| TOC |
|
This specification defines a very simple signing mechanism to be used for JSON. The signature related parameters together with parameters to be signed are made into a JSON envelope. The signature is calculated over the ascii armoured version of the envelope and the result is recorded either as another JSON object or a string concatenated by a period ".".
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 (Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” March 1997.) [RFC2119].
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.”
This Internet-Draft will expire on April 3, 2011.
Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
1.
Definitions
2.
Envelope Structures
3.
Creating Signature
4.
Serialization
4.1.
JSON Serialization
4.2.
Web Token Serialization
5.
Signature Verification
6.
Key Discovery and the Trust
6.1.
Shared key in HMAC-SHA256
6.2.
X.509 Certificates
7.
IANA Considerations
8.
Security Considerations
9.
Acknowledgements
10.
References
10.1.
Normative References
10.2.
Informative References
Appendix A.
An Appendix
§
Authors' Addresses
| TOC |
- Signature
- A digital signature that provably binds a message to a signer's keypair or Hash-based Message Authentication Code that can be used to verify both the data integrity and the authenticity of a message.
- Thumbprint
- A SHA1 of the DER encoded certificate.
- Base64url Encoding
- The URL and Filename safe variant of the base64 encoding as described in RFC4648 (Josefsson, S., “The Base16, Base32, and Base64 Data Encodings,” October 2006.) [RFC4648], section 5.
- HMAC-SHA256
- Hash-based Message Authentication Code using SHA-256 as the hash function.
- RSA-SHA256
- RSASSA-PKCS1-v1_5 signature algorithm from RFC3447 (Jonsson, J. and B. Kaliski, “Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1,” February 2003.) [RFC3447] section 8.2, also known as PKCS#1, using SHA-256 as the hash function for EMSA-PKCS1-v1_5.
| TOC |
JSON Simple Sign Envelope is a JSON object that contains three toplevel parameters, "type", "sig_params", and "payload". All of them are REQUIRED.
Each parameters are JSON object in turn as described below.
Followings are the parameters inside "sig_params".
Following is a non-normative example of such envelope for HMAC-SHA256
{
"http://jsonenc.info/jss/1.0/sig_params": [
{
"key_id": "example.com",
"algorithm": "HMAC-SHA256"
}
],
"oauth_token": "asdfjklsdfjwoIjfk",
"not_after": 12345678,
"user_id": 1223,
"profile_id": 1223
}
Following is a non-normative example of such envelope for RSA-SHA256
{
"http://jsonenc.info/jss/1.0/sig_params": [
{
"certs_uri": "https://example.com/mycerts.pem"
},
{
"algorithm": "RSA-SHA1",
"certs_uri": "https://example.org/mycerts.pem"
}
] ,
"audience": "https://example-client.com/redirect_uri",
"oauth_token": "asdfjklsdfjwoIjfk",
"not_after": 12345678,
"user_id": "1223",
"profile_id": "1223"
}
| TOC |
The basic steps of creating the string with the signature is as follows:
| TOC |
This specification defines two types of serialization
| TOC |
JSON Serialization is done by putting the "signature string" and "ascii armoured payload" into the following JSON Envelop.
Following is the non-normative example. Line breaks are for display purposes only.
{
"type": "http://openid.net/specs/ab/1.0#signed_format",
"data_type": "application/json",
"data": "eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsIjAiOiJwYXlsb2FkIn0",
"sigs": [
"vlXgu64BQGFSQrY0ZcJBZASMvYvTHu9GQ0YM9rjPSso",
"cfXgu64BQGFSQrY0ZcJBZASMvYvTHu9GQ0YM9rjPSso"
]
}
| TOC |
Web Token Serialization is done by concatenating the "signature string" and the "ascii armoured payload" with a period "."(ASCII 0x2E). Note that in Web Token Serialization, only a single signature is supported. If multiple sigantures are used where sig[1], sig[2] etc. are the sequence of the signatures created by the respective keys in the signature parameters, signature strings are concatenated with a perid, and then the "ascii armored payload" is concatinated.
Following is the non-normative example. Line breaks are for display purposes only.
vlXgu64BQGFSQrY0ZcJBZASMvYvTHu9GQ0YM9rjPSso . eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsIjAiOiJwYXlsb2FkIn0
| TOC |
To verify the signature, the verifier MUST have an access to a trusted signature verification key. Trusted key MAY BE established in the following ways:
The verification involves the following steps:
| TOC |
To verify the signature, the trusted key MUST be found by the verifier first. This specification defines three such methods.
| TOC |
When HMAC-SHA256 is specified as the algorithm, the client_secret must be pre-shared by the parties. The exact method of performing such key exchange is out of scope of this specification.
| TOC |
X.509 Certificates are found from the uri in 'certs_uri' field. The uri MUST return a X.509 file in PEM format with "application/x-pem-file" as the mime-type. It MAY contain the certificate chain. The CN of the obtained certificate MUST match the uri found in the 'signer' field. Other attributes in the X.509 certificates SHOULD be checked to verify the validity of the certificates.
| TOC |
This document makes no request of IANA.
| TOC |
Authors strongly recommend against using RSA-SHA1. It is depricated and is there only for backword compatibility.
| TOC |
This specification is heavily influenced by the Magic Signatures (Panzer, J. and B. Laurie, “Magic Signatures,” February 2010.) [magic_signatures] and JSON Token draft specifications.
The authors would like Dirk Balfanz (Google), George Fletcher (AOL), Ryo Ito (Yahoo! Japan), John Panzar (Google), David Recordon (Facebook), Luke Shephard (Facebook), Paul Tarjan (Facebook) for their valuable inputs.
| TOC |
| TOC |
| [RFC2119] | Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” BCP 14, RFC 2119, March 1997 (TXT, HTML, XML). |
| [RFC3447] | Jonsson, J. and B. Kaliski, “Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1,” RFC 3447, February 2003 (TXT). |
| [RFC4648] | Josefsson, S., “The Base16, Base32, and Base64 Data Encodings,” RFC 4648, October 2006 (TXT). |
| TOC |
| [magic_signatures] | Panzer, J. and B. Laurie, “Magic Signatures,” February 2010. |
| TOC |
| TOC |
| John Bradley | |
| Protivity Government Services | |
| Nat Sakimura (Editor) | |
| Nomura Research Institute |