RFC7515- JSON Web Signature (JWS)

摘要(Abstract)

JSON Web签名(JWS)表示使用基于JSON的数据结构由数字签名或消息身份验证代码(MAC)保护的内容。 与本规范一起使用的密码算法和标识符在单独的JSON Web算法(JWA)规范和该规范定义的IANA注册中心中进行了描述。 相关的加密功能在单独的JSON Web加密(JWE)规范中进行了描述。

JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based data structures. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and an IANA registry defined by that specification. Related encryption capabilities are described in the separate JSON Web Encryption (JWE) specification.

1. 简介(Introduction)

JSON Web签名(JWS)表示使用基于JSON的[RFC7159]数据结构通过数字签名或消息身份验证代码(MAC)保护的内容。 JWS密码机制为任意八位字节序列提供完整性保护。 有关数字签名和MAC之间差异的讨论,请参见第10.5节。

为JWSs定义了两个密切相关的序列化。JWS紧凑序列化是一种紧凑的、url安全的表示形式,用于空间受限的环境,如HTTP授权头和URI查询参数。JWS JSON序列化将JWSs表示为JSON对象,并允许对相同的内容应用多个签名和/或mac。两者共享相同的密码基础。

与此规范一起使用的加密算法和标识符在单独的JSON Web算法(JWA) [JWA]规范和该规范定义的IANA注册表中进行了描述。相关的加密功能在单独的JSON Web encryption (JWE) [JWE]规范中描述。

JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based [RFC7159] data structures. The JWS cryptographic mechanisms provide integrity protection for an arbitrary sequence of octets. See Section 10.5 for a discussion on the differences between digital signatures and MACs.

Two closely related serializations for JWSs are defined. The JWS Compact Serialization is a compact, URL-safe representation intended for space-constrained environments such as HTTP Authorization headers and URI query parameters. The JWS JSON Serialization represents JWSs as JSON objects and enables multiple signatures and/or MACs to be applied to the same content. Both share the same cryptographic underpinnings.

Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) [JWA] specification and an IANA registry defined by that specification. Related encryption capabilities are described in the separate JSON Web Encryption (JWE) [JWE] specification.

1.1 符号约定(Notational Conventions)

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “NOT RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in “Key words for use in RFCs to Indicate Requirement Levels” [RFC2119]. The interpretation should only be applied when the terms appear in all capital letters.

BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per Section 2.

UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation of STRING, where STRING is a sequence of zero or more Unicode [UNICODE] characters.

ASCII(STRING) denotes the octets of the ASCII [RFC20] representation of STRING, where STRING is a sequence of zero or more ASCII characters.

The concatenation of two values A and B is denoted as A || B.

2. 专业术语(Terminology)

这些术语由本规范定义:

JSON Web签名(JWS)
表示数字签名或MACed消息的数据结构。
JOSE报头
JSON对象,其中包含描述密码操作和参数的参数。 JOSE(JSON对象签名和加密)报头由一组标头参数组成。
JWS有效负载
要保护的八位字节序列——也就是消息。有效载荷可以包含任意的八位字节序列。
JWS签名
JWS保护的报头和JWS有效负载上的数字签名或MAC。
头部参数
是JOSE标头成员的名称/值对。
JWS保护的标头
包含Header参数的JSON对象,该参数由JWS Signature数字签名或MAC操作进行完整性保护。对于JWS Compact序列化,它包含整个JOSE Header。 对于JWS JSON序列化,这是JOSE标头的组成部分。
JWS未受保护的标头
包含不受完整性保护的标头参数的JSON对象。 仅在使用JWS JSON序列化时才存在。

These terms are defined by this specification: JSON Web Signature (JWS) A data structure representing a digitally signed or MACed message. JOSE Header JSON object containing the parameters describing the cryptographic operations and parameters employed. The JOSE (JSON Object Signing and Encryption) Header is comprised of a set of Header Parameters. JWS Payload The sequence of octets to be secured — a.k.a. the message. The payload can contain an arbitrary sequence of octets. JWS Signature Digital signature or MAC over the JWS Protected Header and the JWS Payload. Header Parameter A name/value pair that is member of the JOSE Header. JWS Protected Header JSON object that contains the Header Parameters that are integrity protected by the JWS Signature digital signature or MAC operation.For the JWS Compact Serialization, this comprises the entire JOSE Header. For the JWS JSON Serialization, this is one component of the JOSE Header. JWS Unprotected Header JSON object that contains the Header Parameters that are not integrity protected. This can only be present when using the JWS JSON Serialization.

3. JSON Web 签名 (JWS) 概述(JSON Web Signature (JWS) Overview)

JWS 表示使用 JSON 数据结构和 base64url 编码的数字签名或 MACed 内容。 根据 RFC 7159[RFC7159] 的第 2 节,这些 JSON 数据结构可以在任何 JSON 值或结构字符之前或之后包含空格和/或换行符。 JWS 表示这些逻辑值(每个值都在第 2 节中定义):

  • JOSE Header
  • JWS Payload
  • JWS Signature

对于 JWS,JOSE Header 成员是这些值的成员的并集(每个值都在第 2 节中定义):

  • JWS Protected Header
  • JWS Unprotected Header

本文档为 JWS 定义了两种序列化:称为 JWS 紧凑序列化的紧凑 URL 安全序列化和称为 JWS JSON 序列化的 JSON 序列化。 在这两种序列化中,JWS Protected Header、JWS Payload 和 JWS Signature 都是 base64url 编码的,因为 JSON 缺乏直接表示任意八位字节序列的方法。

JWS represents digitally signed or MACed content using JSON data structures and base64url encoding. These JSON data structures MAY contain whitespace and/or line breaks before or after any JSON values or structural characters, in accordance with Section 2 of RFC 7159[RFC7159]. A JWS represents these logical values (each of which is defined in Section 2):

  • JOSE Header
  • JWS Payload
  • JWS Signature

For a JWS, the JOSE Header members are the union of the members of these values (each of which is defined in Section 2):

  • JWS Protected Header
  • JWS Unprotected Header

This document defines two serializations for JWSs: a compact, URL- safe serialization called the JWS Compact Serialization and a JSON serialization called the JWS JSON Serialization. In both serializations, the JWS Protected Header, JWS Payload, and JWS Signature are base64url encoded, since JSON lacks a way to directly represent arbitrary octet sequences.

3.1 JWS紧凑序列化概述(JWS Compact Serialization Overview)

3.2 JWS JSON序列化概述(JWS JSON Serialization Overview)

3.3 JWS示例(Example JWS)

本节提供JWS的一个示例。它的计算在附录A.1中有更详细的描述,包括指定表示所使用的JSON值和键值的精确的八位序列。

下面的例子JWS保护报头声明编码的对象是一个JSON Web令牌[JWT], JWS保护报头和JWS有效负载使用HMAC SHA-256 [RFC2104] [SHS]算法进行保护:
{
“typ”:”JWT”,
“alg”:”HS256”
}
将这个JWS保护头编码为BASE64URL(UTF8(JWS保护头))得到以下值:
eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9

以下JSON对象的UTF-8表示形式用作JWS有效负载。 (请注意,有效负载可以是任何内容,而不必是JSON对象的表示。)
{
“iss”:”joe”,
“exp”:1300819380,
http://example.com/is_root":true
}

将此JWS有效负载编码为BASE64URL(JWS Payload)可以得到以下值(带有换行符,仅用于显示目的):
eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ

使用HMAC SHA-256算法,并使用附录A.1和base64url中指定的密钥,计算JWS签名输入ASCII(BASE64URL(UTF8(JWS Protected Header)) || ‘.’ || BASE64URL(JWS Payload)))的HMAC -对结果进行编码将产生以下BASE64URL(JWS Signature)值:
dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk

将这些值按Header.Payload顺序连接起来。部分之间带有句点(‘.’)字符的签名使用JWS紧凑序列化(仅为显示目的使用换行符)产生这个完整的JWS表示:
eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk

请参阅附录A以获得其他示例,包括A.6和A.7小节中使用JWS JSON序列化的示例。

This section provides an example of a JWS. Its computation is described in more detail in Appendix A.1, including specifying the exact octet sequences representing the JSON values used and the key value used.

The following example JWS Protected Header declares that the encoded object is a JSON Web Token [JWT] and the JWS Protected Header and the JWS Payload are secured using the HMAC SHA-256 [RFC2104] [SHS] algorithm: { “typ”:”JWT”, “alg”:”HS256” } Encoding this JWS Protected Header as BASE64URL(UTF8(JWS Protected Header)) gives this value: Encoding this JWS Protected Header as BASE64URL(UTF8(JWS Protected Header)) gives this value: eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9

The UTF-8 representation of the following JSON object is used as the JWS Payload. (Note that the payload can be any content and need not be a representation of a JSON object.) { “iss”:”joe”, “exp”:1300819380, “http://example.com/is_root":true } Encoding this JWS Payload as BASE64URL(JWS Payload) gives this value (with line breaks for display purposes only): eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ

Computing the HMAC of the JWS Signing Input ASCII(BASE64URL(UTF8(JWS Protected Header)) || ‘.’ || BASE64URL(JWS Payload)) with the HMAC SHA-256 algorithm using the key specified in Appendix A.1 and base64url-encoding the result yields this BASE64URL(JWS Signature) value: dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk

Concatenating these values in the order Header.Payload.Signature with period (‘.’) characters between the parts yields this complete JWS representation using the JWS Compact Serialization (with line breaks for display purposes only): eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk

See Appendix A for additional examples, including examples using the JWS JSON Serialization in Sections A.6 and A.7.

4. JOSE头 (JOSE Header)

4.1 注册头参数名(Registered Header Parameter Names)

4.1.1 “alg”(算法)头参数(”alg” (Algorithm) Header Parameter)

4.1.2“jku”(JWK设置URL)报头参数(”jku” (JWK Set URL) Header Parameter )

4.1.3“jwk”(JSON Web Key)头参数(”jwk” (JSON Web Key) Header Parameter)

4.1.4“kid”(Key ID) Header参数(”kid” (Key ID) Header Parameter )

4.1.5 “x5u” (X.509 URL)报头参数(”x5u” (X.509 URL) Header Parameter )

4.1.6“x5c”(X.509证书链)头参数(”x5c” (X.509 Certificate Chain) Header Parameter)

4.1.7 “x5t” (X.509 Certificate SHA-1 Thumbprint)报头参数(”x5t” (X.509 Certificate SHA-1 Thumbprint)Header Parameter )

4.1.8 “x5t#S256” (X.509 Certificate SHA-256 Thumbprint)报头参数(”x5t#S256” (X.509 Certificate SHA-256 Thumbprint) Header Parameter )

4.1.9“typ”(Type)头参数(”typ” (Type) Header Parameter)

JWS应用程序使用“typ”(type)头参数来声明媒体类型[IANA。这个完整的JWS。当包含JWS的应用程序数据结构中可能存在多种对象时,可以使用此方法;应用程序可以使用这个值来消除可能出现的不同类型对象之间的歧义。当对象的类型已经知道时,应用程序通常不会使用它。这个参数被JWS实现忽略;此参数的任何处理都由JWS应用程序执行。这个头参数的使用是可选的。

为了使消息在一般情况下保持紧凑,当媒体类型值中没有其他’/‘出现时,建议生产者省略”typ”头参数中媒体类型值的”application/“前缀。接收方使用媒体类型值时,必须将其视为“application/”前加任何不包含“/”的“typ”值。例如,“示例”的“typ”值应该用来表示“application/example”媒体类型,而媒体类型“application/example;part=”1/2””不能缩写为“example;part=”1/2””。

应用程序可以使用“typ”值“JOSE”来表明该对象是使用JWS紧凑序列化或JWE紧凑序列化的JWS或JWE。“typ”值“JOSE+JSON”可以被应用程序使用JWS JSON序列化或JWE JSON序列化来表示该对象是JWS或JWE。应用程序也可以使用其他类型值。

根据RFC2045 [RFC2045],所有的媒体类型值、子类型值和参数名不区分大小写。但是,参数值是区分大小写的,除非为特定参数指定了其他参数。

The “typ” (type) Header Parameter is used by JWS applications to declare the media type [IANA.MediaTypes] of this complete JWS. This is intended for use by the application when more than one kind of object could be present in an application data structure that can contain a JWS; the application can use this value to disambiguate among the different kinds of objects that might be present. It will typically not be used by applications when the kind of object is already known. This parameter is ignored by JWS implementations; any processing of this parameter is performed by the JWS application. Use of this Header Parameter is OPTIONAL.

To keep messages compact in common situations, it is RECOMMENDED that producers omit an “application/“ prefix of a media type value in a “typ” Header Parameter when no other ‘/‘ appears in the media type value. A recipient using the media type value MUST treat it as if “application/“ were prepended to any “typ” value not containing a ‘/‘. For instance, a “typ” value of “example” SHOULD be used to represent the “application/example” media type, whereas the media type “application/example;part=”1/2”” cannot be shortened to “example;part=”1/2””.

The “typ” value “JOSE” can be used by applications to indicate that this object is a JWS or JWE using the JWS Compact Serialization or the JWE Compact Serialization. The “typ” value “JOSE+JSON” can be used by applications to indicate that this object is a JWS or JWE using the JWS JSON Serialization or the JWE JSON Serialization. Other type values can also be used by applications.

Per RFC 2045 [RFC2045], all media type values, subtype values, and parameter names are case insensitive. However, parameter values are case sensitive unless otherwise specified for the specific parameter.

4.1.10“cty”(内容类型)头参数(”cty” (Content Type) Header Parameter)

4.1.11“crit”(临界)头参数(”crit” (Critical) Header Parameter )


4.2 公共头参数名(Public Header Parameter Names)

4.3私有头参数名(Private Header Parameter Names)

5. 生产和消费JWSs( Producing and Consuming JWSs)

5.1. 消息签名或MAC计算(Message Signature or MAC Computation)

要创建JWS,请执行以下步骤。 在步骤的输入和输出之间没有依赖关系的情况下,步骤的顺序并不重要。

To create a JWS, the following steps are performed. The order of the steps is not significant in cases where there are no dependencies between the inputs and outputs of the steps.

1.创建要用作JWS有效负载的内容。
2.计算编码的有效负载值BASE64URL(JWS Payload)。
3.创建包含所需报头参数集的JSON对象,这些参数集共同组成了JOSE报头(JWS受保护的报头和/或JWS不受保护的报头)。
4. 计算编码的报头值BASE64URL(UTF8(JWS Protected Header))。如果不存在JWS Protected报头(只有在使用JWS JSON序列化且不存在“Protected”成员时才会发生这种情况),将此值设为空字符串。
5.按照为在JWS签名输入ASCII(BASE64URL(UTF8(JWS Protected Header))||’.’|| BASE64URL(JWS Payload))上使用的特定算法定义的方式,计算JWS签名。“alg”(算法)报头参数必须出现在JOSE报头中,算法值准确地表示用于构造JWS签名的算法。
6.计算编码的签名值BASE64URL(JWS Signature)。
7.如果使用的是JWS JSON序列化,则对每个执行的数字签名或MAC操作重复此过程(步骤3-6)。
8.创建所需的序列化输出。 此结果的JWS Compact序列化为BASE64URL(UTF8(JWS Protected Header))|| ‘.’ || BASE64URL(JWS Payload)|| ‘.’ || BASE64URL(JWS签名)。 第7.2节中描述了JWS JSON序列化。

  1. Create the content to be used as the JWS Payload.
  2. Compute the encoded payload value BASE64URL(JWS Payload).
  3. Create the JSON object(s) containing the desired set of Header Parameters, which together comprise the JOSE Header (the JWS Protected Header and/or the JWS Unprotected Header).
  4. Compute the encoded header value BASE64URL(UTF8(JWS Protected Header)). If the JWS Protected Header is not present (which can only happen when using the JWS JSON Serialization and no “protected” member is present), let this value be the empty string.
  5. Compute the JWS Signature in the manner defined for the particular algorithm being used over the JWS Signing Input ASCII(BASE64URL(UTF8(JWS Protected Header)) || ‘.’ || BASE64URL(JWS Payload)). The “alg” (algorithm) Header Parameter MUST be present in the JOSE Header, with the algorithm value accurately representing the algorithm used to construct the JWS Signature.
  6. Compute the encoded signature value BASE64URL(JWS Signature).
    1. If the JWS JSON Serialization is being used, repeat this process (steps 3-6) for each digital signature or MAC operation being performed.
    2. Create the desired serialized output. The JWS Compact Serialization of this result is BASE64URL(UTF8(JWS Protected Header)) || ‘.’ || BASE64URL(JWS Payload) || ‘.’ || BASE64URL(JWS Signature). The JWS JSON Serialization is described in Section 7.2.

5.2 消息签名或MAC验证(Message Signature or MAC Validation)

在验证JWS时,将执行以下步骤。在步骤的输入和输出之间不存在依赖关系的情况下,步骤的顺序并不重要。如果列出的任何步骤失败,则无法验证签名或MAC。

When validating a JWS, the following steps are performed. The order of the steps is not significant in cases where there are no dependencies between the inputs and outputs of the steps. If any of the listed steps fails, then the signature or MAC cannot be validated.

当存在多个JWS签名值时,由应用程序决定哪个JWS签名值必须成功验证才能接受JWS。 在某些情况下,所有组件都必须成功验证,否则JWS将被视为无效。 在其他情况下,仅需要成功验证特定的JWS签名值。 但是,在所有情况下,至少一个JWS签名值必须成功验证,或者必须将JWS视为无效。

When there are multiple JWS Signature values, it is an application decision which of the JWS Signature values must successfully validate for the JWS to be accepted. In some cases, all must successfully validate, or the JWS will be considered invalid. In other cases, only a specific JWS Signature value needs to be successfully validated. However, in all cases, at least one JWS Signature value MUST successfully validate, or the JWS MUST be considered invalid.

  1. 解析JWS表示以提取JWS组件的序列化值。在使用JWS紧凑序列化时,这些组件是受JWS保护的报头、JWS有效负载和JWS签名的base64url编码表示,并且在使用JWS JSON序列化时,这些组件还包括未编码的JWS不受保护的报头值。使用jw紧凑序列化时,jw保护头,jw有效负载,和jw签名依次表示为base64url-encoded值,每个值是分开下由一个时期(“。”),导致两个限定时期人物被使用。JWS JSON序列化在7.2节中描述。
  1. Parse the JWS representation to extract the serialized values for the components of the JWS. When using the JWS Compact Serialization, these components are the base64url-encoded representations of the JWS Protected Header, the JWS Payload, and the JWS Signature, and when using the JWS JSON Serialization, these components also include the unencoded JWS Unprotected Header value. When using the JWS Compact Serialization, the JWS Protected Header, the JWS Payload, and the JWS Signature are represented as base64url-encoded values in that order, with each value being separated from the next by a single period (‘.’) character, resulting in exactly two delimiting period characters being used. The JWS JSON Serialization is described in Section 7.2.

2.在没有使用换行符,空格或其他附加字符的限制下,对Base64url解码JWS受保护头的编码表示形式。

  1. Base64url-decode the encoded representation of the JWS Protected Header, following the restriction that no line breaks, whitespace, or other additional characters have been used.

3.验证生成的八位位组序列是符合RFC 7159 [RFC7159]的完全有效JSON对象的UTF-8编码表示形式; 让JWS Protected Header作为此JSON对象。

  1. Verify that the resulting octet sequence is a UTF-8-encoded representation of a completely valid JSON object conforming to RFC 7159 [RFC7159]; let the JWS Protected Header be this JSON object.

5.3 字符串比较规则(String Comparison Rules)

6. 密钥识别(Key Identification)

7. 序列化(Serializations )

7.1 JWS紧凑序列化(JWS Compact Serialization)

7.2 JWS JSON 序列化(JWS JSON Serialization)

7.2.1 通用JWS JSON序列化语法(General JWS JSON Serialization Syntax)

7.2.2 简化JWS JSON序列化语法(Flattened JWS JSON Serialization Syntax)

8. TLS要求(TLS Requirements)

9. IANA注意事项(IANA Considerations)

9.1 JSON Web签名和加密头(JSON Web Signature and Encryption Header)

9.2 媒体类型注册(Media Type Registration)

10. 安全注意事项(Security Considerations)

11. 参考文献(References)

附录A. JWS示例(Appendix A. JWS Examples)

A.2 使用RSASSA-PKCS1-v1_5 SHA-256的示例JWS(Example JWS Using RSASSA-PKCS1-v1_5 SHA-256)

A.2.1. 编码(Encoding)

完整拼接:
BASE64URL(UTF8(JWS Protected Header)) || ‘.’ || BASE64URL(JWS Payload)|| ‘.’ ||BASE64URL(JWS Signature)

本示例中的JWS受保护标头与上一个示例在两个方面有所不同。 首先,因为使用了不同的算法,所以“ alg”值不同。 其次,仅出于说明目的,未使用可选的“typ”(类型)标头参数。 (此差异与所使用的算法无关。)所使用的JWS受保护标头为:
{“alg”:”RS256”}
在此示例中(使用JSON数组表示法),表示UTF8(JWS保护的标头)的八位字节是:
[123、34、97、108、103、34、58、34、82、83、50、53、54、34、125]
将此JWS保护的标头编码为BASE64URL(UTF8(JWS Protected Header)),得到以下值:
eyJhbGciOiJSUzI1NiJ9

The JWS Protected Header in this example is different from the previous example in two ways. First, because a different algorithm is being used, the “alg” value is different. Second, for illustration purposes only, the optional “typ” (type) Header Parameter is not used. (This difference is not related to the algorithm employed.) The JWS Protected Header used is: {“alg”:”RS256”} The octets representing UTF8(JWS Protected Header) in this example(using JSON array notation) are: [123, 34, 97, 108, 103, 34, 58, 34, 82, 83, 50, 53, 54, 34, 125] Encoding this JWS Protected Header as BASE64URL(UTF8(JWS Protected Header)) gives this value: eyJhbGciOiJSUzI1NiJ9

以下示例中使用的JWS有效负载与上一个示例相同。 由于BASE64URL(JWS Payload)值将因此相同,因此在此不再重复其计算。
{
“iss”:”joe”,
“exp”:1300819380,
http://example.com/is_root":true
}
将它们组合为BASE64URL(UTF8(JWS Protected Header)) || ‘.’ || BASE64URL(JWS Payload)给出以下字符串(带有换行符,仅用于显示目的):
eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ

The JWS Payload used in this example, which follows, is the same as in the previous example. Since the BASE64URL(JWS Payload) value will therefore be the same, its computation is not repeated here. { “iss”:”joe”, “exp”:1300819380, “http://example.com/is_root":true } Combining these as BASE64URL(UTF8(JWS Protected Header)) || ‘.’ || BASE64URL(JWS Payload) gives this string (with line breaks for display purposes only): eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ

得到的JWS签名输入值(上面字符串的ASCII表示形式)是以下八位字节序列:
[101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 83, 85, 122, 73,
49, 78, 105, 74, 57, 46, 101, 121, 74, 112, 99, 51, 77, 105, 79, 105,
74, 113, 98, 50, 85, 105, 76, 65, 48, 75, 73, 67, 74, 108, 101, 72,
65, 105, 79, 106, 69, 122, 77, 68, 65, 52, 77, 84, 107, 122, 79, 68,
65, 115, 68, 81, 111, 103, 73, 109, 104, 48, 100, 72, 65, 54, 76,
121, 57, 108, 101, 71, 70, 116, 99, 71, 120, 108, 76, 109, 78, 118,
98, 83, 57, 112, 99, 49, 57, 121, 98, 50, 57, 48, 73, 106, 112, 48,
99, 110, 86, 108, 102, 81]

The resulting JWS Signing Input value, which is the ASCII representation of above string, is the following octet sequence: [101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 83, 85, 122, 73, 49, 78, 105, 74, 57, 46, 101, 121, 74, 112, 99, 51, 77, 105, 79, 105, 74, 113, 98, 50, 85, 105, 76, 65, 48, 75, 73, 67, 74, 108, 101, 72, 65, 105, 79, 106, 69, 122, 77, 68, 65, 52, 77, 84, 107, 122, 79, 68, 65, 115, 68, 81, 111, 103, 73, 109, 104, 48, 100, 72, 65, 54, 76, 121, 57, 108, 101, 71, 70, 116, 99, 71, 120, 108, 76, 109, 78, 118, 98, 83, 57, 112, 99, 49, 57, 121, 98, 50, 57, 48, 73, 106, 112, 48, 99, 110, 86, 108, 102, 81]

这个例子使用下面JSON Web key [JWK]格式表示的RSA密钥(仅用于显示目的,值中有换行符):
{
“kty”:”RSA”,
“n”:”ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkdwWJcyQoTbji9k0l8W26mPddx
HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs
D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH
SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV
MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8
NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ”,
“e”:”AQAB”,
“d”:”Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97I
jlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0
BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn
439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYT
CBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLh
BOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ”,
“p”:”4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH_5IB3jw3bcxGn6QLvnEtfdUdi
YrqBdss1l58BQ3KhooKeQTa9AB0Hw_Py5PJdTJNPY8cQn7ouZ2KKDcmnPG
BY5t7yLc1QlQ5xHdwW1VhvKn-nXqhJTBgIPgtldC-KDV5z-y2XDwGUc”,
“q”:”uQPEfgmVtjL0Uyyx88GZFF1fOunH3-7cepKmtH4pxhtCoHqpWmT8YAmZxa
ewHgHAjLYsp1ZSe7zFYHj7C6ul7TjeLQeZD_YwD66t62wDmpe_HlB-TnBA
-njbglfIsRLtXlnDzQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdc”,
“dp”:”BwKfV3Akq5_MFZDFZCnW-wzl-CCo83WoZvnLQwCTeDv8uzluRSnm71I3Q
CLdhrqE2e9YkxvuxdBfpT_PI7Yz-FOKnu1R6HsJeDCjn12Sk3vmAktV2zb
34MCdy7cpdTh_YVr7tss2u6vneTwrA86rZtu5Mbr1C1XsmvkxHQAdYo0”,
“dq”:”h_96-mK1R_7glhsum81dZxjTnYynPbZpHziZjeeHcXYsXaaMwkOlODsWa
7I9xXDoRwbKgB719rrmI2oKr6N3Do9U0ajaHF-NKJnwgjMd2w9cjz3-ky
NlxAr2v4IKhGNpmM5iIgOS1VZnOZ68m6_pbLBSp3nssTdlqvd0tIiTHU”,
“qi”:”IYd7DHOhrWvxkwPQsRM2tOgrjbcrfvtQJipd-DlcxyVuuM9sQLdgjVk2o
y26F0EmpScGLq2MowX7fhd_QJQ3ydy5cY7YIBi87w93IKLEdfnbJtoOPLU
W0ITrJReOgo1cq9SbsxYawBgfp_gh6A5603k2-ZQwVK0JKSHuLFkuQ3U”
}

This example uses the RSA key represented in JSON Web Key [JWK] format below (with line breaks within values for display purposes only): { “kty”:”RSA”, “n”:”ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkdwWJcyQoTbji9k0l8W26mPddx HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8 NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ”, “e”:”AQAB”, “d”:”Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97I jlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0 BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn 439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYT CBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLh BOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ”, “p”:”4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH_5IB3jw3bcxGn6QLvnEtfdUdi YrqBdss1l58BQ3KhooKeQTa9AB0Hw_Py5PJdTJNPY8cQn7ouZ2KKDcmnPG BY5t7yLc1QlQ5xHdwW1VhvKn-nXqhJTBgIPgtldC-KDV5z-y2XDwGUc”, “q”:”uQPEfgmVtjL0Uyyx88GZFF1fOunH3-7cepKmtH4pxhtCoHqpWmT8YAmZxa ewHgHAjLYsp1ZSe7zFYHj7C6ul7TjeLQeZD_YwD66t62wDmpe_HlB-TnBA -njbglfIsRLtXlnDzQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdc”, “dp”:”BwKfV3Akq5_MFZDFZCnW-wzl-CCo83WoZvnLQwCTeDv8uzluRSnm71I3Q CLdhrqE2e9YkxvuxdBfpT_PI7Yz-FOKnu1R6HsJeDCjn12Sk3vmAktV2zb 34MCdy7cpdTh_YVr7tss2u6vneTwrA86rZtu5Mbr1C1XsmvkxHQAdYo0”, “dq”:”h_96-mK1R_7glhsum81dZxjTnYynPbZpHziZjeeHcXYsXaaMwkOlODsWa 7I9xXDoRwbKgB719rrmI2oKr6N3Do9U0ajaHF-NKJnwgjMd2w9cjz3-ky NlxAr2v4IKhGNpmM5iIgOS1VZnOZ68m6_pbLBSp3nssTdlqvd0tIiTHU”, “qi”:”IYd7DHOhrWvxkwPQsRM2tOgrjbcrfvtQJipd-DlcxyVuuM9sQLdgjVk2o y26F0EmpScGLq2MowX7fhd_QJQ3ydy5cY7YIBi87w93IKLEdfnbJtoOPLU W0ITrJReOgo1cq9SbsxYawBgfp_gh6A5603k2-ZQwVK0JKSHuLFkuQ3U” }

然后将RSA私钥传递给RSA签名函数,该函数也接受散列类型SHA-256和JWS签名输入作为输入。数字签名的结果是一个八位序列,它表示一个大端整数。在这个例子中,它是:
[112, 46, 33, 137, 67, 232, 143, 209, 30, 181, 216, 45, 191, 120, 69,
243, 65, 6, 174, 27, 129, 255, 247, 115, 17, 22, 173, 209, 113, 125,
131, 101, 109, 66, 10, 253, 60, 150, 238, 221, 115, 162, 102, 62, 81,
102, 104, 123, 0, 11, 135, 34, 110, 1, 135, 237, 16, 115, 249, 69,
229, 130, 173, 252, 239, 22, 216, 90, 121, 142, 232, 198, 109, 219,
61, 184, 151, 91, 23, 208, 148, 2, 190, 237, 213, 217, 217, 112, 7,
16, 141, 178, 129, 96, 213, 248, 4, 12, 167, 68, 87, 98, 184, 31,
190, 127, 249, 217, 46, 10, 231, 111, 36, 242, 91, 51, 187, 230, 244,
74, 230, 30, 177, 4, 10, 203, 32, 4, 77, 62, 249, 18, 142, 212, 1,
48, 121, 91, 212, 189, 59, 65, 238, 202, 208, 102, 171, 101, 25, 129,
253, 228, 141, 247, 127, 55, 45, 195, 139, 159, 175, 221, 59, 239,
177, 139, 93, 163, 204, 60, 46, 176, 47, 158, 58, 65, 214, 18, 202,
173, 21, 145, 18, 115, 160, 95, 35, 185, 232, 56, 250, 175, 132, 157,
105, 132, 41, 239, 90, 30, 136, 121, 130, 54, 195, 212, 14, 96, 69,
34, 165, 68, 200, 242, 122, 122, 45, 184, 6, 99, 209, 108, 247, 202,
234, 86, 222, 64, 92, 178, 33, 90, 69, 178, 194, 85, 102, 181, 90,
193, 167, 72, 160, 112, 223, 200, 163, 42, 70, 149, 67, 208, 25, 238,
251, 71]

The RSA private key is then passed to the RSA signing function, which also takes the hash type, SHA-256, and the JWS Signing Input as inputs. The result of the digital signature is an octet sequence, which represents a big-endian integer. In this example, it is: [112, 46, 33, 137, 67, 232, 143, 209, 30, 181, 216, 45, 191, 120, 69, 243, 65, 6, 174, 27, 129, 255, 247, 115, 17, 22, 173, 209, 113, 125, 131, 101, 109, 66, 10, 253, 60, 150, 238, 221, 115, 162, 102, 62, 81, 102, 104, 123, 0, 11, 135, 34, 110, 1, 135, 237, 16, 115, 249, 69, 229, 130, 173, 252, 239, 22, 216, 90, 121, 142, 232, 198, 109, 219, 61, 184, 151, 91, 23, 208, 148, 2, 190, 237, 213, 217, 217, 112, 7, 16, 141, 178, 129, 96, 213, 248, 4, 12, 167, 68, 87, 98, 184, 31, 190, 127, 249, 217, 46, 10, 231, 111, 36, 242, 91, 51, 187, 230, 244, 74, 230, 30, 177, 4, 10, 203, 32, 4, 77, 62, 249, 18, 142, 212, 1, 48, 121, 91, 212, 189, 59, 65, 238, 202, 208, 102, 171, 101, 25, 129, 253, 228, 141, 247, 127, 55, 45, 195, 139, 159, 175, 221, 59, 239, 177, 139, 93, 163, 204, 60, 46, 176, 47, 158, 58, 65, 214, 18, 202, 173, 21, 145, 18, 115, 160, 95, 35, 185, 232, 56, 250, 175, 132, 157, 105, 132, 41, 239, 90, 30, 136, 121, 130, 54, 195, 212, 14, 96, 69, 34, 165, 68, 200, 242, 122, 122, 45, 184, 6, 99, 209, 108, 247, 202, 234, 86, 222, 64, 92, 178, 33, 90, 69, 178, 194, 85, 102, 181, 90, 193, 167, 72, 160, 112, 223, 200, 163, 42, 70, 149, 67, 208, 25, 238, 251, 71]

将签名编码为BASE64URL(JWS Signature)会产生以下值(带有换行符,仅用于显示目的):
cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7
AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4
BAynRFdiuB—f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K
0GarZRmB_eSN9383LcOLn6_dO—xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv
hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB
p0igcN_IoypGlUPQGe77Rw

将这些值按Header.Payload顺序连接起来。部分之间带有句点(‘.’)字符的签名使用JWS紧凑序列化(仅为显示目的使用换行符)产生这个完整的JWS表示:
eyJhbGciOiJSUzI1NiJ9
.
eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt
cGxlLmNvbS9pc19yb290Ijp0cnVlfQ
.
cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7
AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4
BAynRFdiuB—f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K
0GarZRmB_eSN9383LcOLn6_dO—xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv
hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB
p0igcN_IoypGlUPQGe77Rw

Encoding the signature as BASE64URL(JWS Signature) produces this value (with line breaks for display purposes only): cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7 AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4 BAynRFdiuB—f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K 0GarZRmB_eSN9383LcOLn6_dO—xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB p0igcN_IoypGlUPQGe77Rw

Concatenating these values in the order Header.Payload.Signature with period (‘.’) characters between the parts yields this complete JWS representation using the JWS Compact Serialization (with line breaks for display purposes only): eyJhbGciOiJSUzI1NiJ9 . eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt cGxlLmNvbS9pc19yb290Ijp0cnVlfQ . cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7 AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4 BAynRFdiuB—f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K 0GarZRmB_eSN9383LcOLn6_dO—xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB p0igcN_IoypGlUPQGe77Rw

A.2.2. 验证(Validating)

由于“ alg”标头参数为“ RS256”,因此我们验证了JWS签名中包含的RSASSA-PKCS1-v1_5 SHA-256数字签名。

验证JWS签名与前面的示例有一些不同。我们通过公钥(n, e),JWS签名(从JWS表示形式中编码的值解码为base64url)和JWS签名输入(这是JWS紧凑序列化表示形式的初始子字符串,直到但不包括第二个句点字符)传递给已配置为使用SHA-256哈希函数的RSASSA-PKCS1-v1_5签名验证程序。

Since the “alg” Header Parameter is “RS256”, we validate the RSASSA-PKCS1-v1_5 SHA-256 digital signature contained in the JWS Signature.

Validating the JWS Signature is a bit different from the previous example. We pass the public key (n, e), the JWS Signature (which is base64url decoded from the value encoded in the JWS representation), and the JWS Signing Input (which is the initial substring of the JWS Compact Serialization representation up until but not including the second period character) to an RSASSA-PKCS1-v1_5 signature verifier that has been configured to use the SHA-256 hash function.

附录B“ x5c”(X.509证书链)示例(Appendix B. “x5c” (X.509 Certificate Chain) Example)

附录C.关于在没有填充的情况下实现base64url编码的说明(Appendix C. Notes on Implementing base64url Encoding without Padding)

附录D.键选择说明( Appendix D. Notes on Key Selection)

附录E.“关键”头参数的负测试用例(Appendix E. Negative Test Case for “crit” Header Parameter )

附录F.分离的内容(Appendix F. Detached Content)