JEF
 
JSON Encryption Format
Table of Contents
1. Introduction
2. Sample Object
3. Notation
4. Data Types
5. JEF Objects
encryptedData
keyEncryption
Additional ECDH properties
Additional ECDH+KW properties
Additional RSA encryption properties
publicKey
Additional EC Properties
Additional RSA Properties
6. Operation
7. Security Considerations
Appendix A: Test Vectors
Appendix B: References
Appendix C: Document History
Appendix D: Author
1. Introduction
This document specifies a container formatted in JSON [RFC7159] for holding encrypted binary data, coined JEF (JSON Encryption Format).
JEF was derived from IETF's JWE [RFC7516] specification and supports a subset of the same algorithms [RFC7518]. Public keys are represented as JWK [RFC7517] objects while the encryption container itself utilizes a notation similar to JCS [JCS] in order to maintain a consistent "style" in applications using encryption and signatures, including providing header information in plain text.
The JEF encryption scheme is fully compatible with the ES6 [ES6] JSON/JavaScript serialization and parsing specification.
2. Sample Object
The following sample object is used to visualize the JEF specification:
{
  "algorithm": "A128CBC-HS256",
  "keyEncryption": {
    "algorithm": "ECDH-ES+A256KW",
    "keyId": "20170101:mybank:p256",
    "ephemeralKey": {
      "kty": "EC",
      "crv": "P-256",
      "x": "TuQcAR59JcagARFQpzeLoiLjI2eOb8WNJt0EV7gSC2o",
      "y": "bi9yMtUkg22ZGqvAQYkNSBIdWOqS1ulpVEAX8nr-wKE"
    },
    "encryptedKey": "MO5XPHkU01oMrY2uKDDOne-ldGRLm_fYtKCFLzJ_ettv2b0eiDPbBw"
  },
  "iv": "r0A0EHO03fYdb47D8SDPYg",
  "tag": "17qFCA8E5y9ufRIQHrcphw",
  "cipherText": "H3tCjvQ-fSQpwO969RUStN1wrOoAFkqiiufhE-kO57Q"
}
The sample object can be decrypted by using the EC private key defined in Test Vectors.
3. Notation
JEF containers always start with a top-level JSON object.
JSON objects are described as tables with associated properties. When a property holds a JSON object this is denoted by a link to the actual definition.
Properties may either be mandatory (M) or optional (O) as defined in the "Req" column.
In some JSON objects there is a choice from a set of mutually exclusive alternatives.
This is manifested in object tables like the following:
Property selection 1Type selection 1ReqComment selection 1
Property selection 2Type selection 2Comment selection 2
4. Data Types
The table below shows how the data types used by this specification are mapped into native JSON types:
TypeMappingDescription
stringstringArbitrary string
uristringURI [RFC3986]
byte[]stringBase64URL-encoded [RFC4648] binary data
cryptostringBase64URL-encoded positive integer with arbitrary precision. Note that the value must not contain leading zero-valued bytes
object{}JSON object
5. JEF Objects
The following tables describe the JEF JSON structures in detail.
encryptedData
PropertyTypeReqComment
"version": "http://xmlns.webpki.org/jef/v1"uriOEncryption object version identifier. For future revisions of JEF, this property would be mandatory.
"algorithm": "algorithm"uriMData encryption algorithm. Currently the following JWE [RFC7516] algorithms are recognized:
  • A128CBC-HS256
  • A192CBC-HS384
  • A256CBC-HS512
  • A128GCM
  • A192GCM
  • A256GCM
"keyId": "keyId"stringOIf the keyId property is defined, data is supposed to be encrypted by a specific named (symmetric) key.
"keyEncryption": keyEncryptionobjectIf the keyEncryption property is defined, the (symmetric) encryption key is supposed to be provided in-line, encrypted by a public key.
"iv": "iv"byte[]MInitialization vector.
"tag": "tag"byte[]MAuthentication tag.
"cipherText": "cipherText"byte[]MEncrypted data.
Note that if neither keyId nor keyEncryption are defined, the (symmetric) encryption key is assumed to known by the recipient.
keyEncryption
PropertyTypeReqComment
"version": "http://xmlns.webpki.org/jef/v1"uriOEncryption object version identifier. For future revisions of JEF, this property would be mandatory.
"algorithm": "algorithm"uriMKey encryption algorithm. Currently the following JWE [RFC7516] algorithms are recognized:
Additional ECDH properties
PropertyTypeReqComment
"keyId": "keyId"stringOIf the keyId property is defined, it is supposed to identify the static EC key pair.
"publicKey": publicKeyobjectStatic EC public key.
"ephemeralKey": publicKeyobjectMEphemeral EC public key.
Note that if neither keyId nor publicKey are defined, the static EC key pair to use is assumed to known by the recipient.
Additional ECDH+KW properties
PropertyTypeReqComment
"keyId": "keyId"stringOIf the keyId property is defined, it is supposed to identify the static EC key pair.
"publicKey": publicKeyobjectStatic EC public key.
"ephemeralKey": publicKeyobjectMEphemeral EC public key.
"encryptedKey": "encryptedKey"byte[]MEncrypted symmetric key.
Note that if neither keyId nor publicKey are defined, the static EC key pair to use is assumed to known by the recipient.
Additional RSA encryption properties
PropertyTypeReqComment
"keyId": "keyId"stringOIf the keyId property is defined, it is supposed to identify the RSA key pair.
"publicKey": publicKeyobjectRSA public key.
"encryptedKey": "encryptedKey"byte[]MEncrypted symmetric key.
Note that if neither keyId nor publicKey are defined, the RSA key pair to use is assumed to known by the recipient.
publicKey
PropertyTypeReqComment
"kty": "kty"stringMKey type indicator. Currently the following types are recognized:
This object represents a subset of JWK [RFC7517].
Additional EC Properties
PropertyTypeReqComment
"crv": "crv"stringMEC curve name. The currently recognized EC curves include:
  • P-256
  • P-384
  • P-521
Note: If proprietary curve names are added, they must be expressed as URIs.
"x": "x"byte[]MEC curve point X. The length of this field must be the full size of a coordinate for the curve specified in the crv parameter. For example, if the value of crv is P-521, the decoded argument must be 66 bytes.
"y": "y"byte[]MEC curve point Y. The length of this field must be the full size of a coordinate for the curve specified in the crv parameter. For example, if the value of crv is P-256, the decoded argument must be 32 bytes.
Additional RSA Properties
PropertyTypeReqComment
"n": "n"cryptoMRSA modulus. Also see the crypto data type.
"e": "e"cryptoMRSA exponent. Also see the crypto data type.
6. Operation
Prerequisite: A JSON object in accordance with [RFC7159] containing properly formatted JEF data.
Parsing restrictions:Since JEF uses the same algorithms as JWE [RFC7516] the JWA [RFC7518] reference apply with one important exception: Additional Authenticated Data used by the symmetric ciphers. This difference is due to the way encryption meta-data is formatted. The process for creating Additional Authenticated Data is as follows:Applied on the Sample Object, a conforming JEF Additional Authenticated Data process should return the following JSON string:
{"algorithm":"A128CBC-HS256","keyEncryption":{"algorithm":"ECDH-ES+A256KW","keyId":"20170101:mybank:p256","ephemeralKey"
:{"kty":"EC","crv":"P-256","x":"TuQcAR59JcagARFQpzeLoiLjI2eOb8WNJt0EV7gSC2o","y":"bi9yMtUkg22ZGqvAQYkNSBIdWOqS1ulpVEAX8n
r-wKE"},"encryptedKey":"MO5XPHkU01oMrY2uKDDOne-ldGRLm_fYtKCFLzJ_ettv2b0eiDPbBw"}}
Note that the output string was folded for improving readability.
The Additional Authenticated Data string is subsequently UTF-8 encoded before being applied to the encryption algorithm.
7. Security Considerations
This specification does (to the author's knowledge), not introduce additional vulnerabilities over what is specified for JWE [RFC7516].
Appendix A: Test Vectors
This section holds test data which can be used to verify the correctness of a JEF implementation.
All encryption tests encrypt the string below (after first having converted it to UTF-8):
"Hello encrypted world!"
The Sample Object can be decrypted by the private part of the following EC key in JWK [RFC7517] format:
{
  "kid": "20170101:mybank:p256",
  "kty": "EC",
  "crv": "P-256",
  "x": "_gow8fcS3Dx9z6j57U5q8tunnRBdrgLU9A7CZTYCnqU",
  "y": "bdfJGraBVL5aPj38TG4tHwxpU2VKwG1XBp0wQfCLOFQ",
  "d": "4f5C3onScS-l9MmKlvIbOV_M3jcQ9qOd4RoYFVlJUIo"
}
ECDH encryption object requiring the same private key as in the sample object while using a different set of algorithms both for key encryption and content encryption:
{
  "algorithm": "A128GCM",
  "keyEncryption": {
    "algorithm": "ECDH-ES+A128KW",
    "keyId": "20170101:mybank:p256",
    "ephemeralKey": {
      "kty": "EC",
      "crv": "P-256",
      "x": "O7hnNi_2as62VYv_kaxKf624qhjMrW8_4cY9GomkbDQ",
      "y": "MwcmwdGKabRlWRRDXooradgmmh01t2p6q_0iMcy-9_M"
    },
    "encryptedKey": "9oJgtGF0G6F_8RMId0zDYDoh8l6dFEu7"
  },
  "iv": "CWatej6VY9HlSA_x",
  "tag": "Cnc0c3ZIHgxxQMVKeD-T1Q",
  "cipherText": "a8hnGiJBFIcOI5Bp_sNsFoZq8975lA"
}
ECDH encryption object requiring the same private key as in the sample object while providing the public key information in line, instead of using a keyId:
{
  "algorithm": "A128CBC-HS256",
  "keyEncryption": {
    "algorithm": "ECDH-ES+A256KW",
    "publicKey": {
      "kty": "EC",
      "crv": "P-256",
      "x": "_gow8fcS3Dx9z6j57U5q8tunnRBdrgLU9A7CZTYCnqU",
      "y": "bdfJGraBVL5aPj38TG4tHwxpU2VKwG1XBp0wQfCLOFQ"
    },
    "ephemeralKey": {
      "kty": "EC",
      "crv": "P-256",
      "x": "VbwCZOUh7YqmvYlhNY3Pt78GygAPMw1aJyzR9PXeO_o",
      "y": "L48sh3QRr75n67O6b0viOXZLdcQLrWAQDHJkBSEoUE0"
    },
    "encryptedKey": "68iW8LF0DWc0SpA_wlfi-qIPP_jZq9V5jAQUs-cx7B8Wi59Lu0kXPQ"
  },
  "iv": "JIgOOlyMHYr8PH4kkh8ulQ",
  "tag": "qhX4rp3ybPKoopX7EE4RwQ",
  "cipherText": "p8i9cQ8DQe8i9xmp4UJHnpulGoIikEPq3Z6lYZfEYWY"
}
EC private key for decrypting the subsequent object:
{
  "kid": "20170101:mybank:p384",
  "kty": "EC",
  "crv": "P-384",
  "x": "SxtEVg93j4L2bK7Q8qJDYo6xRvP3p3ptyqmQaYnZRH5Ube2T2RogGMl-HHZRTYMO",
  "y": "Zu8b16lT-c5VstC4H9WA28LvcLleE6auP-A9Dr76uu8MI5YjOGH64MJZFswOX8Vz",
  "d": "PWoaRCsLI8sGkKy9O6yTPx8f0lN6CAYu9jfmlI5YmW6XW9qc6Qd2hz6FsrsZ2cxd"
}
ECDH encryption object requiring the private key above:
{
  "algorithm": "A256CBC-HS512",
  "keyEncryption": {
    "algorithm": "ECDH-ES",
    "publicKey": {
      "kty": "EC",
      "crv": "P-384",
      "x": "SxtEVg93j4L2bK7Q8qJDYo6xRvP3p3ptyqmQaYnZRH5Ube2T2RogGMl-HHZRTYMO",
      "y": "Zu8b16lT-c5VstC4H9WA28LvcLleE6auP-A9Dr76uu8MI5YjOGH64MJZFswOX8Vz"
    },
    "ephemeralKey": {
      "kty": "EC",
      "crv": "P-384",
      "x": "T_1aEuHUoFPQEA1P2MFcH1jT40TXZUIVKzmm3H6R_Pc6ZZ0kn5chZWxF86-gRl_G",
      "y": "cek_NpkO8ySQAzc1C-D9ncE8ORpP1ygTUGWTnnPILgu1JBtdHeyAByw75a5nO0GM"
    }
  },
  "iv": "EtJ0AWimhlt_nPIVM4GemA",
  "tag": "7OW9Kud4UCzmSVd49BX-7D0d0IUg2m8HgjZigbtKMx8",
  "cipherText": "vdzV4bHs0AK0erllAfmJaWkYNNHco7M4Xb_zkisvZcs"
}
EC private key for decrypting the subsequent object:
{
  "kid": "20170101:mybank:p521",
  "kty": "EC",
  "crv": "P-521",
  "x": "AKwELPGw-uyxNNMpqynB-71e-5GNMcLmFM0j0mbyVToRflwlWnXS-iAXxR_nOoWK426QoXlyNieyaWBQdwXrnKfj",
  "y": "AIgLgTCaxgKc461uMwFZ04qdBaVa9Wgy8VLNiHrZkKYL3Q_qmLTa9TKQgRThuCpcqlZFnhMPrPLgb3ev6rqCt0GS",
  "d": "AXfJ2R7ao8c2_gL9porCC1yR90w-R8MZ0HNjXcftOlkBD7njIFj7QAYlljJCkx7M3LJSeo5ha4Dg7mD0V1a_vhqr"
}
ECDH encryption object requiring the private key above:
{
  "algorithm": "A128GCM",
  "keyEncryption": {
    "algorithm": "ECDH-ES+A128KW",
    "publicKey": {
      "kty": "EC",
      "crv": "P-521",
      "x": "AKwELPGw-uyxNNMpqynB-71e-5GNMcLmFM0j0mbyVToRflwlWnXS-iAXxR_nOoWK426QoXlyNieyaWBQdwXrnKfj",
      "y": "AIgLgTCaxgKc461uMwFZ04qdBaVa9Wgy8VLNiHrZkKYL3Q_qmLTa9TKQgRThuCpcqlZFnhMPrPLgb3ev6rqCt0GS"
    },
    "ephemeralKey": {
      "kty": "EC",
      "crv": "P-521",
      "x": "ABsa37aeOWkAqz4-5EeFau-DyUjRexl45PJHzwz_YwpaKlKdj9R7jxkd6ocUyymgQLpxg3JWFsARiyZbdXNa5rcC",
      "y": "AXR89kdk6o057Aw8aIcWTkLy960XyMLrqPiNKDPiGsrfCoB4NqTVsDo0cblr8R_TFCIpwbmTqAoVwHxnRoQOswlD"
    },
    "encryptedKey": "J_K7Xf_mK9rlZ7-K8xobdvBaTmNS_YJM"
  },
  "iv": "KUA4_yOLop5JYu92",
  "tag": "pFdsa-_srsS9V_duf59f7Q",
  "cipherText": "Y2DZ4aCZqdGRk50TODl_XumBsdtx6A"
}
RSA private key for decrypting the subsequent object:
{
  "kid": "20170101:mybank:r2048",
  "kty": "RSA",
  "n": "oBq8_RJIJF9h2dm4r1kjBwv_W-G_YM-clG7GYwGWih3Y22HZnBmMn2Iqf4uXiwty9lICxrdBNcU6b79DY_GmNbA5j16dsuBIqZSq8yMtXfDpC8OS7Dy6OxjFyMZrA4IEqqjvDEmJC5aXoaBD3exECDvsRgB18jNoKyq2CDWgg22wuLz7I0B_T2tM26hPLRw8KfM8pQ1bPUcFn_nUKCrW7Wc2KIWGPwsPmL24VVctzhUWkr-nHuR_RKs2KAff0SYTpWElyEau7AqHiHAOhnPnGOxfb7r6V1AbDx-F95gSDFtoFPRWhNJDng1qHI23UD_7ONTGIK_I4I6y1rf7r26TDQ",
  "e": "AQAB",
  "d": "RbPeW38-ETfFbgavtQdljIfYoLPjkc5RKP4hOLFUTMU5yCkNiDxHUIx4XBb13v8ZCcwikUjvBu3axxPJzxVBe1ZBeP2EQoAKommrEzdZZPChRRHcQSUfHuNmGEbqCBju1y29BOhu1bC2SxNu-IsIA12zO7avosZmr4Rkw6Y1P4Ip67l-9D5KjCcQPfNpSwZzsvXd9AAocpjFZXGOlrjOOnyIblx1IRlyo32_A4PWYniRl_sp26eNr5zGpib_QdU1SrXzuDQcqAmjgiibPeLls7rCvCT1BIBU0MBUzU34dI5lLlMuYWNSNIC6Oa1UYsNoQ1pQHp9H3sy5e0reekN7gQ",
  "p": "99e3Ckt9gVVEpjY4u6Tp9wjC0XPhYqntmq-4JVBIMaMDs87gUC8r7GGFpFfJaImTUxMB0Z442A8gCW7yqS_Xaq6-ddhSalAvb-LaNXpyPEfETNoOoKfa3TMQMe_J9nzv6OcD6Y43CpMOtZLJdrGxtiCytTGhILsAdees91tdw3k",
  "q": "pV_BHdUqnbMTRF8hoYr_f2_9DXe_XYITU1bWlp2Izj8zySuOI4dusrGQIOY8ZFhc-fA_mBICrFlNrPdDv909FP3bJ9MsGrlxsFvLojiiRs4jPcUDqLynOVPrrQ7HWDoMjawfnTGX7LUe8gf-e4yTsq0WXvMCrulBgPG7Sla0MzU",
  "dp": "uVO27Z3RdZq7QMae2cHRqgYFF_Zc_RgwMlFfk5daxLMvG4-AsLT1VUb_VgrG8sKdRaua2pJD01xMCoHKNrUtkfqlNR3TUugu8K1jmkW7klPf98--zGd4A5whahXyobx-8Vt903GiuueIQkJHH9h0GMqOl2tLH1x2VbQt5LGPhZE",
  "dq": "mJ-a1zGYtxpCOeOiYjiqPK7aWMefcWlO9Kc8PJz_WXmzDYKJF_kyDPEbF4HlUqbKiFFWH77fgLiam3tIp5ZDfVAcJtEZ70Ae0KincvvZqIcutx9QlTYnDx2IcJsnFyHb3BRyyNywXeF6wdzm3JeM6GYeM1sLqunTbnGqbJ1AidE",
  "qi": "73MikBETtdyRa37zKeQc-RtPkWhj4HUyQSSNcYyXnCJmPGLt4LFAo2YMp11w7Y_9cOOo5rI3N4LLuGFfOZ9ecCxCP86NUWKY05DrjGnHUvTcmKDlbxEIMnGES0uoykxMoa5-hYjdcd3AgxOQ-EPV6ZipedP0UZmEfNPoZJbKbQc"
}
RSA encryption object requiring the private key above:
{
  "algorithm": "A256GCM",
  "keyEncryption": {
    "algorithm": "RSA-OAEP-256",
    "publicKey": {
      "kty": "RSA",
      "n": "oBq8_RJIJF9h2dm4r1kjBwv_W-G_YM-clG7GYwGWih3Y22HZnBmMn2Iqf4uXiwty9lICxrdBNcU6b79DY_GmNbA5j16dsuBIqZSq8yMtXfDpC8OS7Dy6OxjFyMZrA4IEqqjvDEmJC5aXoaBD3exECDvsRgB18jNoKyq2CDWgg22wuLz7I0B_T2tM26hPLRw8KfM8pQ1bPUcFn_nUKCrW7Wc2KIWGPwsPmL24VVctzhUWkr-nHuR_RKs2KAff0SYTpWElyEau7AqHiHAOhnPnGOxfb7r6V1AbDx-F95gSDFtoFPRWhNJDng1qHI23UD_7ONTGIK_I4I6y1rf7r26TDQ",
      "e": "AQAB"
    },
    "encryptedKey": "W1SK7cTXLI5mWg8zrc633VVEM9PIqAa3jxkMGpVqqvV9BBgiOnpLtokJaoWkbf6otk72-C6tUIL6anuVf7M1EjH5a5xzqnV99PiusfSnEAsflTlYKMRFG-wItYgAo4EkxiZzB8bKhwA8NYA2fOiV0I8R-gZncNlmV2iq4RIKdNKNhXdvzK2VTE9iO0okJCOTEgXFRoieReaoZewsdglFxqnPC1ClJuZr-HKatYI_2hufAugq5_bx1ckB3CMBSGifG8VnQjvv8VGhe2Enlwaan9RgefKI_awVp2d-Gcv7aCp6d5gZdu4fGVkAuG5vsNlAFC0y3X_sVtWM-wo8I2lFIA"
  },
  "iv": "3PfAxawUT6IcXufN",
  "tag": "VlkEtudGlgm5lD6t3tDJDA",
  "cipherText": "ZErCjUxJnqATD0-bNRnnR5ft0x5hsA"
}
RSA encryption object requiring the same private key as in the previous example but relying on that this being implicitly known since the encryption object neither contains a keyId, nor a publicKey property:
{
  "algorithm": "A256GCM",
  "keyEncryption": {
    "algorithm": "RSA-OAEP-256",
    "encryptedKey": "JZKCedhn0csNMGrfQ7knY4bv14HWnbwUmZGH2EgaPpHBs2wadf_q4s0fXWlntP_B2ejQyXaDnUFZbfdSidGzg5PoGaXlnutGtazzgaF1FqDRtfovip9DGqq0OIB_rZZsyFtVQp1CVWLpv68cFJ1RUbyynNcw2aJlLAIJpTjzfzAIuxNooesJU-RBWRMUJGOIdfhgFWCtrlfse05ueeOdsXyi_CL7zudOStkLADa0Je2OQ6OgDLOMahXgWpgN-t9y0w3wI5QuQaF9MjoJoMgNSl9-5U6NuPS4r8EitBFaRGjEY-p81C3odBvXmSA61JKL3g5rpY2HFduKFl-Yfvlkew"
  },
  "iv": "cHShIa38494NwxJn",
  "tag": "DLyMu-HaS5-ltDOLJgODmQ",
  "cipherText": "8XKYBvNSkYvKv3CzwQIQGvCRS_kDAA"
}
RSA encryption object requiring the same private key as in the previous example while using a different set of algorithms both for key encryption and content encryption:
{
  "algorithm": "A128GCM",
  "keyEncryption": {
    "algorithm": "RSA-OAEP",
    "encryptedKey": "W8U7Y6t7Je7UlOmRqi84y49UBtX8NQfGBBsedj_LH0capiyDAt8U9yuBij8yLoRjbwHdiBDPEDtfrfWY19uj2G4_XEBcRRCfrtiizKrsgCdlC5FQel8byEkPMEOgSsZpeVwzzjyd7SCAZG9aUdcbX8iG3wyg7mBhUpgJXC8HBeOeLSdl0Fq6l3SdDxdZ7JYpXLvZY2af1C-8PbHzBMGHyxI2ncUoGerysgGflZ5l1i7vuPpsAtbSN7wv-jmQRNawJ___HRnpeAUB2PV_B0C9XNQFIe9J3FRuQ5fSTqfn_W5uYzkA0AVlr4MQoIwGl2uJPBTDSCljmlVMFYWvsPTvUQ"
  },
  "iv": "vDvjPmGYAjv2-jB5",
  "tag": "_LnV0CZ7ehDtbqurupxZHA",
  "cipherText": "ykDyiibT8OXW-13HtDvcxmdqajkoLQ"
}
AES key named "s128bitkey" here provided in Base64URL notation:
QhI6ZZNgFjrYhHH4wImROw
Encryption object requiring the key above for decryption:
{
  "algorithm": "A128GCM",
  "keyId": "s128bitkey",
  "iv": "qUZbFXlIhd9OsY9x",
  "tag": "YcfPOyDN01pqoJjdj4WqOQ",
  "cipherText": "HaUAhP3GvlOjyuO7D-sWKGp0W67y3Q"
}
AES key named "s256bitkey" here provided in Base64URL notation:
f92FGjudLa_F8NAAMOIrk0OQDNQu3klIVopKLuZVKRo
Encryption object requiring the key above for decryption:
{
  "algorithm": "A128CBC-HS256",
  "keyId": "s256bitkey",
  "iv": "sTDjHH63ExGWVcs03MFULg",
  "tag": "AsM_vPiUUIj-rwJ_dCcUeA",
  "cipherText": "_fibK407sl3X3VFALJ0oCF4ikIH1ozWeqEyXycTW-U8"
}
AES key named "s256bitkey" here provided in Base64URL notation:
f92FGjudLa_F8NAAMOIrk0OQDNQu3klIVopKLuZVKRo
Encryption object requiring the key above for decryption:
{
  "algorithm": "A256GCM",
  "iv": "CRGRzC8gLsUrcOHB",
  "tag": "yUYZY7ntuQTmoNeuuIDvSw",
  "cipherText": "ykgBT6iSNb_j8tkllx436plBRMp7Fw"
}
AES key named "s256bitkey" here provided in Base64URL notation:
f92FGjudLa_F8NAAMOIrk0OQDNQu3klIVopKLuZVKRo
Encryption object requiring the key above for decryption:
{
  "algorithm": "A256GCM",
  "keyId": "s256bitkey",
  "iv": "apTU8Swf_sATDo9H",
  "tag": "6XP0v6objbPvT0v67F5mIg",
  "cipherText": "eJrngb28Ngrjoa1xpkEfOtUVpTA88Q"
}
AES key named "s512bitkey" here provided in Base64URL notation:
g9JulrcaXddnwhXyAe9YhPsD3-Wo7pYS1OPJQuhNRd_cWAHLg3mVjzr2ANaOuhoU6UXJDxZVZx8ELOp7NNUyNg
Encryption object requiring the key above for decryption:
{
  "algorithm": "A256CBC-HS512",
  "keyId": "s512bitkey",
  "iv": "jUBuGiVcmxD68ONGz9suWw",
  "tag": "jbqFh6534qsruUZ5qrbHBBmSnGpuk3mXKbVwjeKqIAg",
  "cipherText": "zPlhvc3l99RVq0iTvE6IKkyQwoMwSCRYK4yXPwiGTGg"
}
Appendix B: References
ReferenceDescription
[ES6]A. Wirfs-Brock, "ECMAScript 2015 Language Specification", ECMA-262, June 2015.
https://www.ecma-international.org/ecma-262/6.0/ECMA-262.pdf
[JCS]A. Rundgren, "JCS - JSON Cleartext Signature", Work in progress, V0.70, May 2017. https://cyberphone.github.io/doc/security/jcs.html
[OPENKEY]"OpenKeyStore Project", https://github.com/cyberphone/openkeystore
[RFC3986]T. Berners-Lee, R. Fielding, L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", RFC 3986, January 2005. https://tools.ietf.org/html/rfc3986
[RFC4648]S. Josefsson, "The Base16, Base32, and Base64 Data Encodings", RFC 4648, October 2006. https://tools.ietf.org/html/rfc4648
[RFC7159]T. Bray, "The JavaScript Object Notation (JSON) Data Interchange Format", RFC 7159, March 2014. https://tools.ietf.org/html/rfc7159
[RFC7516]M. Jones, J. Hildebrand, "JSON Web Encryption (JWE)", RFC 7516, May 2015. https://tools.ietf.org/html/rfc7516
[RFC7517]M. Jones, "JSON Web Key (JWK)", RFC 7517, May 2015. https://tools.ietf.org/html/rfc7517
[RFC7518]M. Jones, "JSON Web Algorithms (JWA)", RFC 7518, May 2015. https://tools.ietf.org/html/rfc7518
Appendix C: Document History
DateVerComment
2016-08-030.3Initial publication in HTML5
2017-04-190.4Changed public keys to use JWK [RFC7517] format
2017-04-250.5Added KW and GCM algorithms
2017-05-150.51Added test vectors and missing RSA-OAEP algorithm
Appendix D: Author
JEF was developed by Anders Rundgren (anders.rundgren.net@gmail.com) as a part of the OpenKeyStore [OPENKEY] project .