RFC7515- JSON Web Signature (JWS)(JSON Web签名)

RFC7515- JSON Web Signature (JWS)

目录

摘要(Abstract)

1. 简介(Introduction)

1.1 符号约定(Notational Conventions)

2. 专业术语(Terminology)

3. JSON Web 签名 (JWS) 概述(JSON Web Signature (JWS) Overview)

3.1 JWS紧凑序列化概述(JWS Compact Serialization Overview)

3.2 JWS JSON序列化概述(JWS JSON Serialization Overview)

3.3 JWS示例(Example JWS)

4. JOSE头 (JOSE Header)

4.1 注册头参数名(Registered Header Parameter Names)

4.1.1 “alg”(算法)头参数("alg" (Algorithm) Header Parameter)

4.1.2“jku”(JWK设置URL)报头参数("jku" (JWK Set URL) Header Parameter  )

4.1.3“jwk”(JSON Web Key)头参数("jwk" (JSON Web Key) Header Parameter)

4.1.4“kid”(Key ID) Header参数("kid" (Key ID) Header Parameter  )

4.1.5 "x5u" (X.509 URL)报头参数("x5u" (X.509 URL) Header Parameter )

4.1.6“x5c”(X.509证书链)头参数("x5c" (X.509 Certificate Chain) Header Parameter)

4.1.7 "x5t" (X.509 Certificate SHA-1 Thumbprint)报头参数("x5t" (X.509 Certificate SHA-1 Thumbprint)Header Parameter )

4.1.8 "x5t#S256" (X.509 Certificate SHA-256 Thumbprint)报头参数("x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Header Parameter )

4.1.9“typ”(Type)头参数("typ" (Type) Header Parameter)

4.1.10“cty”(内容类型)头参数("cty" (Content Type) Header Parameter)

4.1.11“crit”(临界)头参数("crit" (Critical) Header Parameter )

4.2 公共头参数名(Public Header Parameter Names)

4.3私有头参数名(Private Header Parameter Names)

5. 生产和消费JWSs( Producing and Consuming JWSs)

 5.1. 消息签名或MAC计算(Message Signature or MAC Computation)

5.2 消息签名或MAC验证(Message Signature or MAC Validation)

5.3 字符串比较规则(String Comparison Rules)

6. 密钥识别(Key Identification)

7. 序列化(Serializations )

7.1 JWS紧凑序列化(JWS Compact Serialization)

7.2 JWS JSON 序列化(JWS JSON Serialization)

7.2.1 通用JWS JSON序列化语法(General JWS JSON Serialization Syntax)

7.2.2 简化JWS JSON序列化语法(Flattened JWS JSON Serialization Syntax)

8. TLS要求(TLS Requirements)

9. IANA注意事项(IANA Considerations)

9.1 JSON Web签名和加密头(JSON Web Signature and Encryption Header)

9.2 媒体类型注册(Media Type Registration)

10. 安全注意事项(Security Considerations)

11. 参考文献(References)

附录A. JWS示例(Appendix A.  JWS Examples)

A.2 使用RSASSA-PKCS1-v1_5 SHA-256的示例JWS(Example JWS Using RSASSA-PKCS1-v1_5 SHA-256) 

A.2.1.  编码(Encoding)

A.2.2.  验证(Validating)

 附录B“ x5c”(X.509证书链)示例(Appendix B.  "x5c" (X.509 Certificate Chain) Example)

附录C.关于在没有填充的情况下实现base64url编码的说明(Appendix C.  Notes on Implementing base64url Encoding without Padding)

附录D.键选择说明( Appendix D.  Notes on Key Selection)

附录E.“关键”头参数的负测试用例(Appendix E.  Negative Test Case for "crit" Header Parameter )

附录F.分离的内容(Appendix F.  Detached Content)


 

摘要(Abstract)

 

JSON Web签名(JWS)表示使用基于JSON的数据结构由数字签名或消息身份验证代码(MAC)保护的内容。 与本规范一起使用的密码算法和标识符在单独的JSON Web算法(JWA)规范和该规范定义的IANA注册中心中进行了描述。 相关的加密功能在单独的JSON Web加密(JWE)规范中进行了描述。

 

JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based data structures.  Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and an IANA registry defined by that specification.  Related encryption capabilities are described in the separate JSON Web Encryption (JWE) specification.

 

 

1. 简介(Introduction)

 

JSON Web签名(JWS)表示使用基于JSON的[RFC7159]数据结构通过数字签名或消息身份验证代码(MAC)保护的内容。 JWS密码机制为任意八位字节序列提供完整性保护。 有关数字签名和MAC之间差异的讨论,请参见第10.5节。

 

JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based [RFC7159] data structures.  The JWS cryptographic mechanisms provide integrity protection for an arbitrary sequence of octets.  See Section 10.5 for a discussion on the differences between digital signatures and MACs.

 

为JWSs定义了两个密切相关的序列化。JWS紧凑序列化是一种紧凑的、url安全的表示形式,用于空间受限的环境,如HTTP授权头和URI查询参数。JWS JSON序列化将JWSs表示为JSON对象,并允许对相同的内容应用多个签名和/或mac。两者共享相同的密码基础。

 

Two closely related serializations for JWSs are defined.  The JWS Compact Serialization is a compact, URL-safe representation intended for space-constrained environments such as HTTP Authorization headers and URI query parameters.  The JWS JSON Serialization represents JWSs as JSON objects and enables multiple signatures and/or MACs to be applied to the same content.  Both share the same cryptographic underpinnings.

 

与此规范一起使用的加密算法和标识符在单独的JSON Web算法(JWA) [JWA]规范和该规范定义的IANA注册表中进行了描述。相关的加密功能在单独的JSON Web encryption (JWE) [JWE]规范中描述。

 

Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) [JWA] specification and an IANA registry defined by that specification.  Related encryption capabilities are described in the separate JSON Web Encryption (JWE) [JWE] specification.

 

1.1 符号约定(Notational Conventions)

 

 

2. 专业术语(Terminology)

 

这些术语由本规范定义:

 

JSON Web签名(JWS)

      表示数字签名或MACed消息的数据结构。

JOSE报头

      JSON对象,其中包含描述密码操作和参数的参数。 JOSE(JSON对象签名和加密)报头由一组标头参数组成。

JWS有效负载

要保护的八位字节序列——也就是消息。有效载荷可以包含任意的八位字节序列。

JWS签名

JWS保护的报头和JWS有效负载上的数字签名或MAC。

头部参数

      是JOSE标头成员的名称/值对。

JWS保护的标头

      包含Header参数的JSON对象,该参数由JWS Signature数字签名或MAC操作进行完整性保护。对于JWS Compact序列化,它包含整个JOSE Header。 对于JWS JSON序列化,这是JOSE标头的组成部分。

JWS未受保护的标头

      包含不受完整性保护的标头参数的JSON对象。 仅在使用JWS JSON序列化时才存在。

 

These terms are defined by this specification:

JSON Web Signature (JWS)

     A data structure representing a digitally signed or MACed message.

JOSE Header

     JSON object containing the parameters describing the cryptographic operations and parameters employed.  The JOSE (JSON Object Signing and Encryption) Header is comprised of a set of Header Parameters.

JWS Payload

     The sequence of octets to be secured -- a.k.a. the message.  The payload can contain an arbitrary sequence of octets.

JWS Signature

     Digital signature or MAC over the JWS Protected Header and the JWS Payload.

Header Parameter

     A name/value pair that is member of the JOSE Header.

JWS Protected Header

     JSON object that contains the Header Parameters that are integrity protected by the JWS Signature digital signature or MAC operation.For the JWS Compact Serialization, this comprises the entire JOSE Header.  For the JWS JSON Serialization, this is one component of the JOSE Header.

JWS Unprotected Header

     JSON object that contains the Header Parameters that are not integrity protected.  This can only be present when using the JWS JSON Serialization.

3. JSON Web 签名 (JWS) 概述(JSON Web Signature (JWS) Overview)

 

3.1 JWS紧凑序列化概述(JWS Compact Serialization Overview)

 

3.2 JWS JSON序列化概述(JWS JSON Serialization Overview)

 

3.3 JWS示例(Example JWS)

 

本节提供JWS的一个示例。它的计算在附录A.1中有更详细的描述,包括指定表示所使用的JSON值和键值的精确的八位序列。

 

This section provides an example of a JWS.  Its computation is described in more detail in Appendix A.1, including specifying the exact octet sequences representing the JSON values used and the key value used.

 

下面的例子JWS保护报头声明编码的对象是一个JSON Web令牌[JWT], JWS保护报头和JWS有效负载使用HMAC SHA-256 [RFC2104] [SHS]算法进行保护:

{

"typ":"JWT",

  "alg":"HS256"

}

将这个JWS保护头编码为BASE64URL(UTF8(JWS保护头))得到以下值:

eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9

 

The following example JWS Protected Header declares that the encoded object is a JSON Web Token [JWT] and the JWS Protected Header and the JWS Payload are secured using the HMAC SHA-256 [RFC2104] [SHS] algorithm:

{

     "typ":"JWT",

     "alg":"HS256"

}

Encoding this JWS Protected Header as BASE64URL(UTF8(JWS Protected Header)) gives this value:

Encoding this JWS Protected Header as BASE64URL(UTF8(JWS Protected Header)) gives this value:

eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9

 

以下JSON对象的UTF-8表示形式用作JWS有效负载。 (请注意,有效负载可以是任何内容,而不必是JSON对象的表示。)

{

      "iss":"joe",

      "exp":1300819380,

      "http://example.com/is_root":true

}

将此JWS有效负载编码为BASE64URL(JWS Payload)可以得到以下值(带有换行符,仅用于显示目的):

eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ

 

The UTF-8 representation of the following JSON object is used as the JWS Payload.  (Note that the payload can be any content and need not be a representation of a JSON object.)

{

"iss":"joe",

      "exp":1300819380,

      "http://example.com/is_root":true

}

Encoding this JWS Payload as BASE64URL(JWS Payload) gives this value (with line breaks for display purposes only):

eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ

 

 

使用HMAC SHA-256算法,并使用附录A.1和base64url中指定的密钥,计算JWS签名输入ASCII(BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload)))的HMAC -对结果进行编码将产生以下BASE64URL(JWS Signature)值:

dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk

 

将这些值按Header.Payload顺序连接起来。部分之间带有句点('.')字符的签名使用JWS紧凑序列化(仅为显示目的使用换行符)产生这个完整的JWS表示:

eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk

 

请参阅附录A以获得其他示例,包括A.6和A.7小节中使用JWS JSON序列化的示例。

 

 Computing the HMAC of the JWS Signing Input ASCII(BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload)) with the HMAC SHA-256 algorithm using the key specified in Appendix A.1 and base64url-encoding the result yields this BASE64URL(JWS Signature) value:

 dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk

 

 Concatenating these values in the order Header.Payload.Signature with period ('.') characters between the parts yields this complete JWS representation using the JWS Compact Serialization (with line breaks for display purposes only):

 eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk

 

  See Appendix A for additional examples, including examples using the JWS JSON Serialization in Sections A.6 and A.7.

 

 

 

4. JOSE头 (JOSE Header)

 

4.1 注册头参数名(Registered Header Parameter Names)

 

4.1.1 “alg”(算法)头参数("alg" (Algorithm) Header Parameter)

 

 

4.1.2“jku”(JWK设置URL)报头参数("jku" (JWK Set URL) Header Parameter  )

 

4.1.3“jwk”(JSON Web Key)头参数("jwk" (JSON Web Key) Header Parameter)

 

4.1.4“kid”(Key ID) Header参数("kid" (Key ID) Header Parameter  )

 

4.1.5 "x5u" (X.509 URL)报头参数("x5u" (X.509 URL) Header Parameter )

 

4.1.6“x5c”(X.509证书链)头参数("x5c" (X.509 Certificate Chain) Header Parameter)

 

4.1.7 "x5t" (X.509 Certificate SHA-1 Thumbprint)报头参数("x5t" (X.509 Certificate SHA-1 Thumbprint)Header Parameter )

 

4.1.8 "x5t#S256" (X.509 Certificate SHA-256 Thumbprint)报头参数("x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Header Parameter )

 

4.1.9“typ”(Type)头参数("typ" (Type) Header Parameter)

 

 

JWS应用程序使用“typ”(type)头参数来声明媒体类型[IANA。这个完整的JWS。当包含JWS的应用程序数据结构中可能存在多种对象时,可以使用此方法;应用程序可以使用这个值来消除可能出现的不同类型对象之间的歧义。当对象的类型已经知道时,应用程序通常不会使用它。这个参数被JWS实现忽略;此参数的任何处理都由JWS应用程序执行。这个头参数的使用是可选的。

 

为了使消息在一般情况下保持紧凑,当媒体类型值中没有其他'/'出现时,建议生产者省略"typ"头参数中媒体类型值的"application/"前缀。接收方使用媒体类型值时,必须将其视为“application/”前加任何不包含“/”的“typ”值。例如,“示例”的“typ”值应该用来表示“application/example”媒体类型,而媒体类型“application/example;part="1/2"”不能缩写为“example;part="1/2"”。

 

应用程序可以使用“typ”值“JOSE”来表明该对象是使用JWS紧凑序列化或JWE紧凑序列化的JWS或JWE。“typ”值“JOSE+JSON”可以被应用程序使用JWS JSON序列化或JWE JSON序列化来表示该对象是JWS或JWE。应用程序也可以使用其他类型值。

 

根据RFC2045 [RFC2045],所有的媒体类型值、子类型值和参数名不区分大小写。但是,参数值是区分大小写的,除非为特定参数指定了其他参数。

 

The "typ" (type) Header Parameter is used by JWS applications to declare the media type [IANA.MediaTypes] of this complete JWS.  This is intended for use by the application when more than one kind of object could be present in an application data structure that can contain a JWS; the application can use this value to disambiguate among the different kinds of objects that might be present.  It will typically not be used by applications when the kind of object is already known.  This parameter is ignored by JWS implementations; any processing of this parameter is performed by the JWS application. Use of this Header Parameter is OPTIONAL.

 

To keep messages compact in common situations, it is RECOMMENDED that producers omit an "application/" prefix of a media type value in a "typ" Header Parameter when no other '/' appears in the media type value.  A recipient using the media type value MUST treat it as if "application/" were prepended to any "typ" value not containing a '/'.  For instance, a "typ" value of "example" SHOULD be used to represent the "application/example" media type, whereas the media type "application/example;part="1/2"" cannot be shortened to "example;part="1/2"".

 

The "typ" value "JOSE" can be used by applications to indicate that this object is a JWS or JWE using the JWS Compact Serialization or the JWE Compact Serialization.  The "typ" value "JOSE+JSON" can be used by applications to indicate that this object is a JWS or JWE using the JWS JSON Serialization or the JWE JSON Serialization. Other type values can also be used by applications.

 

 

Per RFC 2045 [RFC2045], all media type values, subtype values, and parameter names are case insensitive.  However, parameter values are case sensitive unless otherwise specified for the specific parameter.

4.1.10“cty”(内容类型)头参数("cty" (Content Type) Header Parameter)

 

4.1.11“crit”(临界)头参数("crit" (Critical) Header Parameter )

 

 

 

 

 

 

4.2 公共头参数名(Public Header Parameter Names)

 

 

4.3私有头参数名(Private Header Parameter Names)

 

 

5. 生产和消费JWSs( Producing and Consuming JWSs)

 5.1. 消息签名或MAC计算(Message Signature or MAC Computation)

 

要创建JWS,请执行以下步骤。 在步骤的输入和输出之间没有依赖关系的情况下,步骤的顺序并不重要。

 

To create a JWS, the following steps are performed.  The order of the steps is not significant in cases where there are no dependencies between the inputs and outputs of the steps.

 

1.创建要用作JWS有效负载的内容。

2.计算编码的有效负载值BASE64URL(JWS Payload)。

3.创建包含所需报头参数集的JSON对象,这些参数集共同组成了JOSE报头(JWS受保护的报头和/或JWS不受保护的报头)。

4. 计算编码的报头值BASE64URL(UTF8(JWS Protected Header))。如果不存在JWS Protected报头(只有在使用JWS JSON序列化且不存在“Protected”成员时才会发生这种情况),将此值设为空字符串。

5.按照为在JWS签名输入ASCII(BASE64URL(UTF8(JWS Protected Header))||'.'|| BASE64URL(JWS Payload))上使用的特定算法定义的方式,计算JWS签名。“alg”(算法)报头参数必须出现在JOSE报头中,算法值准确地表示用于构造JWS签名的算法。

6.计算编码的签名值BASE64URL(JWS Signature)。

7.如果使用的是JWS JSON序列化,则对每个执行的数字签名或MAC操作重复此过程(步骤3-6)。

8.创建所需的序列化输出。 此结果的JWS Compact序列化为BASE64URL(UTF8(JWS Protected Header))|| '.' || BASE64URL(JWS Payload)|| '.' || BASE64URL(JWS签名)。 第7.2节中描述了JWS JSON序列化。

 

1.  Create the content to be used as the JWS Payload.

2.  Compute the encoded payload value BASE64URL(JWS Payload).

3.  Create the JSON object(s) containing the desired set of Header Parameters, which together comprise the JOSE Header (the JWS Protected Header and/or the JWS Unprotected Header).

4.  Compute the encoded header value BASE64URL(UTF8(JWS Protected Header)).  If the JWS Protected Header is not present (which can only happen when using the JWS JSON Serialization and no "protected" member is present), let this value be the empty string.

5.  Compute the JWS Signature in the manner defined for the particular algorithm being used over the JWS Signing Input ASCII(BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload)).  The "alg" (algorithm) Header Parameter MUST be present in the JOSE Header, with the algorithm value  accurately representing the algorithm used to construct the JWS Signature.

6.  Compute the encoded signature value BASE64URL(JWS Signature).

7.  If the JWS JSON Serialization is being used, repeat this process (steps 3-6) for each digital signature or MAC operation being performed.

8.  Create the desired serialized output.  The JWS Compact Serialization of this result is BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload) || '.' || BASE64URL(JWS Signature).  The JWS JSON Serialization is described in Section 7.2.

5.2 消息签名或MAC验证(Message Signature or MAC Validation)

 

在验证JWS时,将执行以下步骤。在步骤的输入和输出之间不存在依赖关系的情况下,步骤的顺序并不重要。如果列出的任何步骤失败,则无法验证签名或MAC。

 

When validating a JWS, the following steps are performed.  The order of the steps is not significant in cases where there are no dependencies between the inputs and outputs of the steps.  If any of the listed steps fails, then the signature or MAC cannot be validated.

 

当存在多个JWS签名值时,由应用程序决定哪个JWS签名值必须成功验证才能接受JWS。 在某些情况下,所有组件都必须成功验证,否则JWS将被视为无效。 在其他情况下,仅需要成功验证特定的JWS签名值。 但是,在所有情况下,至少一个JWS签名值必须成功验证,或者必须将JWS视为无效。

 

When there are multiple JWS Signature values, it is an application decision which of the JWS Signature values must successfully validate for the JWS to be accepted.  In some cases, all must successfully validate, or the JWS will be considered invalid.  In other cases, only a specific JWS Signature value needs to be successfully validated.  However, in all cases, at least one JWS Signature value MUST successfully validate, or the JWS MUST be considered invalid.

 

1. 解析JWS表示以提取JWS组件的序列化值。在使用JWS紧凑序列化时,这些组件是受JWS保护的报头、JWS有效负载和JWS签名的base64url编码表示,并且在使用JWS JSON序列化时,这些组件还包括未编码的JWS不受保护的报头值。使用jw紧凑序列化时,jw保护头,jw有效负载,和jw签名依次表示为base64url-encoded值,每个值是分开下由一个时期(“。”),导致两个限定时期人物被使用。JWS JSON序列化在7.2节中描述。

 

1.  Parse the JWS representation to extract the serialized values for  the components of the JWS.  When using the JWS Compact Serialization, these components are the base64url-encoded  representations of the JWS Protected Header, the JWS Payload, and  the JWS Signature, and when using the JWS JSON Serialization,  these components also include the unencoded JWS Unprotected Header value.  When using the JWS Compact Serialization, the JWS Protected Header, the JWS Payload, and the JWS Signature are represented as base64url-encoded values in that order, with each value being separated from the next by a single period ('.') character, resulting in exactly two delimiting period characters being used.  The JWS JSON Serialization is described in Section 7.2.

 

2.在没有使用换行符,空格或其他附加字符的限制下,对Base64url解码JWS受保护头的编码表示形式。

 

 2.  Base64url-decode the encoded representation of the JWS Protected Header, following the restriction that no line breaks, whitespace, or other additional characters have been used.

 

3.验证生成的八位位组序列是符合RFC 7159 [RFC7159]的完全有效JSON对象的UTF-8编码表示形式; 让JWS Protected Header作为此JSON对象。

 

 3.  Verify that the resulting octet sequence is a UTF-8-encoded representation of a completely valid JSON object conforming to RFC 7159 [RFC7159]; let the JWS Protected Header be this JSON object.

 

5.3 字符串比较规则(String Comparison Rules)

 

 

6. 密钥识别(Key Identification)

 

 

7. 序列化(Serializations )

 

7.1 JWS紧凑序列化(JWS Compact Serialization)

 

7.2 JWS JSON 序列化(JWS JSON Serialization)

 

7.2.1 通用JWS JSON序列化语法(General JWS JSON Serialization Syntax)

 

7.2.2 简化JWS JSON序列化语法(Flattened JWS JSON Serialization Syntax)

 

8. TLS要求(TLS Requirements)

 

9. IANA注意事项(IANA Considerations)

 

9.1 JSON Web签名和加密头(JSON Web Signature and Encryption Header)

 

 

9.2 媒体类型注册(Media Type Registration)

 

10. 安全注意事项(Security Considerations)

 

11. 参考文献(References)

 

 

附录A. JWS示例(Appendix A.  JWS Examples)

 

 

A.2 使用RSASSA-PKCS1-v1_5 SHA-256的示例JWS(Example JWS Using RSASSA-PKCS1-v1_5 SHA-256) 

A.2.1.  编码(Encoding)

完整拼接:

BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload)|| '.' ||BASE64URL(JWS Signature)

 

本示例中的JWS受保护标头与上一个示例在两个方面有所不同。 首先,因为使用了不同的算法,所以“ alg”值不同。 其次,仅出于说明目的,未使用可选的“typ”(类型)标头参数。 (此差异与所使用的算法无关。)所使用的JWS受保护标头为:

{"alg":"RS256"}

在此示例中(使用JSON数组表示法),表示UTF8(JWS保护的标头)的八位字节是:

   [123、34、97、108、103、34、58、34、82、83、50、53、54、34、125]

将此JWS保护的标头编码为BASE64URL(UTF8(JWS Protected Header)),得到以下值:

   eyJhbGciOiJSUzI1NiJ9

 

The JWS Protected Header in this example is different from the previous example in two ways.  First, because a different algorithm is being used, the "alg" value is different.  Second, for illustration purposes only, the optional "typ" (type) Header Parameter is not used.  (This difference is not related to the algorithm employed.)  The JWS Protected Header used is:

{"alg":"RS256"}

The octets representing UTF8(JWS Protected Header) in this example(using JSON array notation) are:

  [123, 34, 97, 108, 103, 34, 58, 34, 82, 83, 50, 53, 54, 34, 125]

Encoding this JWS Protected Header as BASE64URL(UTF8(JWS Protected Header)) gives this value:

   eyJhbGciOiJSUzI1NiJ9

 

以下示例中使用的JWS有效负载与上一个示例相同。 由于BASE64URL(JWS Payload)值将因此相同,因此在此不再重复其计算。

{

"iss":"joe",

      "exp":1300819380,

      "http://example.com/is_root":true

}

将它们组合为BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload)给出以下字符串(带有换行符,仅用于显示目的):

eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ

 

The JWS Payload used in this example, which follows, is the same as in the previous example.  Since the BASE64URL(JWS Payload) value will therefore be the same, its computation is not repeated here.

{

"iss":"joe",

      "exp":1300819380,

      "http://example.com/is_root":true

}

Combining these as BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload) gives this string (with line breaks for display purposes only):

eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ

 

得到的JWS签名输入值(上面字符串的ASCII表示形式)是以下八位字节序列:

[101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 83, 85, 122, 73,

   49, 78, 105, 74, 57, 46, 101, 121, 74, 112, 99, 51, 77, 105, 79, 105,

   74, 113, 98, 50, 85, 105, 76, 65, 48, 75, 73, 67, 74, 108, 101, 72,

   65, 105, 79, 106, 69, 122, 77, 68, 65, 52, 77, 84, 107, 122, 79, 68,

   65, 115, 68, 81, 111, 103, 73, 109, 104, 48, 100, 72, 65, 54, 76,

   121, 57, 108, 101, 71, 70, 116, 99, 71, 120, 108, 76, 109, 78, 118,

   98, 83, 57, 112, 99, 49, 57, 121, 98, 50, 57, 48, 73, 106, 112, 48,

   99, 110, 86, 108, 102, 81]

 

 The resulting JWS Signing Input value, which is the ASCII representation of above string, is the following octet sequence:

  [101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 83, 85, 122, 73,

  49, 78, 105, 74, 57, 46, 101, 121, 74, 112, 99, 51, 77, 105, 79, 105,

  74, 113, 98, 50, 85, 105, 76, 65, 48, 75, 73, 67, 74, 108, 101, 72,

  65, 105, 79, 106, 69, 122, 77, 68, 65, 52, 77, 84, 107, 122, 79, 68,

  65, 115, 68, 81, 111, 103, 73, 109, 104, 48, 100, 72, 65, 54, 76,

  121, 57, 108, 101, 71, 70, 116, 99, 71, 120, 108, 76, 109, 78, 118,

  98, 83, 57, 112, 99, 49, 57, 121, 98, 50, 57, 48, 73, 106, 112, 48,

  99, 110, 86, 108, 102, 81]

 

 

这个例子使用下面JSON Web key [JWK]格式表示的RSA密钥(仅用于显示目的,值中有换行符):

{

  "kty":"RSA",

     "n":"ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx

          HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs

          D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH

          SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV

          MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8

          NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ",

     "e":"AQAB",

     "d":"Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97I

          jlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0

          BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn

          439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYT

          CBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLh

          BOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ",

     "p":"4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH_5IB3jw3bcxGn6QLvnEtfdUdi

          YrqBdss1l58BQ3KhooKeQTa9AB0Hw_Py5PJdTJNPY8cQn7ouZ2KKDcmnPG

          BY5t7yLc1QlQ5xHdwW1VhvKn-nXqhJTBgIPgtldC-KDV5z-y2XDwGUc",

     "q":"uQPEfgmVtjL0Uyyx88GZFF1fOunH3-7cepKmtH4pxhtCoHqpWmT8YAmZxa

          ewHgHAjLYsp1ZSe7zFYHj7C6ul7TjeLQeZD_YwD66t62wDmpe_HlB-TnBA

          -njbglfIsRLtXlnDzQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdc",

     "dp":"BwKfV3Akq5_MFZDFZCnW-wzl-CCo83WoZvnLQwCTeDv8uzluRSnm71I3Q

          CLdhrqE2e9YkxvuxdBfpT_PI7Yz-FOKnu1R6HsJeDCjn12Sk3vmAktV2zb

          34MCdy7cpdTh_YVr7tss2u6vneTwrA86rZtu5Mbr1C1XsmvkxHQAdYo0",

     "dq":"h_96-mK1R_7glhsum81dZxjTnYynPbZpHziZjeeHcXYsXaaMwkOlODsWa

          7I9xXDoRwbKgB719rrmI2oKr6N3Do9U0ajaHF-NKJnwgjMd2w9cjz3_-ky

          NlxAr2v4IKhGNpmM5iIgOS1VZnOZ68m6_pbLBSp3nssTdlqvd0tIiTHU",

     "qi":"IYd7DHOhrWvxkwPQsRM2tOgrjbcrfvtQJipd-DlcxyVuuM9sQLdgjVk2o

          y26F0EmpScGLq2MowX7fhd_QJQ3ydy5cY7YIBi87w93IKLEdfnbJtoOPLU

          W0ITrJReOgo1cq9SbsxYawBgfp_gh6A5603k2-ZQwVK0JKSHuLFkuQ3U"

}

 

 This example uses the RSA key represented in JSON Web Key [JWK] format below (with line breaks within values for display purposes only):

{

  "kty":"RSA",

     "n":"ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx

          HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs

          D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH

          SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV

          MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8

          NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ",

     "e":"AQAB",

     "d":"Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97I

          jlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0

          BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn

          439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYT

          CBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLh

          BOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ",

     "p":"4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH_5IB3jw3bcxGn6QLvnEtfdUdi

          YrqBdss1l58BQ3KhooKeQTa9AB0Hw_Py5PJdTJNPY8cQn7ouZ2KKDcmnPG

          BY5t7yLc1QlQ5xHdwW1VhvKn-nXqhJTBgIPgtldC-KDV5z-y2XDwGUc",

     "q":"uQPEfgmVtjL0Uyyx88GZFF1fOunH3-7cepKmtH4pxhtCoHqpWmT8YAmZxa

          ewHgHAjLYsp1ZSe7zFYHj7C6ul7TjeLQeZD_YwD66t62wDmpe_HlB-TnBA

          -njbglfIsRLtXlnDzQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdc",

     "dp":"BwKfV3Akq5_MFZDFZCnW-wzl-CCo83WoZvnLQwCTeDv8uzluRSnm71I3Q

          CLdhrqE2e9YkxvuxdBfpT_PI7Yz-FOKnu1R6HsJeDCjn12Sk3vmAktV2zb

          34MCdy7cpdTh_YVr7tss2u6vneTwrA86rZtu5Mbr1C1XsmvkxHQAdYo0",

     "dq":"h_96-mK1R_7glhsum81dZxjTnYynPbZpHziZjeeHcXYsXaaMwkOlODsWa

          7I9xXDoRwbKgB719rrmI2oKr6N3Do9U0ajaHF-NKJnwgjMd2w9cjz3_-ky

          NlxAr2v4IKhGNpmM5iIgOS1VZnOZ68m6_pbLBSp3nssTdlqvd0tIiTHU",

     "qi":"IYd7DHOhrWvxkwPQsRM2tOgrjbcrfvtQJipd-DlcxyVuuM9sQLdgjVk2o

          y26F0EmpScGLq2MowX7fhd_QJQ3ydy5cY7YIBi87w93IKLEdfnbJtoOPLU

          W0ITrJReOgo1cq9SbsxYawBgfp_gh6A5603k2-ZQwVK0JKSHuLFkuQ3U"

}

 

 

然后将RSA私钥传递给RSA签名函数,该函数也接受散列类型SHA-256和JWS签名输入作为输入。数字签名的结果是一个八位序列,它表示一个大端整数。在这个例子中,它是:

[112, 46, 33, 137, 67, 232, 143, 209, 30, 181, 216, 45, 191, 120, 69,

  243, 65, 6, 174, 27, 129, 255, 247, 115, 17, 22, 173, 209, 113, 125,

  131, 101, 109, 66, 10, 253, 60, 150, 238, 221, 115, 162, 102, 62, 81,

  102, 104, 123, 0, 11, 135, 34, 110, 1, 135, 237, 16, 115, 249, 69,

  229, 130, 173, 252, 239, 22, 216, 90, 121, 142, 232, 198, 109, 219,

  61, 184, 151, 91, 23, 208, 148, 2, 190, 237, 213, 217, 217, 112, 7,

  16, 141, 178, 129, 96, 213, 248, 4, 12, 167, 68, 87, 98, 184, 31,

  190, 127, 249, 217, 46, 10, 231, 111, 36, 242, 91, 51, 187, 230, 244,

  74, 230, 30, 177, 4, 10, 203, 32, 4, 77, 62, 249, 18, 142, 212, 1,

  48, 121, 91, 212, 189, 59, 65, 238, 202, 208, 102, 171, 101, 25, 129,

  253, 228, 141, 247, 127, 55, 45, 195, 139, 159, 175, 221, 59, 239,

  177, 139, 93, 163, 204, 60, 46, 176, 47, 158, 58, 65, 214, 18, 202,

  173, 21, 145, 18, 115, 160, 95, 35, 185, 232, 56, 250, 175, 132, 157,

  105, 132, 41, 239, 90, 30, 136, 121, 130, 54, 195, 212, 14, 96, 69,

  34, 165, 68, 200, 242, 122, 122, 45, 184, 6, 99, 209, 108, 247, 202,

  234, 86, 222, 64, 92, 178, 33, 90, 69, 178, 194, 85, 102, 181, 90,

  193, 167, 72, 160, 112, 223, 200, 163, 42, 70, 149, 67, 208, 25, 238,

  251, 71]

 

 The RSA private key is then passed to the RSA signing function, which  also takes the hash type, SHA-256, and the JWS Signing Input as inputs.  The result of the digital signature is an octet sequence, which represents a big-endian integer.  In this example, it is:

[112, 46, 33, 137, 67, 232, 143, 209, 30, 181, 216, 45, 191, 120, 69,

  243, 65, 6, 174, 27, 129, 255, 247, 115, 17, 22, 173, 209, 113, 125,

  131, 101, 109, 66, 10, 253, 60, 150, 238, 221, 115, 162, 102, 62, 81,

  102, 104, 123, 0, 11, 135, 34, 110, 1, 135, 237, 16, 115, 249, 69,

  229, 130, 173, 252, 239, 22, 216, 90, 121, 142, 232, 198, 109, 219,

  61, 184, 151, 91, 23, 208, 148, 2, 190, 237, 213, 217, 217, 112, 7,

  16, 141, 178, 129, 96, 213, 248, 4, 12, 167, 68, 87, 98, 184, 31,

  190, 127, 249, 217, 46, 10, 231, 111, 36, 242, 91, 51, 187, 230, 244,

  74, 230, 30, 177, 4, 10, 203, 32, 4, 77, 62, 249, 18, 142, 212, 1,

  48, 121, 91, 212, 189, 59, 65, 238, 202, 208, 102, 171, 101, 25, 129,

  253, 228, 141, 247, 127, 55, 45, 195, 139, 159, 175, 221, 59, 239,

  177, 139, 93, 163, 204, 60, 46, 176, 47, 158, 58, 65, 214, 18, 202,

  173, 21, 145, 18, 115, 160, 95, 35, 185, 232, 56, 250, 175, 132, 157,

  105, 132, 41, 239, 90, 30, 136, 121, 130, 54, 195, 212, 14, 96, 69,

  34, 165, 68, 200, 242, 122, 122, 45, 184, 6, 99, 209, 108, 247, 202,

  234, 86, 222, 64, 92, 178, 33, 90, 69, 178, 194, 85, 102, 181, 90,

  193, 167, 72, 160, 112, 223, 200, 163, 42, 70, 149, 67, 208, 25, 238,

  251, 71]

 

将签名编码为BASE64URL(JWS Signature)会产生以下值(带有换行符,仅用于显示目的):

 cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7

     AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4

     BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K

     0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv

     hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB

     p0igcN_IoypGlUPQGe77Rw

 

将这些值按Header.Payload顺序连接起来。部分之间带有句点('.')字符的签名使用JWS紧凑序列化(仅为显示目的使用换行符)产生这个完整的JWS表示:

eyJhbGciOiJSUzI1NiJ9

     .

     eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt

     cGxlLmNvbS9pc19yb290Ijp0cnVlfQ

     .

     cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7

     AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4

     BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K

     0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv

     hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB

     p0igcN_IoypGlUPQGe77Rw

 

Encoding the signature as BASE64URL(JWS Signature) produces this value (with line breaks for display purposes only):

 cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7

     AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4

     BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K

     0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv

     hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB

     p0igcN_IoypGlUPQGe77Rw

 

Concatenating these values in the order Header.Payload.Signature with period ('.') characters between the parts yields this complete JWS representation using the JWS Compact Serialization (with line breaks for display purposes only):

eyJhbGciOiJSUzI1NiJ9

     .

     eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt

     cGxlLmNvbS9pc19yb290Ijp0cnVlfQ

     .

     cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7

     AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4

     BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K

     0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv

     hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB

     p0igcN_IoypGlUPQGe77Rw

 

A.2.2.  验证(Validating)

 

由于“ alg”标头参数为“ RS256”,因此我们验证了JWS签名中包含的RSASSA-PKCS1-v1_5 SHA-256数字签名。

 

验证JWS签名与前面的示例有一些不同。我们通过公钥(n, e),JWS签名(从JWS表示形式中编码的值解码为base64url)和JWS签名输入(这是JWS紧凑序列化表示形式的初始子字符串,直到但不包括第二个句点字符)传递给已配置为使用SHA-256哈希函数的RSASSA-PKCS1-v1_5签名验证程序。

 

Since the "alg" Header Parameter is "RS256", we validate the RSASSA-PKCS1-v1_5 SHA-256 digital signature contained in the JWS Signature.

 

Validating the JWS Signature is a bit different from the previous example.  We pass the public key (n, e), the JWS Signature (which is base64url decoded from the value encoded in the JWS representation), and the JWS Signing Input (which is the initial substring of the JWS Compact Serialization representation up until but not including the second period character) to an RSASSA-PKCS1-v1_5 signature verifier that has been configured to use the SHA-256 hash function.

 

 附录B“ x5c”(X.509证书链)示例(Appendix B.  "x5c" (X.509 Certificate Chain) Example)

 

 

附录C.关于在没有填充的情况下实现base64url编码的说明(Appendix C.  Notes on Implementing base64url Encoding without Padding)

 

 

附录D.键选择说明( Appendix D.  Notes on Key Selection)

 

 

附录E.“关键”头参数的负测试用例(Appendix E.  Negative Test Case for "crit" Header Parameter )

 

 

附录F.分离的内容(Appendix F.  Detached Content)

 

 

 

 

 

上一篇:iOS - Shell 脚本学习入门


下一篇:20165234《网络对抗技术》Exp0 Kali安装 Week1