG5SQ2LQ9dg"
}
Figure 106: 一般的なJWE JSONシリアル化

The resulting JWE object using the flattened JWE JSON Serialization:

フラット化されたJWE JSONシリアル化を使用した結果としてのJWEオブジェクト:

{
  "protected": "eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOi
      I4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOi
      Jqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
  "encrypted_key": "d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPW
      dgtURtmeDV1g",
  "iv": "VBiCzVHNoLiR3F4V82uoTQ",
  "ciphertext": "23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2
      nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpD
      jEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_
      hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz42
      4givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ
      7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru
      5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUe
      RdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5
      tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdT
      w8V3kobXZ77ulMwDs4p",
  "tag": "0HlwodAhOCILG5SQ2LQ9dg"
}
Figure 107: Flattened JWE JSON Serialization 

{
  "protected": "eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOi
      I4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOi
      Jqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
  "encrypted_key": "d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPW
      dgtURtmeDV1g",
  "iv": "VBiCzVHNoLiR3F4V82uoTQ",
  "ciphertext": "23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2
      nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpD
      jEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_
      hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz42
      4givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ
      7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru
      5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUe
      RdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5
      tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdT
      w8V3kobXZ77ulMwDs4p",
  "tag": "0HlwodAhOCILG5SQ2LQ9dg"
}
Figure 107: フラット化されたJWE JSONシリアル化

5.4. Key Agreement with Key Wrapping Using ECDH-ES and AES-KeyWrap with

5.4. ECDH-ESとAES-KeyWrapを使用したキーの合意とキーのラッピング

AES-GCM

AES-GCM

This example illustrates encrypting content using the "ECDH- ES+A128KW" (Elliptic Curve Diffie-Hellman Ephemeral-Static with AES- 128-KeyWrap) key encryption algorithm and the "A128GCM" (AES-GCM) content encryption algorithm.

この例では、"ECDH-ES+A128KW"(楕円曲線ディフィー・ヘルマン・エフェメラル・スタティックとAES-128-KeyWrap)キー暗号化アルゴリズムと"A128GCM"(AES-GCM)コンテンツ暗号化アルゴリズムを使用してコンテンツを暗号化する方法を示しています。

Note that only the EC public key is necessary to perform the key agreement. However, the example includes the EC private key to allow readers to validate the output.

キーの合意を行うためには、EC公開キーだけが必要であることに注意してください。しかし、この例では、出力を検証するためにEC秘密キーも含まれています。

Note that whitespace is added for readability as described in Section 1.1.

セクション1.1で説明されているように、可読性のために空白が追加されていることに注意してください。

5.4.1. Input Factors

5.4.1. 入力要素

The following are supplied before beginning the encryption process:

以下のものが暗号化プロセスを開始する前に提供されます:

  • Plaintext content; this example uses the content from Figure 72.
  • 平文の内容; この例では、図72からの内容を使用します。
  • EC public key; this example uses the public key from Figure 108.
  • EC公開キー; この例では、図108からの公開キーを使用します。
  • "alg" parameter of "ECDH-ES+A128KW".
  • "alg"パラメーターは"ECDH-ES+A128KW"。
  • "enc" parameter of "A128GCM".
  • "enc"パラメーターは"A128GCM"。

{
  "kty": "EC",
  "kid": "peregrin.took@tuckborough.example",
  "use": "enc",
  "crv": "P-384",
  "x": "YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGaQL
      pe2FpxBmu2",
  "y": "A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D5-
      SkgaFL1ETP",
  "d": "iTx2pk7wW-GqJkHcEkFQb2EFyYcO7RugmaW3mRrQVAOUiPommT0Idn
      YK2xDlZh-j"
}
Figure 108: Elliptic Curve P-384 Key, in JWK Format 

{
  "kty": "EC",
  "kid": "peregrin.took@tuckborough.example",
  "use": "enc",
  "crv": "P-384",
  "x": "YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGaQL
      pe2FpxBmu2",
  "y": "A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D5-
      SkgaFL1ETP",
  "d": "iTx2pk7wW-GqJkHcEkFQb2EFyYcO7RugmaW3mRrQVAOUiPommT0Idn
      YK2xDlZh-j"
}
Figure 108: JWK形式の楕円曲線P-384キー

(NOTE: While the key includes the private parameters, only the public parameters "crv", "x", and "y" are necessary for the encryption operation.)

(注:キーには秘密パラメーターが含まれていますが、暗号化操作には公開パラメーター「crv」、「x」、「y」だけが必要です。)

5.4.2. Generated Factors

5.4.2. 生成された要素

The following are generated before encrypting:

以下のものが暗号化する前に生成されます:

  • AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 109.
  • AES対称キーとしてのコンテンツ暗号化キー(CEK); この例では、図109からのキーを使用します。
  • Initialization Vector; this example uses the Initialization Vector from Figure 110.
  • 初期化ベクトル; この例では、図110からの初期化ベクトルを使用します。

Nou2ueKlP70ZXDbq9UrRwg
Figure 109: Content Encryption Key, base64url-encoded 

Nou2ueKlP70ZXDbq9UrRwg
Figure 109: コンテンツ暗号化キー、base64urlエンコード済み 

mH-G2zVqgztUtnW_
Figure 110: Initialization Vector, base64url-encoded 

mH-G2zVqgztUtnW_
Figure 110: 初期化ベクトル、base64urlエンコード済み

5.4.3. Encrypting the Key

5.4.3. キーの暗号化

To encrypt the Content Encryption Key, the following is generated:

コンテンツ暗号化キーを暗号化するために、以下が生成されます:

  • Ephemeral EC private key on the same curve as the EC public key; this example uses the private key from Figure 111.
  • EC公開キーと同じ曲線上の一時的なEC秘密キー; この例では、図111からの秘密キーを使用します。

{
  "kty": "EC",
  "crv": "P-384",
  "x": "uBo4kHPw6kbjx5l0xowrd_oYzBmaz-GKFZu4xAFFkbYiWgutEK6iuE
      DsQ6wNdNg3",
  "y": "sp3p5SGhZVC2faXumI-e9JU2Mo8KpoYrFDr5yPNVtW4PgEwZOyQTA-
      JdaY8tb7E0",
  "d": "D5H4Y_5PSKZvhfVFbcCYJOtcGZygRgfZkpsBr59Icmmhe9sW6nkZ8W
      fwhinUfWJg"
}
Figure 111: Ephemeral Elliptic Curve P-384 Key, in JWK Format 

{
  "kty": "EC",
  "crv": "P-384",
  "x": "uBo4kHPw6kbjx5l0xowrd_oYzBmaz-GKFZu4xAFFkbYiWgutEK6iuE
      DsQ6wNdNg3",
  "y": "sp3p5SGhZVC2faXumI-e9JU2Mo8KpoYrFDr5yPNVtW4PgEwZOyQTA-
      JdaY8tb7E0",
  "d": "D5H4Y_5PSKZvhfVFbcCYJOtcGZygRgfZkpsBr59Icmmhe9sW6nkZ8W
      fwhinUfWJg"
}
Figure 111: 一時的な楕円曲線P-384キー、JWK形式

Performing the key encryption operation over the CEK (Figure 109) with the following:

以下を使用して、CEK(図109)に対してキー暗号化操作を実行します:

  • The static Elliptic Curve public key (Figure 108); and
  • 静的な楕円曲線公開キー(図108); そして
  • The ephemeral Elliptic Curve private key (Figure 111)
  • 一時的な楕円曲線秘密キー(図111)

produces the following JWE Encrypted Key:

これにより、以下のJWE暗号化キーが生成されます:

0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2
Figure 112: Encrypted Key, base64url-encoded 

0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2
Figure 112: 暗号化キー、base64urlエンコード済み

5.4.4. Encrypting the Content

5.4.4. コンテンツの暗号化

The following is generated before encrypting the content:

以下のものがコンテンツを暗号化する前に生成されます:

  • JWE Protected Header; this example uses the header from Figure 113, encoded to base64url [RFC4648] as Figure 114.
  • JWE保護ヘッダー; この例では、図113のヘッダーを使用し、図114のようにbase64url [RFC4648]にエンコードします。

{
  "alg": "ECDH-ES+A128KW",
  "kid": "peregrin.took@tuckborough.example",
  "epk": {
    "kty": "EC",
    "crv": "P-384",
    "x": "uBo4kHPw6kbjx5l0xowrd_oYzBmaz-GKFZu4xAFFkbYiWgutEK6i
        uEDsQ6wNdNg3",
    "y": "sp3p5SGhZVC2faXumI-e9JU2Mo8KpoYrFDr5yPNVtW4PgEwZOyQT
        A-JdaY8tb7E0"
  },
  "enc": "A128GCM"
}
Figure 113: JWE Protected Header JSON 

{
  "alg": "ECDH-ES+A128KW",
  "kid": "peregrin.took@tuckborough.example",
  "epk": {
    "kty": "EC",
    "crv": "P-384",
    "x": "uBo4kHPw6kbjx5l0xowrd_oYzBmaz-GKFZu4xAFFkbYiWgutEK6i
        uEDsQ6wNdNg3",
    "y": "sp3p5SGhZVC2faXumI-e9JU2Mo8KpoYrFDr5yPNVtW4PgEwZOyQT
        A-JdaY8tb7E0"
  },
  "enc": "A128GCM"
}
Figure 113: JWE保護ヘッダーJSON 

eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdH
Vja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAt
Mzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NH
hBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMy
ZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWT
h0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0
Figure 114: JWE Protected Header, base64url-encoded 

eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdH
Vja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAt
Mzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NH
hBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMy
ZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWT
h0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0
Figure 114: JWE保護ヘッダー、base64urlエンコード済み

Performing the content encryption operation on the Plaintext (Figure 72) using the following:

以下を使用して、プレーンテキスト(図72)に対してコンテンツ暗号化操作を実行します:

  • CEK (Figure 109);
  • CEK(図109);
  • Initialization Vector (Figure 110); and
  • 初期化ベクトル(図110); そして
  • JWE Protected Header (Figure 114) as authenticated data
  • 認証データとしてのJWE保護ヘッダー(図114)

produces the following:

以下を生成します:

  • Ciphertext from Figure 115.
  • 図115からの暗号文。
  • Authentication Tag from Figure 116.
  • 図116からの認証タグ。

tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cP
WJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0
IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkc
Y9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w0
3XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu
07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ
Figure 115: Ciphertext, base64url-encoded 

tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cP
WJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0
IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkc
Y9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w0
3XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu
07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ
Figure 115: 暗号文、base64urlエンコード済み 

WuGzxmcreYjpHGJoa17EBg
Figure 116: Authentication Tag, base64url-encoded 

WuGzxmcreYjpHGJoa17EBg
Figure 116: 認証タグ、base64urlエンコード済み

5.4.5. Output Results

5.4.5. 出力結果

The following compose the resulting JWE object:

以下が結果としてのJWEオブジェクトを構成します:

  • JWE Protected Header (Figure 114)
  • JWE保護ヘッダー(図114)
  • Encrypted Key (Figure 112)
  • 暗号化キー(図112)
  • Initialization Vector (Figure 110)
  • 初期化ベクトル(図110)
  • Ciphertext (Figure 115)
  • 暗号文(図115)
  • Authentication Tag (Figure 116)
  • 認証タグ(図116)

The resulting JWE object using the JWE Compact Serialization:

JWEコンパクトシリアライゼーションを使用した結果のJWEオブジェクト:

eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdH
Vja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAt
Mzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NH
hBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMy
ZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWT
h0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0
.
0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2
.
mH-G2zVqgztUtnW_
.
tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cP
WJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0
IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkc
Y9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w0
3XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu
07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ
.
WuGzxmcreYjpHGJoa17EBg
Figure 117: JWE Compact Serialization 

eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdH
Vja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAt
Mzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NH
hBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMy
ZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWT
h0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0
.
0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2
.
mH-G2zVqgztUtnW_
.
tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cP
WJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0
IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkc
Y9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w0
3XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu
07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ
.
WuGzxmcreYjpHGJoa17EBg
Figure 117: JWEコンパクトシリアライゼーション

The resulting JWE object using the general JWE JSON Serialization:

一般的なJWE JSONシリアライゼーションを使用した結果のJWEオブジェクト:

{
  "recipients": [
    {
      "encrypted_key": "0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2"
    }
  ],
  "protected": "eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcm
      VncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdH
      kiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bD
      B4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUT
      Z3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3
      BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbm
      MiOiJBMTI4R0NNIn0",
  "iv": "mH-G2zVqgztUtnW_",
  "ciphertext": "tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz
      5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzs
      XaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05
      jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93Y
      cdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkU
      ZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVn
      tRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ",
  "tag": "WuGzxmcreYjpHGJoa17EBg"
}
Figure 118: General JWE JSON Serialization 

{
  "recipients": [
    {
      "encrypted_key": "0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2"
    }
  ],
  "protected": "eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcm
      VncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdH
      kiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bD
      B4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUT
      Z3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3
      BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbm
      MiOiJBMTI4R0NNIn0",
  "iv": "mH-G2zVqgztUtnW_",
  "ciphertext": "tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz
      5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzs
      XaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05
      jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93Y
      cdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkU
      ZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVn
      tRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ",
  "tag": "WuGzxmcreYjpHGJoa17EBg"
}
Figure 118: 一般的なJWE JSONシリアライゼーション

The resulting JWE object using the flattened JWE JSON Serialization:

フラット化されたJWE JSONシリアライゼーションを使用した結果のJWEオブジェクト:

{
  "protected": "eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcm
      VncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdH
      kiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bD
      B4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUT
      Z3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3
      BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbm
      MiOiJBMTI4R0NNIn0",
  "encrypted_key": "0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2",
  "iv": "mH-G2zVqgztUtnW_",
  "ciphertext": "tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz
      5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzs
      XaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05
      jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93Y
      cdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkU
      ZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVn
      tRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ",
  "tag": "WuGzxmcreYjpHGJoa17EBg"
}
Figure 119: Flattened JWE JSON Serialization 

{
  "protected": "eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcm
      VncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdH
      kiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bD
      B4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUT
      Z3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3
      BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbm
      MiOiJBMTI4R0NNIn0",
  "encrypted_key": "0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2",
  "iv": "mH-G2zVqgztUtnW_",
  "ciphertext": "tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz
      5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzs
      XaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05
      jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93Y
      cdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkU
      ZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVn
      tRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ",
  "tag": "WuGzxmcreYjpHGJoa17EBg"
}
Figure 119: フラット化されたJWE JSONシリアライゼーション

5.5. Key Agreement Using ECDH-ES with AES-CBC-HMAC-SHA2

5.5. ECDH-ESを使用したキー合意とAES-CBC-HMAC-SHA2

This example illustrates encrypting content using the "ECDH-ES" (Elliptic Curve Diffie-Hellman Ephemeral-Static) key agreement algorithm and the "A128CBC-HS256" (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.

この例では、「ECDH-ES」(楕円曲線ディフィー・ヘルマン・エフェメラル・スタティック)キー合意アルゴリズムと「A128CBC-HS256」(AES-128-CBC-HMAC-SHA-256)コンテンツ暗号化アルゴリズムを使用してコンテンツを暗号化する方法を説明します。

Note that only the EC public key is necessary to perform the key agreement. However, the example includes the EC private key to allow readers to validate the output.

キー合意を実行するためには、EC公開キーだけが必要であることに注意してください。しかし、この例では、出力を検証するためにEC秘密キーも含まれています。

Note that whitespace is added for readability as described in Section 1.1.

セクション1.1で説明されているように、可読性のために空白が追加されていることに注意してください。

5.5.1. Input Factors

5.5.1. 入力要素

The following are supplied before beginning the encryption process:

以下のものが暗号化プロセスを開始する前に提供されます:

  • Plaintext content; this example uses the content from Figure 72.
  • プレーンテキストの内容; この例では、図72の内容を使用します。
  • EC public key; this example uses the public key from Figure 120.
  • EC公開キー; この例では、図120の公開キーを使用します。
  • "alg" parameter of "ECDH-ES".
  • "alg"パラメーターは"ECDH-ES"。
  • "enc" parameter of "A128CBC-HS256".
  • "enc"パラメーターは"A128CBC-HS256"。

{
  "kty": "EC",
  "kid": "meriadoc.brandybuck@buckland.example",
  "use": "enc",
  "crv": "P-256",
  "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
  "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
  "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8"
}
Figure 120: Elliptic Curve P-256 Key 

{
  "kty": "EC",
  "kid": "meriadoc.brandybuck@buckland.example",
  "use": "enc",
  "crv": "P-256",
  "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
  "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
  "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8"
}
Figure 120: 楕円曲線P-256キー

(NOTE: While the key includes the private parameters, only the public parameters "crv", "x", and "y" are necessary for the encryption operation.)

(注:キーには秘密パラメーターが含まれていますが、暗号化操作には公開パラメーター「crv」、「x」、「y」のみが必要です。)

5.5.2. Generated Factors

5.5.2. 生成された要素

The following is generated before encrypting:

以下のものが暗号化する前に生成されます:

  • Initialization Vector; this example uses the Initialization Vector from Figure 121.
  • 初期化ベクトル; この例では、図121からの初期化ベクトルを使用します。

yc9N8v5sYyv3iGQT926IUg
Figure 121: Initialization Vector, base64url-encoded 

yc9N8v5sYyv3iGQT926IUg
Figure 121: 初期化ベクトル、base64urlエンコード済み

NOTE: The Content Encryption Key (CEK) is not randomly generated; instead, it is determined using ECDH-ES key agreement.

注:コンテンツ暗号化キー(CEK)はランダムに生成されるのではなく、ECDH-ESキー合意を使用して決定されます。

5.5.3. Key Agreement

5.5.3. キー合意

The following is generated to agree on a CEK:

以下のものがCEKに合意するために生成されます:

  • Ephemeral private key; this example uses the private key from Figure 122.
  • 一時的な秘密鍵; この例では、図122からの秘密鍵を使用します。

{
  "kty": "EC",
  "crv": "P-256",
  "x": "mPUKT_bAWGHIhg0TpjjqVsP1rXWQu_vwVOHHtNkdYoA",
  "y": "8BQAsImGeAS46fyWw5MhYfGTT0IjBpFw2SS34Dv4Irs",
  "d": "AtH35vJsQ9SGjYfOsjUxYXQKrPH3FjZHmEtSKoSN8cM"
}
Figure 122: Ephemeral Private Key, in JWK Format 

{
  "kty": "EC",
  "crv": "P-256",
  "x": "mPUKT_bAWGHIhg0TpjjqVsP1rXWQu_vwVOHHtNkdYoA",
  "y": "8BQAsImGeAS46fyWw5MhYfGTT0IjBpFw2SS34Dv4Irs",
  "d": "AtH35vJsQ9SGjYfOsjUxYXQKrPH3FjZHmEtSKoSN8cM"
}
Figure 122: 一時的な秘密鍵、JWK形式

Performing the ECDH operation using the static EC public key (Figure 120) over the ephemeral private key (Figure 122) produces the following CEK:

静的なEC公開キー(図120)と一時的な秘密キー(図122)を使用してECDH操作を実行すると、以下のCEKが生成されます:

hzHdlfQIAEehb8Hrd_mFRhKsKLEzPfshfXs9l6areCc
Figure 123: Agreed-to Content Encryption Key, base64url-encoded 

hzHdlfQIAEehb8Hrd_mFRhKsKLEzPfshfXs9l6areCc
Figure 123: 合意したコンテンツ暗号化キー、base64urlエンコード済み

5.5.4. Encrypting the Content

5.5.4. コンテンツの暗号化

The following is generated before encrypting the content:

以下のものがコンテンツを暗号化する前に生成されます:

  • JWE Protected Header; this example uses the header from Figure 124, encoded to base64url [RFC4648] as Figure 125.
  • JWE保護ヘッダー; この例では、図124のヘッダーを使用し、図125のようにbase64url [RFC4648]にエンコードします。

{
  "alg": "ECDH-ES",
  "kid": "meriadoc.brandybuck@buckland.example",
  "epk": {
    "kty": "EC",
    "crv": "P-256",
    "x": "mPUKT_bAWGHIhg0TpjjqVsP1rXWQu_vwVOHHtNkdYoA",
    "y": "8BQAsImGeAS46fyWw5MhYfGTT0IjBpFw2SS34Dv4Irs"
  },
  "enc": "A128CBC-HS256"
}
Figure 124: JWE Protected Header JSON 

{
  "alg": "ECDH-ES",
  "kid": "meriadoc.brandybuck@buckland.example",
  "epk": {
    "kty": "EC",
    "crv": "P-256",
    "x": "mPUKT_bAWGHIhg0TpjjqVsP1rXWQu_vwVOHHtNkdYoA",
    "y": "8BQAsImGeAS46fyWw5MhYfGTT0IjBpFw2SS34Dv4Irs"
  },
  "enc": "A128CBC-HS256"
}
Figure 124: JWE保護ヘッダー JSON 

eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidW
NrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYi
LCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqanFWc1AxclhXUXVfdndWT0hIdE5rZF
lvQSIsInkiOiI4QlFBc0ltR2VBUzQ2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0
RHY0SXJzIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ
Figure 125: JWE Protected Header, base64url-encoded 

eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidW
NrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYi
LCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqanFWc1AxclhXUXVfdndWT0hIdE5rZF
lvQSIsInkiOiI4QlFBc0ltR2VBUzQ2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0
RHY0SXJzIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ
Figure 125: JWE保護ヘッダー、base64urlエンコード済み

Performing the content encryption operation on the Plaintext (Figure 72) using the following:

以下を使用してプレーンテキスト(図72)に対してコンテンツ暗号化操作を実行します:

  • CEK (Figure 123);
  • CEK(図123);
  • Initialization Vector (Figure 121); and
  • 初期化ベクトル(図121); そして
  • JWE Protected Header (Figure 125) as authenticated data
  • 認証データとしてのJWE保護ヘッダー(図125)

produces the following:

以下を生成します:

  • Ciphertext from Figure 126.
  • 図126からの暗号文。
  • Authentication Tag from Figure 127.
  • 図127からの認証タグ。

BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9
IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_e
vAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7-
IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI
-sD5PZ3l4NDCCei9XkoIAfsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7
MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ61
95_JGG2m9Csg
Figure 126: Ciphertext, base64url-encoded 

BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9
IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_e
vAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7-
IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI
-sD5PZ3l4NDCCei9XkoIAfsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7
MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ61
95_JGG2m9Csg
Figure 126: 暗号文、base64urlエンコード済み 

WCCkNa-x4BeB9hIDIfFuhg
Figure 127: Authentication Tag, base64url-encoded 

WCCkNa-x4BeB9hIDIfFuhg
Figure 127: 認証タグ、base64urlエンコード済み

5.5.5. Output Results

5.5.5. 出力結果

The following compose the resulting JWE object:

以下が結果としてのJWEオブジェクトを構成します:

  • JWE Protected Header (Figure 114)
  • JWE保護ヘッダー(図114)
  • Initialization Vector (Figure 110)
  • 初期化ベクトル(図110)
  • Ciphertext (Figure 115)
  • 暗号文(図115)
  • Authentication Tag (Figure 116) Only the general JWE JSON Serialization is presented because the flattened JWE JSON Serialization is identical.
  • 認証タグ(図116) 一般的なJWE JSONシリアライゼーションのみが提示されます。なぜなら、フラット化されたJWE JSONシリアライゼーションは同一だからです。

The resulting JWE object using the JWE Compact Serialization:

JWEコンパクトシリアライゼーションを使用した結果としてのJWEオブジェクト:

eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidW
NrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYi
LCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqanFWc1AxclhXUXVfdndWT0hIdE5rZF
lvQSIsInkiOiI4QlFBc0ltR2VBUzQ2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0
RHY0SXJzIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ
.
.
yc9N8v5sYyv3iGQT926IUg
.
BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9
IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_e
vAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7-
IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI
-sD5PZ3l4NDCCei9XkoIAfsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7
MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ61
95_JGG2m9Csg
.
WCCkNa-x4BeB9hIDIfFuhg
Figure 128: JWE Compact Serialization 

eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidW
NrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYi
LCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqanFWc1AxclhXUXVfdndWT0hIdE5rZF
lvQSIsInkiOiI4QlFBc0ltR2VBUzQ2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0
RHY0SXJzIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ
.
.
yc9N8v5sYyv3iGQT926IUg
.
BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9
IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_e
vAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7-
IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI
-sD5PZ3l4NDCCei9XkoIAfsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7
MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ61
95_JGG2m9Csg
.
WCCkNa-x4BeB9hIDIfFuhg
Figure 128: JWEコンパクトシリアライゼーション

The resulting JWE object using the general JWE JSON Serialization:

一般的なJWE JSONシリアライゼーションを使用した結果としてのJWEオブジェクト:

{
  "protected": "eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYn
      JhbmR5YnVja0BidWNrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6Ik
      VDIiwiY3J2IjoiUC0yNTYiLCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqan
      FWc1AxclhXUXVfdndWT0hIdE5rZFlvQSIsInkiOiI4QlFBc0ltR2VBUz
      Q2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0RHY0SXJzIn0sImVuYyI6Ik
      ExMjhDQkMtSFMyNTYifQ",
  "iv": "yc9N8v5sYyv3iGQT926IUg",
  "ciphertext": "BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4O
      PKbWE1zSTEFjDfhU9IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEs
      DIqAYtskTTmzmzNa-_q4F_evAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolq
      ZSF3xGNNkpOMQKF1Cl8i8wjzRli7-IXgyirlKQsbhhqRzkv8IcY6aHl2
      4j03C-AR2le1r7URUhArM79BY8soZU0lzwI-sD5PZ3l4NDCCei9XkoIA
      fsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7MsFfI_K767G9C9A
      zp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ6195_JGG2m9
      Csg",
  "tag": "WCCkNa-x4BeB9hIDIfFuhg"
}
Figure 129: General JWE JSON Serialization 

{
  "protected": "eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYn
      JhbmR5YnVja0BidWNrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6Ik
      VDIiwiY3J2IjoiUC0yNTYiLCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqan
      FWc1AxclhXUXVfdndWT0hIdE5rZFlvQSIsInkiOiI4QlFBc0ltR2VBUz
      Q2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0RHY0SXJzIn0sImVuYyI6Ik
      ExMjhDQkMtSFMyNTYifQ",
  "iv": "yc9N8v5sYyv3iGQT926IUg",
  "ciphertext": "BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4O
      PKbWE1zSTEFjDfhU9IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEs
      DIqAYtskTTmzmzNa-_q4F_evAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolq
      ZSF3xGNNkpOMQKF1Cl8i8wjzRli7-IXgyirlKQsbhhqRzkv8IcY6aHl2
      4j03C-AR2le1r7URUhArM79BY8soZU0lzwI-sD5PZ3l4NDCCei9XkoIA
      fsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7MsFfI_K767G9C9A
      zp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ6195_JGG2m9
      Csg",
  "tag": "WCCkNa-x4BeB9hIDIfFuhg"
}
Figure 129: 一般的なJWE JSONシリアライゼーション

5.6. Direct Encryption Using AES-GCM

5.6. AES-GCMを使用した直接暗号化

This example illustrates encrypting content using a previously exchanged key directly and the "A128GCM" (AES-GCM) content encryption algorithm.

この例は、事前に交換されたキーを直接使用してコンテンツを暗号化し、"A128GCM"(AES-GCM)コンテンツ暗号化アルゴリズムを使用する方法を示しています。

Note that whitespace is added for readability as described in Section 1.1.

セクション1.1で説明されているように、読みやすさのために空白が追加されていることに注意してください。

5.6.1. Input Factors

5.6.1. 入力要素

The following are supplied before beginning the encryption process:

以下のものが暗号化プロセスを開始する前に提供されます:

  • Plaintext content; this example uses the content from Figure 72.
  • 平文の内容; この例では、図72の内容を使用します。
  • AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 130.
  • AES対称キーをコンテンツ暗号化キー(CEK)として; この例では、図130のキーを使用します。
  • "alg" parameter of "dir".
  • "alg"パラメーターは"dir"。
  • "enc" parameter of "A128GCM".
  • "enc"パラメーターは"A128GCM"。

{
  "kty": "oct",
  "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
  "use": "enc",
  "alg": "A128GCM",
  "k": "XctOhJAkA-pD9Lh7ZgW_2A"
}
Figure 130: AES 128-Bit Key, in JWK Format 

{
  "kty": "oct",
  "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
  "use": "enc",
  "alg": "A128GCM",
  "k": "XctOhJAkA-pD9Lh7ZgW_2A"
}
Figure 130: AES 128ビットキー、JWK形式

5.6.2. Generated Factors

5.6.2. 生成された要素

The following is generated before encrypting:

以下が暗号化する前に生成されます:

  • Initialization Vector; this example uses the Initialization Vector from Figure 131.
  • 初期化ベクトル; この例では、図131からの初期化ベクトルを使用します。

refa467QzzKx6QAB
Figure 131: Initialization Vector, base64url-encoded 

refa467QzzKx6QAB
Figure 131: 初期化ベクトル、base64urlエンコード済み

5.6.3. Encrypting the Content

5.6.3. コンテンツの暗号化

The following is generated before encrypting the content:

以下がコンテンツを暗号化する前に生成されます:

  • JWE Protected Header; this example uses the header from Figure 132, encoded as base64url [RFC4648] to produce Figure 133.
  • JWE保護ヘッダー; この例では、図132のヘッダーを使用し、base64url [RFC4648]でエンコードして図133を生成します。

{
  "alg": "dir",
  "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
  "enc": "A128GCM"
}
Figure 132: JWE Protected Header JSON 

{
  "alg": "dir",
  "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
  "enc": "A128GCM"
}
Figure 132: JWE保護ヘッダー JSON 

eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MT
diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0
Figure 133: JWE Protected Header, base64url-encoded 

eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MT
diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0
Figure 133: JWE保護ヘッダー、base64urlエンコード済み

Performing the encryption operation on the Plaintext (Figure 72) using the following:

以下を使用して平文(図72)に暗号化操作を実行します:

  • CEK (Figure 130);
  • CEK(図130);
  • Initialization Vector (Figure 131); and
  • 初期化ベクトル(図131); そして
  • JWE Protected Header (Figure 133) as authenticated data
  • 認証データとしてのJWE保護ヘッダー(図133)

produces the following:

以下を生成します:

  • Ciphertext from Figure 134.
  • 図134からの暗号文。
  • Authentication Tag from Figure 135.
  • 図135からの認証タグ。

JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJoBcW29rHP8yZOZG7Y
hLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zM
DB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_
BIwCPTjb9o0SbdcdREEMJMyZBH8ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5
g-NJsUPbjk29-s7LJAGb15wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSIn
ZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp
Figure 134: Ciphertext, base64url-encoded 

JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJoBcW29rHP8yZOZG7Y
hLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zM
DB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_
BIwCPTjb9o0SbdcdREEMJMyZBH8ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5
g-NJsUPbjk29-s7LJAGb15wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSIn
ZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp
Figure 134: 暗号文、base64urlエンコード済み 

vbb32Xvllea2OtmHAdccRQ
Figure 135: Authentication Tag, base64url-encoded 

vbb32Xvllea2OtmHAdccRQ
Figure 135: 認証タグ、base64urlエンコード済み

5.6.4. Output Results

5.6.4. 出力結果

The following compose the resulting JWE object:

以下が結果としてのJWEオブジェクトを構成します:

  • JWE Protected Header (Figure 133)
  • JWE保護ヘッダー(図133)
  • Initialization Vector (Figure 131)
  • 初期化ベクトル(図131)
  • Ciphertext (Figure 134)
  • 暗号文(図134)
  • Authentication Tag (Figure 135)
  • 認証タグ(図135)

Only the general JWE JSON Serialization is presented because the flattened JWE JSON Serialization is identical.

一般的なJWE JSONシリアライゼーションのみが提示されます。なぜなら、フラット化されたJWE JSONシリアライゼーションは同一だからです。

The resulting JWE object using the JWE Compact Serialization:

JWE Compact Serializationを使用した結果としてのJWEオブジェクト:

eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MT
diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0
.
.
refa467QzzKx6QAB
.
JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJoBcW29rHP8yZOZG7Y
hLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zM
DB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_
BIwCPTjb9o0SbdcdREEMJMyZBH8ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5
g-NJsUPbjk29-s7LJAGb15wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSIn
ZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp
.
vbb32Xvllea2OtmHAdccRQ
Figure 136: JWE Compact Serialization 

eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MT
diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0
.
.
refa467QzzKx6QAB
.
JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJoBcW29rHP8yZOZG7Y
hLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zM
DB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_
BIwCPTjb9o0SbdcdREEMJMyZBH8ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5
g-NJsUPbjk29-s7LJAGb15wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSIn
ZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp
.
vbb32Xvllea2OtmHAdccRQ
Figure 136: JWEコンパクトシリアライゼーション

The resulting JWE object using the general JWE JSON Serialization:

一般的なJWE JSONシリアライゼーションを使用した結果としてのJWEオブジェクト:

{
  "protected": "eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLT
      Q1Y2YtODY3Mi02MTdiNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0",
  "iv": "refa467QzzKx6QAB",
  "ciphertext": "JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJ
      oBcW29rHP8yZOZG7YhLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9
      HRUYkshtrMmIUAyGmUnd9zMDB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdc
      qMyiBoCO-FBdE-Nceb4h3-FtBP-c_BIwCPTjb9o0SbdcdREEMJMyZBH8
      ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5g-NJsUPbjk29-s7LJAGb1
      5wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSInZI-wjsY0yu3cT4_
      aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp",
  "tag": "vbb32Xvllea2OtmHAdccRQ"
}
Figure 137: General JWE JSON Serialization 

{
  "protected": "eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLT
      Q1Y2YtODY3Mi02MTdiNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0",
  "iv": "refa467QzzKx6QAB",
  "ciphertext": "JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJ
      oBcW29rHP8yZOZG7YhLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9
      HRUYkshtrMmIUAyGmUnd9zMDB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdc
      qMyiBoCO-FBdE-Nceb4h3-FtBP-c_BIwCPTjb9o0SbdcdREEMJMyZBH8
      ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5g-NJsUPbjk29-s7LJAGb1
      5wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSInZI-wjsY0yu3cT4_
      aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp",
  "tag": "vbb32Xvllea2OtmHAdccRQ"
}
Figure 137: 一般的なJWE JSONシリアライゼーション

5.7. Key Wrap Using AES-GCM KeyWrap with AES-CBC-HMAC-SHA2

5.7. AES-GCM KeyWrapとAES-CBC-HMAC-SHA2を使用したキーのラップ

This example illustrates encrypting content using the "A256GCMKW" (AES-256-GCM-KeyWrap) key encryption algorithm with the "A128CBC- HS256" (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.

この例では、"A256GCMKW" (AES-256-GCM-KeyWrap)キー暗号化アルゴリズムと"A128CBC- HS256" (AES-128-CBC-HMAC-SHA-256)コンテンツ暗号化アルゴリズムを使用してコンテンツを暗号化する方法を示しています。

Note that whitespace is added for readability as described in Section 1.1.

セクション1.1で説明されているように、読みやすさのために空白が追加されていることに注意してください。

5.7.1. Input Factors

5.7.1. 入力要素

The following are supplied before beginning the encryption process:

以下が暗号化プロセスを開始する前に提供されます:

  • Plaintext content; this example uses the content from Figure 72.
  • 平文の内容; この例では、図72の内容を使用します。
  • AES symmetric key; this example uses the key from Figure 138.
  • AES対称キー; この例では、図138のキーを使用します。
  • "alg" parameter of "A256GCMKW".
  • "alg"パラメーターは"A256GCMKW"です。
  • "enc" parameter of "A128CBC-HS256".
  • "enc"パラメーターは"A128CBC-HS256"です。

{
  "kty": "oct",
  "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
  "use": "enc",
  "alg": "A256GCMKW",
  "k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8"
}
Figure 138: AES 256-Bit Key 

{
  "kty": "oct",
  "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
  "use": "enc",
  "alg": "A256GCMKW",
  "k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8"
}
Figure 138: AES 256ビットキー

5.7.2. Generated Factors

5.7.2. 生成された要素

The following are generated before encrypting:

以下が暗号化する前に生成されます:

  • AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 139.
  • コンテンツ暗号化キー(CEK)としてのAES対称キー; この例では、図139からのキーを使用します。
  • Initialization Vector for content encryption; this example uses the Initialization Vector from Figure 140.
  • コンテンツ暗号化のための初期化ベクトル; この例では、図140からの初期化ベクトルを使用します。

UWxARpat23nL9ReIj4WG3D1ee9I4r-Mv5QLuFXdy_rE
Figure 139: Content Encryption Key, base64url-encoded 

UWxARpat23nL9ReIj4WG3D1ee9I4r-Mv5QLuFXdy_rE
Figure 139: コンテンツ暗号化キー、base64urlエンコード済み 

gz6NjyEFNm_vm8Gj6FwoFQ
Figure 140: Initialization Vector, base64url-encoded 

gz6NjyEFNm_vm8Gj6FwoFQ
Figure 140: 初期化ベクトル、base64urlエンコード済み

5.7.3. Encrypting the Key

5.7.3. Encrypting the Key

The following is generated before encrypting the CEK:

以下がCEKを暗号化する前に生成されます:

  • Initialization Vector for key wrapping; this example uses the Initialization Vector from Figure 141.
  • キーのラッピング用の初期化ベクトル; この例では、図141からの初期化ベクトルを使用します。

KkYT0GX_2jHlfqN_

KkYT0GX_2jHlfqN_

Figure 141: Initialization Vector for Key Wrapping, base64url-encoded Performing the key encryption operation over the CEK (Figure 139) with the following:

図141: キーのラッピング用の初期化ベクトル、base64urlエンコード済み 以下を使用してCEK(図139)に対してキー暗号化操作を実行します:

  • AES symmetric key (Figure 138);
  • AES対称キー(図138);
  • Initialization Vector (Figure 141); and
  • 初期化ベクトル(図141); そして
  • The empty string as authenticated data
  • 認証データとしての空文字列

produces the following:

以下を生成します:

  • Encrypted Key from Figure 142.
  • 図142からの暗号化キー。
  • Authentication Tag from Figure 143.
  • 図143からの認証タグ。

lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok
Figure 142: Encrypted Key, base64url-encoded 

lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok
Figure 142: 暗号化キー、base64urlエンコード済み 

kfPduVQ3T3H6vnewt--ksw
Figure 143: Authentication Tag from Key Wrapping, base64url-encoded 

kfPduVQ3T3H6vnewt--ksw
Figure 143: キーのラッピングからの認証タグ、base64urlエンコード済み

5.7.4. Encrypting the Content

5.7.4. コンテンツの暗号化

The following is generated before encrypting the content:

以下がコンテンツを暗号化する前に生成されます:

  • JWE Protected Header; this example uses the header from Figure 144, encoded to base64url [RFC4648] as Figure 145.
  • JWE保護ヘッダー; この例では、図144のヘッダーを使用し、図145のようにbase64url [RFC4648]にエンコードします。

{
  "alg": "A256GCMKW",
  "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
  "tag": "kfPduVQ3T3H6vnewt--ksw",
  "iv": "KkYT0GX_2jHlfqN_",
  "enc": "A128CBC-HS256"
}
Figure 144: JWE Protected Header JSON 

{
  "alg": "A256GCMKW",
  "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
  "tag": "kfPduVQ3T3H6vnewt--ksw",
  "iv": "KkYT0GX_2jHlfqN_",
  "enc": "A128CBC-HS256"
}
Figure 144: JWE保護ヘッダーJSON 

eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYj
IwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3
IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIiwiZW5jIjoiQTEyOENCQy1IUzI1Ni
J9
Figure 145: JWE Protected Header, base64url-encoded 

eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYj
IwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3
IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIiwiZW5jIjoiQTEyOENCQy1IUzI1Ni
J9
Figure 145: JWE保護ヘッダー、base64urlエンコード済み

Performing the content encryption operation over the Plaintext (Figure 72) with the following:

以下を使用してプレーンテキスト(図72)に対してコンテンツ暗号化操作を実行します:

  • CEK (Figure 139);
  • CEK(図139);
  • Initialization Vector (Figure 140); and
  • 初期化ベクトル(図140); そして
  • JWE Protected Header (Figure 145) as authenticated data
  • 認証データとしてのJWE保護ヘッダー(図145)

produces the following:

以下を生成します:

  • Ciphertext from Figure 146.
  • 図146からの暗号文。
  • Authentication Tag from Figure 147.
  • 図147からの認証タグ。

Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8EqoDZHyFKFBupS8iaE
eVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyWtZKX0gxKdy6HgLvqoGNbZCz
LjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQHLcqAHxy51449xkjZ7ewzZaGV3eFq
hpco8o4DijXaG5_7kp3h2cajRfDgymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hde
b6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0Jtj
xAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR
1B-gxpNk3xWU
Figure 146: Ciphertext, base64url-encoded 

Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8EqoDZHyFKFBupS8iaE
eVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyWtZKX0gxKdy6HgLvqoGNbZCz
LjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQHLcqAHxy51449xkjZ7ewzZaGV3eFq
hpco8o4DijXaG5_7kp3h2cajRfDgymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hde
b6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0Jtj
xAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR
1B-gxpNk3xWU
Figure 146: 暗号文、base64urlエンコード済み 

DKW7jrb4WaRSNfbXVPlT5g
Figure 147: Authentication Tag, base64url-encoded 

DKW7jrb4WaRSNfbXVPlT5g
Figure 147: 認証タグ、base64urlエンコード済み

5.7.5. Output Results

5.7.5. 出力結果

The following compose the resulting JWE object:

以下が結果としてのJWEオブジェクトを構成します:

  • JWE Protected Header (Figure 145)
  • JWE保護ヘッダー(図145)
  • Encrypted Key (Figure 142)
  • 暗号化キー(図142)
  • Initialization Vector (Figure 140)
  • 初期化ベクトル(図140)
  • Ciphertext (Figure 146)
  • 暗号文(図146)
  • Authentication Tag (Figure 147)
  • 認証タグ(図147)

The resulting JWE object using the JWE Compact Serialization:

JWEコンパクトシリアライゼーションを使用した結果としてのJWEオブジェクト:

eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYj
IwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3
IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIiwiZW5jIjoiQTEyOENCQy1IUzI1Ni
J9
.
lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok
.
gz6NjyEFNm_vm8Gj6FwoFQ
.
Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8EqoDZHyFKFBupS8iaE
eVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyWtZKX0gxKdy6HgLvqoGNbZCz
LjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQHLcqAHxy51449xkjZ7ewzZaGV3eFq
hpco8o4DijXaG5_7kp3h2cajRfDgymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hde
b6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0Jtj
xAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR
1B-gxpNk3xWU
.
DKW7jrb4WaRSNfbXVPlT5g
Figure 148: JWE Compact Serialization 

eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYj
IwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3
IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIiwiZW5jIjoiQTEyOENCQy1IUzI1Ni
J9
.
lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok
.
gz6NjyEFNm_vm8Gj6FwoFQ
.
Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8EqoDZHyFKFBupS8iaE
eVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyWtZKX0gxKdy6HgLvqoGNbZCz
LjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQHLcqAHxy51449xkjZ7ewzZaGV3eFq
hpco8o4DijXaG5_7kp3h2cajRfDgymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hde
b6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0Jtj
xAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR
1B-gxpNk3xWU
.
DKW7jrb4WaRSNfbXVPlT5g
Figure 148: JWEコンパクトシリアライゼーション

The resulting JWE object using the general JWE JSON Serialization:

一般的なJWE JSONシリアライゼーションを使用した結果としてのJWEオブジェクト:

{
  "recipients": [
    {
      "encrypted_key": "lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElL
          vYNok"
    }
  ],
  "protected": "eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS
      1iZmE5LTRkOTUtYjIwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdV
      ZRM1QzSDZ2bmV3dC0ta3N3IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIi
      wiZW5jIjoiQTEyOENCQy1IUzI1NiJ9",
  "iv": "gz6NjyEFNm_vm8Gj6FwoFQ",
  "ciphertext": "Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8E
      qoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyW
      tZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQ
      HLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfD
      gymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec
      4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7z
      zFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3
      xWU",
  "tag": "DKW7jrb4WaRSNfbXVPlT5g"
}
Figure 149: General JWE JSON Serialization 

{
  "recipients": [
    {
      "encrypted_key": "lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElL
          vYNok"
    }
  ],
  "protected": "eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS
      1iZmE5LTRkOTUtYjIwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdV
      ZRM1QzSDZ2bmV3dC0ta3N3IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIi
      wiZW5jIjoiQTEyOENCQy1IUzI1NiJ9",
  "iv": "gz6NjyEFNm_vm8Gj6FwoFQ",
  "ciphertext": "Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8E
      qoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyW
      tZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQ
      HLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfD
      gymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec
      4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7z
      zFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3
      xWU",
  "tag": "DKW7jrb4WaRSNfbXVPlT5g"
}
Figure 149: 一般的なJWE JSONシリアライゼーション

The resulting JWE object using the flattened JWE JSON Serialization:

フラット化されたJWE JSONシリアライゼーションを使用した結果としてのJWEオブジェクト:

{
  "protected": "eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6IktrWVQwR1hfMm
      pIbGZxTl8iLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYjIwNS0yYj
      RkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3Ii
      wiZW5jIjoiQTEyOENCQy1IUzI1NiJ9",
  "encrypted_key": "lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNo
      k",
  "iv": "gz6NjyEFNm_vm8Gj6FwoFQ",
  "ciphertext": "Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8E
      qoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyW
      tZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQ
      HLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfD
      gymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec
      4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7z
      zFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3
      xWU",
  "tag": "NvBveHr_vonkvflfnUrmBQ"
}
Figure 150: Flattened JWE JSON Serialization 

{
  "protected": "eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6IktrWVQwR1hfMm
      pIbGZxTl8iLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYjIwNS0yYj
      RkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3Ii
      wiZW5jIjoiQTEyOENCQy1IUzI1NiJ9",
  "encrypted_key": "lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNo
      k",
  "iv": "gz6NjyEFNm_vm8Gj6FwoFQ",
  "ciphertext": "Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8E
      qoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyW
      tZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQ
      HLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfD
      gymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec
      4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7z
      zFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3
      xWU",
  "tag": "NvBveHr_vonkvflfnUrmBQ"
}
Figure 150: フラット化されたJWE JSONシリアライゼーション

5.8. Key Wrap Using AES-KeyWrap with AES-GCM

5.8. AES-KeyWrapとAES-GCMを使用したキーのラップ

The following example illustrates content encryption using the "A128KW" (AES-128-KeyWrap) key encryption algorithm and the "A128GCM" (AES-128-GCM) content encryption algorithm.

次の例は、"A128KW"(AES-128-KeyWrap)キー暗号化アルゴリズムと"A128GCM"(AES-128-GCM)コンテンツ暗号化アルゴリズムを使用したコンテンツの暗号化を示しています。

Note that whitespace is added for readability as described in Section 1.1.

セクション1.1で説明されているように、読みやすさのために空白が追加されていることに注意してください。

5.8.1. Input Factors

5.8.1. 入力要素

The following are supplied before beginning the encryption process:

以下は、暗号化プロセスを開始する前に提供されます:

  • Plaintext content; this example uses the content from Figure 72.
  • 平文の内容; この例では、図72の内容を使用します。
  • AES symmetric key; this example uses the key from Figure 151.
  • AES対称キー; この例では、図151のキーを使用します。
  • "alg" parameter of "A128KW".
  • "alg"パラメータは"A128KW"。
  • "enc" parameter of "A128GCM".
  • "enc"パラメータは"A128GCM"。

{
  "kty": "oct",
  "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
  "use": "enc",
  "alg": "A128KW",
  "k": "GZy6sIZ6wl9NJOKB-jnmVQ"
}
Figure 151: AES 128-Bit Key 

{
  "kty": "oct",
  "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
  "use": "enc",
  "alg": "A128KW",
  "k": "GZy6sIZ6wl9NJOKB-jnmVQ"
}
Figure 151: AES 128ビットキー

5.8.2. Generated Factors

5.8.2. 生成された要素

The following are generated before encrypting:

以下は、暗号化する前に生成されます:

  • AES symmetric key as the Content Encryption Key; this example uses the key from Figure 152.
  • AES対称キーとしてのコンテンツ暗号化キー; この例では、図152のキーを使用します。
  • Initialization Vector; this example uses the Initialization Vector from Figure 153.
  • 初期化ベクトル; この例では、図153の初期化ベクトルを使用します。

aY5_Ghmk9KxWPBLu_glx1w
Figure 152: Content Encryption Key, base64url-encoded 

aY5_Ghmk9KxWPBLu_glx1w
Figure 152: コンテンツ暗号化キー、base64urlエンコード済み 

Qx0pmsDa8KnJc9Jo
Figure 153: Initialization Vector, base64url-encoded 

Qx0pmsDa8KnJc9Jo
Figure 153: 初期化ベクトル、base64urlエンコード済み

5.8.3. Encrypting the Key

5.8.3. キーの暗号化

Performing the key encryption operation over the CEK (Figure 152) with the AES symmetric key (Figure 151) produces the following Encrypted Key:

CEK(図152)に対してAES対称キー(図151)を使用してキー暗号化操作を実行すると、次の暗号化キーが生成されます:

CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx
Figure 154: Encrypted Key, base64url-encoded 

CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx
Figure 154: 暗号化キー、base64urlエンコード済み

5.8.4. Encrypting the Content

5.8.4. コンテンツの暗号化

The following is generated before encrypting the content:

以下は、コンテンツを暗号化する前に生成されます:

  • JWE Protected Header; this example uses the header from Figure 155, encoded to base64url [RFC4648] as Figure 156.
  • JWE保護ヘッダー; この例では、図155のヘッダーを使用し、図156のようにbase64url [RFC4648]にエンコードします。

{
  "alg": "A128KW",
  "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
  "enc": "A128GCM"
}
Figure 155: JWE Protected Header JSON 

{
  "alg": "A128KW",
  "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
  "enc": "A128GCM"
}
Figure 155: JWE保護ヘッダーJSON 

eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0
Figure 156: JWE Protected Header, base64url-encoded 

eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0
Figure 156: JWE保護ヘッダー、base64urlエンコード済み

Performing the content encryption over the Plaintext (Figure 72) with the following:

以下を使用して、平文(図72)に対してコンテンツ暗号化を実行します:

  • CEK (Figure 152);
  • CEK(図152);
  • Initialization Vector (Figure 153); and
  • 初期化ベクトル(図153); そして
  • JWE Protected Header (Figure 156) as authenticated data
  • 認証データとしてのJWE保護ヘッダー(図156)

produces the following:

以下を生成します:

  • Ciphertext from Figure 157.
  • 図157からの暗号文。
  • Authentication Tag from Figure 158.
  • 図158からの認証タグ。

AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD6
1A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfe
F0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8RE
wOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-p
uQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRa
a8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF
Figure 157: Ciphertext, base64url-encoded 

AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD6
1A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfe
F0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8RE
wOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-p
uQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRa
a8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF
Figure 157: 暗号文、base64urlエンコード済み 

ER7MWJZ1FBI_NKvn7Zb1Lw
Figure 158: Authentication Tag, base64url-encoded 

ER7MWJZ1FBI_NKvn7Zb1Lw
Figure 158: 認証タグ、base64urlエンコード済み

5.8.5. Output Results

5.8.5. 出力結果

The following compose the resulting JWE object:

以下が結果のJWEオブジェクトを構成します:

  • JWE Protected Header (Figure 156)
  • JWE保護ヘッダー(図156)
  • Encrypted Key (Figure 154)
  • 暗号化キー(図154)
  • Initialization Vector (Figure 153)
  • 初期化ベクトル(図153)
  • Ciphertext (Figure 157)
  • 暗号文(図157)
  • Authentication Tag (Figure 158)
  • 認証タグ(図158)

The resulting JWE object using the JWE Compact Serialization:

JWEコンパクトシリアライゼーションを使用した結果のJWEオブジェクト:

eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0
.
CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx
.
Qx0pmsDa8KnJc9Jo
.
AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD6
1A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfe
F0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8RE
wOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-p
uQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRa
a8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF
.
ER7MWJZ1FBI_NKvn7Zb1Lw
Figure 159: JWE Compact Serialization 

eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0
.
CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx
.
Qx0pmsDa8KnJc9Jo
.
AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD6
1A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfe
F0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8RE
wOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-p
uQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRa
a8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF
.
ER7MWJZ1FBI_NKvn7Zb1Lw
Figure 159: JWEコンパクトシリアライゼーション

The resulting JWE object using the general JWE JSON Serialization:

一般的なJWE JSONシリアライゼーションを使用した結果のJWEオブジェクト:

{
  "recipients": [
    {
      "encrypted_key": "CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx"
    }
  ],
  "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
      MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn
      0",
  "iv": "Qx0pmsDa8KnJc9Jo",
  "ciphertext": "AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1b
      TdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGk
      d3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiY
      SoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7
      PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvE
      TUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMv
      EmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF",
  "tag": "ER7MWJZ1FBI_NKvn7Zb1Lw"
}
Figure 160: General JWE JSON Serialization 

{
  "recipients": [
    {
      "encrypted_key": "CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx"
    }
  ],
  "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
      MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn
      0",
  "iv": "Qx0pmsDa8KnJc9Jo",
  "ciphertext": "AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1b
      TdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGk
      d3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiY
      SoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7
      PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvE
      TUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMv
      EmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF",
  "tag": "ER7MWJZ1FBI_NKvn7Zb1Lw"
}
Figure 160: 一般的なJWE JSONシリアライゼーション

The resulting JWE object using the flattened JWE JSON Serialization:

フラット化されたJWE JSONシリアライゼーションを使用した結果のJWEオブジェクト:

{
  "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
      MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn
      0",
  "encrypted_key": "CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx",
  "iv": "Qx0pmsDa8KnJc9Jo",
  "ciphertext": "AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1b
      TdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGk
      d3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiY
      SoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7
      PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvE
      TUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMv
      EmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF",
  "tag": "ER7MWJZ1FBI_NKvn7Zb1Lw"
}
Figure 161: Flattened JWE JSON Serialization 

{
  "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
      MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn
      0",
  "encrypted_key": "CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx",
  "iv": "Qx0pmsDa8KnJc9Jo",
  "ciphertext": "AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1b
      TdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGk
      d3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiY
      SoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7
      PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvE
      TUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMv
      EmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF",
  "tag": "ER7MWJZ1FBI_NKvn7Zb1Lw"
}
Figure 161: フラット化されたJWE JSONシリアライゼーション

5.9. Compressed Content

5.9. Compressed Content

This example illustrates encrypting content that is first compressed. It reuses the AES symmetric key, key encryption algorithm, and content encryption algorithm from Section 5.8.

This example illustrates encrypting content that is first compressed. It reuses the AES symmetric key, key encryption algorithm, and content encryption algorithm from Section 5.8.

Note that whitespace is added for readability as described in Section 1.1.

Note that whitespace is added for readability as described in Section 1.1.

5.9.1. Input Factors

5.9.1. Input Factors

The following are supplied before beginning the encryption process:

The following are supplied before beginning the encryption process:

  • Plaintext content; this example uses the content from Figure 72.
  • Plaintext content; this example uses the content from Figure 72.
  • Recipient encryption key; this example uses the key from Figure 151.
  • Recipient encryption key; this example uses the key from Figure 151.
  • Key encryption algorithm; this example uses "A128KW".
  • Key encryption algorithm; this example uses "A128KW".
  • Content encryption algorithm; this example uses "A128GCM".
  • Content encryption algorithm; this example uses "A128GCM".
  • "zip" parameter of "DEF".
  • "zip" parameter of "DEF".

5.9.2. Generated Factors

5.9.2. Generated Factors

The following are generated before encrypting:

The following are generated before encrypting:

  • Compressed Plaintext from the original Plaintext content; compressing Figure 72 using the DEFLATE [RFC1951] algorithm produces the compressed Plaintext from Figure 162.
  • Compressed Plaintext from the original Plaintext content; compressing Figure 72 using the DEFLATE [RFC1951] algorithm produces the compressed Plaintext from Figure 162.
  • AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 163.
  • AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 163.
  • Initialization Vector; this example uses the Initialization Vector from Figure 164.
  • Initialization Vector; this example uses the Initialization Vector from Figure 164.

bY_BDcIwDEVX-QNU3QEOrIA4pqlDokYxchxVvbEDGzIJbioOSJwc-f___HPjBu
8KVFpVtAplVE1-wZo0YjNZo3C7R5v72pV5f5X382VWjYQpqZKAyjziZOr2B7kQ
PSy6oZIXUnDYbVKN4jNXi2u0yB7t1qSHTjmMODf9QgvrDzfTIQXnyQRuUya4zI
WG3vTOdir0v7BRHFYWq3k1k1A_gSDJqtcBF-GZxw8
Figure 162: Compressed Plaintext, base64url-encoded 

bY_BDcIwDEVX-QNU3QEOrIA4pqlDokYxchxVvbEDGzIJbioOSJwc-f___HPjBu
8KVFpVtAplVE1-wZo0YjNZo3C7R5v72pV5f5X382VWjYQpqZKAyjziZOr2B7kQ
PSy6oZIXUnDYbVKN4jNXi2u0yB7t1qSHTjmMODf9QgvrDzfTIQXnyQRuUya4zI
WG3vTOdir0v7BRHFYWq3k1k1A_gSDJqtcBF-GZxw8
Figure 162: Compressed Plaintext, base64url-encoded 

hC-MpLZSuwWv8sexS6ydfw
Figure 163: Content Encryption Key, base64url-encoded 

hC-MpLZSuwWv8sexS6ydfw
Figure 163: Content Encryption Key, base64url-encoded 

p9pUq6XHY0jfEZIl
Figure 164: Initialization Vector, base64url-encoded 

p9pUq6XHY0jfEZIl
Figure 164: Initialization Vector, base64url-encoded

5.9.3. Encrypting the Key

5.9.3. Encrypting the Key

Performing the key encryption operation over the CEK (Figure 163) with the AES symmetric key (Figure 151) produces the following Encrypted Key:

Performing the key encryption operation over the CEK (Figure 163) with the AES symmetric key (Figure 151) produces the following Encrypted Key:

5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi
Figure 165: Encrypted Key, base64url-encoded 

5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi
Figure 165: Encrypted Key, base64url-encoded

5.9.4. Encrypting the Content

5.9.4. Encrypting the Content

The following is generated before encrypting the content:

The following is generated before encrypting the content:

  • JWE Protected Header; this example uses the header from Figure 166, encoded to base64url [RFC4648] as Figure 167.
  • JWE Protected Header; this example uses the header from Figure 166, encoded to base64url [RFC4648] as Figure 167.

{
  "alg": "A128KW",
  "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
  "enc": "A128GCM",
  "zip": "DEF"
}
Figure 166: JWE Protected Header JSON 

{
  "alg": "A128KW",
  "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
  "enc": "A128GCM",
  "zip": "DEF"
}
Figure 166: JWE Protected Header JSON 

eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0
Figure 167: JWE Protected Header, base64url-encoded 

eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0
Figure 167: JWE Protected Header, base64url-encoded

Performing the content encryption operation over the compressed Plaintext (Figure 162, encoded as an octet string) with the following:

Performing the content encryption operation over the compressed Plaintext (Figure 162, encoded as an octet string) with the following:

  • CEK (Figure 163);
  • CEK (Figure 163);
  • Initialization Vector (Figure 164); and
  • Initialization Vector (Figure 164); and
  • JWE Protected Header (Figure 167) as authenticated data
  • JWE Protected Header (Figure 167) as authenticated data

produces the following:

produces the following:

  • Ciphertext from Figure 168.
  • Ciphertext from Figure 168.
  • Authentication Tag from Figure 169.
  • Authentication Tag from Figure 169.

HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6VB8hry57tDZ61jXyez
SPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0
m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDHj0aBMG6152PsM-w5E_o2B3jDbrYBK
hpYA7qi3AyijnCJ7BP9rr3U8kxExCpG3mK420TjOw
Figure 168: Ciphertext, base64url-encoded 

HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6VB8hry57tDZ61jXyez
SPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0
m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDHj0aBMG6152PsM-w5E_o2B3jDbrYBK
hpYA7qi3AyijnCJ7BP9rr3U8kxExCpG3mK420TjOw
Figure 168: Ciphertext, base64url-encoded 

VILuUwuIxaLVmh5X-T7kmA
Figure 169: Authentication Tag, base64url-encoded 

VILuUwuIxaLVmh5X-T7kmA
Figure 169: Authentication Tag, base64url-encoded

5.9.5. Output Results

5.9.5. Output Results

The following compose the resulting JWE object:

The following compose the resulting JWE object:

  • JWE Protected Header (Figure 167)
  • JWE Protected Header (Figure 167)
  • Encrypted Key (Figure 165)
  • Encrypted Key (Figure 165)
  • Initialization Vector (Figure 164)
  • Initialization Vector (Figure 164)
  • Ciphertext (Figure 168)
  • Ciphertext (Figure 168)
  • Authentication Tag (Figure 169) The resulting JWE object using the JWE Compact Serialization:
  • Authentication Tag (Figure 169) The resulting JWE object using the JWE Compact Serialization:

eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0
.
5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi
.
p9pUq6XHY0jfEZIl
.
HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6VB8hry57tDZ61jXyez
SPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0
m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDHj0aBMG6152PsM-w5E_o2B3jDbrYBK
hpYA7qi3AyijnCJ7BP9rr3U8kxExCpG3mK420TjOw
.
VILuUwuIxaLVmh5X-T7kmA
Figure 170: JWE Compact Serialization 

eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0
.
5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi
.
p9pUq6XHY0jfEZIl
.
HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6VB8hry57tDZ61jXyez
SPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0
m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDHj0aBMG6152PsM-w5E_o2B3jDbrYBK
hpYA7qi3AyijnCJ7BP9rr3U8kxExCpG3mK420TjOw
.
VILuUwuIxaLVmh5X-T7kmA
Figure 170: JWE Compact Serialization

The resulting JWE object using the general JWE JSON Serialization:

The resulting JWE object using the general JWE JSON Serialization:

{
  "recipients": [
    {
      "encrypted_key": "5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi"
    }
  ],
  "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
      MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIi
      wiemlwIjoiREVGIn0",
  "iv": "p9pUq6XHY0jfEZIl",
  "ciphertext": "HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6V
      B8hry57tDZ61jXyezSPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWG
      ml8blyiMQmOn9J--XhhlYg0m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDH
      j0aBMG6152PsM-w5E_o2B3jDbrYBKhpYA7qi3AyijnCJ7BP9rr3U8kxE
      xCpG3mK420TjOw",
  "tag": "VILuUwuIxaLVmh5X-T7kmA"
}
Figure 171: General JWE JSON Serialization 

{
  "recipients": [
    {
      "encrypted_key": "5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi"
    }
  ],
  "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
      MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIi
      wiemlwIjoiREVGIn0",
  "iv": "p9pUq6XHY0jfEZIl",
  "ciphertext": "HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6V
      B8hry57tDZ61jXyezSPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWG
      ml8blyiMQmOn9J--XhhlYg0m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDH
      j0aBMG6152PsM-w5E_o2B3jDbrYBKhpYA7qi3AyijnCJ7BP9rr3U8kxE
      xCpG3mK420TjOw",
  "tag": "VILuUwuIxaLVmh5X-T7kmA"
}
Figure 171: General JWE JSON Serialization

The resulting JWE object using the flattened JWE JSON Serialization:

The resulting JWE object using the flattened JWE JSON Serialization:

{
  "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
      MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIi
      wiemlwIjoiREVGIn0",
  "encrypted_key": "5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi",
  "iv": "p9pUq6XHY0jfEZIl",
  "ciphertext": "HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6V
      B8hry57tDZ61jXyezSPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWG
      ml8blyiMQmOn9J--XhhlYg0m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDH
      j0aBMG6152PsM-w5E_o2B3jDbrYBKhpYA7qi3AyijnCJ7BP9rr3U8kxE
      xCpG3mK420TjOw",
  "tag": "VILuUwuIxaLVmh5X-T7kmA"
}
Figure 172: Flattened JWE JSON Serialization 

{
  "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
      MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIi
      wiemlwIjoiREVGIn0",
  "encrypted_key": "5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi",
  "iv": "p9pUq6XHY0jfEZIl",
  "ciphertext": "HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6V
      B8hry57tDZ61jXyezSPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWG
      ml8blyiMQmOn9J--XhhlYg0m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDH
      j0aBMG6152PsM-w5E_o2B3jDbrYBKhpYA7qi3AyijnCJ7BP9rr3U8kxE
      xCpG3mK420TjOw",
  "tag": "VILuUwuIxaLVmh5X-T7kmA"
}
Figure 172: Flattened JWE JSON Serialization

5.10. Including Additional Authenticated Data

5.10. Including Additional Authenticated Data

This example illustrates encrypting content that includes additional authenticated data. As this example includes an additional top-level property not present in the JWE Compact Serialization, only the flattened JWE JSON Serialization and general JWE JSON Serialization are possible.

This example illustrates encrypting content that includes additional authenticated data. As this example includes an additional top-level property not present in the JWE Compact Serialization, only the flattened JWE JSON Serialization and general JWE JSON Serialization are possible.

Note that whitespace is added for readability as described in Section 1.1.

Note that whitespace is added for readability as described in Section 1.1.

5.10.1. Input Factors

5.10.1. Input Factors

The following are supplied before beginning the encryption process:

The following are supplied before beginning the encryption process:

  • Plaintext content; this example uses the content from Figure 72.
  • Plaintext content; this example uses the content from Figure 72.
  • Recipient encryption key; this example uses the key from Figure 151.
  • Recipient encryption key; this example uses the key from Figure 151.
  • Key encryption algorithm; this example uses "A128KW".
  • Key encryption algorithm; this example uses "A128KW".
  • Content encryption algorithm; this example uses "A128GCM".
  • Content encryption algorithm; this example uses "A128GCM".
  • Additional Authenticated Data; this example uses a vCard [RFC7095] from Figure 173, serialized to UTF-8.
  • Additional Authenticated Data; this example uses a vCard [RFC7095] from Figure 173, serialized to UTF-8.

[
  "vcard",
  [
    [ "version", {}, "text", "4.0" ],
    [ "fn", {}, "text", "Meriadoc Brandybuck" ],
    [ "n", {},
      "text", [
        "Brandybuck", "Meriadoc", "Mr.", ""
      ]
    ],
    [ "bday", {}, "text", "TA 2982" ],
    [ "gender", {}, "text", "M" ]
  ]
]
Figure 173: Additional Authenticated Data, in JSON Format 

[
  "vcard",
  [
    [ "version", {}, "text", "4.0" ],
    [ "fn", {}, "text", "Meriadoc Brandybuck" ],
    [ "n", {},
      "text", [
        "Brandybuck", "Meriadoc", "Mr.", ""
      ]
    ],
    [ "bday", {}, "text", "TA 2982" ],
    [ "gender", {}, "text", "M" ]
  ]
]
Figure 173: Additional Authenticated Data, in JSON Format

NOTE: Whitespace between JSON values was added for readability.

NOTE: Whitespace between JSON values was added for readability.

5.10.2. Generated Factors

5.10.2. Generated Factors

The following are generated before encrypting:

The following are generated before encrypting:

  • AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 174.
  • AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 174.
  • Initialization Vector; this example uses the Initialization Vector from Figure 175.
  • Initialization Vector; this example uses the Initialization Vector from Figure 175.
  • Encoded Additional Authenticated Data (AAD); this example uses the Additional Authenticated Data from Figure 173, encoded to base64url [RFC4648] as Figure 176.
  • Encoded Additional Authenticated Data (AAD); this example uses the Additional Authenticated Data from Figure 173, encoded to base64url [RFC4648] as Figure 176.

75m1ALsYv10pZTKPWrsqdg
Figure 174: Content Encryption Key, base64url-encoded 

75m1ALsYv10pZTKPWrsqdg
Figure 174: Content Encryption Key, base64url-encoded 

veCx9ece2orS7c_N
Figure 175: Initialization Vector, base64url-encoded 

veCx9ece2orS7c_N
Figure 175: Initialization Vector, base64url-encoded 

WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuIix7fS
widGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4iLHt9LCJ0ZXh0Iixb
IkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbImJkYXkiLHt9LC
J0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV4dCIsIk0iXV1d
Figure 176: Additional Authenticated Data, base64url-encoded 

WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuIix7fS
widGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4iLHt9LCJ0ZXh0Iixb
IkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbImJkYXkiLHt9LC
J0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV4dCIsIk0iXV1d
Figure 176: Additional Authenticated Data, base64url-encoded

5.10.3. Encrypting the Key

5.10.3. Encrypting the Key

Performing the key encryption operation over the CEK (Figure 174) with the AES symmetric key (Figure 151) produces the following Encrypted Key:

Performing the key encryption operation over the CEK (Figure 174) with the AES symmetric key (Figure 151) produces the following Encrypted Key:

4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X
Figure 177: Encrypted Key, base64url-encoded 

4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X
Figure 177: Encrypted Key, base64url-encoded

5.10.4. Encrypting the Content

5.10.4. Encrypting the Content

The following is generated before encrypting the content:

The following is generated before encrypting the content:

  • JWE Protected Header; this example uses the header from Figure 178, encoded to base64url [RFC4648] as Figure 179.
  • JWE Protected Header; this example uses the header from Figure 178, encoded to base64url [RFC4648] as Figure 179.

{
  "alg": "A128KW",
  "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
  "enc": "A128GCM"
}
Figure 178: JWE Protected Header JSON 

{
  "alg": "A128KW",
  "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
  "enc": "A128GCM"
}
Figure 178: JWE Protected Header JSON 

eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0
Figure 179: JWE Protected Header, base64url-encoded 

eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0
Figure 179: JWE Protected Header, base64url-encoded

Performing the content encryption operation over the Plaintext with the following:

Performing the content encryption operation over the Plaintext with the following:

  • CEK (Figure 174);
  • CEK (Figure 174);
  • Initialization Vector (Figure 175); and
  • Initialization Vector (Figure 175); and
  • Concatenation of the JWE Protected Header (Figure 179), ".", and the base64url [RFC4648] encoding of Figure 173 as authenticated data
  • Concatenation of the JWE Protected Header (Figure 179), ".", and the base64url [RFC4648] encoding of Figure 173 as authenticated data

produces the following:

produces the following:

  • Ciphertext from Figure 180.
  • Ciphertext from Figure 180.
  • Authentication Tag from Figure 181.
  • Authentication Tag from Figure 181.

Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0Ui8p74SchQP8xygM1
oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14T_4NFqF-p2Mx8zkbKxI7oPK
8KNarFbyxIDvICNqBLba-v3uzXBdB89fzOI-Lv4PjOFAQGHrgv1rjXAmKbgkft
9cB4WeyZw8MldbBhc-V_KWZslrsLNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4a
q3FXBxOxCys35PhCdaggy2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHr
RDQeHyMRoBljoV3X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV
Figure 180: Ciphertext, base64url-encoded 

Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0Ui8p74SchQP8xygM1
oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14T_4NFqF-p2Mx8zkbKxI7oPK
8KNarFbyxIDvICNqBLba-v3uzXBdB89fzOI-Lv4PjOFAQGHrgv1rjXAmKbgkft
9cB4WeyZw8MldbBhc-V_KWZslrsLNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4a
q3FXBxOxCys35PhCdaggy2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHr
RDQeHyMRoBljoV3X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV
Figure 180: Ciphertext, base64url-encoded 

vOaH_Rajnpy_3hOtqvZHRA
Figure 181: Authentication Tag, base64url-encoded 

vOaH_Rajnpy_3hOtqvZHRA
Figure 181: Authentication Tag, base64url-encoded

5.10.5. Output Results

5.10.5. Output Results

The following compose the resulting JWE object:

The following compose the resulting JWE object:

  • JWE Protected Header (Figure 179)
  • JWE Protected Header (Figure 179)
  • Encrypted Key (Figure 177)
  • Encrypted Key (Figure 177)
  • Initialization Vector (Figure 175)
  • Initialization Vector (Figure 175)
  • Additional Authenticated Data (Figure 176)
  • Additional Authenticated Data (Figure 176)
  • Ciphertext (Figure 180)
  • Ciphertext (Figure 180)
  • Authentication Tag (Figure 181)
  • Authentication Tag (Figure 181)

The JWE Compact Serialization is not presented because it does not support this use case.

The JWE Compact Serialization is not presented because it does not support this use case.

The resulting JWE object using the general JWE JSON Serialization:

The resulting JWE object using the general JWE JSON Serialization:

{
  "recipients": [
    {
      "encrypted_key": "4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X"
    }
  ],
  "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
      MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn
      0",
  "iv": "veCx9ece2orS7c_N",
  "aad": "WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxb
      ImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4i
      LHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIs
      IiJdXSxbImJkYXkiLHt9LCJ0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVy
      Iix7fSwidGV4dCIsIk0iXV1d",
  "ciphertext": "Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0
      Ui8p74SchQP8xygM1oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14
      T_4NFqF-p2Mx8zkbKxI7oPK8KNarFbyxIDvICNqBLba-v3uzXBdB89fz
      OI-Lv4PjOFAQGHrgv1rjXAmKbgkft9cB4WeyZw8MldbBhc-V_KWZslrs
      LNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4aq3FXBxOxCys35PhCdaggy
      2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHrRDQeHyMRoBljoV3
      X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV",
  "tag": "vOaH_Rajnpy_3hOtqvZHRA"
}
Figure 182: General JWE JSON Serialization 

{
  "recipients": [
    {
      "encrypted_key": "4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X"
    }
  ],
  "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
      MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn
      0",
  "iv": "veCx9ece2orS7c_N",
  "aad": "WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxb
      ImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4i
      LHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIs
      IiJdXSxbImJkYXkiLHt9LCJ0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVy
      Iix7fSwidGV4dCIsIk0iXV1d",
  "ciphertext": "Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0
      Ui8p74SchQP8xygM1oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14
      T_4NFqF-p2Mx8zkbKxI7oPK8KNarFbyxIDvICNqBLba-v3uzXBdB89fz
      OI-Lv4PjOFAQGHrgv1rjXAmKbgkft9cB4WeyZw8MldbBhc-V_KWZslrs
      LNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4aq3FXBxOxCys35PhCdaggy
      2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHrRDQeHyMRoBljoV3
      X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV",
  "tag": "vOaH_Rajnpy_3hOtqvZHRA"
}
Figure 182: General JWE JSON Serialization

The resulting JWE object using the flattened JWE JSON Serialization:

The resulting JWE object using the flattened JWE JSON Serialization:

{
  "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
      MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn
      0",
  "encrypted_key": "4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X",
  "aad": "WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxb
      ImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4i
      LHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIs
      IiJdXSxbImJkYXkiLHt9LCJ0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVy
      Iix7fSwidGV4dCIsIk0iXV1d",
  "iv": "veCx9ece2orS7c_N",
  "ciphertext": "Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0
      Ui8p74SchQP8xygM1oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14
      T_4NFqF-p2Mx8zkbKxI7oPK8KNarFbyxIDvICNqBLba-v3uzXBdB89fz
      OI-Lv4PjOFAQGHrgv1rjXAmKbgkft9cB4WeyZw8MldbBhc-V_KWZslrs
      LNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4aq3FXBxOxCys35PhCdaggy
      2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHrRDQeHyMRoBljoV3
      X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV",
  "tag": "vOaH_Rajnpy_3hOtqvZHRA"
}
Figure 183: Flattened JWE JSON Serialization 

{
  "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
      MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn
      0",
  "encrypted_key": "4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X",
  "aad": "WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxb
      ImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4i
      LHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIs
      IiJdXSxbImJkYXkiLHt9LCJ0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVy
      Iix7fSwidGV4dCIsIk0iXV1d",
  "iv": "veCx9ece2orS7c_N",
  "ciphertext": "Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0
      Ui8p74SchQP8xygM1oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14
      T_4NFqF-p2Mx8zkbKxI7oPK8KNarFbyxIDvICNqBLba-v3uzXBdB89fz
      OI-Lv4PjOFAQGHrgv1rjXAmKbgkft9cB4WeyZw8MldbBhc-V_KWZslrs
      LNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4aq3FXBxOxCys35PhCdaggy
      2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHrRDQeHyMRoBljoV3
      X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV",
  "tag": "vOaH_Rajnpy_3hOtqvZHRA"
}
Figure 183: Flattened JWE JSON Serialization

5.11. Protecting Specific Header Fields

5.11. Protecting Specific Header Fields

This example illustrates encrypting content where only certain JOSE Header Parameters are protected. As this example includes parameters in the JWE Shared Unprotected Header, only the general JWE JSON Serialization and flattened JWE JSON Serialization are possible.

This example illustrates encrypting content where only certain JOSE Header Parameters are protected. As this example includes parameters in the JWE Shared Unprotected Header, only the general JWE JSON Serialization and flattened JWE JSON Serialization are possible.

Note that whitespace is added for readability as described in Section 1.1.

Note that whitespace is added for readability as described in Section 1.1.

5.11.1. Input Factors

5.11.1. Input Factors

The following are supplied before beginning the encryption process:

The following are supplied before beginning the encryption process:

  • Plaintext content; this example uses the content from Figure 72.
  • Plaintext content; this example uses the content from Figure 72.
  • Recipient encryption key; this example uses the key from Figure 151.
  • Recipient encryption key; this example uses the key from Figure 151.
  • Key encryption algorithm; this example uses "A128KW".
  • Key encryption algorithm; this example uses "A128KW".
  • Content encryption algorithm; this example uses "A128GCM".
  • Content encryption algorithm; this example uses "A128GCM".

5.11.2. Generated Factors

5.11.2. Generated Factors

The following are generated before encrypting:

The following are generated before encrypting:

  • AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 184.
  • AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 184.
  • Initialization Vector; this example uses the Initialization Vector from Figure 185.
  • Initialization Vector; this example uses the Initialization Vector from Figure 185.

WDgEptBmQs9ouUvArz6x6g
Figure 184: Content Encryption Key, base64url-encoded 

WDgEptBmQs9ouUvArz6x6g
Figure 184: Content Encryption Key, base64url-encoded 

WgEJsDS9bkoXQ3nR
Figure 185: Initialization Vector, base64url-encoded 

WgEJsDS9bkoXQ3nR
Figure 185: Initialization Vector, base64url-encoded

5.11.3. Encrypting the Key

5.11.3. Encrypting the Key

Performing the key encryption operation over the CEK (Figure 184) with the AES symmetric key (Figure 151) produces the following Encrypted Key:

Performing the key encryption operation over the CEK (Figure 184) with the AES symmetric key (Figure 151) produces the following Encrypted Key:

jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H
Figure 186: Encrypted Key, base64url-encoded 

jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H
Figure 186: Encrypted Key, base64url-encoded

5.11.4. Encrypting the Content

5.11.4. Encrypting the Content

The following is generated before encrypting the content:

The following is generated before encrypting the content:

  • JWE Protected Header; this example uses the header from Figure 187, encoded to base64url [RFC4648] as Figure 188.
  • JWE Protected Header; this example uses the header from Figure 187, encoded to base64url [RFC4648] as Figure 188.

{
  "enc": "A128GCM"
}
Figure 187: JWE Protected Header JSON 

{
  "enc": "A128GCM"
}
Figure 187: JWE Protected Header JSON 

eyJlbmMiOiJBMTI4R0NNIn0
Figure 188: JWE Protected Header, base64url-encoded 

eyJlbmMiOiJBMTI4R0NNIn0
Figure 188: JWE Protected Header, base64url-encoded

Performing the content encryption operation over the Plaintext with the following:

Performing the content encryption operation over the Plaintext with the following:

  • CEK (Figure 184);
  • CEK (Figure 184);
  • Initialization Vector (Figure 185); and
  • Initialization Vector (Figure 185); and
  • JWE Protected Header (Figure 188) as authenticated data
  • JWE Protected Header (Figure 188) as authenticated data

produces the following:

produces the following:

  • Ciphertext from Figure 189.
  • Ciphertext from Figure 189.
  • Authentication Tag from Figure 190.
  • Authentication Tag from Figure 190.

lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2DM3swKkjOwQyZtWsFL
YMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9OCCJ1IHAolUv4MyOt80MoPb8
fZYbNKqplzYJgIL58g8N2v46OgyG637d6uuKPwhAnTGm_zWhqc_srOvgiLkzyF
XPq1hBAURbc3-8BqeRb48iR1-_5g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nO
WL4teUPS8yHLbWeL83olU4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWL
Hs1NqBbre0dEwK3HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf
Figure 189: Ciphertext, base64url-encoded 

lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2DM3swKkjOwQyZtWsFL
YMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9OCCJ1IHAolUv4MyOt80MoPb8
fZYbNKqplzYJgIL58g8N2v46OgyG637d6uuKPwhAnTGm_zWhqc_srOvgiLkzyF
XPq1hBAURbc3-8BqeRb48iR1-_5g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nO
WL4teUPS8yHLbWeL83olU4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWL
Hs1NqBbre0dEwK3HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf
Figure 189: Ciphertext, base64url-encoded 

fNYLqpUe84KD45lvDiaBAQ
Figure 190: Authentication Tag, base64url-encoded 

fNYLqpUe84KD45lvDiaBAQ
Figure 190: Authentication Tag, base64url-encoded

5.11.5. Output Results

5.11.5. Output Results

The following compose the resulting JWE object:

The following compose the resulting JWE object:

  • JWE Shared Unprotected Header (Figure 191)
  • JWE Shared Unprotected Header (Figure 191)
  • JWE Protected Header (Figure 188)
  • JWE Protected Header (Figure 188)
  • Encrypted Key (Figure 186)
  • Encrypted Key (Figure 186)
  • Initialization Vector (Figure 185)
  • Initialization Vector (Figure 185)
  • Ciphertext (Figure 189)
  • Ciphertext (Figure 189)
  • Authentication Tag (Figure 190)
  • Authentication Tag (Figure 190)

The JWE Compact Serialization is not presented because it does not support this use case.

The JWE Compact Serialization is not presented because it does not support this use case.

The following JWE Shared Unprotected Header is generated before assembling the output results:

The following JWE Shared Unprotected Header is generated before assembling the output results:

{
  "alg": "A128KW",
  "kid": "81b20965-8332-43d9-a468-82160ad91ac8"
}
Figure 191: JWE Shared Unprotected Header JSON 

{
  "alg": "A128KW",
  "kid": "81b20965-8332-43d9-a468-82160ad91ac8"
}
Figure 191: JWE Shared Unprotected Header JSON

The resulting JWE object using the general JWE JSON Serialization:

The resulting JWE object using the general JWE JSON Serialization:

{
  "recipients": [
    {
      "encrypted_key": "jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H"
    }
  ],
  "unprotected": {
    "alg": "A128KW",
    "kid": "81b20965-8332-43d9-a468-82160ad91ac8"
  },
  "protected": "eyJlbmMiOiJBMTI4R0NNIn0",
  "iv": "WgEJsDS9bkoXQ3nR",
  "ciphertext": "lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2D
      M3swKkjOwQyZtWsFLYMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9O
      CCJ1IHAolUv4MyOt80MoPb8fZYbNKqplzYJgIL58g8N2v46OgyG637d6
      uuKPwhAnTGm_zWhqc_srOvgiLkzyFXPq1hBAURbc3-8BqeRb48iR1-_5
      g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nOWL4teUPS8yHLbWeL83olU
      4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWLHs1NqBbre0dEwK3
      HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf",
  "tag": "fNYLqpUe84KD45lvDiaBAQ"
}
Figure 192: General JWE JSON Serialization 

{
  "recipients": [
    {
      "encrypted_key": "jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H"
    }
  ],
  "unprotected": {
    "alg": "A128KW",
    "kid": "81b20965-8332-43d9-a468-82160ad91ac8"
  },
  "protected": "eyJlbmMiOiJBMTI4R0NNIn0",
  "iv": "WgEJsDS9bkoXQ3nR",
  "ciphertext": "lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2D
      M3swKkjOwQyZtWsFLYMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9O
      CCJ1IHAolUv4MyOt80MoPb8fZYbNKqplzYJgIL58g8N2v46OgyG637d6
      uuKPwhAnTGm_zWhqc_srOvgiLkzyFXPq1hBAURbc3-8BqeRb48iR1-_5
      g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nOWL4teUPS8yHLbWeL83olU
      4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWLHs1NqBbre0dEwK3
      HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf",
  "tag": "fNYLqpUe84KD45lvDiaBAQ"
}
Figure 192: General JWE JSON Serialization

The resulting JWE object using the flattened JWE JSON Serialization:

The resulting JWE object using the flattened JWE JSON Serialization:

{
  "protected": "eyJlbmMiOiJBMTI4R0NNIn0",
  "unprotected": {
    "alg": "A128KW",
    "kid": "81b20965-8332-43d9-a468-82160ad91ac8"
  },
  "encrypted_key": "jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H",
  "iv": "WgEJsDS9bkoXQ3nR",
  "ciphertext": "lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2D
      M3swKkjOwQyZtWsFLYMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9O
      CCJ1IHAolUv4MyOt80MoPb8fZYbNKqplzYJgIL58g8N2v46OgyG637d6
      uuKPwhAnTGm_zWhqc_srOvgiLkzyFXPq1hBAURbc3-8BqeRb48iR1-_5
      g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nOWL4teUPS8yHLbWeL83olU
      4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWLHs1NqBbre0dEwK3
      HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf",
  "tag": "fNYLqpUe84KD45lvDiaBAQ"
}
Figure 193: Flattened JWE JSON Serialization 

{
  "protected": "eyJlbmMiOiJBMTI4R0NNIn0",
  "unprotected": {
    "alg": "A128KW",
    "kid": "81b20965-8332-43d9-a468-82160ad91ac8"
  },
  "encrypted_key": "jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H",
  "iv": "WgEJsDS9bkoXQ3nR",
  "ciphertext": "lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2D
      M3swKkjOwQyZtWsFLYMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9O
      CCJ1IHAolUv4MyOt80MoPb8fZYbNKqplzYJgIL58g8N2v46OgyG637d6
      uuKPwhAnTGm_zWhqc_srOvgiLkzyFXPq1hBAURbc3-8BqeRb48iR1-_5
      g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nOWL4teUPS8yHLbWeL83olU
      4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWLHs1NqBbre0dEwK3
      HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf",
  "tag": "fNYLqpUe84KD45lvDiaBAQ"
}
Figure 193: Flattened JWE JSON Serialization

5.12. Protecting Content Only

5.12. Protecting Content Only

This example illustrates encrypting content where none of the JOSE header parameters are protected. As this example includes parameters only in the JWE Shared Unprotected Header, only the flattened JWE JSON Serialization and general JWE JSON Serialization are possible.

This example illustrates encrypting content where none of the JOSE header parameters are protected. As this example includes parameters only in the JWE Shared Unprotected Header, only the flattened JWE JSON Serialization and general JWE JSON Serialization are possible.

Note that whitespace is added for readability as described in Section 1.1.

Note that whitespace is added for readability as described in Section 1.1.

5.12.1. Input Factors

5.12.1. Input Factors

The following are supplied before beginning the encryption process:

The following are supplied before beginning the encryption process:

  • Plaintext content; this example uses the content from Figure 72.
  • Plaintext content; this example uses the content from Figure 72.
  • Recipient encryption key; this example uses the key from Figure 151.
  • Recipient encryption key; this example uses the key from Figure 151.
  • Key encryption algorithm; this example uses "A128KW".
  • Key encryption algorithm; this example uses "A128KW".
  • Content encryption algorithm; this example uses "A128GCM".
  • Content encryption algorithm; this example uses "A128GCM".

5.12.2. Generated Factors

5.12.2. Generated Factors

The following are generated before encrypting:

The following are generated before encrypting:

  • AES symmetric key as the Content Encryption Key; this example the key from Figure 194.
  • AES symmetric key as the Content Encryption Key; this example the key from Figure 194.
  • Initialization Vector; this example uses the Initialization Vector from Figure 195.
  • Initialization Vector; this example uses the Initialization Vector from Figure 195.

KBooAFl30QPV3vkcZlXnzQ
Figure 194: Content Encryption Key, base64url-encoded 

KBooAFl30QPV3vkcZlXnzQ
Figure 194: Content Encryption Key, base64url-encoded 

YihBoVOGsR1l7jCD
Figure 195: Initialization Vector, base64url-encoded 

YihBoVOGsR1l7jCD
Figure 195: Initialization Vector, base64url-encoded

5.12.3. Encrypting the Key

5.12.3. Encrypting the Key

Performing the key encryption operation over the CEK (Figure 194) with the AES symmetric key (Figure 151) produces the following Encrypted Key:

Performing the key encryption operation over the CEK (Figure 194) with the AES symmetric key (Figure 151) produces the following Encrypted Key:

244YHfO_W7RMpQW81UjQrZcq5LSyqiPv
Figure 196: Encrypted Key, base64url-encoded 

244YHfO_W7RMpQW81UjQrZcq5LSyqiPv
Figure 196: Encrypted Key, base64url-encoded

5.12.4. Encrypting the Content

5.12.4. Encrypting the Content

Performing the content encryption operation over the Plaintext (Figure 72) using the following:

Performing the content encryption operation over the Plaintext (Figure 72) using the following:

  • CEK (Figure 194);
  • CEK (Figure 194);
  • Initialization Vector (Figure 195); and
  • Initialization Vector (Figure 195); and
  • Empty string as authenticated data
  • Empty string as authenticated data

produces the following:

produces the following:

  • Ciphertext from Figure 197.
  • Ciphertext from Figure 197.
  • Authentication Tag from Figure 198.
  • Authentication Tag from Figure 198.

qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-arsVCPaIeFwQfzrSS
6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHFSP3eqQPb4Ic1SDSqyXjw_L3
svybhHYUGyQuTmUQEDjgjJfBOifwHIsDsRPeBz1NomqeifVPq5GTCWFo5k_MNI
QURR2Wj0AHC2k7JZfu2iWjUHLF8ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISO
a6O73yPZtL04k_1FI7WDfrb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z
4KX9lfz1cne31N4-8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF
Figure 197: Ciphertext, base64url-encoded 

qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-arsVCPaIeFwQfzrSS
6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHFSP3eqQPb4Ic1SDSqyXjw_L3
svybhHYUGyQuTmUQEDjgjJfBOifwHIsDsRPeBz1NomqeifVPq5GTCWFo5k_MNI
QURR2Wj0AHC2k7JZfu2iWjUHLF8ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISO
a6O73yPZtL04k_1FI7WDfrb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z
4KX9lfz1cne31N4-8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF
Figure 197: Ciphertext, base64url-encoded 

e2m0Vm7JvjK2VpCKXS-kyg
Figure 198: Authentication Tag, base64url-encoded 

e2m0Vm7JvjK2VpCKXS-kyg
Figure 198: Authentication Tag, base64url-encoded

5.12.5. Output Results

5.12.5. Output Results

The JWE Compact Serialization is not presented because it does not support this use case.

The JWE Compact Serialization is not presented because it does not support this use case.

The following JWE Shared Unprotected Header is generated before assembling the output results:

The following JWE Shared Unprotected Header is generated before assembling the output results:

{
  "alg": "A128KW",
  "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
  "enc": "A128GCM"
}
Figure 199: JWE Shared Unprotected Header JSON 

{
  "alg": "A128KW",
  "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
  "enc": "A128GCM"
}
Figure 199: JWE Shared Unprotected Header JSON

The following compose the resulting JWE object:

The following compose the resulting JWE object:

  • JWE Shared Unprotected Header (Figure 199)
  • JWE Shared Unprotected Header (Figure 199)
  • Encrypted Key (Figure 196)
  • Encrypted Key (Figure 196)
  • Initialization Vector (Figure 195)
  • Initialization Vector (Figure 195)
  • Ciphertext (Figure 197)
  • Ciphertext (Figure 197)
  • Authentication Tag (Figure 198) The resulting JWE object using the general JWE JSON Serialization:
  • Authentication Tag (Figure 198) The resulting JWE object using the general JWE JSON Serialization:

{
  "recipients": [
    {
      "encrypted_key": "244YHfO_W7RMpQW81UjQrZcq5LSyqiPv"
    }
  ],
  "unprotected": {
    "alg": "A128KW",
    "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
    "enc": "A128GCM"
  },
  "iv": "YihBoVOGsR1l7jCD",
  "ciphertext": "qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-
      arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHF
      SP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDs
      RPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8
      ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDf
      rb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4
      -8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF",
  "tag": "e2m0Vm7JvjK2VpCKXS-kyg"
}
Figure 200: General JWE JSON Serialization 

{
  "recipients": [
    {
      "encrypted_key": "244YHfO_W7RMpQW81UjQrZcq5LSyqiPv"
    }
  ],
  "unprotected": {
    "alg": "A128KW",
    "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
    "enc": "A128GCM"
  },
  "iv": "YihBoVOGsR1l7jCD",
  "ciphertext": "qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-
      arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHF
      SP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDs
      RPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8
      ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDf
      rb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4
      -8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF",
  "tag": "e2m0Vm7JvjK2VpCKXS-kyg"
}
Figure 200: General JWE JSON Serialization

The resulting JWE object using the flattened JWE JSON Serialization:

The resulting JWE object using the flattened JWE JSON Serialization:

{
  "unprotected": {
    "alg": "A128KW",
    "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
    "enc": "A128GCM"
  },
  "encrypted_key": "244YHfO_W7RMpQW81UjQrZcq5LSyqiPv",
  "iv": "YihBoVOGsR1l7jCD",
  "ciphertext": "qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-
      arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHF
      SP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDs
      RPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8
      ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDf
      rb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4
      -8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF",
  "tag": "e2m0Vm7JvjK2VpCKXS-kyg"
}
Figure 201: Flattened JWE JSON Serialization 

{
  "unprotected": {
    "alg": "A128KW",
    "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
    "enc": "A128GCM"
  },
  "encrypted_key": "244YHfO_W7RMpQW81UjQrZcq5LSyqiPv",
  "iv": "YihBoVOGsR1l7jCD",
  "ciphertext": "qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-
      arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHF
      SP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDs
      RPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8
      ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDf
      rb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4
      -8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF",
  "tag": "e2m0Vm7JvjK2VpCKXS-kyg"
}
Figure 201: Flattened JWE JSON Serialization

5.13. Encrypting to Multiple Recipients

5.13. Encrypting to Multiple Recipients

This example illustrates encryption content for multiple recipients. As this example has multiple recipients, only the general JWE JSON Serialization is possible.

This example illustrates encryption content for multiple recipients. As this example has multiple recipients, only the general JWE JSON Serialization is possible.

Note that RSAES-PKCS1-v1_5 uses random data to generate the ciphertext; it might not be possible to exactly replicate the results in this section.

Note that RSAES-PKCS1-v1_5 uses random data to generate the ciphertext; it might not be possible to exactly replicate the results in this section.

Note that whitespace is added for readability as described in Section 1.1.

Note that whitespace is added for readability as described in Section 1.1.

5.13.1. Input Factors

5.13.1. Input Factors

The following are supplied before beginning the encryption process:

The following are supplied before beginning the encryption process:

  • Plaintext content; this example uses the Plaintext from Figure 72.
  • Plaintext content; this example uses the Plaintext from Figure 72.
  • Recipient keys; this example uses the following:
  • Recipient keys; this example uses the following:

   *  The RSA public key from Figure 73 for the first recipient.


   *  The RSA public key from Figure 73 for the first recipient.


   *  The EC public key from Figure 108 for the second recipient.


   *  The EC public key from Figure 108 for the second recipient.


   *  The AES symmetric key from Figure 138 for the third recipient.


   *  The AES symmetric key from Figure 138 for the third recipient.

  • Key encryption algorithms; this example uses the following:
  • Key encryption algorithms; this example uses the following:

   *  "RSA1_5" for the first recipient.


   *  "RSA1_5" for the first recipient.


   *  "ECDH-ES+A256KW" for the second recipient.


   *  "ECDH-ES+A256KW" for the second recipient.


   *  "A256GCMKW" for the third recipient.


   *  "A256GCMKW" for the third recipient.

  • Content encryption algorithm; this example uses "A128CBC-HS256".
  • Content encryption algorithm; this example uses "A128CBC-HS256".

5.13.2. Generated Factors

5.13.2. Generated Factors

The following are generated before encrypting:

The following are generated before encrypting:

  • AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 202.
  • AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 202.
  • Initialization Vector; this example uses the Initialization Vector from Figure 203.
  • Initialization Vector; this example uses the Initialization Vector from Figure 203.

zXayeJ4gvm8NJr3IUInyokTUO-LbQNKEhe_zWlYbdpQ

zXayeJ4gvm8NJr3IUInyokTUO-LbQNKEhe_zWlYbdpQ
Figure 202: Content Encryption Key, base64url-encoded
Figure 202: Content Encryption Key, base64url-encoded

VgEIHY20EnzUtZFl2RpB1g

VgEIHY20EnzUtZFl2RpB1g
Figure 203: Initialization Vector, base64url-encoded
Figure 203: Initialization Vector, base64url-encoded

5.13.3. Encrypting the Key to the First Recipient

5.13.3. Encrypting the Key to the First Recipient

Performing the "RSA1_5" key encryption operation over the CEK (Figure 202) with the first recipient's RSA key (Figure 73) produces the following Encrypted Key:

Performing the "RSA1_5" key encryption operation over the CEK (Figure 202) with the first recipient's RSA key (Figure 73) produces the following Encrypted Key:

dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zjwj4w6Y5G4XJQsNNIBiqyvUUA
OcpL7S7-cFe7Pio7gV_Q06WmCSa-vhW6me4bWrBf7cHwEQJdXihidAYWVajJIa
KMXMvFRMV6iDlRr076DFthg2_AV0_tSiV6xSEIFqt1xnYPpmP91tc5WJDOGb-w
qjw0-b-S1laS11QVbuP78dQ7Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbeYS
rRicJK5xodvWgkpIdkMHo4LvdhRRvzoKzlic89jFWPlnBq_V4n5trGuExtp_-d
bHcGlihqc_wGgho9fLMK8JOArYLcMDNQ
Figure 204: Recipient #1 Encrypted Key, base64url-encoded 

dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zjwj4w6Y5G4XJQsNNIBiqyvUUA
OcpL7S7-cFe7Pio7gV_Q06WmCSa-vhW6me4bWrBf7cHwEQJdXihidAYWVajJIa
KMXMvFRMV6iDlRr076DFthg2_AV0_tSiV6xSEIFqt1xnYPpmP91tc5WJDOGb-w
qjw0-b-S1laS11QVbuP78dQ7Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbeYS
rRicJK5xodvWgkpIdkMHo4LvdhRRvzoKzlic89jFWPlnBq_V4n5trGuExtp_-d
bHcGlihqc_wGgho9fLMK8JOArYLcMDNQ
Figure 204: Recipient #1 Encrypted Key, base64url-encoded

The following is generated after encrypting the CEK for the first recipient:

The following is generated after encrypting the CEK for the first recipient:

  • Recipient JWE Unprotected Header from Figure 205.
  • Recipient JWE Unprotected Header from Figure 205.

{ "alg": "RSA1_5", "kid": "frodo.baggins@hobbiton.example" }

{ "alg": "RSA1_5", "kid": "frodo.baggins@hobbiton.example" }

Figure 205: Recipient #1 JWE Per-Recipient Unprotected Header JSON

Figure 205: Recipient #1 JWE Per-Recipient Unprotected Header JSON

The following is the assembled first recipient JSON:

The following is the assembled first recipient JSON:

{
  "encrypted_key": "dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zjwj4w
      6Y5G4XJQsNNIBiqyvUUAOcpL7S7-cFe7Pio7gV_Q06WmCSa-vhW6me4b
      WrBf7cHwEQJdXihidAYWVajJIaKMXMvFRMV6iDlRr076DFthg2_AV0_t
      SiV6xSEIFqt1xnYPpmP91tc5WJDOGb-wqjw0-b-S1laS11QVbuP78dQ7
      Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbeYSrRicJK5xodvWgkpIdk
      MHo4LvdhRRvzoKzlic89jFWPlnBq_V4n5trGuExtp_-dbHcGlihqc_wG
      gho9fLMK8JOArYLcMDNQ",
  "header": {
    "alg": "RSA1_5",
    "kid": "frodo.baggins@hobbiton.example"
  }
}
Figure 206: Recipient #1 JSON 

{
  "encrypted_key": "dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zjwj4w
      6Y5G4XJQsNNIBiqyvUUAOcpL7S7-cFe7Pio7gV_Q06WmCSa-vhW6me4b
      WrBf7cHwEQJdXihidAYWVajJIaKMXMvFRMV6iDlRr076DFthg2_AV0_t
      SiV6xSEIFqt1xnYPpmP91tc5WJDOGb-wqjw0-b-S1laS11QVbuP78dQ7
      Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbeYSrRicJK5xodvWgkpIdk
      MHo4LvdhRRvzoKzlic89jFWPlnBq_V4n5trGuExtp_-dbHcGlihqc_wG
      gho9fLMK8JOArYLcMDNQ",
  "header": {
    "alg": "RSA1_5",
    "kid": "frodo.baggins@hobbiton.example"
  }
}
Figure 206: Recipient #1 JSON

5.13.4. Encrypting the Key to the Second Recipient

5.13.4. Encrypting the Key to the Second Recipient

The following is generated before encrypting the CEK for the second recipient:

The following is generated before encrypting the CEK for the second recipient:

  • Ephemeral EC private key on the same curve as the EC public key; this example uses the private key from Figure 207.
  • Ephemeral EC private key on the same curve as the EC public key; this example uses the private key from Figure 207.

{
  "kty": "EC",
  "crv": "P-384",
  "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xAn2Dt
      MRb25Ma2CX",
  "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pOMbw9
      1fzZ84pbfm",
  "d": "1DKHfTv-PiifVw2VBHM_ZiVcwOMxkOyANS_lQHJcrDxVY3jhVCvZPw
      MxJKIE793C"
}
Figure 207: Ephemeral Private Key for Recipient #2, in JWK Format 

{
  "kty": "EC",
  "crv": "P-384",
  "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xAn2Dt
      MRb25Ma2CX",
  "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pOMbw9
      1fzZ84pbfm",
  "d": "1DKHfTv-PiifVw2VBHM_ZiVcwOMxkOyANS_lQHJcrDxVY3jhVCvZPw
      MxJKIE793C"
}
Figure 207: Ephemeral Private Key for Recipient #2, in JWK Format

Performing the "ECDH-ES+A256KW" key encryption operation over the CEK (Figure 202) with the following:

Performing the "ECDH-ES+A256KW" key encryption operation over the CEK (Figure 202) with the following:

  • Static Elliptic Curve public key (Figure 108).
  • Static Elliptic Curve public key (Figure 108).
  • Ephemeral Elliptic Curve private key (Figure 207).
  • Ephemeral Elliptic Curve private key (Figure 207).

produces the following Encrypted Key:

produces the following Encrypted Key:

ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHixJuw_elY4gSSId_w
Figure 208: Recipient #2 Encrypted Key, base64url-encoded 

ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHixJuw_elY4gSSId_w
Figure 208: Recipient #2 Encrypted Key, base64url-encoded

The following is generated after encrypting the CEK for the second recipient:

The following is generated after encrypting the CEK for the second recipient:

  • Recipient JWE Unprotected Header from Figure 209.
  • Recipient JWE Unprotected Header from Figure 209.

{
  "alg": "ECDH-ES+A256KW",
  "kid": "peregrin.took@tuckborough.example",
  "epk": {
    "kty": "EC",
    "crv": "P-384",
    "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xAn2
        DtMRb25Ma2CX",
    "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pOMb
        w91fzZ84pbfm"
  }
}
Figure 209: Recipient #2 JWE Per-Recipient Unprotected Header JSON 

{
  "alg": "ECDH-ES+A256KW",
  "kid": "peregrin.took@tuckborough.example",
  "epk": {
    "kty": "EC",
    "crv": "P-384",
    "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xAn2
        DtMRb25Ma2CX",
    "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pOMb
        w91fzZ84pbfm"
  }
}
Figure 209: Recipient #2 JWE Per-Recipient Unprotected Header JSON

The following is the assembled second recipient JSON:

The following is the assembled second recipient JSON:

{
  "encrypted_key": "ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHixJuw
      _elY4gSSId_w",
  "header": {
    "alg": "ECDH-ES+A256KW",
    "kid": "peregrin.took@tuckborough.example",
    "epk": {
      "kty": "EC",
      "crv": "P-384",
      "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xA
          n2DtMRb25Ma2CX",
      "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pO
          Mbw91fzZ84pbfm"
    }
  }
}
Figure 210: Recipient #2 JSON 

{
  "encrypted_key": "ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHixJuw
      _elY4gSSId_w",
  "header": {
    "alg": "ECDH-ES+A256KW",
    "kid": "peregrin.took@tuckborough.example",
    "epk": {
      "kty": "EC",
      "crv": "P-384",
      "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xA
          n2DtMRb25Ma2CX",
      "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pO
          Mbw91fzZ84pbfm"
    }
  }
}
Figure 210: Recipient #2 JSON

5.13.5. Encrypting the Key to the Third Recipient

5.13.5. Encrypting the Key to the Third Recipient

The following is generated before encrypting the CEK for the third recipient:

The following is generated before encrypting the CEK for the third recipient:

  • Initialization Vector for key wrapping; this example uses the Initialization Vector from Figure 211.
  • Initialization Vector for key wrapping; this example uses the Initialization Vector from Figure 211.

AvpeoPZ9Ncn9mkBn
Figure 211: Recipient #2 Initialization Vector for Key Wrapping, base64url-encoded 

AvpeoPZ9Ncn9mkBn
Figure 211: Recipient #2 Initialization Vector for Key Wrapping, base64url-encoded

Performing the "A256GCMKW" key encryption operation over the CEK (Figure 202) with the following:

Performing the "A256GCMKW" key encryption operation over the CEK (Figure 202) with the following:

  • AES symmetric key (Figure 138); and
  • AES symmetric key (Figure 138); and
  • Initialization Vector (Figure 211)
  • Initialization Vector (Figure 211)

produces the following:

produces the following:

  • Encrypted Key from Figure 212.
  • Encrypted Key from Figure 212.
  • Authentication Tag from Figure 213.
  • Authentication Tag from Figure 213.

a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-WyTpS1E

a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-WyTpS1E
Figure 212: Recipient #3 Encrypted Key, base64url-encoded
Figure 212: Recipient #3 Encrypted Key, base64url-encoded 

59Nqh1LlYtVIhfD3pgRGvw
Figure 213: Recipient #3 Authentication Tag from Key Wrapping, base64url-encoded 

59Nqh1LlYtVIhfD3pgRGvw
Figure 213: Recipient #3 Authentication Tag from Key Wrapping, base64url-encoded

The following is generated after encrypting the CEK for the third recipient:

The following is generated after encrypting the CEK for the third recipient:

  • Recipient JWE Unprotected Header; this example uses the header from Figure 214.
  • Recipient JWE Unprotected Header; this example uses the header from Figure 214.

{
  "alg": "A256GCMKW",
  "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
  "tag": "59Nqh1LlYtVIhfD3pgRGvw",
  "iv": "AvpeoPZ9Ncn9mkBn"
}
Figure 214: Recipient #3 JWE Per-Recipient Unprotected Header JSON 

{
  "alg": "A256GCMKW",
  "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
  "tag": "59Nqh1LlYtVIhfD3pgRGvw",
  "iv": "AvpeoPZ9Ncn9mkBn"
}
Figure 214: Recipient #3 JWE Per-Recipient Unprotected Header JSON

The following is the assembled third recipient JSON:

The following is the assembled third recipient JSON:

{
  "encrypted_key": "a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-WyTpS1
      E",
  "header": {
    "alg": "A256GCMKW",
    "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
    "tag": "59Nqh1LlYtVIhfD3pgRGvw",
    "iv": "AvpeoPZ9Ncn9mkBn"
  }
}
Figure 215: Recipient #3 JSON 

{
  "encrypted_key": "a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-WyTpS1
      E",
  "header": {
    "alg": "A256GCMKW",
    "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
    "tag": "59Nqh1LlYtVIhfD3pgRGvw",
    "iv": "AvpeoPZ9Ncn9mkBn"
  }
}
Figure 215: Recipient #3 JSON

5.13.6. Encrypting the Content

5.13.6. Encrypting the Content

The following is generated before encrypting the content:

The following is generated before encrypting the content:

  • JWE Protected Header; this example uses the header from Figure 216, encoded to base64url [RFC4648] as Figure 217.
  • JWE Protected Header; this example uses the header from Figure 216, encoded to base64url [RFC4648] as Figure 217.

{
  "enc": "A128CBC-HS256"
}
Figure 216: JWE Protected Header JSON 

{
  "enc": "A128CBC-HS256"
}
Figure 216: JWE Protected Header JSON 

eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0
Figure 217: JWE Protected Header, base64url-encoded 

eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0
Figure 217: JWE Protected Header, base64url-encoded

Performing the content encryption operation over the Plaintext (Figure 72) with the following:

Performing the content encryption operation over the Plaintext (Figure 72) with the following:

  • CEK (Figure 202),
  • CEK (Figure 202),
  • Initialization Vector (Figure 203), and
  • Initialization Vector (Figure 203), and
  • JWE Protected Header (Figure 217) as the authenticated data
  • JWE Protected Header (Figure 217) as the authenticated data

produces the following:

produces the following:

  • Ciphertext from Figure 218.
  • Ciphertext from Figure 218.
  • Authentication Tag from Figure 219.
  • Authentication Tag from Figure 219.

ajm2Q-OpPXCr7-MHXicknb1lsxLdXxK_yLds0KuhJzfWK04SjdxQeSw2L9mu3a
_k1C55kCQ_3xlkcVKC5yr__Is48VOoK0k63_QRM9tBURMFqLByJ8vOYQX0oJW4
VUHJLmGhF-tVQWB7Kz8mr8zeE7txF0MSaP6ga7-siYxStR7_G07Thd1jh-zGT0
wxM5g-VRORtq0K6AXpLlwEqRp7pkt2zRM0ZAXqSpe1O6FJ7FHLDyEFnD-zDIZu
kLpCbzhzMDLLw2-8I14FQrgi-iEuzHgIJFIJn2wh9Tj0cg_kOZy9BqMRZbmYXM
Y9YQjorZ_P_JYG3ARAIF3OjDNqpdYe-K_5Q5crGJSDNyij_ygEiItR5jssQVH2
ofDQdLChtazE
Figure 218: Ciphertext, base64url-encoded 

ajm2Q-OpPXCr7-MHXicknb1lsxLdXxK_yLds0KuhJzfWK04SjdxQeSw2L9mu3a
_k1C55kCQ_3xlkcVKC5yr__Is48VOoK0k63_QRM9tBURMFqLByJ8vOYQX0oJW4
VUHJLmGhF-tVQWB7Kz8mr8zeE7txF0MSaP6ga7-siYxStR7_G07Thd1jh-zGT0
wxM5g-VRORtq0K6AXpLlwEqRp7pkt2zRM0ZAXqSpe1O6FJ7FHLDyEFnD-zDIZu
kLpCbzhzMDLLw2-8I14FQrgi-iEuzHgIJFIJn2wh9Tj0cg_kOZy9BqMRZbmYXM
Y9YQjorZ_P_JYG3ARAIF3OjDNqpdYe-K_5Q5crGJSDNyij_ygEiItR5jssQVH2
ofDQdLChtazE
Figure 218: Ciphertext, base64url-encoded 

BESYyFN7T09KY7i8zKs5_g
Figure 219: Authentication Tag, base64url-encoded 

BESYyFN7T09KY7i8zKs5_g
Figure 219: Authentication Tag, base64url-encoded

The following is generated after encrypting the Plaintext:

The following is generated after encrypting the Plaintext:

  • JWE Shared Unprotected Header parameters; this example uses the header from Figure 220.
  • JWE Shared Unprotected Header parameters; this example uses the header from Figure 220.

{
  "cty": "text/plain"
}
Figure 220: JWE Shared Unprotected Header JSON 

{
  "cty": "text/plain"
}
Figure 220: JWE Shared Unprotected Header JSON

5.13.7. Output Results

5.13.7. Output Results

The following compose the resulting JWE object:

The following compose the resulting JWE object:

  • Recipient #1 JSON (Figure 206)
  • Recipient #1 JSON (Figure 206)
  • Recipient #2 JSON (Figure 210)
  • Recipient #2 JSON (Figure 210)
  • Recipient #3 JSON (Figure 215)
  • Recipient #3 JSON (Figure 215)
  • Initialization Vector (Figure 203)
  • Initialization Vector (Figure 203)
  • Ciphertext (Figure 218)
  • Ciphertext (Figure 218)
  • Authentication Tag (Figure 219)
  • Authentication Tag (Figure 219)

The JWE Compact Serialization is not presented because it does not support this use case; the flattened JWE JSON Serialization is not presented because there is more than one recipient.

The JWE Compact Serialization is not presented because it does not support this use case; the flattened JWE JSON Serialization is not presented because there is more than one recipient.

The resulting JWE object using the general JWE JSON Serialization:

The resulting JWE object using the general JWE JSON Serialization:

{
  "recipients": [
    {
      "encrypted_key": "dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zj
          wj4w6Y5G4XJQsNNIBiqyvUUAOcpL7S7-cFe7Pio7gV_Q06WmCSa-
          vhW6me4bWrBf7cHwEQJdXihidAYWVajJIaKMXMvFRMV6iDlRr076
          DFthg2_AV0_tSiV6xSEIFqt1xnYPpmP91tc5WJDOGb-wqjw0-b-S
          1laS11QVbuP78dQ7Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbe
          YSrRicJK5xodvWgkpIdkMHo4LvdhRRvzoKzlic89jFWPlnBq_V4n
          5trGuExtp_-dbHcGlihqc_wGgho9fLMK8JOArYLcMDNQ",
      "header": {
        "alg": "RSA1_5",
        "kid": "frodo.baggins@hobbiton.example"
      }
    },
    {
      "encrypted_key": "ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHi
          xJuw_elY4gSSId_w",
      "header": {
        "alg": "ECDH-ES+A256KW",
        "kid": "peregrin.took@tuckborough.example",
        "epk": {
          "kty": "EC",
          "crv": "P-384",
          "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhs
              E2xAn2DtMRb25Ma2CX",
          "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEj
              I1pOMbw91fzZ84pbfm"
        }
      }
    },
    {
      "encrypted_key": "a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-Wy
          TpS1E",
      "header": {
        "alg": "A256GCMKW",
        "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
        "tag": "59Nqh1LlYtVIhfD3pgRGvw",
        "iv": "AvpeoPZ9Ncn9mkBn"
      }
    }
  ],
  "unprotected": {
    "cty": "text/plain"
  },
  "protected": "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
  "iv": "VgEIHY20EnzUtZFl2RpB1g",
  "ciphertext": "ajm2Q-OpPXCr7-MHXicknb1lsxLdXxK_yLds0KuhJzfWK
      04SjdxQeSw2L9mu3a_k1C55kCQ_3xlkcVKC5yr__Is48VOoK0k63_QRM
      9tBURMFqLByJ8vOYQX0oJW4VUHJLmGhF-tVQWB7Kz8mr8zeE7txF0MSa
      P6ga7-siYxStR7_G07Thd1jh-zGT0wxM5g-VRORtq0K6AXpLlwEqRp7p
      kt2zRM0ZAXqSpe1O6FJ7FHLDyEFnD-zDIZukLpCbzhzMDLLw2-8I14FQ
      rgi-iEuzHgIJFIJn2wh9Tj0cg_kOZy9BqMRZbmYXMY9YQjorZ_P_JYG3
      ARAIF3OjDNqpdYe-K_5Q5crGJSDNyij_ygEiItR5jssQVH2ofDQdLCht
      azE",
  "tag": "BESYyFN7T09KY7i8zKs5_g"
}
Figure 221: General JWE JSON Serialization 

{
  "recipients": [
    {
      "encrypted_key": "dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zj
          wj4w6Y5G4XJQsNNIBiqyvUUAOcpL7S7-cFe7Pio7gV_Q06WmCSa-
          vhW6me4bWrBf7cHwEQJdXihidAYWVajJIaKMXMvFRMV6iDlRr076
          DFthg2_AV0_tSiV6xSEIFqt1xnYPpmP91tc5WJDOGb-wqjw0-b-S
          1laS11QVbuP78dQ7Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbe
          YSrRicJK5xodvWgkpIdkMHo4LvdhRRvzoKzlic89jFWPlnBq_V4n
          5trGuExtp_-dbHcGlihqc_wGgho9fLMK8JOArYLcMDNQ",
      "header": {
        "alg": "RSA1_5",
        "kid": "frodo.baggins@hobbiton.example"
      }
    },
    {
      "encrypted_key": "ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHi
          xJuw_elY4gSSId_w",
      "header": {
        "alg": "ECDH-ES+A256KW",
        "kid": "peregrin.took@tuckborough.example",
        "epk": {
          "kty": "EC",
          "crv": "P-384",
          "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhs
              E2xAn2DtMRb25Ma2CX",
          "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEj
              I1pOMbw91fzZ84pbfm"
        }
      }
    },
    {
      "encrypted_key": "a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-Wy
          TpS1E",
      "header": {
        "alg": "A256GCMKW",
        "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
        "tag": "59Nqh1LlYtVIhfD3pgRGvw",
        "iv": "AvpeoPZ9Ncn9mkBn"
      }
    }
  ],
  "unprotected": {
    "cty": "text/plain"
  },
  "protected": "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
  "iv": "VgEIHY20EnzUtZFl2RpB1g",
  "ciphertext": "ajm2Q-OpPXCr7-MHXicknb1lsxLdXxK_yLds0KuhJzfWK
      04SjdxQeSw2L9mu3a_k1C55kCQ_3xlkcVKC5yr__Is48VOoK0k63_QRM
      9tBURMFqLByJ8vOYQX0oJW4VUHJLmGhF-tVQWB7Kz8mr8zeE7txF0MSa
      P6ga7-siYxStR7_G07Thd1jh-zGT0wxM5g-VRORtq0K6AXpLlwEqRp7p
      kt2zRM0ZAXqSpe1O6FJ7FHLDyEFnD-zDIZukLpCbzhzMDLLw2-8I14FQ
      rgi-iEuzHgIJFIJn2wh9Tj0cg_kOZy9BqMRZbmYXMY9YQjorZ_P_JYG3
      ARAIF3OjDNqpdYe-K_5Q5crGJSDNyij_ygEiItR5jssQVH2ofDQdLCht
      azE",
  "tag": "BESYyFN7T09KY7i8zKs5_g"
}
Figure 221: General JWE JSON Serialization

6. Nesting Signatures and Encryption

6. Nesting Signatures and Encryption

This example illustrates nesting a JSON Web Signature (JWS) structure within a JSON Web Encryption (JWE) structure. The signature uses the "PS256" (RSASSA-PSS) algorithm; the encryption uses the "RSA-OAEP" (RSAES-OAEP) key encryption algorithm and the "A128GCM" (AES-GCM) content encryption algorithm.

This example illustrates nesting a JSON Web Signature (JWS) structure within a JSON Web Encryption (JWE) structure. The signature uses the "PS256" (RSASSA-PSS) algorithm; the encryption uses the "RSA-OAEP" (RSAES-OAEP) key encryption algorithm and the "A128GCM" (AES-GCM) content encryption algorithm.

Note that RSASSA-PSS uses random data to generate the signature, and RSAES-OAEP uses random data to generate the ciphertext; it might not be possible to exactly replicate the results in this section.

Note that RSASSA-PSS uses random data to generate the signature, and RSAES-OAEP uses random data to generate the ciphertext; it might not be possible to exactly replicate the results in this section.

Note that whitespace is added for readability as described in Section 1.1.

Note that whitespace is added for readability as described in Section 1.1.

6.1. Signing Input Factors

6.1. Signing Input Factors

The following are supplied before beginning the signing operation:

The following are supplied before beginning the signing operation:

  • Payload content; this example uses the JSON Web Token [JWT] content from Figure 222, encoded as base64url [RFC4648] to produce Figure 223.
  • Payload content; this example uses the JSON Web Token [JWT] content from Figure 222, encoded as base64url [RFC4648] to produce Figure 223.
  • RSA private key; this example uses the key from Figure 224.
  • RSA private key; this example uses the key from Figure 224.
  • "alg" parameter of "PS256".
  • "alg" parameter of "PS256".

{
  "iss": "hobbiton.example",
  "exp": 1300819380,
  "http://example.com/is_root": true
}
Figure 222: Payload Content, in JSON Format 

{
  "iss": "hobbiton.example",
  "exp": 1300819380,
  "http://example.com/is_root": true
}
Figure 222: Payload Content, in JSON Format 

eyJpc3MiOiJob2JiaXRvbi5leGFtcGxlIiwiZXhwIjoxMzAwODE5MzgwLCJodH
RwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZX0
Figure 223: Payload Content, base64url-encoded 

eyJpc3MiOiJob2JiaXRvbi5leGFtcGxlIiwiZXhwIjoxMzAwODE5MzgwLCJodH
RwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZX0
Figure 223: Payload Content, base64url-encoded 

{
  "kty": "RSA",
  "kid": "hobbiton.example",
  "use": "sig",
  "n": "kNrPIBDXMU6fcyv5i-QHQAQ-K8gsC3HJb7FYhYaw8hXbNJa-t8q0lD
      KwLZgQXYV-ffWxXJv5GGrlZE4GU52lfMEegTDzYTrRQ3tepgKFjMGg6I
      y6fkl1ZNsx2gEonsnlShfzA9GJwRTmtKPbk1s-hwx1IU5AT-AIelNqBg
      cF2vE5W25_SGGBoaROVdUYxqETDggM1z5cKV4ZjDZ8-lh4oVB07bkac6
      LQdHpJUUySH_Er20DXx30Kyi97PciXKTS-QKXnmm8ivyRCmux22ZoPUi
      nd2BKC5OiG4MwALhaL2Z2k8CsRdfy-7dg7z41Rp6D0ZeEvtaUp4bX4aK
      raL4rTfw",
  "e": "AQAB",
  "d": "ZLe_TIxpE9-W_n2VBa-HWvuYPtjvxwVXClJFOpJsdea8g9RMx34qEO
      EtnoYc2un3CZ3LtJi-mju5RAT8YSc76YJds3ZVw0UiO8mMBeG6-iOnvg
      obobNx7K57-xjTJZU72EjOr9kB7z6ZKwDDq7HFyCDhUEcYcHFVc7iL_6
      TibVhAhOFONWlqlJgEgwVYd0rybNGKifdnpEbwyHoMwY6HM1qvnEFgP7
      iZ0YzHUT535x6jj4VKcdA7ZduFkhUauysySEW7mxZM6fj1vdjJIy9LD1
      fIz30Xv4ckoqhKF5GONU6tNmMmNgAD6gIViyEle1PrIxl1tBhCI14bRW
      -zrpHgAQ",
  "p": "yKWYoNIAqwMRQlgIBOdT1NIcbDNUUs2Rh-pBaxD_mIkweMt4Mg-0-B
      2iSYvMrs8horhonV7vxCQagcBAATGW-hAafUehWjxWSH-3KccRM8toL4
      e0q7M-idRDOBXSoe7Z2-CV2x_ZCY3RP8qp642R13WgXqGDIM4MbUkZSj
      cY9-c",
  "q": "uND4o15V30KDzf8vFJw589p1vlQVQ3NEilrinRUPHkkxaAzDzccGgr
      WMWpGxGFFnNL3w5CqPLeU76-5IVYQq0HwYVl0hVXQHr7sgaGu-483Ad3
      ENcL23FrOnF45m7_2ooAstJDe49MeLTTQKrSIBl_SKvqpYvfSPTczPcZ
      kh9Kk",
  "dp": "jmTnEoq2qqa8ouaymjhJSCnsveUXnMQC2gAneQJRQkFqQu-zV2PKP
      KNbPvKVyiF5b2-L3tM3OW2d2iNDyRUWXlT7V5l0KwPTABSTOnTqAmYCh
      Gi8kXXdlhcrtSvXldBakC6saxwI_TzGGY2MVXzc2ZnCvCXHV4qjSxOrf
      P3pHFU",
  "dq": "R9FUvU88OVzEkTkXl3-5-WusE4DjHmndeZIlu3rifBdfLpq_P-iWP
      BbGaq9wzQ1c-J7SzCdJqkEJDv5yd2C7rnZ6kpzwBh_nmL8zscAk1qsun
      nt9CJGAYz7-sGWy1JGShFazfP52ThB4rlCJ0YuEaQMrIzpY77_oLAhpm
      DA0hLk",
  "qi": "S8tC7ZknW6hPITkjcwttQOPLVmRfwirRlFAViuDb8NW9CrV_7F2Oq
      UZCqmzHTYAumwGFHI1WVRep7anleWaJjxC_1b3fq_al4qH3Pe-EKiHg6
      IMazuRtZLUROcThrExDbF5dYbsciDnfRUWLErZ4N1Be0bnxYuPqxwKd9
      QZwMo0"
}
Figure 224: RSA 2048-Bit Private Key, in JWK Format 

{
  "kty": "RSA",
  "kid": "hobbiton.example",
  "use": "sig",
  "n": "kNrPIBDXMU6fcyv5i-QHQAQ-K8gsC3HJb7FYhYaw8hXbNJa-t8q0lD
      KwLZgQXYV-ffWxXJv5GGrlZE4GU52lfMEegTDzYTrRQ3tepgKFjMGg6I
      y6fkl1ZNsx2gEonsnlShfzA9GJwRTmtKPbk1s-hwx1IU5AT-AIelNqBg
      cF2vE5W25_SGGBoaROVdUYxqETDggM1z5cKV4ZjDZ8-lh4oVB07bkac6
      LQdHpJUUySH_Er20DXx30Kyi97PciXKTS-QKXnmm8ivyRCmux22ZoPUi
      nd2BKC5OiG4MwALhaL2Z2k8CsRdfy-7dg7z41Rp6D0ZeEvtaUp4bX4aK
      raL4rTfw",
  "e": "AQAB",
  "d": "ZLe_TIxpE9-W_n2VBa-HWvuYPtjvxwVXClJFOpJsdea8g9RMx34qEO
      EtnoYc2un3CZ3LtJi-mju5RAT8YSc76YJds3ZVw0UiO8mMBeG6-iOnvg
      obobNx7K57-xjTJZU72EjOr9kB7z6ZKwDDq7HFyCDhUEcYcHFVc7iL_6
      TibVhAhOFONWlqlJgEgwVYd0rybNGKifdnpEbwyHoMwY6HM1qvnEFgP7
      iZ0YzHUT535x6jj4VKcdA7ZduFkhUauysySEW7mxZM6fj1vdjJIy9LD1
      fIz30Xv4ckoqhKF5GONU6tNmMmNgAD6gIViyEle1PrIxl1tBhCI14bRW
      -zrpHgAQ",
  "p": "yKWYoNIAqwMRQlgIBOdT1NIcbDNUUs2Rh-pBaxD_mIkweMt4Mg-0-B
      2iSYvMrs8horhonV7vxCQagcBAATGW-hAafUehWjxWSH-3KccRM8toL4
      e0q7M-idRDOBXSoe7Z2-CV2x_ZCY3RP8qp642R13WgXqGDIM4MbUkZSj
      cY9-c",
  "q": "uND4o15V30KDzf8vFJw589p1vlQVQ3NEilrinRUPHkkxaAzDzccGgr
      WMWpGxGFFnNL3w5CqPLeU76-5IVYQq0HwYVl0hVXQHr7sgaGu-483Ad3
      ENcL23FrOnF45m7_2ooAstJDe49MeLTTQKrSIBl_SKvqpYvfSPTczPcZ
      kh9Kk",
  "dp": "jmTnEoq2qqa8ouaymjhJSCnsveUXnMQC2gAneQJRQkFqQu-zV2PKP
      KNbPvKVyiF5b2-L3tM3OW2d2iNDyRUWXlT7V5l0KwPTABSTOnTqAmYCh
      Gi8kXXdlhcrtSvXldBakC6saxwI_TzGGY2MVXzc2ZnCvCXHV4qjSxOrf
      P3pHFU",
  "dq": "R9FUvU88OVzEkTkXl3-5-WusE4DjHmndeZIlu3rifBdfLpq_P-iWP
      BbGaq9wzQ1c-J7SzCdJqkEJDv5yd2C7rnZ6kpzwBh_nmL8zscAk1qsun
      nt9CJGAYz7-sGWy1JGShFazfP52ThB4rlCJ0YuEaQMrIzpY77_oLAhpm
      DA0hLk",
  "qi": "S8tC7ZknW6hPITkjcwttQOPLVmRfwirRlFAViuDb8NW9CrV_7F2Oq
      UZCqmzHTYAumwGFHI1WVRep7anleWaJjxC_1b3fq_al4qH3Pe-EKiHg6
      IMazuRtZLUROcThrExDbF5dYbsciDnfRUWLErZ4N1Be0bnxYuPqxwKd9
      QZwMo0"
}
Figure 224: RSA 2048-Bit Private Key, in JWK Format

6.2. Signing Operation

6.2. Signing Operation

The following is generated to complete the signing operation:

The following is generated to complete the signing operation:

  • JWS Protected Header; this example uses the header from Figure 225, encoded using base64url [RFC4648] to produce Figure 226.
  • JWS Protected Header; this example uses the header from Figure 225, encoded using base64url [RFC4648] to produce Figure 226.

{
  "alg": "PS256",
  "typ": "JWT"
}
Figure 225: JWS Protected Header JSON 

{
  "alg": "PS256",
  "typ": "JWT"
}
Figure 225: JWS Protected Header JSON 

eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9
Figure 226: JWS Protected Header, base64url-encoded 

eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9
Figure 226: JWS Protected Header, base64url-encoded

Performing the signature operation over the combined JWS Protected Header (Figure 226) and payload content (Figure 222) produces the following signature:

Performing the signature operation over the combined JWS Protected Header (Figure 226) and payload content (Figure 222) produces the following signature:

dPpMqwRZxFYi1UfcDAaf8M99o7kwUWtiXZ-ByvVuJih4MhJ_aZqciprz0OWaIA
kIvn1qskChirjKvY9ESZNUCP4JjvfyPS-nqjJxYoA5ztWOyFk2cZNIPXjcJXSQ
wXPO9tEe-v4VSqgD0aKHqPxYog4N6Cz1lKph1U1sYDSI67_bLL7elg_vkjfMp5
_W5l5LuUYGMeh6hxQIaIUXf9EwV2JmvTMuZ-vBOWy0Sniy1EFo72CRTvmtrIf5
AROo5MNliY3KtUxeP-SOmD-LEYwW9SlkohYzMVAZDDOrVbv7KVRHpeYNaK75KE
QqdCEEkS_rskZS-Qtt_nlegTWh1mEYaA
Figure 227: JWS Signature, base64url-encoded 

dPpMqwRZxFYi1UfcDAaf8M99o7kwUWtiXZ-ByvVuJih4MhJ_aZqciprz0OWaIA
kIvn1qskChirjKvY9ESZNUCP4JjvfyPS-nqjJxYoA5ztWOyFk2cZNIPXjcJXSQ
wXPO9tEe-v4VSqgD0aKHqPxYog4N6Cz1lKph1U1sYDSI67_bLL7elg_vkjfMp5
_W5l5LuUYGMeh6hxQIaIUXf9EwV2JmvTMuZ-vBOWy0Sniy1EFo72CRTvmtrIf5
AROo5MNliY3KtUxeP-SOmD-LEYwW9SlkohYzMVAZDDOrVbv7KVRHpeYNaK75KE
QqdCEEkS_rskZS-Qtt_nlegTWh1mEYaA
Figure 227: JWS Signature, base64url-encoded

6.3. Signing Output

6.3. Signing Output

The following compose the resulting JWS object:

The following compose the resulting JWS object:

  • JWS Protected Header (Figure 226)
  • JWS Protected Header (Figure 226)
  • Payload content (Figure 223)
  • Payload content (Figure 223)
  • Signature (Figure 227) The resulting JWS object using the JWS Compact Serialization (which is the plaintext input to the following encryption operation):
  • Signature (Figure 227) The resulting JWS object using the JWS Compact Serialization (which is the plaintext input to the following encryption operation):

eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9
.
eyJpc3MiOiJob2JiaXRvbi5leGFtcGxlIiwiZXhwIjoxMzAwODE5MzgwLCJodH
RwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZX0
.
dPpMqwRZxFYi1UfcDAaf8M99o7kwUWtiXZ-ByvVuJih4MhJ_aZqciprz0OWaIA
kIvn1qskChirjKvY9ESZNUCP4JjvfyPS-nqjJxYoA5ztWOyFk2cZNIPXjcJXSQ
wXPO9tEe-v4VSqgD0aKHqPxYog4N6Cz1lKph1U1sYDSI67_bLL7elg_vkjfMp5
_W5l5LuUYGMeh6hxQIaIUXf9EwV2JmvTMuZ-vBOWy0Sniy1EFo72CRTvmtrIf5
AROo5MNliY3KtUxeP-SOmD-LEYwW9SlkohYzMVAZDDOrVbv7KVRHpeYNaK75KE
QqdCEEkS_rskZS-Qtt_nlegTWh1mEYaA
Figure 228: JWS Compact Serialization 

eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9
.
eyJpc3MiOiJob2JiaXRvbi5leGFtcGxlIiwiZXhwIjoxMzAwODE5MzgwLCJodH
RwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZX0
.
dPpMqwRZxFYi1UfcDAaf8M99o7kwUWtiXZ-ByvVuJih4MhJ_aZqciprz0OWaIA
kIvn1qskChirjKvY9ESZNUCP4JjvfyPS-nqjJxYoA5ztWOyFk2cZNIPXjcJXSQ
wXPO9tEe-v4VSqgD0aKHqPxYog4N6Cz1lKph1U1sYDSI67_bLL7elg_vkjfMp5
_W5l5LuUYGMeh6hxQIaIUXf9EwV2JmvTMuZ-vBOWy0Sniy1EFo72CRTvmtrIf5
AROo5MNliY3KtUxeP-SOmD-LEYwW9SlkohYzMVAZDDOrVbv7KVRHpeYNaK75KE
QqdCEEkS_rskZS-Qtt_nlegTWh1mEYaA
Figure 228: JWS Compact Serialization

6.4. Encryption Input Factors

6.4. Encryption Input Factors

The following are supplied before beginning the encryption process:

The following are supplied before beginning the encryption process:

  • Plaintext content; this example uses the content from Figure 228.
  • Plaintext content; this example uses the content from Figure 228.
  • RSA public key; this example uses the key from Figure 84.
  • RSA public key; this example uses the key from Figure 84.
  • "alg" parameter of "RSA-OAEP".
  • "alg" parameter of "RSA-OAEP".
  • "enc" parameter of "A128GCM".
  • "enc" parameter of "A128GCM".

6.5. Encryption Generated Factors

6.5. Encryption Generated Factors

The following are generated before encrypting:

The following are generated before encrypting:

  • AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 229.
  • AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 229.
  • Initialization Vector; this example uses the Initialization Vector from Figure 230.
  • Initialization Vector; this example uses the Initialization Vector from Figure 230.

0RHSNYwN-6-2QBGsYTZLSQ
Figure 229: Content Encryption Key, base64url-encoded 

0RHSNYwN-6-2QBGsYTZLSQ
Figure 229: Content Encryption Key, base64url-encoded 

GbX1i9kXz0sxXPmA
Figure 230: Initialization Vector, base64url-encoded 

GbX1i9kXz0sxXPmA
Figure 230: Initialization Vector, base64url-encoded

6.6. Encrypting the Key

6.6. Encrypting the Key

Performing the key encryption operation over the CEK (Figure 229) with the RSA key (Figure 84) produces the following Encrypted Key:

Performing the key encryption operation over the CEK (Figure 229) with the RSA key (Figure 84) produces the following Encrypted Key:

a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurCyrBg3I7YhCRYjphDOOS4
E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4g
zMedpiJHQVeyI-zkZV7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21
O0ul4YxSHV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5I
R7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDU
F_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-I
apSjVFnMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ
a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAa
mBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp
ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDhi1smxS_X_x
pkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_GnVrNwlK7Lgxw6FSQvDO
0
Figure 231: Encrypted Key, base64url-encoded 

a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurCyrBg3I7YhCRYjphDOOS4
E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4g
zMedpiJHQVeyI-zkZV7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21
O0ul4YxSHV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5I
R7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDU
F_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-I
apSjVFnMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ
a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAa
mBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp
ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDhi1smxS_X_x
pkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_GnVrNwlK7Lgxw6FSQvDO
0
Figure 231: Encrypted Key, base64url-encoded

6.7. Encrypting the Content

6.7. Encrypting the Content

The following is generated before encrypting the Plaintext:

The following is generated before encrypting the Plaintext:

  • JWE Protected Header; this example uses the header from Figure 232, encoded using base64url [RFC4648] to produce Figure 233.
  • JWE Protected Header; this example uses the header from Figure 232, encoded using base64url [RFC4648] to produce Figure 233.

{
  "alg": "RSA-OAEP",
  "cty": "JWT",
  "enc": "A128GCM"
}
Figure 232: JWE Protected Header JSON 

{
  "alg": "RSA-OAEP",
  "cty": "JWT",
  "enc": "A128GCM"
}
Figure 232: JWE Protected Header JSON 

eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYyI6IkExMjhHQ00ifQ
Figure 233: JWE Protected Header, base64url-encoded 

eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYyI6IkExMjhHQ00ifQ
Figure 233: JWE Protected Header, base64url-encoded

Performing the content encryption operation over the Plaintext (Figure 228) with the following:

Performing the content encryption operation over the Plaintext (Figure 228) with the following:

  • CEK (Figure 229);
  • CEK (Figure 229);
  • Initialization Vector (Figure 230); and
  • Initialization Vector (Figure 230); and
  • JWE Protected Header (Figure 233) as authenticated data
  • JWE Protected Header (Figure 233) as authenticated data

produces the following:

produces the following:

  • Ciphertext from Figure 234.
  • Ciphertext from Figure 234.
  • Authentication Tag from Figure 235.
  • Authentication Tag from Figure 235.

SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBNgCe2OFMf66cSJ8k2Q
kxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAvVLsAXB0_UTCBGyBg3C2bWLX
qZlfJAAoJRUPRk-BimYZY81zVBuIhc7HsQePCpu33SzMsFHjn4lP_idrJz_glZ
TNgKDt8zdnUPauKTKDNOH1DD4fuzvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9C
hMPqW1QNhzuX_Zul3bvrJwr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEa
ulV18l4Fg9tLejdkAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2
zI3Q_1sYjKUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUr
lx4gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gYjLf
hn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5XmnwZMyNc
9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMxtlMizR88NKU1WkB
siXMCjy1Noue7MD-ShDp5dmM
Figure 234: Ciphertext, base64url-encoded 

SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBNgCe2OFMf66cSJ8k2Q
kxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAvVLsAXB0_UTCBGyBg3C2bWLX
qZlfJAAoJRUPRk-BimYZY81zVBuIhc7HsQePCpu33SzMsFHjn4lP_idrJz_glZ
TNgKDt8zdnUPauKTKDNOH1DD4fuzvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9C
hMPqW1QNhzuX_Zul3bvrJwr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEa
ulV18l4Fg9tLejdkAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2
zI3Q_1sYjKUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUr
lx4gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gYjLf
hn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5XmnwZMyNc
9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMxtlMizR88NKU1WkB
siXMCjy1Noue7MD-ShDp5dmM
Figure 234: Ciphertext, base64url-encoded 

KnIKEhN8U-3C9s4gtSpjSw
Figure 235: Authentication Tag, base64url-encoded 

KnIKEhN8U-3C9s4gtSpjSw
Figure 235: Authentication Tag, base64url-encoded

6.8. Encryption Output

6.8. Encryption Output

The following compose the resulting JWE object:

The following compose the resulting JWE object:

  • JWE Protected Header (Figure 233)
  • JWE Protected Header (Figure 233)
  • Encrypted Key (Figure 231)
  • Encrypted Key (Figure 231)
  • Initialization Vector (Figure 230)
  • Initialization Vector (Figure 230)
  • Ciphertext (Figure 234)
  • Ciphertext (Figure 234)
  • Authentication Tag (Figure 235) The resulting JWE object using the JWE Compact Serialization:
  • Authentication Tag (Figure 235) The resulting JWE object using the JWE Compact Serialization:

eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYyI6IkExMjhHQ00ifQ
.
a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurCyrBg3I7YhCRYjphDOOS4
E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4g
zMedpiJHQVeyI-zkZV7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21
O0ul4YxSHV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5I
R7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDU
F_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-I
apSjVFnMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ
a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAa
mBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp
ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDhi1smxS_X_x
pkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_GnVrNwlK7Lgxw6FSQvDO
0
.
GbX1i9kXz0sxXPmA
.
SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBNgCe2OFMf66cSJ8k2Q
kxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAvVLsAXB0_UTCBGyBg3C2bWLX
qZlfJAAoJRUPRk-BimYZY81zVBuIhc7HsQePCpu33SzMsFHjn4lP_idrJz_glZ
TNgKDt8zdnUPauKTKDNOH1DD4fuzvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9C
hMPqW1QNhzuX_Zul3bvrJwr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEa
ulV18l4Fg9tLejdkAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2
zI3Q_1sYjKUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUr
lx4gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gYjLf
hn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5XmnwZMyNc
9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMxtlMizR88NKU1WkB
siXMCjy1Noue7MD-ShDp5dmM
.
KnIKEhN8U-3C9s4gtSpjSw
Figure 236: JWE Compact Serialization 

eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYyI6IkExMjhHQ00ifQ
.
a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurCyrBg3I7YhCRYjphDOOS4
E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4g
zMedpiJHQVeyI-zkZV7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21
O0ul4YxSHV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5I
R7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDU
F_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-I
apSjVFnMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ
a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAa
mBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp
ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDhi1smxS_X_x
pkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_GnVrNwlK7Lgxw6FSQvDO
0
.
GbX1i9kXz0sxXPmA
.
SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBNgCe2OFMf66cSJ8k2Q
kxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAvVLsAXB0_UTCBGyBg3C2bWLX
qZlfJAAoJRUPRk-BimYZY81zVBuIhc7HsQePCpu33SzMsFHjn4lP_idrJz_glZ
TNgKDt8zdnUPauKTKDNOH1DD4fuzvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9C
hMPqW1QNhzuX_Zul3bvrJwr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEa
ulV18l4Fg9tLejdkAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2
zI3Q_1sYjKUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUr
lx4gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gYjLf
hn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5XmnwZMyNc
9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMxtlMizR88NKU1WkB
siXMCjy1Noue7MD-ShDp5dmM
.
KnIKEhN8U-3C9s4gtSpjSw
Figure 236: JWE Compact Serialization

The resulting JWE object using the general JWE JSON Serialization:

The resulting JWE object using the general JWE JSON Serialization:

{
  "recipients": [
    {
      "encrypted_key": "a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVh
          jurCyrBg3I7YhCRYjphDOOS4E7rXbr2Fn6NyQq-A-gqT0FXqNjVO
          GrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4gzMedpiJHQVeyI-zkZV
          7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21O0ul4YxS
          HV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e
          5IR7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5
          o6yV64x6yzDUF_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBq
          XxXvIjLeZivjNkzogCq3-IapSjVFnMjBxjpYLT8muaawo1yy1XXM
          uinIpNcOY3n4KKrXLrCcteX85m4IIHMZa38s1Hpr56fPPseMA-Jl
          tmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAamBKOYwfk7J
          hLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp
          ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDh
          i1smxS_X_xpkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_
          GnVrNwlK7Lgxw6FSQvDO0"
    }
  ],
  "protected": "eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYy
      I6IkExMjhHQ00ifQ",
  "iv": "GbX1i9kXz0sxXPmA",
  "ciphertext": "SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBN
      gCe2OFMf66cSJ8k2QkxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAv
      VLsAXB0_UTCBGyBg3C2bWLXqZlfJAAoJRUPRk-BimYZY81zVBuIhc7Hs
      QePCpu33SzMsFHjn4lP_idrJz_glZTNgKDt8zdnUPauKTKDNOH1DD4fu
      zvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9ChMPqW1QNhzuX_Zul3bvrJ
      wr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEaulV18l4Fg9tLejd
      kAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2zI3Q_1sYj
      KUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUrlx4
      gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gY
      jLfhn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5
      XmnwZMyNc9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMx
      tlMizR88NKU1WkBsiXMCjy1Noue7MD-ShDp5dmM",
  "tag": "KnIKEhN8U-3C9s4gtSpjSw"
}
Figure 237: General JWE JSON Serialization 

{
  "recipients": [
    {
      "encrypted_key": "a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVh
          jurCyrBg3I7YhCRYjphDOOS4E7rXbr2Fn6NyQq-A-gqT0FXqNjVO
          GrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4gzMedpiJHQVeyI-zkZV
          7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21O0ul4YxS
          HV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e
          5IR7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5
          o6yV64x6yzDUF_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBq
          XxXvIjLeZivjNkzogCq3-IapSjVFnMjBxjpYLT8muaawo1yy1XXM
          uinIpNcOY3n4KKrXLrCcteX85m4IIHMZa38s1Hpr56fPPseMA-Jl
          tmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAamBKOYwfk7J
          hLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp
          ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDh
          i1smxS_X_xpkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_
          GnVrNwlK7Lgxw6FSQvDO0"
    }
  ],
  "protected": "eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYy
      I6IkExMjhHQ00ifQ",
  "iv": "GbX1i9kXz0sxXPmA",
  "ciphertext": "SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBN
      gCe2OFMf66cSJ8k2QkxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAv
      VLsAXB0_UTCBGyBg3C2bWLXqZlfJAAoJRUPRk-BimYZY81zVBuIhc7Hs
      QePCpu33SzMsFHjn4lP_idrJz_glZTNgKDt8zdnUPauKTKDNOH1DD4fu
      zvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9ChMPqW1QNhzuX_Zul3bvrJ
      wr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEaulV18l4Fg9tLejd
      kAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2zI3Q_1sYj
      KUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUrlx4
      gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gY
      jLfhn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5
      XmnwZMyNc9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMx
      tlMizR88NKU1WkBsiXMCjy1Noue7MD-ShDp5dmM",
  "tag": "KnIKEhN8U-3C9s4gtSpjSw"
}
Figure 237: General JWE JSON Serialization

The resulting JWE object using the flattened JWE JSON Serialization:

The resulting JWE object using the flattened JWE JSON Serialization:

{
  "encrypted_key": "a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurC
      yrBg3I7YhCRYjphDOOS4E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13
      mwy7RoYhjTkBEC6P7sMYMXXx4gzMedpiJHQVeyI-zkZV7A9matpgevAJ
      WrXzOUysYGTtwoSN6gtUVtlLaivjvb21O0ul4YxSHV-ByK1kyeetRp_f
      uYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5IR7nany-25_UmC2uros
      NkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDUF_5JCIdl-Qv6
      H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-IapSjVF
      nMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ
      a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3
      kJusAamBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15q
      JIEXNJtqnblpymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TX
      uPC8yDDhi1smxS_X_xpkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX
      2Fo_GnVrNwlK7Lgxw6FSQvDO0",
  "protected": "eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYy
      I6IkExMjhHQ00ifQ",
  "iv": "GbX1i9kXz0sxXPmA",
  "ciphertext": "SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBN
      gCe2OFMf66cSJ8k2QkxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAv
      VLsAXB0_UTCBGyBg3C2bWLXqZlfJAAoJRUPRk-BimYZY81zVBuIhc7Hs
      QePCpu33SzMsFHjn4lP_idrJz_glZTNgKDt8zdnUPauKTKDNOH1DD4fu
      zvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9ChMPqW1QNhzuX_Zul3bvrJ
      wr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEaulV18l4Fg9tLejd
      kAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2zI3Q_1sYj
      KUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUrlx4
      gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gY
      jLfhn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5
      XmnwZMyNc9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMx
      tlMizR88NKU1WkBsiXMCjy1Noue7MD-ShDp5dmM",
  "tag": "KnIKEhN8U-3C9s4gtSpjSw"
}
Figure 238: Flattened JWE JSON Serialization 

{
  "encrypted_key": "a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurC
      yrBg3I7YhCRYjphDOOS4E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13
      mwy7RoYhjTkBEC6P7sMYMXXx4gzMedpiJHQVeyI-zkZV7A9matpgevAJ
      WrXzOUysYGTtwoSN6gtUVtlLaivjvb21O0ul4YxSHV-ByK1kyeetRp_f
      uYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5IR7nany-25_UmC2uros
      NkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDUF_5JCIdl-Qv6
      H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-IapSjVF
      nMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ
      a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3
      kJusAamBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15q
      JIEXNJtqnblpymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TX
      uPC8yDDhi1smxS_X_xpkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX
      2Fo_GnVrNwlK7Lgxw6FSQvDO0",
  "protected": "eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYy
      I6IkExMjhHQ00ifQ",
  "iv": "GbX1i9kXz0sxXPmA",
  "ciphertext": "SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBN
      gCe2OFMf66cSJ8k2QkxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAv
      VLsAXB0_UTCBGyBg3C2bWLXqZlfJAAoJRUPRk-BimYZY81zVBuIhc7Hs
      QePCpu33SzMsFHjn4lP_idrJz_glZTNgKDt8zdnUPauKTKDNOH1DD4fu
      zvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9ChMPqW1QNhzuX_Zul3bvrJ
      wr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEaulV18l4Fg9tLejd
      kAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2zI3Q_1sYj
      KUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUrlx4
      gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gY
      jLfhn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5
      XmnwZMyNc9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMx
      tlMizR88NKU1WkBsiXMCjy1Noue7MD-ShDp5dmM",
  "tag": "KnIKEhN8U-3C9s4gtSpjSw"
}
Figure 238: Flattened JWE JSON Serialization

7. Security Considerations

7. Security Considerations

This document is designed to provide examples for developers to use in checking their implementations. As such, it does not follow some of the security considerations and recommendations in the core documents (i.e., [JWS], [JWE], [JWK], and [JWA]). For instance:

This document is designed to provide examples for developers to use in checking their implementations. As such, it does not follow some of the security considerations and recommendations in the core documents (i.e., [JWS], [JWE], [JWK], and [JWA]). For instance:

  • it does not always generate a new CEK value for every encrypted example;
  • it does not always generate a new CEK value for every encrypted example;
  • it does not always generate a new Initialization Vector (IV) value for every encrypted example; and
  • it does not always generate a new Initialization Vector (IV) value for every encrypted example; and
  • it does not always generate a new ephemeral key for every ephemeral key example.
  • it does not always generate a new ephemeral key for every ephemeral key example.

For each example, data that is expected to be generated for each signing or encryption operation is isolated to sections titled "Generated Factors".

For each example, data that is expected to be generated for each signing or encryption operation is isolated to sections titled "Generated Factors".

References

Normative References

[JWA]
"JSON Web Algorithms (JWA)", RFC None, DOI None, , <http://www.rfc-editor.org/info/rfc7518>
[JWE]
"JSON Web Encryption (JWE)", RFC None, DOI None, , <http://www.rfc-editor.org/info/rfc7516>
[JWK]
"JSON Web Key (JWK)", RFC None, DOI None, , <http://www.rfc-editor.org/info/rfc7517>
[JWS]
"JSON Web Signature (JWS)", RFC None, DOI None, , <http://www.rfc-editor.org/info/rfc7515>
[RFC4648]
"The Base16, Base32, and Base64 Data Encodings", RFC None, DOI None, , <http://www.rfc-editor.org/info/rfc4648>

Informative References

[JWT]
"JSON Web Token (JWT)", RFC None, DOI None, , <http://www.rfc-editor.org/info/rfc7519>
[LOTR-FELLOWSHIP]
"The Fellowship of the Ring", ,
[RFC1951]
"DEFLATE Compressed Data Format Specification version 1.3", RFC None, DOI None, , <http://www.rfc-editor.org/info/rfc1951>
[RFC7095]
"jCard: The JSON Format for vCard", RFC None, DOI None, , <http://www.rfc-editor.org/info/rfc7095>

References

Normative References

[JWA]
"JSON Web Algorithms (JWA)", RFC None, DOI None, , <http://www.rfc-editor.org/info/rfc7518>
[JWE]
"JSON Web Encryption (JWE)", RFC None, DOI None, , <http://www.rfc-editor.org/info/rfc7516>
[JWK]
"JSON Web Key (JWK)", RFC None, DOI None, , <http://www.rfc-editor.org/info/rfc7517>
[JWS]
"JSON Web Signature (JWS)", RFC None, DOI None, , <http://www.rfc-editor.org/info/rfc7515>
[RFC4648]
"The Base16, Base32, and Base64 Data Encodings", RFC None, DOI None, , <http://www.rfc-editor.org/info/rfc4648>

Informative References

[JWT]
"JSON Web Token (JWT)", RFC None, DOI None, , <http://www.rfc-editor.org/info/rfc7519>
[LOTR-FELLOWSHIP]
"The Fellowship of the Ring", ,
[RFC1951]
"DEFLATE Compressed Data Format Specification version 1.3", RFC None, DOI None, , <http://www.rfc-editor.org/info/rfc1951>
[RFC7095]
"jCard: The JSON Format for vCard", RFC None, DOI None, , <http://www.rfc-editor.org/info/rfc7095>

Acknowledgements

Acknowledgements

Most of the examples herein use quotes and character names found in the novel "The Fellowship of the Ring" [LOTR-FELLOWSHIP], written by J. R. R. Tolkien.

Most of the examples herein use quotes and character names found in the novel "The Fellowship of the Ring" [LOTR-FELLOWSHIP], written by J. R. R. Tolkien.

Thanks to Richard Barnes, Brian Campbell, Mike Jones, and Jim Schaad for their input and review of the text. Thanks to Brian Campbell for verifying the Compact Serialization examples.

Thanks to Richard Barnes, Brian Campbell, Mike Jones, and Jim Schaad for their input and review of the text. Thanks to Brian Campbell for verifying the Compact Serialization examples.