Internet Engineering Task Force (IETF)                         M. Miller
Request for Comments: 7520                           Cisco Systems, Inc.
Category: Informational                                         May 2015
ISSN: 2070-1721
        
Internet Engineering Task Force (IETF)                         M. Miller
Request for Comments: 7520                           Cisco Systems, Inc.
Category: Informational                                         May 2015
ISSN: 2070-1721
        

Examples of Protecting Content Using JSON Object Signing and Encryption (JOSE)

使用JSON对象签名和加密(JOSE)保护内容的示例

Abstract

摘要

This document contains a set of examples using JSON Object Signing and Encryption (JOSE) technology to protect data. These examples present a representative sampling of JSON Web Key (JWK) objects as well as various JSON Web Signature (JWS) and JSON Web Encryption (JWE) results given similar inputs.

本文档包含一组使用JSON对象签名和加密(JOE)技术保护数据的示例。这些示例展示了JSON Web密钥(JWK)对象的代表性采样,以及给定类似输入的各种JSON Web签名(JWS)和JSON Web加密(JWE)结果。

Status of This Memo

关于下段备忘

This document is not an Internet Standards Track specification; it is published for informational purposes.

本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7520.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7520.

Copyright Notice

版权公告

Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2015 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1. Introduction ....................................................5
      1.1. Conventions Used in This Document ..........................5
   2. Terminology .....................................................6
   3. JSON Web Key Examples ...........................................6
      3.1. EC Public Key ..............................................6
      3.2. EC Private Key .............................................7
      3.3. RSA Public Key .............................................8
      3.4. RSA Private Key ............................................8
      3.5. Symmetric Key (MAC Computation) ...........................10
      3.6. Symmetric Key (Encryption) ................................11
   4. JSON Web Signature Examples ....................................11
      4.1. RSA v1.5 Signature ........................................12
           4.1.1. Input Factors ......................................12
           4.1.2. Signing Operation ..................................12
           4.1.3. Output Results .....................................13
      4.2. RSA-PSS Signature .........................................15
           4.2.1. Input Factors ......................................15
           4.2.2. Signing Operation ..................................16
           4.2.3. Output Results .....................................17
      4.3. ECDSA Signature ...........................................19
           4.3.1. Input Factors ......................................19
           4.3.2. Signing Operation ..................................19
           4.3.3. Output Results .....................................20
      4.4. HMAC-SHA2 Integrity Protection ............................21
           4.4.1. Input Factors ......................................22
           4.4.2. Signing Operation ..................................22
           4.4.3. Output Results .....................................23
      4.5. Signature with Detached Content ...........................24
           4.5.1. Input Factors ......................................25
           4.5.2. Signing Operation ..................................25
           4.5.3. Output Results .....................................26
      4.6. Protecting Specific Header Fields .........................27
           4.6.1. Input Factors ......................................27
           4.6.2. Signing Operation ..................................27
           4.6.3. Output Results .....................................28
      4.7. Protecting Content Only ...................................29
           4.7.1. Input Factors ......................................30
           4.7.2. Signing Operation ..................................30
           4.7.3. Output Results .....................................31
      4.8. Multiple Signatures .......................................32
           4.8.1. Input Factors ......................................32
           4.8.2. First Signing Operation ............................33
           4.8.3. Second Signing Operation ...........................34
           4.8.4. Third Signing Operation ............................36
           4.8.5. Output Results .....................................37
   5. JSON Web Encryption Examples ...................................39
        
   1. Introduction ....................................................5
      1.1. Conventions Used in This Document ..........................5
   2. Terminology .....................................................6
   3. JSON Web Key Examples ...........................................6
      3.1. EC Public Key ..............................................6
      3.2. EC Private Key .............................................7
      3.3. RSA Public Key .............................................8
      3.4. RSA Private Key ............................................8
      3.5. Symmetric Key (MAC Computation) ...........................10
      3.6. Symmetric Key (Encryption) ................................11
   4. JSON Web Signature Examples ....................................11
      4.1. RSA v1.5 Signature ........................................12
           4.1.1. Input Factors ......................................12
           4.1.2. Signing Operation ..................................12
           4.1.3. Output Results .....................................13
      4.2. RSA-PSS Signature .........................................15
           4.2.1. Input Factors ......................................15
           4.2.2. Signing Operation ..................................16
           4.2.3. Output Results .....................................17
      4.3. ECDSA Signature ...........................................19
           4.3.1. Input Factors ......................................19
           4.3.2. Signing Operation ..................................19
           4.3.3. Output Results .....................................20
      4.4. HMAC-SHA2 Integrity Protection ............................21
           4.4.1. Input Factors ......................................22
           4.4.2. Signing Operation ..................................22
           4.4.3. Output Results .....................................23
      4.5. Signature with Detached Content ...........................24
           4.5.1. Input Factors ......................................25
           4.5.2. Signing Operation ..................................25
           4.5.3. Output Results .....................................26
      4.6. Protecting Specific Header Fields .........................27
           4.6.1. Input Factors ......................................27
           4.6.2. Signing Operation ..................................27
           4.6.3. Output Results .....................................28
      4.7. Protecting Content Only ...................................29
           4.7.1. Input Factors ......................................30
           4.7.2. Signing Operation ..................................30
           4.7.3. Output Results .....................................31
      4.8. Multiple Signatures .......................................32
           4.8.1. Input Factors ......................................32
           4.8.2. First Signing Operation ............................33
           4.8.3. Second Signing Operation ...........................34
           4.8.4. Third Signing Operation ............................36
           4.8.5. Output Results .....................................37
   5. JSON Web Encryption Examples ...................................39
        
      5.1. Key Encryption Using RSA v1.5 and AES-HMAC-SHA2 ...........39
           5.1.1. Input Factors ......................................39
           5.1.2. Generated Factors ..................................41
           5.1.3. Encrypting the Key .................................41
           5.1.4. Encrypting the Content .............................42
           5.1.5. Output Results .....................................43
      5.2. Key Encryption Using RSA-OAEP with AES-GCM ................45
           5.2.1. Input Factors ......................................46
           5.2.2. Generated Factors ..................................47
           5.2.3. Encrypting the Key .................................48
           5.2.4. Encrypting the Content .............................48
           5.2.5. Output Results .....................................49
      5.3. Key Wrap Using PBES2-AES-KeyWrap with AES-CBC-HMAC-SHA2 ...52
           5.3.1. Input Factors ......................................53
           5.3.2. Generated Factors ..................................54
           5.3.3. Encrypting the Key .................................54
           5.3.4. Encrypting the Content .............................55
           5.3.5. Output Results .....................................56
      5.4. Key Agreement with Key Wrapping Using ECDH-ES and
           AES-KeyWrap with AES-GCM ..................................59
           5.4.1. Input Factors ......................................59
           5.4.2. Generated Factors ..................................60
           5.4.3. Encrypting the Key .................................60
           5.4.4. Encrypting the Content .............................61
           5.4.5. Output Results .....................................63
      5.5. Key Agreement Using ECDH-ES with AES-CBC-HMAC-SHA2 ........65
           5.5.1. Input Factors ......................................66
           5.5.2. Generated Factors ..................................66
           5.5.3. Key Agreement ......................................67
           5.5.4. Encrypting the Content .............................67
           5.5.5. Output Results .....................................68
      5.6. Direct Encryption Using AES-GCM ...........................70
           5.6.1. Input Factors ......................................70
           5.6.2. Generated Factors ..................................70
           5.6.3. Encrypting the Content .............................71
           5.6.4. Output Results .....................................72
      5.7. Key Wrap Using AES-GCM KeyWrap with AES-CBC-HMAC-SHA2 .....73
           5.7.1. Input Factors ......................................73
           5.7.2. Generated Factors ..................................74
           5.7.3. Encrypting the Key .................................74
           5.7.4. Encrypting the Content .............................75
           5.7.5. Output Results .....................................77
      5.8. Key Wrap Using AES-KeyWrap with AES-GCM ...................79
           5.8.1. Input Factors ......................................79
           5.8.2. Generated Factors ..................................80
           5.8.3. Encrypting the Key .................................80
           5.8.4. Encrypting the Content .............................80
           5.8.5. Output Results .....................................82
        
      5.1. Key Encryption Using RSA v1.5 and AES-HMAC-SHA2 ...........39
           5.1.1. Input Factors ......................................39
           5.1.2. Generated Factors ..................................41
           5.1.3. Encrypting the Key .................................41
           5.1.4. Encrypting the Content .............................42
           5.1.5. Output Results .....................................43
      5.2. Key Encryption Using RSA-OAEP with AES-GCM ................45
           5.2.1. Input Factors ......................................46
           5.2.2. Generated Factors ..................................47
           5.2.3. Encrypting the Key .................................48
           5.2.4. Encrypting the Content .............................48
           5.2.5. Output Results .....................................49
      5.3. Key Wrap Using PBES2-AES-KeyWrap with AES-CBC-HMAC-SHA2 ...52
           5.3.1. Input Factors ......................................53
           5.3.2. Generated Factors ..................................54
           5.3.3. Encrypting the Key .................................54
           5.3.4. Encrypting the Content .............................55
           5.3.5. Output Results .....................................56
      5.4. Key Agreement with Key Wrapping Using ECDH-ES and
           AES-KeyWrap with AES-GCM ..................................59
           5.4.1. Input Factors ......................................59
           5.4.2. Generated Factors ..................................60
           5.4.3. Encrypting the Key .................................60
           5.4.4. Encrypting the Content .............................61
           5.4.5. Output Results .....................................63
      5.5. Key Agreement Using ECDH-ES with AES-CBC-HMAC-SHA2 ........65
           5.5.1. Input Factors ......................................66
           5.5.2. Generated Factors ..................................66
           5.5.3. Key Agreement ......................................67
           5.5.4. Encrypting the Content .............................67
           5.5.5. Output Results .....................................68
      5.6. Direct Encryption Using AES-GCM ...........................70
           5.6.1. Input Factors ......................................70
           5.6.2. Generated Factors ..................................70
           5.6.3. Encrypting the Content .............................71
           5.6.4. Output Results .....................................72
      5.7. Key Wrap Using AES-GCM KeyWrap with AES-CBC-HMAC-SHA2 .....73
           5.7.1. Input Factors ......................................73
           5.7.2. Generated Factors ..................................74
           5.7.3. Encrypting the Key .................................74
           5.7.4. Encrypting the Content .............................75
           5.7.5. Output Results .....................................77
      5.8. Key Wrap Using AES-KeyWrap with AES-GCM ...................79
           5.8.1. Input Factors ......................................79
           5.8.2. Generated Factors ..................................80
           5.8.3. Encrypting the Key .................................80
           5.8.4. Encrypting the Content .............................80
           5.8.5. Output Results .....................................82
        
      5.9. Compressed Content ........................................84
           5.9.1. Input Factors ......................................84
           5.9.2. Generated Factors ..................................84
           5.9.3. Encrypting the Key .................................85
           5.9.4. Encrypting the Content .............................85
           5.9.5. Output Results .....................................86
      5.10. Including Additional Authenticated Data ..................88
           5.10.1. Input Factors .....................................88
           5.10.2. Generated Factors .................................89
           5.10.3. Encrypting the Key ................................90
           5.10.4. Encrypting the Content ............................90
           5.10.5. Output Results ....................................91
      5.11. Protecting Specific Header Fields ........................93
           5.11.1. Input Factors .....................................93
           5.11.2. Generated Factors .................................94
           5.11.3. Encrypting the Key ................................94
           5.11.4. Encrypting the Content ............................94
           5.11.5. Output Results ....................................95
      5.12. Protecting Content Only ..................................97
           5.12.1. Input Factors .....................................97
           5.12.2. Generated Factors .................................98
           5.12.3. Encrypting the Key ................................98
           5.12.4. Encrypting the Content ............................98
           5.12.5. Output Results ....................................99
      5.13. Encrypting to Multiple Recipients .......................101
           5.13.1. Input Factors ....................................101
           5.13.2. Generated Factors ................................101
           5.13.3. Encrypting the Key to the First Recipient ........102
           5.13.4. Encrypting the Key to the Second Recipient .......103
           5.13.5. Encrypting the Key to the Third Recipient ........105
           5.13.6. Encrypting the Content ...........................106
           5.13.7. Output Results ...................................108
   6. Nesting Signatures and Encryption .............................110
      6.1. Signing Input Factors ....................................110
      6.2. Signing Operation ........................................112
      6.3. Signing Output ...........................................112
      6.4. Encryption Input Factors .................................113
      6.5. Encryption Generated Factors .............................113
      6.6. Encrypting the Key .......................................114
      6.7. Encrypting the Content ...................................114
      6.8. Encryption Output ........................................115
   7. Security Considerations .......................................119
   8. References ....................................................119
      8.1. Normative References .....................................119
      8.2. Informative References ...................................120
   Acknowledgements .................................................120
   Author's Address .................................................120
        
      5.9. Compressed Content ........................................84
           5.9.1. Input Factors ......................................84
           5.9.2. Generated Factors ..................................84
           5.9.3. Encrypting the Key .................................85
           5.9.4. Encrypting the Content .............................85
           5.9.5. Output Results .....................................86
      5.10. Including Additional Authenticated Data ..................88
           5.10.1. Input Factors .....................................88
           5.10.2. Generated Factors .................................89
           5.10.3. Encrypting the Key ................................90
           5.10.4. Encrypting the Content ............................90
           5.10.5. Output Results ....................................91
      5.11. Protecting Specific Header Fields ........................93
           5.11.1. Input Factors .....................................93
           5.11.2. Generated Factors .................................94
           5.11.3. Encrypting the Key ................................94
           5.11.4. Encrypting the Content ............................94
           5.11.5. Output Results ....................................95
      5.12. Protecting Content Only ..................................97
           5.12.1. Input Factors .....................................97
           5.12.2. Generated Factors .................................98
           5.12.3. Encrypting the Key ................................98
           5.12.4. Encrypting the Content ............................98
           5.12.5. Output Results ....................................99
      5.13. Encrypting to Multiple Recipients .......................101
           5.13.1. Input Factors ....................................101
           5.13.2. Generated Factors ................................101
           5.13.3. Encrypting the Key to the First Recipient ........102
           5.13.4. Encrypting the Key to the Second Recipient .......103
           5.13.5. Encrypting the Key to the Third Recipient ........105
           5.13.6. Encrypting the Content ...........................106
           5.13.7. Output Results ...................................108
   6. Nesting Signatures and Encryption .............................110
      6.1. Signing Input Factors ....................................110
      6.2. Signing Operation ........................................112
      6.3. Signing Output ...........................................112
      6.4. Encryption Input Factors .................................113
      6.5. Encryption Generated Factors .............................113
      6.6. Encrypting the Key .......................................114
      6.7. Encrypting the Content ...................................114
      6.8. Encryption Output ........................................115
   7. Security Considerations .......................................119
   8. References ....................................................119
      8.1. Normative References .....................................119
      8.2. Informative References ...................................120
   Acknowledgements .................................................120
   Author's Address .................................................120
        
1. Introduction
1. 介绍

The JSON Object Signing and Encryption (JOSE) technologies -- JSON Web Signature [JWS], JSON Web Encryption [JWE], JSON Web Key [JWK], and JSON Web Algorithms [JWA] -- can be used collectively to encrypt and/or sign content using a variety of algorithms. While the full set of permutations is extremely large, and might be daunting to some, it is expected that most applications will only use a small set of algorithms to meet their needs.

JSON对象签名和加密(JOSE)技术——JSON Web签名[JWS]、JSON Web加密[JWE]、JSON Web密钥[JWK]和JSON Web算法[JWA]——可共同用于使用各种算法对内容进行加密和/或签名。虽然全套排列非常庞大,可能会让一些人望而生畏,但预计大多数应用程序只会使用一小部分算法来满足其需求。

This document provides a number of examples of signing or encrypting content using JOSE. While not exhaustive, it does compile a representative sampling of JOSE features. As much as possible, the same signature payload or encryption plaintext content is used to illustrate differences in various signing and encryption results.

本文档提供了许多使用JOSE对内容进行签名或加密的示例。虽然并非详尽无遗,但它确实汇编了具有代表性的特征样本。尽可能使用相同的签名有效负载或加密明文内容来说明各种签名和加密结果的差异。

This document also provides a number of example JWK objects. These examples illustrate the distinguishing properties of various key types and emphasize important characteristics. Most of the JWK examples are then used in the signature or encryption examples that follow.

本文档还提供了许多示例JWK对象。这些示例说明了各种键类型的区别特性,并强调了重要特征。然后,大多数JWK示例将在下面的签名或加密示例中使用。

All of the examples contained herein are available in a machine-readable format at <https://github.com/ietf-jose/cookbook>.

本文中包含的所有示例均以机器可读格式提供<https://github.com/ietf-jose/cookbook>.

1.1. Conventions Used in This Document
1.1. 本文件中使用的公约

This document separates data that are expected to be input to an implementation of JOSE from data that are expected to be generated by an implementation of JOSE. Each example, wherever possible, provides enough information both to replicate the results of this document and to validate the results by running its inverse operation (e.g., signature results can be validated by performing the JWS verify). However, some algorithms inherently use random data; therefore, computations employing them cannot be exactly replicated. Such cases are explicitly stated in the relevant sections.

本文档将预期输入到JOSE实现的数据与预期由JOSE实现生成的数据分开。每个示例(只要可能)都提供了足够的信息来复制本文档的结果,并通过运行其反向操作来验证结果(例如,可以通过执行JWS验证来验证签名结果)。然而,一些算法固有地使用随机数据;因此,使用它们的计算无法精确复制。相关章节中明确说明了此类情况。

All instances of binary octet strings are represented using base64url [RFC4648] encoding.

二进制八位字符串的所有实例都使用base64url[RFC4648]编码表示。

Wherever possible and unless otherwise noted, the examples include the JWS or JWE Compact Serialization, general JWS or JWE JSON Serialization, and flattened JWS or JWE JSON Serialization.

如果可能,除非另有说明,示例包括JWS或JWE压缩序列化、通用JWS或JWE JSON序列化以及扁平化JWS或JWE JSON序列化。

All of the examples in this document have whitespace added to improve formatting and readability. Except for JWE Plaintext or JWS Payload content, whitespace is not part of the cryptographic operations nor the exchange results.

本文档中的所有示例都添加了空格,以改进格式和可读性。除了JWE明文或JWS有效负载内容外,空白不是加密操作的一部分,也不是交换结果。

Unless otherwise noted, the JWE Plaintext or JWS Payload content does include " " (U+0020 SPACE) characters. Line breaks (U+000A LINE FEED) replace some " " (U+0020 SPACE) characters to improve readability but are not present in the JWE Plaintext or JWS Payload.

除非另有说明,否则JWE明文或JWS有效负载内容不包括“”(U+0020空格)字符。换行符(U+000A换行符)替换某些“”(U+0020空格)字符以提高可读性,但JWE明文或JWS负载中不存在这些字符。

2. Terminology
2. 术语

This document inherits terminology regarding JSON Web Signature (JWS) technology from [JWS], terminology regarding JSON Web Encryption (JWE) technology from [JWE], terminology regarding JSON Web Key (JWK) technology from [JWK], and terminology regarding algorithms from [JWA].

本文档继承了[JWS]关于JSON Web签名(JWS)技术的术语、[JWE]关于JSON Web加密(JWE)技术的术语、[JWK]关于JSON Web密钥(JWK)技术的术语以及[JWA]关于算法的术语。

3. JSON Web Key Examples
3. JSON Web密钥示例

The following sections demonstrate how to represent various JWK and JWK Set objects.

以下部分演示如何表示各种JWK和JWK集对象。

3.1. EC Public Key
3.1. EC公钥

This example illustrates an Elliptic Curve (EC) public key. This example is the public key corresponding to the private key in Figure 2.

此示例演示了椭圆曲线(EC)公钥。此示例是与图2中的私钥对应的公钥。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

   {
     "kty": "EC",
     "kid": "bilbo.baggins@hobbiton.example",
     "use": "sig",
     "crv": "P-521",
     "x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9
         A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
     "y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVy
         SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1"
   }
        
   {
     "kty": "EC",
     "kid": "bilbo.baggins@hobbiton.example",
     "use": "sig",
     "crv": "P-521",
     "x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9
         A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
     "y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVy
         SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1"
   }
        

Figure 1: Elliptic Curve P-521 Public Key

图1:椭圆曲线P-521公钥

The field "kty" value of "EC" identifies this as an Elliptic Curve key. The field "crv" identifies the curve, which is curve P-521 for this example. The values of the fields "x" and "y" are the base64url-encoded X and Y coordinates (respectively).

“EC”的字段“kty”值将其标识为椭圆曲线密钥。字段“crv”标识曲线,本例中为曲线P-521。字段“x”和“y”的值分别是base64url编码的x和y坐标。

The values of the fields "x" and "y" decoded are the octets necessary to represent each full coordinate to the order of the curve. For a key over curve P-521, the values of the fields "x" and "y" are exactly 66 octets in length when decoded, padded with leading zero (0x00) octets to reach the expected length.

解码的字段“x”和“y”的值是表示曲线顺序的每个完整坐标所需的八位字节。对于曲线P-521上的键,字段“x”和“y”的值在解码时的长度正好为66个八位字节,用前导零(0x00)八位字节填充以达到预期长度。

3.2. EC Private Key
3.2. EC私钥

This example illustrates an Elliptic Curve private key. This example is the private key corresponding to the public key in Figure 1.

此示例演示了椭圆曲线私钥。此示例是与图1中的公钥对应的私钥。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

   {
     "kty": "EC",
     "kid": "bilbo.baggins@hobbiton.example",
     "use": "sig",
     "crv": "P-521",
     "x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9
         A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
     "y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVy
         SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1",
     "d": "AAhRON2r9cqXX1hg-RoI6R1tX5p2rUAYdmpHZoC1XNM56KtscrX6zb
         KipQrCW9CGZH3T4ubpnoTKLDYJ_fF3_rJt"
   }
        
   {
     "kty": "EC",
     "kid": "bilbo.baggins@hobbiton.example",
     "use": "sig",
     "crv": "P-521",
     "x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9
         A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
     "y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVy
         SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1",
     "d": "AAhRON2r9cqXX1hg-RoI6R1tX5p2rUAYdmpHZoC1XNM56KtscrX6zb
         KipQrCW9CGZH3T4ubpnoTKLDYJ_fF3_rJt"
   }
        

Figure 2: Elliptic Curve P-521 Private Key

图2:椭圆曲线P-521私钥

The field "kty" value of "EC" identifies this as an Elliptic Curve key. The field "crv" identifies the curve, which is curve P-521 (also known as SECG curve secp521r1) for this example. The values of the fields "x" and "y" are the base64url-encoded X and Y coordinates (respectively). The field "d" value is the base64url-encoded private key.

“EC”的字段“kty”值将其标识为椭圆曲线密钥。字段“crv”标识曲线,本例中为曲线P-521(也称为SECG曲线secp521r1)。字段“x”和“y”的值分别是base64url编码的x和y坐标。字段“d”值是base64url编码的私钥。

The values of the fields "d", "x", and "y" decoded are the octets necessary to represent the private key or each full coordinate (respectively) to the order of the curve. For a key over curve P-521, the values of the "d", "x", and "y" fields are each exactly 66 octets in length when decoded, padded with leading zero (0x00) octets to reach the expected length.

解码的字段“d”、“x”和“y”的值是表示私钥或曲线顺序的每个完整坐标(分别)所需的八位字节。对于曲线P-521上的键,“d”、“x”和“y”字段的值在解码时的长度均为66个八位字节,用前导零(0x00)八位字节填充以达到预期长度。

3.3. RSA Public Key
3.3. RSA公钥

This example illustrates an RSA public key. This example is the public key corresponding to the private key in Figure 4.

此示例演示了RSA公钥。此示例是与图4中的私钥对应的公钥。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

   {
     "kty": "RSA",
     "kid": "bilbo.baggins@hobbiton.example",
     "use": "sig",
     "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT
         -O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqV
         wGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-
         oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde
         3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuC
         LqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5g
         HdrNP5zw",
     "e": "AQAB"
   }
        
   {
     "kty": "RSA",
     "kid": "bilbo.baggins@hobbiton.example",
     "use": "sig",
     "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT
         -O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqV
         wGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-
         oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde
         3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuC
         LqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5g
         HdrNP5zw",
     "e": "AQAB"
   }
        

Figure 3: RSA 2048-Bit Public Key

图3:RSA 2048位公钥

The field "kty" value of "RSA" identifies this as an RSA key. The fields "n" and "e" values are the modulus and (public) exponent (respectively) using the minimum octets necessary.

“RSA”的字段“kty”值将其标识为RSA密钥。字段“n”和“e”值分别是使用所需最小八位字节的模数和(公共)指数。

For a 2048-bit key, the field "n" value is 256 octets in length when decoded.

对于2048位密钥,解码时字段“n”值的长度为256个八位字节。

3.4. RSA Private Key
3.4. 私钥

This example illustrates an RSA private key. This example is the private key corresponding to the public key in Figure 3.

此示例演示了RSA私钥。此示例是与图3中的公钥对应的私钥。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

   {
     "kty": "RSA",
     "kid": "bilbo.baggins@hobbiton.example",
     "use": "sig",
     "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT
         -O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqV
         wGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-
         oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde
         3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuC
         LqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5g
         HdrNP5zw",
     "e": "AQAB",
     "d": "bWUC9B-EFRIo8kpGfh0ZuyGPvMNKvYWNtB_ikiH9k20eT-O1q_I78e
         iZkpXxXQ0UTEs2LsNRS-8uJbvQ-A1irkwMSMkK1J3XTGgdrhCku9gRld
         Y7sNA_AKZGh-Q661_42rINLRCe8W-nZ34ui_qOfkLnK9QWDDqpaIsA-b
         MwWWSDFu2MUBYwkHTMEzLYGqOe04noqeq1hExBTHBOBdkMXiuFhUq1BU
         6l-DqEiWxqg82sXt2h-LMnT3046AOYJoRioz75tSUQfGCshWTBnP5uDj
         d18kKhyv07lhfSJdrPdM5Plyl21hsFf4L_mHCuoFau7gdsPfHPxxjVOc
         OpBrQzwQ",
     "p": "3Slxg_DwTXJcb6095RoXygQCAZ5RnAvZlno1yhHtnUex_fp7AZ_9nR
         aO7HX_-SFfGQeutao2TDjDAWU4Vupk8rw9JR0AzZ0N2fvuIAmr_WCsmG
         peNqQnev1T7IyEsnh8UMt-n5CafhkikzhEsrmndH6LxOrvRJlsPp6Zv8
         bUq0k",
     "q": "uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs6grT
         8bR_cu0Dm1MZwWmtdqDyI95HrUeq3MP15vMMON8lHTeZu2lmKvwqW7an
         V5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxHlSqAZ192zB3pVFJ0
         s7pFc",
     "dp": "B8PVvXkvJrj2L-GYQ7v3y9r6Kw5g9SahXBwsWUzp19TVlgI-YV85q
         1NIb1rxQtD-IsXXR3-TanevuRPRt5OBOdiMGQp8pbt26gljYfKU_E9xn
         -RULHz0-ed9E9gXLKD4VGngpz-PfQ_q29pk5xWHoJp009Qf1HvChixRX
         59ehik",
     "dq": "CLDmDGduhylc9o7r84rEUVn7pzQ6PF83Y-iBZx5NT-TpnOZKF1pEr
         AMVeKzFEl41DlHHqqBLSM0W1sOFbwTxYWZDm6sI6og5iTbwQGIC3gnJK
         bi_7k_vJgGHwHxgPaX2PnvP-zyEkDERuf-ry4c_Z11Cq9AqC2yeL6kdK
         T1cYF8",
     "qi": "3PiqvXQN0zwMeE-sBvZgi289XP9XCQF3VWqPzMKnIgQp7_Tugo6-N
         ZBKCQsMf3HaEGBjTVJs_jcK8-TRXvaKe-7ZMaQj8VfBdYkssbu0NKDDh
         jJ-GtiseaDVWt7dcH0cfwxgFUHpQh7FoCrjFJ6h6ZEpMF6xmujs4qMpP
         z8aaI4"
   }
        
   {
     "kty": "RSA",
     "kid": "bilbo.baggins@hobbiton.example",
     "use": "sig",
     "n": "n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT
         -O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqV
         wGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-
         oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde
         3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuC
         LqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5g
         HdrNP5zw",
     "e": "AQAB",
     "d": "bWUC9B-EFRIo8kpGfh0ZuyGPvMNKvYWNtB_ikiH9k20eT-O1q_I78e
         iZkpXxXQ0UTEs2LsNRS-8uJbvQ-A1irkwMSMkK1J3XTGgdrhCku9gRld
         Y7sNA_AKZGh-Q661_42rINLRCe8W-nZ34ui_qOfkLnK9QWDDqpaIsA-b
         MwWWSDFu2MUBYwkHTMEzLYGqOe04noqeq1hExBTHBOBdkMXiuFhUq1BU
         6l-DqEiWxqg82sXt2h-LMnT3046AOYJoRioz75tSUQfGCshWTBnP5uDj
         d18kKhyv07lhfSJdrPdM5Plyl21hsFf4L_mHCuoFau7gdsPfHPxxjVOc
         OpBrQzwQ",
     "p": "3Slxg_DwTXJcb6095RoXygQCAZ5RnAvZlno1yhHtnUex_fp7AZ_9nR
         aO7HX_-SFfGQeutao2TDjDAWU4Vupk8rw9JR0AzZ0N2fvuIAmr_WCsmG
         peNqQnev1T7IyEsnh8UMt-n5CafhkikzhEsrmndH6LxOrvRJlsPp6Zv8
         bUq0k",
     "q": "uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs6grT
         8bR_cu0Dm1MZwWmtdqDyI95HrUeq3MP15vMMON8lHTeZu2lmKvwqW7an
         V5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxHlSqAZ192zB3pVFJ0
         s7pFc",
     "dp": "B8PVvXkvJrj2L-GYQ7v3y9r6Kw5g9SahXBwsWUzp19TVlgI-YV85q
         1NIb1rxQtD-IsXXR3-TanevuRPRt5OBOdiMGQp8pbt26gljYfKU_E9xn
         -RULHz0-ed9E9gXLKD4VGngpz-PfQ_q29pk5xWHoJp009Qf1HvChixRX
         59ehik",
     "dq": "CLDmDGduhylc9o7r84rEUVn7pzQ6PF83Y-iBZx5NT-TpnOZKF1pEr
         AMVeKzFEl41DlHHqqBLSM0W1sOFbwTxYWZDm6sI6og5iTbwQGIC3gnJK
         bi_7k_vJgGHwHxgPaX2PnvP-zyEkDERuf-ry4c_Z11Cq9AqC2yeL6kdK
         T1cYF8",
     "qi": "3PiqvXQN0zwMeE-sBvZgi289XP9XCQF3VWqPzMKnIgQp7_Tugo6-N
         ZBKCQsMf3HaEGBjTVJs_jcK8-TRXvaKe-7ZMaQj8VfBdYkssbu0NKDDh
         jJ-GtiseaDVWt7dcH0cfwxgFUHpQh7FoCrjFJ6h6ZEpMF6xmujs4qMpP
         z8aaI4"
   }
        

Figure 4: RSA 2048-Bit Private Key

图4:RSA 2048位私钥

The field "kty" value of "RSA" identifies this as an RSA key. The fields "n" and "e" values are the base64url-encoded modulus and (public) exponent (respectively) using the minimum number of octets necessary. The field "d" value is the base64url-encoded private exponent using the minimum number of octets necessary. The fields "p", "q", "dp", "dq", and "qi" are the base64url-encoded additional private information using the minimum number of octets necessary.

“RSA”的字段“kty”值将其标识为RSA密钥。字段“n”和“e”值分别是使用所需的最小八位字节数的base64url编码模数和(公共)指数。字段“d”值是base64url编码的专用指数,使用所需的最小八位字节数。字段“p”、“q”、“dp”、“dq”和“qi”是base64url编码的附加私有信息,使用所需的最小八位字节数。

For a 2048-bit key, the field "n" is 256 octets in length when decoded, and the field "d" is not longer than 256 octets in length when decoded.

对于2048位密钥,解码时字段“n”的长度为256个八位字节,解码时字段“d”的长度不超过256个八位字节。

3.5. Symmetric Key (MAC Computation)
3.5. 对称密钥(MAC计算)

This example illustrates a symmetric key used for computing Message Authentication Codes (MACs).

此示例演示了用于计算消息身份验证码(MAC)的对称密钥。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

   {
     "kty": "oct",
     "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037",
     "use": "sig",
     "alg": "HS256",
     "k": "hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"
   }
        
   {
     "kty": "oct",
     "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037",
     "use": "sig",
     "alg": "HS256",
     "k": "hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"
   }
        

Figure 5: HMAC SHA-256 Symmetric Key

图5:HMAC SHA-256对称密钥

The field "kty" value of "oct" identifies this as a symmetric key. The field "k" value is the symmetric key.

“oct”的字段“kty”值将其标识为对称密钥。字段“k”值是对称密钥。

When used for the signing algorithm "HS256" (HMAC-SHA256), the field "k" value is 32 octets (or more) in length when decoded, padded with leading zero (0x00) octets to reach the minimum expected length.

当用于签名算法“HS256”(HMAC-SHA256)时,字段“k”值在解码时的长度为32个八位字节(或更多),用前导零(0x00)八位字节填充以达到最小预期长度。

3.6. Symmetric Key (Encryption)
3.6. 对称密钥(加密)

This example illustrates a symmetric key used for encryption.

此示例演示了用于加密的对称密钥。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

   {
     "kty": "oct",
     "kid": "1e571774-2e08-40da-8308-e8d68773842d",
     "use": "enc",
     "alg": "A256GCM",
     "k": "AAPapAv4LbFbiVawEjagUBluYqN5rhna-8nuldDvOx8"
   }
        
   {
     "kty": "oct",
     "kid": "1e571774-2e08-40da-8308-e8d68773842d",
     "use": "enc",
     "alg": "A256GCM",
     "k": "AAPapAv4LbFbiVawEjagUBluYqN5rhna-8nuldDvOx8"
   }
        

Figure 6: AES 256-Bit Symmetric Encryption Key

图6:AES 256位对称加密密钥

The field "kty" value of "oct" identifies this as a symmetric key. The field "k" value is the symmetric key.

“oct”的字段“kty”值将其标识为对称密钥。字段“k”值是对称密钥。

For the content encryption algorithm "A256GCM", the field "k" value is exactly 32 octets in length when decoded, padded with leading zero (0x00) octets to reach the expected length.

对于内容加密算法“A256GCM”,解码时字段“k”值的长度正好为32个八位字节,并用前导零(0x00)八位字节填充以达到预期长度。

4. JSON Web Signature Examples
4. JSON Web签名示例

The following sections demonstrate how to generate various JWS objects.

以下部分演示如何生成各种JWS对象。

All of the signature examples use the following payload content (an abridged quote from "The Fellowship of the Ring" [LOTR-FELLOWSHIP]), serialized as UTF-8. The payload is presented here as a series of quoted strings that are concatenated to produce the JWS Payload. The sequence "\xe2\x80\x99" is substituted for (U+2019 RIGHT SINGLE QUOTATION MARK), and quotation marks (U+0022 QUOTATION MARK) are added for readability but are not present in the JWS Payload.

所有签名示例都使用以下有效负载内容(摘自“环之团契”[LOTR-FESSURY]),序列化为UTF-8。有效负载在这里表示为一系列带引号的字符串,这些字符串被连接起来以生成JWS有效负载。序列“\xe2\x80\x99”被替换为(U+2019右单引号),并添加引号(U+0022引号)以提高可读性,但JWS有效负载中不存在。

"It\xe2\x80\x99s a dangerous business, Frodo, going out your " "door. You step onto the road, and if you don't keep your feet, " "there\xe2\x80\x99s no knowing where you might be swept off " "to."

“佛罗多,出门是件危险的事。你踏上道路,如果你不站稳脚跟,”“你不知道你会被带到哪里去。”

Figure 7: Payload Content Plaintext

图7:负载内容明文

The payload -- with the sequence "\xe2\x80\x99" replaced with (U+2019 RIGHT SINGLE QUOTATION MARK) and quotations marks (U+0022 QUOTATION MARK) are removed -- is encoded as UTF-8 and then as base64url [RFC4648]:

有效负载——序列“\xe2\x80\x99”替换为(U+2019右单引号)并删除引号(U+0022引号)——编码为UTF-8,然后编码为base64url[RFC4648]:

   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        

Figure 8: Payload Content, base64url-encoded

图8:负载内容,base64url编码

4.1. RSA v1.5 Signature
4.1. RSA v1.5签名

This example illustrates signing content using the "RS256" (RSASSA-PKCS1-v1_5 with SHA-256) algorithm.

此示例演示了使用“RS256”(RSASSA-PKCS1-v1_5 with SHA-256)算法对内容进行签名。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

4.1.1. Input Factors
4.1.1. 输入因素

The following are supplied before beginning the signing operation:

在开始签名操作之前,将提供以下内容:

o Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8.

o 有效载荷内容;本例使用图7中的内容,使用base64url[RFC4648]编码来生成图8。

o RSA private key; this example uses the key from Figure 4.

o RSA私钥;此示例使用图4中的键。

o "alg" parameter of "RS256".

o “RS256”的“alg”参数。

4.1.2. Signing Operation
4.1.2. 签名操作

The following is generated to complete the signing operation:

生成以下内容以完成签名操作:

o JWS Protected Header; this example uses the header from Figure 9, encoded using base64url [RFC4648] to produce Figure 10.

o JWS保护头;本例使用图9中的标题,使用base64url[RFC4648]编码以生成图10。

   {
     "alg": "RS256",
     "kid": "bilbo.baggins@hobbiton.example"
   }
        
   {
     "alg": "RS256",
     "kid": "bilbo.baggins@hobbiton.example"
   }
        

Figure 9: JWS Protected Header JSON

图9:JWS保护的头JSON

eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9

EYJHBGCOIJSUZI1NIISIMTPZCI6IMJPBGJVLMJHZ2DPNNAAG9IYML0B24UZX HHBXBSSJ9

Figure 10: JWS Protected Header, base64url-encoded

图10:JWS保护的标头,base64url编码

The JWS Protected Header (Figure 10) and JWS Payload (Figure 8) are combined as described in Section 5.1 of [JWS] to produce the JWS Signing Input (Figure 11).

JWS受保护的报头(图10)和JWS有效负载(图8)按照[JWS]第5.1节中的描述进行组合,以生成JWS签名输入(图11)。

   eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
   hhbXBsZSJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        
   eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
   hhbXBsZSJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        

Figure 11: JWS Signing Input

图11:JWS签名输入

Performing the signature operation over the JWS Signing Input (Figure 11) produces the JWS Signature (Figure 12).

在JWS签名输入上执行签名操作(图11)将生成JWS签名(图12)。

   MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmK
   ZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4J
   IwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8w
   W1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluP
   xUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_f
   cIe8u9ipH84ogoree7vjbU5y18kDquDg
        
   MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmK
   ZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4J
   IwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8w
   W1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluP
   xUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_f
   cIe8u9ipH84ogoree7vjbU5y18kDquDg
        

Figure 12: JWS Signature, base64url-encoded

图12:JWS签名,base64url编码

4.1.3. Output Results
4.1.3. 输出结果

The following compose the resulting JWS object:

以下内容构成生成的JWS对象:

o JWS Protected Header (Figure 9)

o JWS受保护的头文件(图9)

o Payload content (Figure 8)

o 有效负载内容(图8)

o Signature (Figure 12)

o 签名(图12)

The resulting JWS object using the JWS Compact Serialization:

使用JWS精简序列化生成的JWS对象:

   eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
   hhbXBsZSJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
   .
   MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmK
   ZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4J
   IwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8w
   W1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluP
   xUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_f
   cIe8u9ipH84ogoree7vjbU5y18kDquDg
        
   eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
   hhbXBsZSJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
   .
   MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmK
   ZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4J
   IwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8w
   W1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluP
   xUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_f
   cIe8u9ipH84ogoree7vjbU5y18kDquDg
        

Figure 13: JWS Compact Serialization

图13:JWS紧凑序列化

The resulting JWS object using the general JWS JSON Serialization:

使用常规JWS JSON序列化生成的JWS对象:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "protected": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2
             dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
         "signature": "MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHo
             xnW2e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII
             7PNDi84wnB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0Rnlt
             uYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPo
             cSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxU
             Ahb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJush
             Z41Axf_fcIe8u9ipH84ogoree7vjbU5y18kDquDg"
       }
     ]
   }
        
   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "protected": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2
             dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
         "signature": "MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHo
             xnW2e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII
             7PNDi84wnB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0Rnlt
             uYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPo
             cSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxU
             Ahb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJush
             Z41Axf_fcIe8u9ipH84ogoree7vjbU5y18kDquDg"
       }
     ]
   }
        

Figure 14: General JWS JSON Serialization

图14:通用JWS JSON序列化

The resulting JWS object using the flattened JWS JSON Serialization:

使用平展JWS JSON序列化生成的JWS对象:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "protected": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbn
         NAaG9iYml0b24uZXhhbXBsZSJ9",
     "signature": "MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2
         e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84w
         nB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0RnltuYv746iYTh_q
         HRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPocSadnHXFxnt8Is9U
         zpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxUAhb6L2aXic1U12podGU0
         KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_fcIe8u9ipH84ogore
         e7vjbU5y18kDquDg"
   }
        
   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "protected": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbn
         NAaG9iYml0b24uZXhhbXBsZSJ9",
     "signature": "MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2
         e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84w
         nB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0RnltuYv746iYTh_q
         HRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPocSadnHXFxnt8Is9U
         zpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxUAhb6L2aXic1U12podGU0
         KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_fcIe8u9ipH84ogore
         e7vjbU5y18kDquDg"
   }
        

Figure 15: Flattened JWS JSON Serialization

图15:扁平化JWS JSON序列化

4.2. RSA-PSS Signature
4.2. RSA-PSS签名

This example illustrates signing content using the "PS384" (RSASSA-PSS with SHA-384) algorithm.

此示例演示了使用“PS384”(RSASSA-PSS和SHA-384)算法对内容进行签名。

Note that RSASSA-PSS uses random data to generate the signature; it might not be possible to exactly replicate the results in this section.

请注意,RSASSA-PSS使用随机数据生成签名;可能无法准确复制本节中的结果。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

4.2.1. Input Factors
4.2.1. 输入因素

The following are supplied before beginning the signing operation:

在开始签名操作之前,将提供以下内容:

o Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8.

o 有效载荷内容;本例使用图7中的内容,使用base64url[RFC4648]编码来生成图8。

o RSA private key; this example uses the key from Figure 4.

o RSA私钥;此示例使用图4中的键。

o "alg" parameter of "PS384".

o “PS384”的“alg”参数。

4.2.2. Signing Operation
4.2.2. 签名操作

The following is generated to complete the signing operation:

生成以下内容以完成签名操作:

o JWS Protected Header; this example uses the header from Figure 16, encoded using base64url [RFC4648] to produce Figure 17.

o JWS保护头;本例使用图16中的标题,使用base64url[RFC4648]编码以生成图17。

   {
     "alg": "PS384",
     "kid": "bilbo.baggins@hobbiton.example"
   }
        
   {
     "alg": "PS384",
     "kid": "bilbo.baggins@hobbiton.example"
   }
        

Figure 16: JWS Protected Header JSON

图16:JWS保护的头JSON

eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9

EYJHBGCOIJQUZM4NCISIMTPZCI6IMJPBGJVLMJHZ2DPNNAAG9IYML0B24UZX HHBXBSSJ9

Figure 17: JWS Protected Header, base64url-encoded

图17:JWS保护的标头,base64url编码

The JWS Protected Header (Figure 17) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 18).

JWS受保护的头(图17)和JWS有效负载(图8)按照[JWS]中的描述进行组合,以生成JWS签名输入(图18)。

   eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
   hhbXBsZSJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        
   eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
   hhbXBsZSJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        

Figure 18: JWS Signing Input

图18:JWS签名输入

Performing the signature operation over the JWS Signing Input (Figure 18) produces the JWS Signature (Figure 19).

在JWS签名输入上执行签名操作(图18)将生成JWS签名(图19)。

cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2I pN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXU vdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRX e8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT 0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a 6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw

2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 WJWZ6OD4IFKO8DYM-X72Eaw

Figure 19: JWS Signature, base64url-encoded

图19:JWS签名,base64url编码

4.2.3. Output Results
4.2.3. 输出结果

The following compose the resulting JWS object:

以下内容构成生成的JWS对象:

o JWS Protected Header (Figure 17)

o JWS保护头(图17)

o Payload content (Figure 8)

o 有效负载内容(图8)

o Signature (Figure 19)

o 签名(图19)

The resulting JWS object using the JWS Compact Serialization:

使用JWS精简序列化生成的JWS对象:

eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9 . SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4 . cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2I pN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXU vdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRX e8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT 0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a 6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw

EYJHBGCOIJQUZM4NCISIMTPZCI6IMJPBGJVLMJHZ2DPNNAAG9IYML0B24UZX hhbXBsZSJ9。SXTIGJLZEGZGFZ2VYB3VZIGJ1C2LUZXNZLCBGCM9KBYWGZ29PBMCGB3V0IH LVDXIGZG9VCI4GWW91IHN0ZXAGB250BYB0AGUGCM9HZCWGYW5IGL5IGL5MIGLMIHLDVDSBK B24NdCBRZWWIHLDXIGZVLDCWGDGHLCXIGJLZIG5VIGTUB3DPBMCGD2CMCGD2HLCM UGEW91IG1PZ2H0IGJ0IGJ9MZIB04。2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 WJWZ6OD4IFKO8DYM-X72Eaw

Figure 20: JWS Compact Serialization

图20:JWS紧凑序列化

The resulting JWS object using the general JWS JSON Serialization:

使用常规JWS JSON序列化生成的JWS对象:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "protected": "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2
             dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
         "signature": "cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy
             42miAh2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5
             dDDItllVo6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz2
             8zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vd
             z0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0q
             I0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uT
             OcbH510a6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw"
       }
     ]
   }
        
   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "protected": "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2
             dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
         "signature": "cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy
             42miAh2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5
             dDDItllVo6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz2
             8zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vd
             z0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0q
             I0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uT
             OcbH510a6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw"
       }
     ]
   }
        

Figure 21: General JWS JSON Serialization

图21:通用JWS JSON序列化

The resulting JWS object using the flattened JWS JSON Serialization:

使用平展JWS JSON序列化生成的JWS对象:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "protected": "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbn
         NAaG9iYml0b24uZXhhbXBsZSJ9",
     "signature": "cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42mi
         Ah2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllV
         o6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf
         8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vdz0TTrxUeT3lm8d9s
         hnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0qI0n6uiP1aCN_2_jLAeQT
         lqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a6GYmJUAfmWjwZ6oD
         4ifKo8DYM-X72Eaw"
   }
        
   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "protected": "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbn
         NAaG9iYml0b24uZXhhbXBsZSJ9",
     "signature": "cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42mi
         Ah2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllV
         o6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf
         8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vdz0TTrxUeT3lm8d9s
         hnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0qI0n6uiP1aCN_2_jLAeQT
         lqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a6GYmJUAfmWjwZ6oD
         4ifKo8DYM-X72Eaw"
   }
        

Figure 22: Flattened JWS JSON Serialization

图22:扁平化JWS JSON序列化

4.3. ECDSA Signature
4.3. ECDSA签名

This example illustrates signing content using the "ES512" (Elliptic Curve Digital Signature Algorithm (ECDSA) with curve P-521 and SHA-512) algorithm.

此示例说明了使用“ES512”(椭圆曲线数字签名算法(ECDSA)和曲线P-521和SHA-512)算法对内容进行签名。

Note that ECDSA uses random data to generate the signature; it might not be possible to exactly replicate the results in this section.

注意ECDSA使用随机数据生成签名;可能无法准确复制本节中的结果。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

4.3.1. Input Factors
4.3.1. 输入因素

The following are supplied before beginning the signing operation:

在开始签名操作之前,将提供以下内容:

o Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8.

o 有效载荷内容;本例使用图7中的内容,使用base64url[RFC4648]编码来生成图8。

o EC private key on the curve P-521; this example uses the key from Figure 2.

o 曲线P-521上的EC私钥;此示例使用图2中的键。

o "alg" parameter of "ES512".

o “ES512”的“alg”参数。

4.3.2. Signing Operation
4.3.2. 签名操作

The following is generated before beginning the signature process:

在开始签名过程之前,将生成以下内容:

o JWS Protected Header; this example uses the header from Figure 23, encoded using base64url [RFC4648] to produce Figure 24.

o JWS保护头;本例使用图23中的标题,使用base64url[RFC4648]编码以生成图24。

   {
     "alg": "ES512",
     "kid": "bilbo.baggins@hobbiton.example"
   }
        
   {
     "alg": "ES512",
     "kid": "bilbo.baggins@hobbiton.example"
   }
        

Figure 23: JWS Protected Header JSON

图23:JWS保护的头JSON

eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX hhbXBsZSJ9

EYJHBGCIOIJFUZUXMISIMTPZCI6IMJPBGJVLMJHZ2DPNNAAG9IYML0B24UZX HHBXBSSJ9

Figure 24: JWS Protected Header, base64url-encoded

图24:JWS保护的标头,base64url编码

The JWS Protected Header (Figure 24) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 25).

JWS受保护的头(图24)和JWS有效负载(图8)按照[JWS]中的描述进行组合,以生成JWS签名输入(图25)。

   eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
   hhbXBsZSJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        
   eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
   hhbXBsZSJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        

Figure 25: JWS Signing Input

图25:JWS签名输入

Performing the signature operation over the JWS Signing Input (Figure 25) produces the JWS Signature (Figure 26).

在JWS签名输入上执行签名操作(图25)将生成JWS签名(图26)。

   AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb
   u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv
   AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2
        
   AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb
   u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv
   AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2
        

Figure 26: JWS Signature, base64url-encoded

图26:JWS签名,base64url编码

4.3.3. Output Results
4.3.3. 输出结果

The following compose the resulting JWS object:

以下内容构成生成的JWS对象:

o JWS Protected Header (Figure 24)

o JWS受保护的标头(图24)

o Payload content (Figure 8)

o 有效负载内容(图8)

o Signature (Figure 26)

o 签名(图26)

The resulting JWS object using the JWS Compact Serialization:

使用JWS精简序列化生成的JWS对象:

   eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
   hhbXBsZSJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
   .
   AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb
   u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv
   AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2
        
   eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
   hhbXBsZSJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
   .
   AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb
   u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv
   AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2
        

Figure 27: JWS Compact Serialization

图27:JWS紧凑序列化

The resulting JWS object using the general JWS JSON Serialization:

使用常规JWS JSON序列化生成的JWS对象:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "protected": "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2
             dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
         "signature": "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNl
             aAjP2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mt
             PBu_u_sDDyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBp
             HABlsbEPX6sFY8OcGDqoRuBomu9xQ2"
       }
     ]
   }
        
   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "protected": "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2
             dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
         "signature": "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNl
             aAjP2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mt
             PBu_u_sDDyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBp
             HABlsbEPX6sFY8OcGDqoRuBomu9xQ2"
       }
     ]
   }
        

Figure 28: General JWS JSON Serialization

图28:通用JWS JSON序列化

The resulting JWS object using the flattened JWS JSON Serialization:

使用平展JWS JSON序列化生成的JWS对象:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "protected": "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbn
         NAaG9iYml0b24uZXhhbXBsZSJ9",
     "signature": "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP
         2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sD
         DyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBpHABlsbEPX6sF
         Y8OcGDqoRuBomu9xQ2"
   }
        
   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "protected": "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbn
         NAaG9iYml0b24uZXhhbXBsZSJ9",
     "signature": "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP
         2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sD
         DyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBpHABlsbEPX6sF
         Y8OcGDqoRuBomu9xQ2"
   }
        

Figure 29: Flattened JWS JSON Serialization

图29:扁平化JWS JSON序列化

4.4. HMAC-SHA2 Integrity Protection
4.4. HMAC-SHA2完整性保护

This example illustrates integrity protecting content using the "HS256" (HMAC-SHA-256) algorithm.

此示例演示了使用“HS256”(HMAC-SHA-256)算法保护内容完整性的过程。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

4.4.1. Input Factors
4.4.1. 输入因素

The following are supplied before beginning the signing operation:

在开始签名操作之前,将提供以下内容:

o Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8.

o 有效载荷内容;本例使用图7中的内容,使用base64url[RFC4648]编码来生成图8。

o HMAC symmetric key; this example uses the key from Figure 5.

o HMAC对称密钥;此示例使用图5中的键。

o "alg" parameter of "HS256".

o “HS256”的“alg”参数。

4.4.2. Signing Operation
4.4.2. 签名操作

The following is generated before completing the signing operation:

在完成签名操作之前,将生成以下内容:

o JWS Protected Header; this example uses the header from Figure 30, encoded using base64url [RFC4648] to produce Figure 31.

o JWS保护头;本例使用图30中的标题,使用base64url[RFC4648]编码以生成图31。

   {
     "alg": "HS256",
     "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
   }
        
   {
     "alg": "HS256",
     "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
   }
        

Figure 30: JWS Protected Header JSON

图30:JWS保护的头JSON

eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9

Eyjhbgcioijiuzi1niisimtpzci6ijaxogmwywu1trkowitndcxyizmqlw vlzjmxngjnzaznyj9

Figure 31: JWS Protected Header, base64url-encoded

图31:JWS保护的标头,base64url编码

The JWS Protected Header (Figure 31) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 32).

JWS受保护的头(图31)和JWS有效负载(图8)按照[JWS]中的描述进行组合,以生成JWS签名输入(图32)。

   eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
   VlZjMxNGJjNzAzNyJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        
   eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
   VlZjMxNGJjNzAzNyJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        

Figure 32: JWS Signing Input

图32:JWS签名输入

Performing the signature operation over the JWS Signing Input (Figure 32) produces the JWS Signature (Figure 33).

在JWS签名输入上执行签名操作(图32)将生成JWS签名(图33)。

   s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
        
   s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
        

Figure 33: JWS Signature, base64url-encoded

图33:JWS签名,base64url编码

4.4.3. Output Results
4.4.3. 输出结果

The following compose the resulting JWS object:

以下内容构成生成的JWS对象:

o JWS Protected Header (Figure 31)

o JWS受保护的头文件(图31)

o Payload content (Figure 8)

o 有效负载内容(图8)

o Signature (Figure 33)

o 签名(图33)

The resulting JWS object using the JWS Compact Serialization:

使用JWS精简序列化生成的JWS对象:

   eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
   VlZjMxNGJjNzAzNyJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
   .
   s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
        
   eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
   VlZjMxNGJjNzAzNyJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
   .
   s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
        

Figure 34: JWS Compact Serialization

图34:JWS紧凑序列化

The resulting JWS object using the general JWS JSON Serialization:

使用常规JWS JSON序列化生成的JWS对象:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
             RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
         "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
             0"
       }
     ]
   }
        
   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
             RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
         "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
             0"
       }
     ]
   }
        

Figure 35: General JWS JSON Serialization

图35:通用JWS JSON序列化

The resulting JWS object using the flattened JWS JSON Serialization:

使用平展JWS JSON序列化生成的JWS对象:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW
         ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
     "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"
   }
        
   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW
         ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
     "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"
   }
        

Figure 36: Flattened JWS JSON Serialization

图36:扁平化JWS JSON序列化

4.5. Signature with Detached Content
4.5. 具有分离内容的签名

This example illustrates a signature with detached content. This example is identical to other examples in Section 4, except the resulting JWS objects do not include the JWS Payload field. Instead, the application is expected to locate it elsewhere. For example, the signature might be in a metadata section, with the payload being the content.

此示例演示了具有分离内容的签名。此示例与第4节中的其他示例相同,只是生成的JWS对象不包括JWS有效负载字段。相反,应用程序应该将其定位在其他地方。例如,签名可能位于元数据部分,有效负载就是内容。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

4.5.1. Input Factors
4.5.1. 输入因素

The following are supplied before beginning the signing operation:

在开始签名操作之前,将提供以下内容:

o Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8.

o 有效载荷内容;本例使用图7中的内容,使用base64url[RFC4648]编码来生成图8。

o Signing key; this example uses the AES symmetric key from Figure 5.

o 签名密钥;此示例使用图5中的AES对称密钥。

o Signing algorithm; this example uses "HS256".

o 签名算法;本例使用“HS256”。

4.5.2. Signing Operation
4.5.2. 签名操作

The following is generated before completing the signing operation:

在完成签名操作之前,将生成以下内容:

o JWS Protected Header; this example uses the header from Figure 37, encoded using base64url [RFC4648] to produce Figure 38.

o JWS保护头;本例使用图37中的标题,使用base64url[RFC4648]编码以生成图38。

   {
     "alg": "HS256",
     "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
   }
        
   {
     "alg": "HS256",
     "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
   }
        

Figure 37: JWS Protected Header JSON

图37:JWS保护的头JSON

eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9

Eyjhbgcioijiuzi1niisimtpzci6ijaxogmwywu1trkowitndcxyizmqlw vlzjmxngjnzaznyj9

Figure 38: JWS Protected Header, base64url-encoded

图38:JWS保护的标头,base64url编码

The JWS Protected Header (Figure 38) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 39).

JWS受保护的头(图38)和JWS有效负载(图8)按照[JWS]中的描述进行组合,以生成JWS签名输入(图39)。

   eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
   VlZjMxNGJjNzAzNyJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        
   eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
   VlZjMxNGJjNzAzNyJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        

Figure 39: JWS Signing Input

图39:JWS签名输入

Performing the signature operation over the JWS Signing Input (Figure 39) produces the JWS Signature (Figure 40).

在JWS签名输入上执行签名操作(图39)将生成JWS签名(图40)。

   s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
        
   s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
        

Figure 40: JWS Signature, base64url-encoded

图40:JWS签名,base64url编码

4.5.3. Output Results
4.5.3. 输出结果

The following compose the resulting JWS object:

以下内容构成生成的JWS对象:

o JWS Protected Header (Figure 38)

o JWS保护头(图38)

o Signature (Figure 40)

o 签名(图40)

The resulting JWS object using the JWS Compact Serialization:

使用JWS精简序列化生成的JWS对象:

   eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
   VlZjMxNGJjNzAzNyJ9
   .
   .
   s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
        
   eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
   VlZjMxNGJjNzAzNyJ9
   .
   .
   s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
        

Figure 41: General JWS JSON Serialization

图41:通用JWS JSON序列化

The resulting JWS object using the general JWS JSON Serialization:

使用常规JWS JSON序列化生成的JWS对象:

   {
     "signatures": [
       {
         "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
             RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
         "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
             0"
       }
     ]
   }
        
   {
     "signatures": [
       {
         "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
             RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
         "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
             0"
       }
     ]
   }
        

Figure 42: General JWS JSON Serialization

图42:通用JWS JSON序列化

The resulting JWS object using the flattened JWS JSON Serialization:

使用平展JWS JSON序列化生成的JWS对象:

   {
     "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW
         ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
     "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"
   }
        
   {
     "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW
         ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
     "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"
   }
        

Figure 43: Flattened JWS JSON Serialization

图43:扁平化JWS JSON序列化

4.6. Protecting Specific Header Fields
4.6. 保护特定的头字段

This example illustrates a signature where only certain Header Parameters are protected. Since this example contains both unprotected and protected Header Parameters, only the general JWS JSON Serialization and flattened JWS JSON Serialization are possible.

此示例演示了仅保护某些标头参数的签名。由于此示例同时包含未受保护和受保护的头参数,因此只能进行常规JWS JSON序列化和平坦JWS JSON序列化。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

4.6.1. Input Factors
4.6.1. 输入因素

The following are supplied before beginning the signing operation:

在开始签名操作之前,将提供以下内容:

o Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8.

o 有效载荷内容;本例使用图7中的内容,使用base64url[RFC4648]编码来生成图8。

o Signing key; this example uses the AES symmetric key from Figure 5.

o 签名密钥;此示例使用图5中的AES对称密钥。

o Signing algorithm; this example uses "HS256".

o 签名算法;本例使用“HS256”。

4.6.2. Signing Operation
4.6.2. 签名操作

The following are generated before completing the signing operation:

在完成签名操作之前,将生成以下内容:

o JWS Protected Header; this example uses the header from Figure 44, encoded using base64url [RFC4648] to produce Figure 45.

o JWS保护头;本例使用图44中的标题,使用base64url[RFC4648]编码以生成图45。

o JWS Unprotected Header; this example uses the header from Figure 46.

o JWS无保护头;此示例使用图46中的标题。

   {
     "alg": "HS256"
   }
        
   {
     "alg": "HS256"
   }
        

Figure 44: JWS Protected Header JSON

图44:JWS保护的头JSON

eyJhbGciOiJIUzI1NiJ9

EYJHBGCOIJIUZI1NIJ9

Figure 45: JWS Protected Header, base64url-encoded

图45:JWS保护的标头,base64url编码

   {
     "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
   }
        
   {
     "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
   }
        

Figure 46: JWS Unprotected Header JSON

图46:JWS未受保护的头JSON

The JWS Protected Header (Figure 45) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 47).

JWS受保护的头(图45)和JWS有效负载(图8)按照[JWS]中的描述进行组合,以生成JWS签名输入(图47)。

   eyJhbGciOiJIUzI1NiJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        
   eyJhbGciOiJIUzI1NiJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        

Figure 47: JWS Signing Input

图47:JWS签名输入

Performing the signature operation over the JWS Signing Input (Figure 47) produces the JWS Signature (Figure 48).

在JWS签名输入上执行签名操作(图47)将生成JWS签名(图48)。

   bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr20
        
   bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr20
        

Figure 48: JWS Signature, base64url-encoded

图48:JWS签名,base64url编码

4.6.3. Output Results
4.6.3. 输出结果

The following compose the resulting JWS object:

以下内容构成生成的JWS对象:

o JWS Protected Header (Figure 45)

o JWS保护头(图45)

o JWS Unprotected Header (Figure 46)

o JWS未受保护的标头(图46)

o Payload content (Figure 8)

o 有效负载内容(图8)

o Signature (Figure 48)

o 签名(图48)

The JWS Compact Serialization is not presented because it does not support this use case.

JWS紧凑序列化不提供,因为它不支持此用例。

The resulting JWS object using the general JWS JSON Serialization:

使用常规JWS JSON序列化生成的JWS对象:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "protected": "eyJhbGciOiJIUzI1NiJ9",
         "header": {
           "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
         },
         "signature": "bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr2
             0"
       }
     ]
   }
        
   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "protected": "eyJhbGciOiJIUzI1NiJ9",
         "header": {
           "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
         },
         "signature": "bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr2
             0"
       }
     ]
   }
        

Figure 49: General JWS JSON Serialization

图49:通用JWS JSON序列化

The resulting JWS object using the flattened JWS JSON Serialization:

使用平展JWS JSON序列化生成的JWS对象:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "protected": "eyJhbGciOiJIUzI1NiJ9",
     "header": {
       "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
     },
     "signature": "bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr20"
   }
        
   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "protected": "eyJhbGciOiJIUzI1NiJ9",
     "header": {
       "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
     },
     "signature": "bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr20"
   }
        

Figure 50: Flattened JWS JSON Serialization

图50:扁平化JWS JSON序列化

4.7. Protecting Content Only
4.7. 仅保护内容

This example illustrates a signature where none of the Header Parameters are protected. Since this example contains only unprotected Header Parameters, only the general JWS JSON Serialization and flattened JWS JSON Serialization are possible.

此示例演示了一个签名,其中没有任何头参数受到保护。由于此示例仅包含未受保护的头参数,因此只能进行常规JWS JSON序列化和扁平化JWS JSON序列化。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

4.7.1. Input Factors
4.7.1. 输入因素

The following are supplied before beginning the signing operation:

在开始签名操作之前,将提供以下内容:

o Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8.

o 有效载荷内容;本例使用图7中的内容,使用base64url[RFC4648]编码来生成图8。

o Signing key; this example uses the AES symmetric key from Figure 5.

o 签名密钥;此示例使用图5中的AES对称密钥。

o Signing algorithm; this example uses "HS256".

o 签名算法;本例使用“HS256”。

4.7.2. Signing Operation
4.7.2. 签名操作

The following is generated before completing the signing operation:

在完成签名操作之前,将生成以下内容:

o JWS Unprotected Header; this example uses the header from Figure 51.

o JWS无保护头;此示例使用图51中的标题。

   {
     "alg": "HS256",
     "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
   }
        
   {
     "alg": "HS256",
     "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
   }
        

Figure 51: JWS Unprotected Header JSON

图51:JWS未受保护的头JSON

The empty string (as there is no JWS Protected Header) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 52).

空字符串(因为没有受JWS保护的头)和JWS负载(图8)按照[JWS]中的描述进行组合,以生成JWS签名输入(图52)。

   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        

Figure 52: JWS Signing Input

图52:JWS签名输入

Performing the signature operation over the JWS Signing Input (Figure 52) produces the JWS Signature (Figure 53).

在JWS签名输入上执行签名操作(图52)将生成JWS签名(图53)。

   xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZuk
        
   xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZuk
        

Figure 53: JWS Signature, base64url-encoded

图53:JWS签名,base64url编码

4.7.3. Output Results
4.7.3. 输出结果

The following compose the resulting JWS object:

以下内容构成生成的JWS对象:

o JWS Unprotected Header (Figure 51)

o JWS无保护标头(图51)

o Payload content (Figure 8)

o 有效负载内容(图8)

o Signature (Figure 53)

o 签名(图53)

The JWS Compact Serialization is not presented because it does not support this use case.

JWS紧凑序列化不提供,因为它不支持此用例。

The resulting JWS object using the general JWS JSON Serialization:

使用常规JWS JSON序列化生成的JWS对象:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "header": {
           "alg": "HS256",
           "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
         },
         "signature": "xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZu
             k"
       }
     ]
   }
        
   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "header": {
           "alg": "HS256",
           "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
         },
         "signature": "xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZu
             k"
       }
     ]
   }
        

Figure 54: General JWS JSON Serialization

图54:通用JWS JSON序列化

The resulting JWS object using the flattened JWS JSON Serialization:

使用平展JWS JSON序列化生成的JWS对象:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "header": {
       "alg": "HS256",
       "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
     },
     "signature": "xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZuk"
   }
        
   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "header": {
       "alg": "HS256",
       "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
     },
     "signature": "xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZuk"
   }
        

Figure 55: Flattened JWS JSON Serialization

图55:扁平化JWS JSON序列化

4.8. Multiple Signatures
4.8. 多重签名

This example illustrates multiple signatures applied to the same payload. Since this example contains more than one signature, only the JSON General Serialization is possible.

此示例说明了应用于同一有效负载的多个签名。由于此示例包含多个签名,因此只有JSON通用序列化是可能的。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

4.8.1. Input Factors
4.8.1. 输入因素

The following are supplied before beginning the signing operation:

在开始签名操作之前,将提供以下内容:

o Payload content; this example uses the content from Figure 7, encoded using base64url [RFC4648] to produce Figure 8.

o 有效载荷内容;本例使用图7中的内容,使用base64url[RFC4648]编码来生成图8。

o Signing keys; this example uses the following:

o 签名密钥;此示例使用以下内容:

* RSA private key from Figure 4 for the first signature

* 图4中第一个签名的RSA私钥

* EC private key from Figure 2 for the second signature

* 图2中第二个签名的EC私钥

* AES symmetric key from Figure 5 for the third signature

* 图5中第三个签名的AES对称密钥

o Signing algorithms; this example uses the following:

o 签名算法;此示例使用以下内容:

* "RS256" for the first signature

* 第一个签名为“RS256”

* "ES512" for the second signature

* 第二个签名为“ES512”

* "HS256" for the third signature

* 第三个签名为“HS256”

4.8.2. First Signing Operation
4.8.2. 首次签名操作

The following are generated before completing the first signing operation:

在完成第一次签名操作之前,将生成以下内容:

o JWS Protected Header; this example uses the header from Figure 56, encoded using base64url [RFC4648] to produce Figure 57.

o JWS保护头;此示例使用图56中的标题,使用base64url[RFC4648]编码以生成图57。

o JWS Unprotected Header; this example uses the header from Figure 58.

o JWS无保护头;此示例使用图58中的标题。

   {
     "alg": "RS256"
   }
        
   {
     "alg": "RS256"
   }
        

Figure 56: Signature #1 JWS Protected Header JSON

图56:签名#1 JWS保护的头JSON

eyJhbGciOiJSUzI1NiJ9

EYJHBGCOIJSUZI1NIJ9

Figure 57: Signature #1 JWS Protected Header, base64url-encoded

图57:签名#1 JWS保护头,base64url编码

   {
     "kid": "bilbo.baggins@hobbiton.example"
   }
        
   {
     "kid": "bilbo.baggins@hobbiton.example"
   }
        

Figure 58: Signature #1 JWS Unprotected Header JSON

图58:签名#1 JWS未受保护的头JSON

The JWS Protected Header (Figure 57) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 59).

JWS-Protected头(图57)和JWS-Payload(图8)按照[JWS]中的描述进行组合,以生成JWS签名输入(图59)。

   eyJhbGciOiJSUzI1NiJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        
   eyJhbGciOiJSUzI1NiJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        

Figure 59: JWS Signing Input

图59:JWS签名输入

Performing the signature operation over the JWS Signing Input (Figure 59) produces the JWS Signature (Figure 60).

在JWS签名输入上执行签名操作(图59)将生成JWS签名(图60)。

MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5NvyG53uoimic1tcMdSg-qpt rzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFcryNFiHkSw129EghGpwkpxaTn_THJTC glNbADko1MZBCdwzJxwqZc-1RlpO2HibUYyXSwO97BSe0_evZKdjvvKSgsIqjy tKSeAMbhMBdMma622_BG5t4sdbuCHtFjp9iJmkio47AIwqkZV1aIZsv33uPUqB BCXbYoQJwt7mxPftHmNlGoOSMxR_3thmXTCm4US-xiNOyhbm8afKK64jU6_TPt QHiJeQJxz9G3Tx-083B745_AfYOnlC9w

2.2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 9G3TX-083B745_AfYOnlC9w

Figure 60: JWS Signature #1, base64url-encoded

图60:JWS签名#1,base64url编码

The following is the assembled first signature serialized as JSON:

以下是序列化为JSON的组装的第一个签名:

   {
     "protected": "eyJhbGciOiJSUzI1NiJ9",
     "header": {
       "kid": "bilbo.baggins@hobbiton.example"
     },
     "signature": "MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5NvyG53u
         oimic1tcMdSg-qptrzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFcryNFiHkS
         w129EghGpwkpxaTn_THJTCglNbADko1MZBCdwzJxwqZc-1RlpO2HibUY
         yXSwO97BSe0_evZKdjvvKSgsIqjytKSeAMbhMBdMma622_BG5t4sdbuC
         HtFjp9iJmkio47AIwqkZV1aIZsv33uPUqBBCXbYoQJwt7mxPftHmNlGo
         OSMxR_3thmXTCm4US-xiNOyhbm8afKK64jU6_TPtQHiJeQJxz9G3Tx-0
         83B745_AfYOnlC9w"
   }
        
   {
     "protected": "eyJhbGciOiJSUzI1NiJ9",
     "header": {
       "kid": "bilbo.baggins@hobbiton.example"
     },
     "signature": "MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5NvyG53u
         oimic1tcMdSg-qptrzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFcryNFiHkS
         w129EghGpwkpxaTn_THJTCglNbADko1MZBCdwzJxwqZc-1RlpO2HibUY
         yXSwO97BSe0_evZKdjvvKSgsIqjytKSeAMbhMBdMma622_BG5t4sdbuC
         HtFjp9iJmkio47AIwqkZV1aIZsv33uPUqBBCXbYoQJwt7mxPftHmNlGo
         OSMxR_3thmXTCm4US-xiNOyhbm8afKK64jU6_TPtQHiJeQJxz9G3Tx-0
         83B745_AfYOnlC9w"
   }
        

Figure 61: Signature #1 JSON

图61:签名#1 JSON

4.8.3. Second Signing Operation
4.8.3. 第二次签名操作

The following is generated before completing the second signing operation:

在完成第二次签名操作之前,将生成以下内容:

o JWS Unprotected Header; this example uses the header from Figure 62.

o JWS无保护头;此示例使用图62中的标题。

   {
     "alg": "ES512",
     "kid": "bilbo.baggins@hobbiton.example"
   }
        
   {
     "alg": "ES512",
     "kid": "bilbo.baggins@hobbiton.example"
   }
        

Figure 62: Signature #2 JWS Unprotected Header JSON

图62:签名#2 JWS未受保护的头JSON

The empty string (as there is no JWS Protected Header) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 63).

空字符串(因为没有受JWS保护的头)和JWS负载(图8)按照[JWS]中的描述进行组合,以生成JWS签名输入(图63)。

   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        

Figure 63: JWS Signing Input

图63:JWS签名输入

Performing the signature operation over the JWS Signing Input (Figure 63) produces the JWS Signature (Figure 64).

对JWS签名输入执行签名操作(图63)将生成JWS签名(图64)。

   ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhcdCoFZFFjfISu0Cdkn9Yb
   dlmi54ho0x924DUz8sK7ZXkhc7AFM8ObLfTvNCrqcI3Jkl2U5IX3utNhODH6v7
   xgy1Qahsn0fyb4zSAkje8bAWz4vIfj5pCMYxxm4fgV3q7ZYhm5eD
        
   ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhcdCoFZFFjfISu0Cdkn9Yb
   dlmi54ho0x924DUz8sK7ZXkhc7AFM8ObLfTvNCrqcI3Jkl2U5IX3utNhODH6v7
   xgy1Qahsn0fyb4zSAkje8bAWz4vIfj5pCMYxxm4fgV3q7ZYhm5eD
        

Figure 64: JWS Signature #2, base64url-encoded

图64:JWS签名#2,base64url编码

The following is the assembled second signature serialized as JSON:

以下是序列化为JSON的汇编第二个签名:

   {
     "header": {
       "alg": "ES512",
       "kid": "bilbo.baggins@hobbiton.example"
     },
     "signature": "ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhcdCoF
         ZFFjfISu0Cdkn9Ybdlmi54ho0x924DUz8sK7ZXkhc7AFM8ObLfTvNCrq
         cI3Jkl2U5IX3utNhODH6v7xgy1Qahsn0fyb4zSAkje8bAWz4vIfj5pCM
         Yxxm4fgV3q7ZYhm5eD"
   }
        
   {
     "header": {
       "alg": "ES512",
       "kid": "bilbo.baggins@hobbiton.example"
     },
     "signature": "ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhcdCoF
         ZFFjfISu0Cdkn9Ybdlmi54ho0x924DUz8sK7ZXkhc7AFM8ObLfTvNCrq
         cI3Jkl2U5IX3utNhODH6v7xgy1Qahsn0fyb4zSAkje8bAWz4vIfj5pCM
         Yxxm4fgV3q7ZYhm5eD"
   }
        

Figure 65: Signature #2 JSON

图65:签名#2 JSON

4.8.4. Third Signing Operation
4.8.4. 第三次签名操作

The following is generated before completing the third signing operation:

在完成第三次签名操作之前,将生成以下内容:

o JWS Protected Header; this example uses the header from Figure 66, encoded using base64url [RFC4648] to produce Figure 67.

o JWS保护头;此示例使用图66中的标题,使用base64url[RFC4648]编码以生成图67。

   {
     "alg": "HS256",
     "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
   }
        
   {
     "alg": "HS256",
     "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
   }
        

Figure 66: Signature #3 JWS Protected Header JSON

图66:签名#3 JWS保护的头JSON

eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW VlZjMxNGJjNzAzNyJ9

Eyjhbgcioijiuzi1niisimtpzci6ijaxogmwywu1trkowitndcxyizmqlw vlzjmxngjnzaznyj9

Figure 67: Signature #3 JWS Protected Header, base64url-encoded

图67:签名#3 JWS保护头,base64url编码

The JWS Protected Header (Figure 67) and JWS Payload (Figure 8) are combined as described in [JWS] to produce the JWS Signing Input (Figure 68).

JWS受保护的头(图67)和JWS有效负载(图8)按照[JWS]中的描述进行组合,以生成JWS签名输入(图68)。

   eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
   VlZjMxNGJjNzAzNyJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        
   eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
   VlZjMxNGJjNzAzNyJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
        

Figure 68: JWS Signing Input

图68:JWS签名输入

Performing the signature operation over the JWS Signing Input (Figure 68) produces the JWS Signature (Figure 69).

在JWS签名输入上执行签名操作(图68)将生成JWS签名(图69)。

   s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
        
   s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0
        

Figure 69: JWS Signature #3, base64url-encoded

图69:JWS签名#3,base64url编码

The following is the assembled third signature serialized as JSON:

以下是序列化为JSON的汇编第三个签名:

   {
     "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW
         ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
     "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"
   }
        
   {
     "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW
         ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
     "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"
   }
        

Figure 70: Signature #3 JSON

图70:签名#3 JSON

4.8.5. Output Results
4.8.5. 输出结果

The following compose the resulting JWS object:

以下内容构成生成的JWS对象:

o Payload content (Figure 8)

o 有效负载内容(图8)

o Signature #1 JSON (Figure 61)

o 签名#1 JSON(图61)

o Signature #2 JSON (Figure 65)

o 签名#2 JSON(图65)

o Signature #3 JSON (Figure 70)

o 签名#3 JSON(图70)

The JWS Compact Serialization is not presented because it does not support this use case; the flattened JWS JSON Serialization is not presented because there is more than one signature.

JWS紧凑序列化不提供,因为它不支持此用例;由于存在多个签名,因此未显示平坦的JWS JSON序列化。

The resulting JWS object using the general JWS JSON Serialization:

使用常规JWS JSON序列化生成的JWS对象:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "protected": "eyJhbGciOiJSUzI1NiJ9",
         "header": {
           "kid": "bilbo.baggins@hobbiton.example"
         },
         "signature": "MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5Nvy
             G53uoimic1tcMdSg-qptrzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFc
             ryNFiHkSw129EghGpwkpxaTn_THJTCglNbADko1MZBCdwzJxwqZc
             -1RlpO2HibUYyXSwO97BSe0_evZKdjvvKSgsIqjytKSeAMbhMBdM
             ma622_BG5t4sdbuCHtFjp9iJmkio47AIwqkZV1aIZsv33uPUqBBC
             XbYoQJwt7mxPftHmNlGoOSMxR_3thmXTCm4US-xiNOyhbm8afKK6
             4jU6_TPtQHiJeQJxz9G3Tx-083B745_AfYOnlC9w"
       },
       {
         "header": {
           "alg": "ES512",
           "kid": "bilbo.baggins@hobbiton.example"
         },
         "signature": "ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhc
             dCoFZFFjfISu0Cdkn9Ybdlmi54ho0x924DUz8sK7ZXkhc7AFM8Ob
             LfTvNCrqcI3Jkl2U5IX3utNhODH6v7xgy1Qahsn0fyb4zSAkje8b
             AWz4vIfj5pCMYxxm4fgV3q7ZYhm5eD"
       },
       {
         "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
             RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
         "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
             0"
       }
     ]
   }
        
   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "protected": "eyJhbGciOiJSUzI1NiJ9",
         "header": {
           "kid": "bilbo.baggins@hobbiton.example"
         },
         "signature": "MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5Nvy
             G53uoimic1tcMdSg-qptrzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFc
             ryNFiHkSw129EghGpwkpxaTn_THJTCglNbADko1MZBCdwzJxwqZc
             -1RlpO2HibUYyXSwO97BSe0_evZKdjvvKSgsIqjytKSeAMbhMBdM
             ma622_BG5t4sdbuCHtFjp9iJmkio47AIwqkZV1aIZsv33uPUqBBC
             XbYoQJwt7mxPftHmNlGoOSMxR_3thmXTCm4US-xiNOyhbm8afKK6
             4jU6_TPtQHiJeQJxz9G3Tx-083B745_AfYOnlC9w"
       },
       {
         "header": {
           "alg": "ES512",
           "kid": "bilbo.baggins@hobbiton.example"
         },
         "signature": "ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhc
             dCoFZFFjfISu0Cdkn9Ybdlmi54ho0x924DUz8sK7ZXkhc7AFM8Ob
             LfTvNCrqcI3Jkl2U5IX3utNhODH6v7xgy1Qahsn0fyb4zSAkje8b
             AWz4vIfj5pCMYxxm4fgV3q7ZYhm5eD"
       },
       {
         "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
             RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
         "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
             0"
       }
     ]
   }
        

Figure 71: General JWS JSON Serialization

图71:通用JWS JSON序列化

5. JSON Web Encryption Examples
5. JSON Web加密示例

The following sections demonstrate how to generate various JWE objects.

以下各节演示如何生成各种JWE对象。

All of the encryption examples (unless otherwise noted) use the following Plaintext content (an abridged quote from "The Fellowship of the Ring" [LOTR-FELLOWSHIP]), serialized as UTF-8. The Plaintext is presented here as a series of quoted strings that are concatenated to produce the JWE Plaintext. The sequence "\xe2\x80\x93" is substituted for (U+2013 EN DASH), and quotation marks (U+0022 QUOTATION MARK) are added for readability but are not present in the JWE Plaintext.

所有加密示例(除非另有说明)都使用以下纯文本内容(摘自“环之团契”[LOTR-FESSURY]),序列化为UTF-8。明文在这里表示为一系列带引号的字符串,这些字符串被连接起来以生成JWE明文。序列“\xe2\x80\x93”替换为(U+2013 EN破折号),并添加引号(U+0022引号)以确保可读性,但在JWE明文中不存在。

"You can trust us to stick with you through thick and " "thin\xe2\x80\x93to the bitter end. And you can trust us to " "keep any secret of yours\xe2\x80\x93closer than you keep it " "yourself. But you cannot trust us to let you face trouble " "alone, and go off without a word. We are your friends, Frodo."

“你可以相信我们会与你同甘共苦。你可以相信我们会“保守你的任何秘密”,而不是你自己。但你不能相信我们会让你独自面对麻烦,一言不发。我们是你的朋友,佛罗多。”

Figure 72: Plaintext Content

图72:纯文本内容

5.1. Key Encryption Using RSA v1.5 and AES-HMAC-SHA2
5.1. 使用RSA v1.5和AES-HMAC-SHA2的密钥加密

This example illustrates encrypting content using the "RSA1_5" (RSAES-PKCS1-v1_5) key encryption algorithm and the "A128CBC-HS256" (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.

此示例说明如何使用“RSA1_5”(RSAES-PKCS1-v1_5)密钥加密算法和“A128CBC-HS256”(AES-128-CBC-HMAC-SHA-256)内容加密算法加密内容。

Note that RSAES-PKCS1-v1_5 uses random data to generate the ciphertext; it might not be possible to exactly replicate the results in this section.

请注意,RSAES-PKCS1-v1_5使用随机数据生成密文;可能无法准确复制本节中的结果。

Note that only the RSA public key is necessary to perform the encryption. However, the example includes the RSA private key to allow readers to validate the output.

请注意,执行加密只需要RSA公钥。但是,该示例包含RSA私钥,以允许读卡器验证输出。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

5.1.1. Input Factors
5.1.1. 输入因素

The following are supplied before beginning the encryption process:

在开始加密过程之前,将提供以下信息:

o Plaintext content; this example uses the content from Figure 72.

o 明文内容;此示例使用图72中的内容。

o RSA public key; this example uses the key from Figure 73.

o RSA公钥;此示例使用图73中的键。

o "alg" parameter of "RSA1_5".

o “RSA1_5”的“alg”参数。

o "enc" parameter of "A128CBC-HS256".

o “A128CBC-HS256”的“enc”参数。

   {
     "kty": "RSA",
     "kid": "frodo.baggins@hobbiton.example",
     "use": "enc",
     "n": "maxhbsmBtdQ3CNrKvprUE6n9lYcregDMLYNeTAWcLj8NnPU9XIYegT
         HVHQjxKDSHP2l-F5jS7sppG1wgdAqZyhnWvXhYNvcM7RfgKxqNx_xAHx
         6f3yy7s-M9PSNCwPC2lh6UAkR4I00EhV9lrypM9Pi4lBUop9t5fS9W5U
         NwaAllhrd-osQGPjIeI1deHTwx-ZTHu3C60Pu_LJIl6hKn9wbwaUmA4c
         R5Bd2pgbaY7ASgsjCUbtYJaNIHSoHXprUdJZKUMAzV0WOKPfA6OPI4oy
         pBadjvMZ4ZAj3BnXaSYsEZhaueTXvZB4eZOAjIyh2e_VOIKVMsnDrJYA
         VotGlvMQ",
     "e": "AQAB",
     "d": "Kn9tgoHfiTVi8uPu5b9TnwyHwG5dK6RE0uFdlpCGnJN7ZEi963R7wy
         bQ1PLAHmpIbNTztfrheoAniRV1NCIqXaW_qS461xiDTp4ntEPnqcKsyO
         5jMAji7-CL8vhpYYowNFvIesgMoVaPRYMYT9TW63hNM0aWs7USZ_hLg6
         Oe1mY0vHTI3FucjSM86Nff4oIENt43r2fspgEPGRrdE6fpLc9Oaq-qeP
         1GFULimrRdndm-P8q8kvN3KHlNAtEgrQAgTTgz80S-3VD0FgWfgnb1PN
         miuPUxO8OpI9KDIfu_acc6fg14nsNaJqXe6RESvhGPH2afjHqSy_Fd2v
         pzj85bQQ",
     "p": "2DwQmZ43FoTnQ8IkUj3BmKRf5Eh2mizZA5xEJ2MinUE3sdTYKSLtaE
         oekX9vbBZuWxHdVhM6UnKCJ_2iNk8Z0ayLYHL0_G21aXf9-unynEpUsH
         7HHTklLpYAzOOx1ZgVljoxAdWNn3hiEFrjZLZGS7lOH-a3QQlDDQoJOJ
         2VFmU",
     "q": "te8LY4-W7IyaqH1ExujjMqkTAlTeRbv0VLQnfLY2xINnrWdwiQ93_V
         F099aP1ESeLja2nw-6iKIe-qT7mtCPozKfVtUYfz5HrJ_XY2kfexJINb
         9lhZHMv5p1skZpeIS-GPHCC6gRlKo1q-idn_qxyusfWv7WAxlSVfQfk8
         d6Et0",
     "dp": "UfYKcL_or492vVc0PzwLSplbg4L3-Z5wL48mwiswbpzOyIgd2xHTH
         QmjJpFAIZ8q-zf9RmgJXkDrFs9rkdxPtAsL1WYdeCT5c125Fkdg317JV
         RDo1inX7x2Kdh8ERCreW8_4zXItuTl_KiXZNU5lvMQjWbIw2eTx1lpsf
         lo0rYU",
     "dq": "iEgcO-QfpepdH8FWd7mUFyrXdnOkXJBCogChY6YKuIHGc_p8Le9Mb
         pFKESzEaLlN1Ehf3B6oGBl5Iz_ayUlZj2IoQZ82znoUrpa9fVYNot87A
         CfzIG7q9Mv7RiPAderZi03tkVXAdaBau_9vs5rS-7HMtxkVrxSUvJY14
         TkXlHE",
     "qi": "kC-lzZOqoFaZCr5l0tOVtREKoVqaAYhQiqIRGL-MzS4sCmRkxm5vZ
         lXYx6RtE1n_AagjqajlkjieGlxTTThHD8Iga6foGBMaAr5uR1hGQpSc7
         Gl7CF1DZkBJMTQN6EshYzZfxW08mIO8M6Rzuh0beL6fG9mkDcIyPrBXx
         2bQ_mM"
   }
        
   {
     "kty": "RSA",
     "kid": "frodo.baggins@hobbiton.example",
     "use": "enc",
     "n": "maxhbsmBtdQ3CNrKvprUE6n9lYcregDMLYNeTAWcLj8NnPU9XIYegT
         HVHQjxKDSHP2l-F5jS7sppG1wgdAqZyhnWvXhYNvcM7RfgKxqNx_xAHx
         6f3yy7s-M9PSNCwPC2lh6UAkR4I00EhV9lrypM9Pi4lBUop9t5fS9W5U
         NwaAllhrd-osQGPjIeI1deHTwx-ZTHu3C60Pu_LJIl6hKn9wbwaUmA4c
         R5Bd2pgbaY7ASgsjCUbtYJaNIHSoHXprUdJZKUMAzV0WOKPfA6OPI4oy
         pBadjvMZ4ZAj3BnXaSYsEZhaueTXvZB4eZOAjIyh2e_VOIKVMsnDrJYA
         VotGlvMQ",
     "e": "AQAB",
     "d": "Kn9tgoHfiTVi8uPu5b9TnwyHwG5dK6RE0uFdlpCGnJN7ZEi963R7wy
         bQ1PLAHmpIbNTztfrheoAniRV1NCIqXaW_qS461xiDTp4ntEPnqcKsyO
         5jMAji7-CL8vhpYYowNFvIesgMoVaPRYMYT9TW63hNM0aWs7USZ_hLg6
         Oe1mY0vHTI3FucjSM86Nff4oIENt43r2fspgEPGRrdE6fpLc9Oaq-qeP
         1GFULimrRdndm-P8q8kvN3KHlNAtEgrQAgTTgz80S-3VD0FgWfgnb1PN
         miuPUxO8OpI9KDIfu_acc6fg14nsNaJqXe6RESvhGPH2afjHqSy_Fd2v
         pzj85bQQ",
     "p": "2DwQmZ43FoTnQ8IkUj3BmKRf5Eh2mizZA5xEJ2MinUE3sdTYKSLtaE
         oekX9vbBZuWxHdVhM6UnKCJ_2iNk8Z0ayLYHL0_G21aXf9-unynEpUsH
         7HHTklLpYAzOOx1ZgVljoxAdWNn3hiEFrjZLZGS7lOH-a3QQlDDQoJOJ
         2VFmU",
     "q": "te8LY4-W7IyaqH1ExujjMqkTAlTeRbv0VLQnfLY2xINnrWdwiQ93_V
         F099aP1ESeLja2nw-6iKIe-qT7mtCPozKfVtUYfz5HrJ_XY2kfexJINb
         9lhZHMv5p1skZpeIS-GPHCC6gRlKo1q-idn_qxyusfWv7WAxlSVfQfk8
         d6Et0",
     "dp": "UfYKcL_or492vVc0PzwLSplbg4L3-Z5wL48mwiswbpzOyIgd2xHTH
         QmjJpFAIZ8q-zf9RmgJXkDrFs9rkdxPtAsL1WYdeCT5c125Fkdg317JV
         RDo1inX7x2Kdh8ERCreW8_4zXItuTl_KiXZNU5lvMQjWbIw2eTx1lpsf
         lo0rYU",
     "dq": "iEgcO-QfpepdH8FWd7mUFyrXdnOkXJBCogChY6YKuIHGc_p8Le9Mb
         pFKESzEaLlN1Ehf3B6oGBl5Iz_ayUlZj2IoQZ82znoUrpa9fVYNot87A
         CfzIG7q9Mv7RiPAderZi03tkVXAdaBau_9vs5rS-7HMtxkVrxSUvJY14
         TkXlHE",
     "qi": "kC-lzZOqoFaZCr5l0tOVtREKoVqaAYhQiqIRGL-MzS4sCmRkxm5vZ
         lXYx6RtE1n_AagjqajlkjieGlxTTThHD8Iga6foGBMaAr5uR1hGQpSc7
         Gl7CF1DZkBJMTQN6EshYzZfxW08mIO8M6Rzuh0beL6fG9mkDcIyPrBXx
         2bQ_mM"
   }
        

Figure 73: RSA 2048-Bit Key, in JWK Format

图73:JWK格式的RSA 2048位密钥

(NOTE: While the key includes the private parameters, only the public parameters "e" and "n" are necessary for the encryption operation.)

(注意:虽然密钥包括私有参数,但加密操作只需要公共参数“e”和“n”。)

5.1.2. Generated Factors
5.1.2. 生成因素

The following are generated before encrypting:

加密前会生成以下内容:

o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 74.

o AES对称密钥作为内容加密密钥(CEK);此示例使用图74中的键。

o Initialization Vector; this example uses the Initialization Vector from Figure 75.

o 初始化向量;此示例使用图75中的初始化向量。

3qyTVhIWt5juqZUCpfRqpvauwB956MEJL2Rt-8qXKSo

3qyTVhIWt5juqZUCpfRqpvauwB956MEJL2Rt-8qXKSo

Figure 74: Content Encryption Key, base64url-encoded

图74:内容加密密钥,base64url编码

bbd5sTkYwhAIqfHsx8DayA

bbd5sTkYwhAIqfHsx8DayA

Figure 75: Initialization Vector, base64url-encoded

图75:初始化向量,base64url编码

5.1.3. Encrypting the Key
5.1.3. 加密密钥

Performing the key encryption operation over the CEK (Figure 74) with the RSA key (Figure 73) results in the following Encrypted Key:

使用RSA密钥(图73)在CEK上执行密钥加密操作(图74)会产生以下加密密钥:

   laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePF
   vG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2G
   Xfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcG
   TSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8Vl
   zNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOh
   MBs9M8XL223Fg47xlGsMXdfuY-4jaqVw
        
   laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePF
   vG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2G
   Xfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcG
   TSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8Vl
   zNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOh
   MBs9M8XL223Fg47xlGsMXdfuY-4jaqVw
        

Figure 76: Encrypted Key, base64url-encoded

图76:加密密钥,base64url编码

5.1.4. Encrypting the Content
5.1.4. 加密内容

The following is generated before encrypting the Plaintext:

在加密明文之前生成以下内容:

o JWE Protected Header; this example uses the header from Figure 77, encoded using base64url [RFC4648] to produce Figure 78.

o JWE保护头;本例使用图77中的标题,使用base64url[RFC4648]编码以生成图78。

   {
     "alg": "RSA1_5",
     "kid": "frodo.baggins@hobbiton.example",
     "enc": "A128CBC-HS256"
   }
        
   {
     "alg": "RSA1_5",
     "kid": "frodo.baggins@hobbiton.example",
     "enc": "A128CBC-HS256"
   }
        

Figure 77: JWE Protected Header JSON

图77:JWE保护的头JSON

   eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm
   V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0
        
   eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm
   V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0
        

Figure 78: JWE Protected Header, base64url-encoded

图78:JWE保护的标头,base64url编码

Performing the content encryption operation on the Plaintext (Figure 72) using the following:

使用以下命令对明文(图72)执行内容加密操作:

o CEK (Figure 74);

o CEK(图74);

o Initialization Vector (Figure 75); and

o 初始化向量(图75);和

o JWE Protected Header (Figure 77) as authenticated data

o JWE将头(图77)保护为经过身份验证的数据

produces the following:

产生以下结果:

o Ciphertext from Figure 79.

o 图79中的密文。

o Authentication Tag from Figure 80.

o 图80中的身份验证标记。

0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_r aa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8O WzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZV yeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0 zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2 O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VW i7lzA6BP430m

10年后,中国政府将在未来10年内发布一个新的数据,一个新的数据,一个新的数据,一个新的数据,一个新的数据,一个新的数据,一个新的数据,一个新的数据,一个新的数据,一个新的数据,一个新的数据,一个新的数据,一个新的数据,一个新的数据,一个新的数据,一个新的数据,一个新的数据,一个新的数据,一个新的数据,一个新的数据,一个新的数据,新的数据,一个新的数据,新的数据,新的数据,新的数据,新的数据,新的数据,新的数据,新的数据,新的数据,新的数据,新的数据,新的数据,新的数据,新的数据,新的数据,新的数据,新的数据,新的数据,新的数据,新的数据,新的数据,新的数据,新的数据,新的数据,NS-ohP78T2O6UINMGHFEX4CTH7VELHGIT93JFWDEQI5V9UN1RHXNRYU-0fVMkZAKX3VW i7lzA6BP430m

Figure 79: Ciphertext, base64url-encoded

图79:密文,base64url编码

kvKuFBXHe5mQr4lqgobAUg

kvKuFBXHe5mQr4lqgobAUg

Figure 80: Authentication Tag, base64url-encoded

图80:身份验证标签,base64url编码

5.1.5. Output Results
5.1.5. 输出结果

The following compose the resulting JWE object:

以下内容构成了生成的JWE对象:

o JWE Protected Header (Figure 78)

o JWE受保护的标头(图78)

o Encrypted Key (Figure 76)

o 加密密钥(图76)

o Initialization Vector (Figure 75)

o 初始化向量(图75)

o Ciphertext (Figure 79)

o 密文(图79)

o Authentication Tag (Figure 80)

o 身份验证标签(图80)

The resulting JWE object using the JWE Compact Serialization:

使用JWE压缩序列化生成的JWE对象:

   eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm
   V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0
   .
   laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePF
   vG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2G
   Xfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcG
   TSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8Vl
   zNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOh
   MBs9M8XL223Fg47xlGsMXdfuY-4jaqVw
   .
   bbd5sTkYwhAIqfHsx8DayA
   .
   0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_r
   aa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8O
   WzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZV
   yeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0
   zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2
   O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VW
   i7lzA6BP430m
   .
   kvKuFBXHe5mQr4lqgobAUg
        
   eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm
   V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0
   .
   laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePF
   vG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2G
   Xfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcG
   TSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8Vl
   zNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOh
   MBs9M8XL223Fg47xlGsMXdfuY-4jaqVw
   .
   bbd5sTkYwhAIqfHsx8DayA
   .
   0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_r
   aa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8O
   WzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZV
   yeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0
   zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2
   O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VW
   i7lzA6BP430m
   .
   kvKuFBXHe5mQr4lqgobAUg
        

Figure 81: JWE Compact Serialization

图81:JWE压缩序列化

The resulting JWE object using the general JWE JSON Serialization:

使用通用JWE JSON序列化生成的JWE对象:

   {
     "recipients": [
       {
         "encrypted_key": "laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzf
             TihJBuuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai_
             _3TDON395H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WX
             C2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt
             36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8
             VlzNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx
             1BpyIfgvfjOhMBs9M8XL223Fg47xlGsMXdfuY-4jaqVw"
       }
     ],
     "protected": "eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW
         5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In
         0",
     "iv": "bbd5sTkYwhAIqfHsx8DayA",
     "ciphertext": "0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62
         JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wn
         I3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc
         2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtm
         RdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0y
         KVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4c
         tHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP4
         30m",
     "tag": "kvKuFBXHe5mQr4lqgobAUg"
   }
        
   {
     "recipients": [
       {
         "encrypted_key": "laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzf
             TihJBuuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai_
             _3TDON395H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WX
             C2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt
             36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8
             VlzNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx
             1BpyIfgvfjOhMBs9M8XL223Fg47xlGsMXdfuY-4jaqVw"
       }
     ],
     "protected": "eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW
         5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In
         0",
     "iv": "bbd5sTkYwhAIqfHsx8DayA",
     "ciphertext": "0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62
         JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wn
         I3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc
         2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtm
         RdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0y
         KVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4c
         tHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP4
         30m",
     "tag": "kvKuFBXHe5mQr4lqgobAUg"
   }
        

Figure 82: General JWE JSON Serialization

图82:通用JWE JSON序列化

The resulting JWE object using the flattened JWE JSON Serialization:

使用平坦JWE JSON序列化生成的JWE对象:

   {
     "protected": "eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW
         5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In
         0",
     "encrypted_key": "laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJ
         Buuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai__3TDON39
         5H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WXC2F5Xbb71ClQ
         1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt36r1Kt3OSj7EyBQX
         oZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8VlzNmoxaGMny3YnGir5W
         f6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOhMBs9M8XL223F
         g47xlGsMXdfuY-4jaqVw",
     "iv": "bbd5sTkYwhAIqfHsx8DayA",
     "ciphertext": "0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62
         JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wn
         I3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc
         2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtm
         RdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0y
         KVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4c
         tHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP4
         30m",
     "tag": "kvKuFBXHe5mQr4lqgobAUg"
   }
        
   {
     "protected": "eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW
         5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In
         0",
     "encrypted_key": "laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJ
         Buuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai__3TDON39
         5H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WXC2F5Xbb71ClQ
         1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt36r1Kt3OSj7EyBQX
         oZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8VlzNmoxaGMny3YnGir5W
         f6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOhMBs9M8XL223F
         g47xlGsMXdfuY-4jaqVw",
     "iv": "bbd5sTkYwhAIqfHsx8DayA",
     "ciphertext": "0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62
         JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wn
         I3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc
         2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtm
         RdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0y
         KVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4c
         tHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP4
         30m",
     "tag": "kvKuFBXHe5mQr4lqgobAUg"
   }
        

Figure 83: Flattened JWE JSON Serialization

图83:扁平化JWE JSON序列化

5.2. Key Encryption Using RSA-OAEP with AES-GCM
5.2. 使用RSA-OAEP和AES-GCM进行密钥加密

This example illustrates encrypting content using the "RSA-OAEP" (RSAES-OAEP) key encryption algorithm and the "A256GCM" (AES-GCM) content encryption algorithm.

此示例演示了使用“RSA-OAEP”(RSAES-OAEP)密钥加密算法和“A256GCM”(AES-GCM)内容加密算法加密内容。

Note that RSAES-OAEP uses random data to generate the ciphertext; it might not be possible to exactly replicate the results in this section.

注意,RSAES-OAEP使用随机数据生成密文;可能无法准确复制本节中的结果。

Note that only the RSA public key is necessary to perform the encryption. However, the example includes the RSA private key to allow readers to validate the output.

请注意,执行加密只需要RSA公钥。但是,该示例包含RSA私钥,以允许读卡器验证输出。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

5.2.1. Input Factors
5.2.1. 输入因素

The following are supplied before beginning the encryption process:

在开始加密过程之前,将提供以下信息:

o Plaintext content; this example uses the Plaintext from Figure 72.

o 明文内容;此示例使用图72中的纯文本。

o RSA public key; this example uses the key from Figure 84.

o RSA公钥;此示例使用图84中的键。

o "alg" parameter of "RSA-OAEP".

o “RSA-OAEP”的“alg”参数。

o "enc" parameter of "A256GCM".

o “A256GCM”的“enc”参数。

   {
     "kty": "RSA",
     "kid": "samwise.gamgee@hobbiton.example",
     "use": "enc",
     "n": "wbdxI55VaanZXPY29Lg5hdmv2XhvqAhoxUkanfzf2-5zVUxa6prHRr
         I4pP1AhoqJRlZfYtWWd5mmHRG2pAHIlh0ySJ9wi0BioZBl1XP2e-C-Fy
         XJGcTy0HdKQWlrfhTm42EW7Vv04r4gfao6uxjLGwfpGrZLarohiWCPnk
         Nrg71S2CuNZSQBIPGjXfkmIy2tl_VWgGnL22GplyXj5YlBLdxXp3XeSt
         sqo571utNfoUTU8E4qdzJ3U1DItoVkPGsMwlmmnJiwA7sXRItBCivR4M
         5qnZtdw-7v4WuR4779ubDuJ5nalMv2S66-RPcnFAzWSKxtBDnFJJDGIU
         e7Tzizjg1nms0Xq_yPub_UOlWn0ec85FCft1hACpWG8schrOBeNqHBOD
         FskYpUc2LC5JA2TaPF2dA67dg1TTsC_FupfQ2kNGcE1LgprxKHcVWYQb
         86B-HozjHZcqtauBzFNV5tbTuB-TpkcvJfNcFLlH3b8mb-H_ox35FjqB
         SAjLKyoeqfKTpVjvXhd09knwgJf6VKq6UC418_TOljMVfFTWXUxlnfhO
         OnzW6HSSzD1c9WrCuVzsUMv54szidQ9wf1cYWf3g5qFDxDQKis99gcDa
         iCAwM3yEBIzuNeeCa5dartHDb1xEB_HcHSeYbghbMjGfasvKn0aZRsnT
         yC0xhWBlsolZE",
     "e": "AQAB",
     "alg": "RSA-OAEP",
     "d": "n7fzJc3_WG59VEOBTkayzuSMM780OJQuZjN_KbH8lOZG25ZoA7T4Bx
         cc0xQn5oZE5uSCIwg91oCt0JvxPcpmqzaJZg1nirjcWZ-oBtVk7gCAWq
         -B3qhfF3izlbkosrzjHajIcY33HBhsy4_WerrXg4MDNE4HYojy68TcxT
         2LYQRxUOCf5TtJXvM8olexlSGtVnQnDRutxEUCwiewfmmrfveEogLx9E
         A-KMgAjTiISXxqIXQhWUQX1G7v_mV_Hr2YuImYcNcHkRvp9E7ook0876
         DhkO8v4UOZLwA1OlUX98mkoqwc58A_Y2lBYbVx1_s5lpPsEqbbH-nqIj
         h1fL0gdNfihLxnclWtW7pCztLnImZAyeCWAG7ZIfv-Rn9fLIv9jZ6r7r
         -MSH9sqbuziHN2grGjD_jfRluMHa0l84fFKl6bcqN1JWxPVhzNZo01yD
         F-1LiQnqUYSepPf6X3a2SOdkqBRiquE6EvLuSYIDpJq3jDIsgoL8Mo1L
         oomgiJxUwL_GWEOGu28gplyzm-9Q0U0nyhEf1uhSR8aJAQWAiFImWH5W
         _IQT9I7-yrindr_2fWQ_i1UgMsGzA7aOGzZfPljRy6z-tY_KuBG00-28
         S_aWvjyUc-Alp8AUyKjBZ-7CWH32fGWK48j1t-zomrwjL_mnhsPbGs0c
         9WsWgRzI-K8gE",
     "p": "7_2v3OQZzlPFcHyYfLABQ3XP85Es4hCdwCkbDeltaUXgVy9l9etKgh
         vM4hRkOvbb01kYVuLFmxIkCDtpi-zLCYAdXKrAK3PtSbtzld_XZ9nlsY
         a_QZWpXB_IrtFjVfdKUdMz94pHUhFGFj7nr6NNxfpiHSHWFE1zD_AC3m
         Y46J961Y2LRnreVwAGNw53p07Db8yD_92pDa97vqcZOdgtybH9q6uma-
        
   {
     "kty": "RSA",
     "kid": "samwise.gamgee@hobbiton.example",
     "use": "enc",
     "n": "wbdxI55VaanZXPY29Lg5hdmv2XhvqAhoxUkanfzf2-5zVUxa6prHRr
         I4pP1AhoqJRlZfYtWWd5mmHRG2pAHIlh0ySJ9wi0BioZBl1XP2e-C-Fy
         XJGcTy0HdKQWlrfhTm42EW7Vv04r4gfao6uxjLGwfpGrZLarohiWCPnk
         Nrg71S2CuNZSQBIPGjXfkmIy2tl_VWgGnL22GplyXj5YlBLdxXp3XeSt
         sqo571utNfoUTU8E4qdzJ3U1DItoVkPGsMwlmmnJiwA7sXRItBCivR4M
         5qnZtdw-7v4WuR4779ubDuJ5nalMv2S66-RPcnFAzWSKxtBDnFJJDGIU
         e7Tzizjg1nms0Xq_yPub_UOlWn0ec85FCft1hACpWG8schrOBeNqHBOD
         FskYpUc2LC5JA2TaPF2dA67dg1TTsC_FupfQ2kNGcE1LgprxKHcVWYQb
         86B-HozjHZcqtauBzFNV5tbTuB-TpkcvJfNcFLlH3b8mb-H_ox35FjqB
         SAjLKyoeqfKTpVjvXhd09knwgJf6VKq6UC418_TOljMVfFTWXUxlnfhO
         OnzW6HSSzD1c9WrCuVzsUMv54szidQ9wf1cYWf3g5qFDxDQKis99gcDa
         iCAwM3yEBIzuNeeCa5dartHDb1xEB_HcHSeYbghbMjGfasvKn0aZRsnT
         yC0xhWBlsolZE",
     "e": "AQAB",
     "alg": "RSA-OAEP",
     "d": "n7fzJc3_WG59VEOBTkayzuSMM780OJQuZjN_KbH8lOZG25ZoA7T4Bx
         cc0xQn5oZE5uSCIwg91oCt0JvxPcpmqzaJZg1nirjcWZ-oBtVk7gCAWq
         -B3qhfF3izlbkosrzjHajIcY33HBhsy4_WerrXg4MDNE4HYojy68TcxT
         2LYQRxUOCf5TtJXvM8olexlSGtVnQnDRutxEUCwiewfmmrfveEogLx9E
         A-KMgAjTiISXxqIXQhWUQX1G7v_mV_Hr2YuImYcNcHkRvp9E7ook0876
         DhkO8v4UOZLwA1OlUX98mkoqwc58A_Y2lBYbVx1_s5lpPsEqbbH-nqIj
         h1fL0gdNfihLxnclWtW7pCztLnImZAyeCWAG7ZIfv-Rn9fLIv9jZ6r7r
         -MSH9sqbuziHN2grGjD_jfRluMHa0l84fFKl6bcqN1JWxPVhzNZo01yD
         F-1LiQnqUYSepPf6X3a2SOdkqBRiquE6EvLuSYIDpJq3jDIsgoL8Mo1L
         oomgiJxUwL_GWEOGu28gplyzm-9Q0U0nyhEf1uhSR8aJAQWAiFImWH5W
         _IQT9I7-yrindr_2fWQ_i1UgMsGzA7aOGzZfPljRy6z-tY_KuBG00-28
         S_aWvjyUc-Alp8AUyKjBZ-7CWH32fGWK48j1t-zomrwjL_mnhsPbGs0c
         9WsWgRzI-K8gE",
     "p": "7_2v3OQZzlPFcHyYfLABQ3XP85Es4hCdwCkbDeltaUXgVy9l9etKgh
         vM4hRkOvbb01kYVuLFmxIkCDtpi-zLCYAdXKrAK3PtSbtzld_XZ9nlsY
         a_QZWpXB_IrtFjVfdKUdMz94pHUhFGFj7nr6NNxfpiHSHWFE1zD_AC3m
         Y46J961Y2LRnreVwAGNw53p07Db8yD_92pDa97vqcZOdgtybH9q6uma-
        
         RFNhO1AoiJhYZj69hjmMRXx-x56HO9cnXNbmzNSCFCKnQmn4GQLmRj9s
         fbZRqL94bbtE4_e0Zrpo8RNo8vxRLqQNwIy85fc6BRgBJomt8QdQvIgP
         gWCv5HoQ",
     "q": "zqOHk1P6WN_rHuM7ZF1cXH0x6RuOHq67WuHiSknqQeefGBA9PWs6Zy
         KQCO-O6mKXtcgE8_Q_hA2kMRcKOcvHil1hqMCNSXlflM7WPRPZu2qCDc
         qssd_uMbP-DqYthH_EzwL9KnYoH7JQFxxmcv5An8oXUtTwk4knKjkIYG
         RuUwfQTus0w1NfjFAyxOOiAQ37ussIcE6C6ZSsM3n41UlbJ7TCqewzVJ
         aPJN5cxjySPZPD3Vp01a9YgAD6a3IIaKJdIxJS1ImnfPevSJQBE79-EX
         e2kSwVgOzvt-gsmM29QQ8veHy4uAqca5dZzMs7hkkHtw1z0jHV90epQJ
         JlXXnH8Q",
     "dp": "19oDkBh1AXelMIxQFm2zZTqUhAzCIr4xNIGEPNoDt1jK83_FJA-xn
         x5kA7-1erdHdms_Ef67HsONNv5A60JaR7w8LHnDiBGnjdaUmmuO8XAxQ
         J_ia5mxjxNjS6E2yD44USo2JmHvzeeNczq25elqbTPLhUpGo1IZuG72F
         ZQ5gTjXoTXC2-xtCDEUZfaUNh4IeAipfLugbpe0JAFlFfrTDAMUFpC3i
         XjxqzbEanflwPvj6V9iDSgjj8SozSM0dLtxvu0LIeIQAeEgT_yXcrKGm
         pKdSO08kLBx8VUjkbv_3Pn20Gyu2YEuwpFlM_H1NikuxJNKFGmnAq9Lc
         nwwT0jvoQ",
     "dq": "S6p59KrlmzGzaQYQM3o0XfHCGvfqHLYjCO557HYQf72O9kLMCfd_1
         VBEqeD-1jjwELKDjck8kOBl5UvohK1oDfSP1DleAy-cnmL29DqWmhgwM
         1ip0CCNmkmsmDSlqkUXDi6sAaZuntyukyflI-qSQ3C_BafPyFaKrt1fg
         dyEwYa08pESKwwWisy7KnmoUvaJ3SaHmohFS78TJ25cfc10wZ9hQNOrI
         ChZlkiOdFCtxDqdmCqNacnhgE3bZQjGp3n83ODSz9zwJcSUvODlXBPc2
         AycH6Ci5yjbxt4Ppox_5pjm6xnQkiPgj01GpsUssMmBN7iHVsrE7N2iz
         nBNCeOUIQ",
     "qi": "FZhClBMywVVjnuUud-05qd5CYU0dK79akAgy9oX6RX6I3IIIPckCc
         iRrokxglZn-omAY5CnCe4KdrnjFOT5YUZE7G_Pg44XgCXaarLQf4hl80
         oPEf6-jJ5Iy6wPRx7G2e8qLxnh9cOdf-kRqgOS3F48Ucvw3ma5V6KGMw
         QqWFeV31XtZ8l5cVI-I3NzBS7qltpUVgz2Ju021eyc7IlqgzR98qKONl
         27DuEES0aK0WE97jnsyO27Yp88Wa2RiBrEocM89QZI1seJiGDizHRUP4
         UZxw9zsXww46wy0P6f9grnYp7t8LkyDDk8eoI4KX6SNMNVcyVS9IWjlq
         8EzqZEKIA"
   }
        
         RFNhO1AoiJhYZj69hjmMRXx-x56HO9cnXNbmzNSCFCKnQmn4GQLmRj9s
         fbZRqL94bbtE4_e0Zrpo8RNo8vxRLqQNwIy85fc6BRgBJomt8QdQvIgP
         gWCv5HoQ",
     "q": "zqOHk1P6WN_rHuM7ZF1cXH0x6RuOHq67WuHiSknqQeefGBA9PWs6Zy
         KQCO-O6mKXtcgE8_Q_hA2kMRcKOcvHil1hqMCNSXlflM7WPRPZu2qCDc
         qssd_uMbP-DqYthH_EzwL9KnYoH7JQFxxmcv5An8oXUtTwk4knKjkIYG
         RuUwfQTus0w1NfjFAyxOOiAQ37ussIcE6C6ZSsM3n41UlbJ7TCqewzVJ
         aPJN5cxjySPZPD3Vp01a9YgAD6a3IIaKJdIxJS1ImnfPevSJQBE79-EX
         e2kSwVgOzvt-gsmM29QQ8veHy4uAqca5dZzMs7hkkHtw1z0jHV90epQJ
         JlXXnH8Q",
     "dp": "19oDkBh1AXelMIxQFm2zZTqUhAzCIr4xNIGEPNoDt1jK83_FJA-xn
         x5kA7-1erdHdms_Ef67HsONNv5A60JaR7w8LHnDiBGnjdaUmmuO8XAxQ
         J_ia5mxjxNjS6E2yD44USo2JmHvzeeNczq25elqbTPLhUpGo1IZuG72F
         ZQ5gTjXoTXC2-xtCDEUZfaUNh4IeAipfLugbpe0JAFlFfrTDAMUFpC3i
         XjxqzbEanflwPvj6V9iDSgjj8SozSM0dLtxvu0LIeIQAeEgT_yXcrKGm
         pKdSO08kLBx8VUjkbv_3Pn20Gyu2YEuwpFlM_H1NikuxJNKFGmnAq9Lc
         nwwT0jvoQ",
     "dq": "S6p59KrlmzGzaQYQM3o0XfHCGvfqHLYjCO557HYQf72O9kLMCfd_1
         VBEqeD-1jjwELKDjck8kOBl5UvohK1oDfSP1DleAy-cnmL29DqWmhgwM
         1ip0CCNmkmsmDSlqkUXDi6sAaZuntyukyflI-qSQ3C_BafPyFaKrt1fg
         dyEwYa08pESKwwWisy7KnmoUvaJ3SaHmohFS78TJ25cfc10wZ9hQNOrI
         ChZlkiOdFCtxDqdmCqNacnhgE3bZQjGp3n83ODSz9zwJcSUvODlXBPc2
         AycH6Ci5yjbxt4Ppox_5pjm6xnQkiPgj01GpsUssMmBN7iHVsrE7N2iz
         nBNCeOUIQ",
     "qi": "FZhClBMywVVjnuUud-05qd5CYU0dK79akAgy9oX6RX6I3IIIPckCc
         iRrokxglZn-omAY5CnCe4KdrnjFOT5YUZE7G_Pg44XgCXaarLQf4hl80
         oPEf6-jJ5Iy6wPRx7G2e8qLxnh9cOdf-kRqgOS3F48Ucvw3ma5V6KGMw
         QqWFeV31XtZ8l5cVI-I3NzBS7qltpUVgz2Ju021eyc7IlqgzR98qKONl
         27DuEES0aK0WE97jnsyO27Yp88Wa2RiBrEocM89QZI1seJiGDizHRUP4
         UZxw9zsXww46wy0P6f9grnYp7t8LkyDDk8eoI4KX6SNMNVcyVS9IWjlq
         8EzqZEKIA"
   }
        

Figure 84: RSA 4096-Bit Key

图84:RSA 4096位密钥

(NOTE: While the key includes the private parameters, only the public parameters "e" and "n" are necessary for the encryption operation.)

(注意:虽然密钥包括私有参数,但加密操作只需要公共参数“e”和“n”。)

5.2.2. Generated Factors
5.2.2. 生成因素

The following are generated before encrypting:

加密前会生成以下内容:

o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 85.

o AES对称密钥作为内容加密密钥(CEK);此示例使用图85中的键。

o Initialization Vector; this example uses the Initialization Vector from Figure 86.

o 初始化向量;此示例使用图86中的初始化向量。

   mYMfsggkTAm0TbvtlFh2hyoXnbEzJQjMxmgLN3d8xXA
        
   mYMfsggkTAm0TbvtlFh2hyoXnbEzJQjMxmgLN3d8xXA
        

Figure 85: Content Encryption Key, base64url-encoded

图85:内容加密密钥,base64url编码

-nBoKLH0YkLZPSI9

-nBoKLH0YkLZPSI9

Figure 86: Initialization Vector, base64url-encoded

图86:初始化向量,base64url编码

5.2.3. Encrypting the Key
5.2.3. 加密密钥

Performing the key encryption operation over the CEK (Figure 85) with the RSA key (Figure 84) produces the following Encrypted Key:

使用RSA密钥(图84)在CEK上执行密钥加密操作(图85)会生成以下加密密钥:

rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQi beYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyu cvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58 -Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8Bpx KdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pK IIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7 pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe3 8UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU 06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5 Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDR s

rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQi beYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyu cvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58 -Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8Bpx KdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pK IIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7 pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe3 8UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU 06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5 Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDR stranslate error, please retry

Figure 87: Encrypted Key, base64url-encoded

图87:加密密钥,base64url编码

5.2.4. Encrypting the Content
5.2.4. 加密内容

The following is generated before encrypting the Plaintext:

在加密明文之前生成以下内容:

o JWE Protected Header; this example uses the header from Figure 88, encoded using base64url [RFC4648] to produce Figure 89.

o JWE保护头;本例使用图88中的标题,使用base64url[RFC4648]编码以生成图89。

   {
     "alg": "RSA-OAEP",
     "kid": "samwise.gamgee@hobbiton.example",
     "enc": "A256GCM"
   }
        
   {
     "alg": "RSA-OAEP",
     "kid": "samwise.gamgee@hobbiton.example",
     "enc": "A256GCM"
   }
        

Figure 88: JWE Protected Header JSON

图88:JWE保护的头JSON

   eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG
   9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0
        
   eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG
   9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0
        

Figure 89: JWE Protected Header, base64url-encoded

图89:JWE保护的标头,base64url编码

Performing the content encryption operation over the Plaintext (Figure 72) with the following:

使用以下命令在明文上执行内容加密操作(图72):

o CEK (Figure 85);

o CEK(图85);

o Initialization Vector (Figure 86); and

o 初始化向量(图86);和

o JWE Protected Header (Figure 89) as authenticated data

o JWE将头(图89)保护为经过身份验证的数据

produces the following:

产生以下结果:

o Ciphertext from Figure 90.

o 图90中的密文。

o Authentication Tag from Figure 91.

o 图91中的身份验证标记。

   o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgR
   L-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEw
   P7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8
   iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML
   7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSV
   maPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw
        
   o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgR
   L-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEw
   P7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8
   iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML
   7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSV
   maPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw
        

Figure 90: Ciphertext, base64url-encoded

图90:密文,base64url编码

UCGiqJxhBI3IFVdPalHHvA

UCGiqJxhBI3IFVdPalHHvA

Figure 91: Authentication Tag, base64url-encoded

图91:身份验证标签,base64url编码

5.2.5. Output Results
5.2.5. 输出结果

The following compose the resulting JWE object:

以下内容构成了生成的JWE对象:

o JWE Protected Header (Figure 89)

o JWE受保护的标头(图89)

o Encrypted Key (Figure 87)

o 加密密钥(图87)

o Initialization Vector (Figure 86)

o 初始化向量(图86)

o Ciphertext (Figure 90)

o 密文(图90)

o Authentication Tag (Figure 91)

o 身份验证标签(图91)

The resulting JWE object using the JWE Compact Serialization:

使用JWE压缩序列化生成的JWE对象:

eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG 9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0 . rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQi beYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyu cvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58 -Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8Bpx KdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pK IIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7 pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe3 8UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU 06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5 Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDR s . -nBoKLH0YkLZPSI9 . o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgR L-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEw P7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8 iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML 7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSV maPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw . UCGiqJxhBI3IFVdPalHHvA

EYJHBGCIOIJUSU0ETT0FFUCISIMTPZCI6INHbxDPC2UUZ2FTZ2VLQGHVYMJPDG 9ULMV4YW1WBGuillCJLBMMIJBMJU2R0NNIN0。RT99RWRBTBTI7IJM8FU3ELI7226HEB7ICXNUH7LCIUD48LXeolRDTFF4NZQI beYOl5S PJSAXWSXTDEPZ9HK-BBTSTBQC2USPODWJC9NHNUPNU9UHIVFTDYU CVI6HvalenV4ZX2K7O1D89MAZFWW-KTKOURPDU-CPBENF1Q58-AAD3FZMUO3FN9FN9FN9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9N9IIFUX5BC6HUIVMY7KZV7W7AIURPYU 3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7 PZFPYDSZYS0CFKKMKMZZZKKMZKKMZKKKMZZKKKKMZKKMZZKKKKMZKKKMZKKKMZKKKMZKKKKKMZKKKKKKMZKKKKKKKKMZKKKKKKKMZZKKKKKKKKKMZZKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKMZZZZZZZZZZZZZKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKJX9PABPNMOOKH35Jqlrqhdwun6A2GG8IFAYJ69XDEDHAVCGRZN3WOEI2OZDRS-nBoKLH0YkLZPSI9。O4K2NGN8RSSW3IDO1YUYSKQE6UJJQYGR L-I-SOPLWQMUF4UGRWW0GNW6VGW-XYM01LTYXRXFVZIarDHYTEMRBVBWBW P7UA1RFVAOJGZV6IFA3BRCAM64D8P5LHNCIZPERSUH5F-pGYzseva-TUaL8 iWnctc-SSWY7SQMRJW0FZZKF6KF6KF6KF6KF7B7L7KF7KF7B7LKF7LK7KF7LK7KF7LKZ7KF7LK7Z7K7K7K7KF7LKF7LKF7Z7Z7K7Z7K7Z7KF7LKF7Z7Z7Z7K7K7K7K7K7K7MAPPOSLY2N525DXDFWAVFUFKQXMF56VN4B9QMPWABNEYPNIMBM8ZVOW。UCGiqJxhBI3IFVdPalHHvA

Figure 92: JWE Compact Serialization

图92:JWE压缩序列化

The resulting JWE object using the general JWE JSON Serialization:

使用通用JWE JSON序列化生成的JWE对象:

   {
     "recipients": [
       {
         "encrypted_key": "rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNu
             h7lCiud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-Bb
             tsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4
             v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzM
             uo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8B
             pxKdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1
             asnuHtVMt2pKIIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq
             5pGqFmW2k8zpO878TRlZx7pZfPYDSXZyS0CfKKkMozT_qiCwZTSz
             4duYnt8hS4Z9sGthXn9uDqd6wycMagnQfOTs_lycTWmY-aqWVDKh
             jYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe38UjQb0lvXn
             1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU
             06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8a
             KaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xD
             EdHAVCGRzN3woEI2ozDRs"
       }
     ],
     "protected": "eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2
         FtZ2VlQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0",
     "iv": "-nBoKLH0YkLZPSI9",
     "ciphertext": "o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6
         UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYx
         rXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lh
         hNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz
         6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7a
         CflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525Dx
         DfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw",
     "tag": "UCGiqJxhBI3IFVdPalHHvA"
   }
        
   {
     "recipients": [
       {
         "encrypted_key": "rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNu
             h7lCiud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-Bb
             tsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4
             v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzM
             uo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8B
             pxKdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1
             asnuHtVMt2pKIIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq
             5pGqFmW2k8zpO878TRlZx7pZfPYDSXZyS0CfKKkMozT_qiCwZTSz
             4duYnt8hS4Z9sGthXn9uDqd6wycMagnQfOTs_lycTWmY-aqWVDKh
             jYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe38UjQb0lvXn
             1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU
             06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8a
             KaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xD
             EdHAVCGRzN3woEI2ozDRs"
       }
     ],
     "protected": "eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2
         FtZ2VlQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0",
     "iv": "-nBoKLH0YkLZPSI9",
     "ciphertext": "o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6
         UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYx
         rXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lh
         hNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz
         6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7a
         CflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525Dx
         DfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw",
     "tag": "UCGiqJxhBI3IFVdPalHHvA"
   }
        

Figure 93: General JWE JSON Serialization

图93:通用JWEJSON序列化

The resulting JWE object using the flattened JWE JSON Serialization:

使用平坦JWE JSON序列化生成的JWE对象:

   {
     "protected": "eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2
         FtZ2VlQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0",
     "encrypted_key": "rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lC
         iud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2U
         sPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4v1zx2k7O1D89
         mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzMuo3Fn9buEP2yXakL
         XYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8BpxKdUV9ScfJQTcYm6eJE
         Bz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pKIIfux5BC6huI
         vmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7pZfPYD
         SXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ
         fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO
         2AWBe38UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G
         7S2rscw5lQQU06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDP
         Tr6Cbo8aKaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ
         69xDEdHAVCGRzN3woEI2ozDRs",
     "iv": "-nBoKLH0YkLZPSI9",
     "ciphertext": "o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6
         UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYx
         rXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lh
         hNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz
         6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7a
         CflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525Dx
         DfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw",
     "tag": "UCGiqJxhBI3IFVdPalHHvA"
   }
        
   {
     "protected": "eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2
         FtZ2VlQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0",
     "encrypted_key": "rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lC
         iud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2U
         sPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4v1zx2k7O1D89
         mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzMuo3Fn9buEP2yXakL
         XYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8BpxKdUV9ScfJQTcYm6eJE
         Bz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pKIIfux5BC6huI
         vmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7pZfPYD
         SXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ
         fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO
         2AWBe38UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G
         7S2rscw5lQQU06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDP
         Tr6Cbo8aKaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ
         69xDEdHAVCGRzN3woEI2ozDRs",
     "iv": "-nBoKLH0YkLZPSI9",
     "ciphertext": "o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6
         UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYx
         rXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lh
         hNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz
         6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7a
         CflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525Dx
         DfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw",
     "tag": "UCGiqJxhBI3IFVdPalHHvA"
   }
        

Figure 94: Flattened JWE JSON Serialization

图94:扁平化JWE JSON序列化

5.3. Key Wrap Using PBES2-AES-KeyWrap with AES-CBC-HMAC-SHA2
5.3. 密钥封装使用PBES2 AES密钥封装和AES-CBC-HMAC-SHA2

The example illustrates encrypting content using the "PBES2-HS512+A256KW" (PBES2 Password-based Encryption using HMAC-SHA-512 and AES-256-KeyWrap) key encryption algorithm with the "A128CBC-HS256" (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.

该示例说明了使用“PBES2-HS512+A256KW”(使用HMAC-SHA-512和AES-256-KeyWrap的PBES2基于密码的加密)密钥加密算法和“A128CBC-HS256”(AES-128-CBC-HMAC-SHA-256)内容加密算法对内容进行加密。

A common use of password-based encryption is the import/export of keys. Therefore, this example uses a JWK Set for the Plaintext content instead of the Plaintext from Figure 72.

基于密码的加密的一个常见用途是密钥的导入/导出。因此,本例对纯文本内容使用JWK集,而不是图72中的纯文本。

Note that if password-based encryption is used for multiple recipients, it is expected that each recipient use different values for the PBES2 parameters "p2s" and "p2c".

请注意,如果对多个收件人使用基于密码的加密,则预期每个收件人对PBES2参数“p2s”和“p2c”使用不同的值。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

5.3.1. Input Factors
5.3.1. 输入因素

The following are supplied before beginning the encryption process:

在开始加密过程之前,将提供以下信息:

o Plaintext content; this example uses the Plaintext from Figure 95 (NOTE: All whitespace was added for readability).

o 明文内容;此示例使用图95中的纯文本(注意:为了可读性,添加了所有空白)。

o Password; this example uses the password from Figure 96 -- with the sequence "\xe2\x80\x93" replaced with (U+2013 EN DASH).

o 暗语本例使用图96中的密码——序列“\xe2\x80\x93”替换为(U+2013 EN-DASH)。

o "alg" parameter of "PBES2-HS512+A256KW".

o “PBES2-HS512+A256KW”的“alg”参数。

o "enc" parameter of "A128CBC-HS256".

o “A128CBC-HS256”的“enc”参数。

   {
     "keys": [
       {
         "kty": "oct",
         "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
         "use": "enc",
         "alg": "A128GCM",
         "k": "XctOhJAkA-pD9Lh7ZgW_2A"
       },
       {
         "kty": "oct",
         "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
         "use": "enc",
         "alg": "A128KW",
         "k": "GZy6sIZ6wl9NJOKB-jnmVQ"
       },
       {
         "kty": "oct",
         "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
         "use": "enc",
         "alg": "A256GCMKW",
         "k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8"
       }
     ]
   }
        
   {
     "keys": [
       {
         "kty": "oct",
         "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
         "use": "enc",
         "alg": "A128GCM",
         "k": "XctOhJAkA-pD9Lh7ZgW_2A"
       },
       {
         "kty": "oct",
         "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
         "use": "enc",
         "alg": "A128KW",
         "k": "GZy6sIZ6wl9NJOKB-jnmVQ"
       },
       {
         "kty": "oct",
         "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
         "use": "enc",
         "alg": "A256GCMKW",
         "k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8"
       }
     ]
   }
        

Figure 95: Plaintext Content

图95:纯文本内容

entrap_o\xe2\x80\x93peter_long\xe2\x80\x93credit_tun

诱捕\xe2\x80\x93peter\u long\xe2\x80\x93credit\u tun

Figure 96: Password

图96:密码

5.3.2. Generated Factors
5.3.2. 生成因素

The following are generated before encrypting:

加密前会生成以下内容:

o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 97.

o AES对称密钥作为内容加密密钥(CEK);此示例使用图97中的键。

o Initialization Vector; this example uses the Initialization Vector from Figure 98.

o 初始化向量;此示例使用图98中的初始化向量。

uwsjJXaBK407Qaf0_zpcpmr1Cs0CC50hIUEyGNEt3m0

UWSJXABK407QAF0ZPCPMR1CS0CC50HIUEYGNET3M0

Figure 97: Content Encryption Key, base64url-encoded

图97:内容加密密钥,base64url编码

VBiCzVHNoLiR3F4V82uoTQ

VBiCzVHNoLiR3F4V82uoTQ

Figure 98: Initialization Vector, base64url-encoded

图98:初始化向量,base64url编码

5.3.3. Encrypting the Key
5.3.3. 加密密钥

The following are generated before encrypting the CEK:

加密CEK之前会生成以下内容:

o Salt input; this example uses the salt input from Figure 99.

o 盐输入;此示例使用图99中的salt输入。

o Iteration count; this example uses the iteration count 8192.

o 迭代次数;本例使用迭代计数8192。

8Q1SzinasR3xchYz6ZZcHA

8Q1SzinasR3xchYz6ZZcHA

Figure 99: Salt Input, base64url-encoded

图99:Salt输入,base64url编码

Performing the key encryption operation over the CEK (Figure 97) with the following:

在CEK上执行密钥加密操作(图97),方法如下:

o Password (Figure 96);

o 密码(图96);

o Salt input (Figure 99), encoded as an octet string; and

o Salt输入(图99),编码为八位字节字符串;和

o Iteration count (8192)

o 迭代计数(8192)

produces the following Encrypted Key:

生成以下加密密钥:

   d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g
        
   d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g
        

Figure 100: Encrypted Key, base64url-encoded

图100:加密密钥,base64url编码

5.3.4. Encrypting the Content
5.3.4. 加密内容

The following is generated before encrypting the content:

加密内容之前会生成以下内容:

o JWE Protected Header; this example uses the header from Figure 101, encoded using base64url [RFC4648] to produce Figure 102.

o JWE保护头;本例使用图101中的标题,使用base64url[RFC4648]编码以生成图102。

   {
     "alg": "PBES2-HS512+A256KW",
     "p2s": "8Q1SzinasR3xchYz6ZZcHA",
     "p2c": 8192,
     "cty": "jwk-set+json",
     "enc": "A128CBC-HS256"
   }
        
   {
     "alg": "PBES2-HS512+A256KW",
     "p2s": "8Q1SzinasR3xchYz6ZZcHA",
     "p2c": 8192,
     "cty": "jwk-set+json",
     "enc": "A128CBC-HS256"
   }
        

Figure 101: JWE Protected Header JSON

图101:JWE保护的头JSON

eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3 hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJl bmMiOiJBMTI4Q0JDLUhTMjU2In0

EYJHBGCIOIJQQKVTMI1UZUXMITBMJU1cjWMNMiI4utftemluyxNSM3 HJALF6NLPAY0HBiIWICDJJJJJJJJJJJJJJJKIOIJQD2STC2V0K2PZB24ILCJL BMijBMTi4Q0JDLUHTMJU2in0

Figure 102: JWE Protected Header, base64url-encoded

图102:JWE保护的标头,base64url编码

Performing the content encryption operation over the Plaintext (Figure 95) with the following:

使用以下命令在明文上执行内容加密操作(图95):

o CEK (Figure 97);

o CEK(图97);

o Initialization Vector (Figure 98); and

o 初始化向量(图98);和

o JWE Protected Header (Figure 102) as authenticated data

o JWE将头(图102)保护为经过身份验证的数据

produces the following:

产生以下结果:

o Ciphertext from Figure 103.

o 图103中的密文。

o Authentication Tag from Figure 104.

o 图104中的身份验证标签。

23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IR sfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6l TF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb 6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL _SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKd PQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrok AKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V 3kobXZ77ulMwDs4p

23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IR SFYWCRFZLXECZCZBRNTVG3NHZPK0GDD7FMYXHUHPDJEYCNA_XOmzg8yZR9oyjo6l TF6Si4Q9FZ2HZGFCLO6h5EVg3vR75(HKBSNUOQOQ3; 6; ZTIODN842PEQMB 6;(齌6;齌Z7; 7; Fc5Ni9; ZZZ424; 4; 4; 4; Z4; D7; YLDF6; 6; ZL9; Z7B8K8K8K8K8K8K8Kv8K8Kv8KPQMTLvKQTV4RU5LevPBZxBnzRtVisOg6IUWAS-RCD(ePOGSuxvgtrok AkypqmXuerdJFjWafkyekiudCv9VwGai1d2tAFHjWCMyWiyzi4BqrPmdn(N-zl5tuJYyuvKhjKv6ihbsV)K1HjGPGAxJ6WupmWwWC4pTq2t0t0t0t0t0t0t0t8OmW0t8V 3OBX77ULMWDS4p

Figure 103: Ciphertext, base64url-encoded

图103:密文,base64url编码

0HlwodAhOCILG5SQ2LQ9dg

0HlwodAhOCILG5SQ2LQ9dg

Figure 104: Authentication Tag, base64url-encoded

图104:身份验证标签,base64url编码

5.3.5. Output Results
5.3.5. 输出结果

The following compose the resulting JWE object:

以下内容构成了生成的JWE对象:

o JWE Protected Header (Figure 102)

o JWE保护头(图102)

o Encrypted Key (Figure 100)

o 加密密钥(图100)

o Initialization Vector (Figure 98)

o 初始化向量(图98)

o Ciphertext (Figure 103)

o 密文(图103)

o Authentication Tag (Figure 104)

o 身份验证标签(图104)

The resulting JWE object using the JWE Compact Serialization:

使用JWE压缩序列化生成的JWE对象:

eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3 hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJl bmMiOiJBMTI4Q0JDLUhTMjU2In0 . d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g . VBiCzVHNoLiR3F4V82uoTQ . 23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IR sfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6l TF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb 6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL _SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKd PQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrok AKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V 3kobXZ77ulMwDs4p . 0HlwodAhOCILG5SQ2LQ9dg

EYJHBGCIOIJQQKVTMI1UZUXMITBMJU1cjWMNMiI4UTFTEMLUYXNSM3 HJALF6NLPAY0HBiIWICDJJJJJJJJJJJJJJJKIOIJQD2STC2V0K2PZB24ILCJL BMijBMTi4Q0JDLUHTMJU2IN0。d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g。VBiCzVHNoLiR3F4V82uoTQ。23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IR SFYWCRFZLXECZCZBRNTVG3NHZPK0GDD7FMYXHUHPDJEYCNA_XOmzg8yZR9oyjo6l TF6Si4Q9FZ2HZGFCLO6h5EVg3vR75(HKBSNUOQOQ3; 6; ZTIODN842PEQMB 6;(齌6;齌Z7; 7; Fc5Ni9; ZZZ424; 4; 4; 4; Z4; D7; YLDF6; 6; ZL9; Z7B8K8K8K8K8K8K8Kv8K8Kv8KPQMTLvKQTV4RU5LevPBZxBNZrTvisogyG6IUWAS-RCDāePOGSuxvgtrok AkypqmXuerdJFjWafkyekiudCv9VwGai1d2tAFHjWCMyWiyzi4BqrPmdnāN-ZL5TujyUvKhJKv6IHBSVākHjGPGaxJ6WupmWwWwWwC4pTq2t0t8V使用量为3OBxZ77ULMWDS4P。0HlwodAhOCILG5SQ2LQ9dg

Figure 105: JWE Compact Serialization

图105:JWE压缩序列化

The resulting JWE object using the general JWE JSON Serialization:

使用通用JWE JSON序列化生成的JWE对象:

   {
     "recipients": [
       {
         "encrypted_key": "d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlU
             tFPWdgtURtmeDV1g"
       }
     ],
     "protected": "eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOi
         I4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOi
         Jqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
     "iv": "VBiCzVHNoLiR3F4V82uoTQ",
     "ciphertext": "23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2
         nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpD
         jEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_
         hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz42
         4givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ
         7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru
         5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUe
         RdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5
         tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdT
         w8V3kobXZ77ulMwDs4p",
     "tag": "0HlwodAhOCILG5SQ2LQ9dg"
   }
        
   {
     "recipients": [
       {
         "encrypted_key": "d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlU
             tFPWdgtURtmeDV1g"
       }
     ],
     "protected": "eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOi
         I4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOi
         Jqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
     "iv": "VBiCzVHNoLiR3F4V82uoTQ",
     "ciphertext": "23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2
         nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpD
         jEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_
         hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz42
         4givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ
         7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru
         5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUe
         RdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5
         tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdT
         w8V3kobXZ77ulMwDs4p",
     "tag": "0HlwodAhOCILG5SQ2LQ9dg"
   }
        

Figure 106: General JWE JSON Serialization

图106:通用JWE JSON序列化

The resulting JWE object using the flattened JWE JSON Serialization:

使用平坦JWE JSON序列化生成的JWE对象:

   {
     "protected": "eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOi
         I4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOi
         Jqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
     "encrypted_key": "d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPW
         dgtURtmeDV1g",
     "iv": "VBiCzVHNoLiR3F4V82uoTQ",
     "ciphertext": "23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2
         nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpD
         jEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_
         hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz42
         4givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ
         7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru
         5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUe
         RdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5
         tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdT
         w8V3kobXZ77ulMwDs4p",
     "tag": "0HlwodAhOCILG5SQ2LQ9dg"
   }
        
   {
     "protected": "eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOi
         I4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOi
         Jqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
     "encrypted_key": "d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPW
         dgtURtmeDV1g",
     "iv": "VBiCzVHNoLiR3F4V82uoTQ",
     "ciphertext": "23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2
         nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpD
         jEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_
         hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz42
         4givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ
         7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru
         5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUe
         RdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5
         tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdT
         w8V3kobXZ77ulMwDs4p",
     "tag": "0HlwodAhOCILG5SQ2LQ9dg"
   }
        

Figure 107: Flattened JWE JSON Serialization

图107:扁平化JWE JSON序列化

5.4. Key Agreement with Key Wrapping Using ECDH-ES and AES-KeyWrap with AES-GCM

5.4. 使用ECDH-ES进行密钥封装的密钥协议和使用AES-GCM进行AES密钥封装的密钥协议

This example illustrates encrypting content using the "ECDH-ES+A128KW" (Elliptic Curve Diffie-Hellman Ephemeral-Static with AES-128-KeyWrap) key encryption algorithm and the "A128GCM" (AES-GCM) content encryption algorithm.

此示例说明了使用“ECDH-ES+A128KW”(椭圆曲线Diffie-Hellman瞬时静态与AES-128-KeyWrap)密钥加密算法和“A128GCM”(AES-GCM)内容加密算法加密内容。

Note that only the EC public key is necessary to perform the key agreement. However, the example includes the EC private key to allow readers to validate the output.

请注意,执行密钥协议只需要EC公钥。但是,该示例包括EC私钥,以允许读卡器验证输出。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

5.4.1. Input Factors
5.4.1. 输入因素

The following are supplied before beginning the encryption process:

在开始加密过程之前,将提供以下信息:

o Plaintext content; this example uses the content from Figure 72.

o 明文内容;此示例使用图72中的内容。

o EC public key; this example uses the public key from Figure 108.

o EC公钥;此示例使用图108中的公钥。

o "alg" parameter of "ECDH-ES+A128KW".

o “ECDH-ES+A128KW”的“alg”参数。

o "enc" parameter of "A128GCM".

o “A128GCM”的“enc”参数。

   {
     "kty": "EC",
     "kid": "peregrin.took@tuckborough.example",
     "use": "enc",
     "crv": "P-384",
     "x": "YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGaQL
         pe2FpxBmu2",
     "y": "A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D5-
         SkgaFL1ETP",
     "d": "iTx2pk7wW-GqJkHcEkFQb2EFyYcO7RugmaW3mRrQVAOUiPommT0Idn
         YK2xDlZh-j"
   }
        
   {
     "kty": "EC",
     "kid": "peregrin.took@tuckborough.example",
     "use": "enc",
     "crv": "P-384",
     "x": "YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGaQL
         pe2FpxBmu2",
     "y": "A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D5-
         SkgaFL1ETP",
     "d": "iTx2pk7wW-GqJkHcEkFQb2EFyYcO7RugmaW3mRrQVAOUiPommT0Idn
         YK2xDlZh-j"
   }
        

Figure 108: Elliptic Curve P-384 Key, in JWK Format

图108:椭圆曲线P-384密钥,JWK格式

(NOTE: While the key includes the private parameters, only the public parameters "crv", "x", and "y" are necessary for the encryption operation.)

(注意:虽然密钥包括私有参数,但加密操作只需要公共参数“crv”、“x”和“y”。)

5.4.2. Generated Factors
5.4.2. 生成因素

The following are generated before encrypting:

加密前会生成以下内容:

o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 109.

o AES对称密钥作为内容加密密钥(CEK);此示例使用图109中的键。

o Initialization Vector; this example uses the Initialization Vector from Figure 110.

o 初始化向量;此示例使用图110中的初始化向量。

Nou2ueKlP70ZXDbq9UrRwg

Nou2ueKlP70ZXDbq9UrRwg

Figure 109: Content Encryption Key, base64url-encoded

图109:内容加密密钥,base64url编码

mH-G2zVqgztUtnW_

mH-G2zVqgztUtnW_

Figure 110: Initialization Vector, base64url-encoded

图110:初始化向量,base64url编码

5.4.3. Encrypting the Key
5.4.3. 加密密钥

To encrypt the Content Encryption Key, the following is generated:

要加密内容加密密钥,将生成以下内容:

o Ephemeral EC private key on the same curve as the EC public key; this example uses the private key from Figure 111.

o 与EC公钥在同一曲线上的短暂EC私钥;此示例使用图111中的私钥。

   {
     "kty": "EC",
     "crv": "P-384",
     "x": "uBo4kHPw6kbjx5l0xowrd_oYzBmaz-GKFZu4xAFFkbYiWgutEK6iuE
         DsQ6wNdNg3",
     "y": "sp3p5SGhZVC2faXumI-e9JU2Mo8KpoYrFDr5yPNVtW4PgEwZOyQTA-
         JdaY8tb7E0",
     "d": "D5H4Y_5PSKZvhfVFbcCYJOtcGZygRgfZkpsBr59Icmmhe9sW6nkZ8W
         fwhinUfWJg"
   }
        
   {
     "kty": "EC",
     "crv": "P-384",
     "x": "uBo4kHPw6kbjx5l0xowrd_oYzBmaz-GKFZu4xAFFkbYiWgutEK6iuE
         DsQ6wNdNg3",
     "y": "sp3p5SGhZVC2faXumI-e9JU2Mo8KpoYrFDr5yPNVtW4PgEwZOyQTA-
         JdaY8tb7E0",
     "d": "D5H4Y_5PSKZvhfVFbcCYJOtcGZygRgfZkpsBr59Icmmhe9sW6nkZ8W
         fwhinUfWJg"
   }
        

Figure 111: Ephemeral Elliptic Curve P-384 Key, in JWK Format

图111:JWK格式的短暂椭圆曲线P-384密钥

Performing the key encryption operation over the CEK (Figure 109) with the following:

在CEK上执行密钥加密操作(图109),方法如下:

o The static Elliptic Curve public key (Figure 108); and

o 静态椭圆曲线公钥(图108);和

o The ephemeral Elliptic Curve private key (Figure 111)

o 短暂椭圆曲线私钥(图111)

produces the following JWE Encrypted Key:

生成以下JWE加密密钥:

0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2

0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2

Figure 112: Encrypted Key, base64url-encoded

图112:加密密钥,base64url编码

5.4.4. Encrypting the Content
5.4.4. 加密内容

The following is generated before encrypting the content:

加密内容之前会生成以下内容:

o JWE Protected Header; this example uses the header from Figure 113, encoded to base64url [RFC4648] as Figure 114.

o JWE保护头;该示例使用图113中的标题,编码为base64url[RFC4648],如图114所示。

   {
     "alg": "ECDH-ES+A128KW",
     "kid": "peregrin.took@tuckborough.example",
     "epk": {
       "kty": "EC",
       "crv": "P-384",
       "x": "uBo4kHPw6kbjx5l0xowrd_oYzBmaz-GKFZu4xAFFkbYiWgutEK6i
           uEDsQ6wNdNg3",
       "y": "sp3p5SGhZVC2faXumI-e9JU2Mo8KpoYrFDr5yPNVtW4PgEwZOyQT
           A-JdaY8tb7E0"
     },
     "enc": "A128GCM"
   }
        
   {
     "alg": "ECDH-ES+A128KW",
     "kid": "peregrin.took@tuckborough.example",
     "epk": {
       "kty": "EC",
       "crv": "P-384",
       "x": "uBo4kHPw6kbjx5l0xowrd_oYzBmaz-GKFZu4xAFFkbYiWgutEK6i
           uEDsQ6wNdNg3",
       "y": "sp3p5SGhZVC2faXumI-e9JU2Mo8KpoYrFDr5yPNVtW4PgEwZOyQT
           A-JdaY8tb7E0"
     },
     "enc": "A128GCM"
   }
        

Figure 113: JWE Protected Header JSON

图113:JWE保护的头JSON

   eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdH
   Vja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAt
   Mzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NH
   hBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMy
   ZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWT
   h0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0
        
   eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdH
   Vja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAt
   Mzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NH
   hBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMy
   ZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWT
   h0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0
        

Figure 114: JWE Protected Header, base64url-encoded

图114:JWE保护头,base64url编码

Performing the content encryption operation on the Plaintext (Figure 72) using the following:

使用以下命令对明文(图72)执行内容加密操作:

o CEK (Figure 109);

o CEK(图109);

o Initialization Vector (Figure 110); and

o 初始化向量(图110);和

o JWE Protected Header (Figure 114) as authenticated data

o JWE将头(图114)保护为经过身份验证的数据

produces the following:

产生以下结果:

o Ciphertext from Figure 115.

o 图115中的密文。

o Authentication Tag from Figure 116.

o 图116中的身份验证标签。

   tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cP
   WJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0
   IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkc
   Y9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w0
   3XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu
   07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ
        
   tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cP
   WJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0
   IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkc
   Y9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w0
   3XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu
   07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ
        

Figure 115: Ciphertext, base64url-encoded

图115:密文,base64url编码

WuGzxmcreYjpHGJoa17EBg

WuGzxmcreYjpHGJoa17EBg

Figure 116: Authentication Tag, base64url-encoded

图116:身份验证标签,base64url编码

5.4.5. Output Results
5.4.5. 输出结果

The following compose the resulting JWE object:

以下内容构成了生成的JWE对象:

o JWE Protected Header (Figure 114)

o JWE保护头(图114)

o Encrypted Key (Figure 112)

o 加密密钥(图112)

o Initialization Vector (Figure 110)

o 初始化向量(图110)

o Ciphertext (Figure 115)

o 密文(图115)

o Authentication Tag (Figure 116)

o 身份验证标签(图116)

The resulting JWE object using the JWE Compact Serialization:

使用JWE压缩序列化生成的JWE对象:

eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdH Vja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAt Mzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NH hBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMy ZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWT h0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0 . 0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2 . mH-G2zVqgztUtnW_ . tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cP WJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0 IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkc Y9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w0 3XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu 07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ . WuGzxmcreYjpHGJoa17EBg

Eyjhbgcioijfqijijijijijijijijijijijijijijijijijijijijijijijijijijijijijijijijijijijijijijijijijjijijijijijijjjjijijijjijjijijijijijijijijjijijijijijijjjjjijjjjjjijijijjijijijijjjjijijijijjjjjijjjjjjjjijjjjjijijijjjijijijijijijijijijijjijj. 0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2。mH-G2zVqgztUtnW_。tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi徖cP WJRCJSPAUZ5DOR3PY7KMKKMKKKKX8-3RCMHSYMBZXAXAEWDXTA9Mn5B7CCBOJKB0 IGENJQO1HII-UEKUPZGHFPL05JMWKKTEKKTE2YK3MJF6SBASGICQDvCKC Y9BLLUZX1RMC3ORXAM0JAHPB93DZDSDGGPGPWWWWWnUKWWWWWWJJJJJJJJ0K9W9WKKKKKKKKKKKKKKKKKKKKKKKKKKMKKKKKKKKKKJJJJJJ0YY07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ。WuGzxmcreYjpHGJoa17EBg

Figure 117: JWE Compact Serialization

图117:JWE压缩序列化

The resulting JWE object using the general JWE JSON Serialization:

使用通用JWE JSON序列化生成的JWE对象:

   {
     "recipients": [
       {
         "encrypted_key": "0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2"
       }
     ],
     "protected": "eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcm
         VncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdH
         kiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bD
         B4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUT
         Z3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3
         BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbm
         MiOiJBMTI4R0NNIn0",
     "iv": "mH-G2zVqgztUtnW_",
     "ciphertext": "tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz
         5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzs
         XaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05
         jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93Y
         cdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkU
         ZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVn
         tRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ",
     "tag": "WuGzxmcreYjpHGJoa17EBg"
   }
        
   {
     "recipients": [
       {
         "encrypted_key": "0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2"
       }
     ],
     "protected": "eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcm
         VncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdH
         kiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bD
         B4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUT
         Z3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3
         BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbm
         MiOiJBMTI4R0NNIn0",
     "iv": "mH-G2zVqgztUtnW_",
     "ciphertext": "tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz
         5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzs
         XaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05
         jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93Y
         cdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkU
         ZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVn
         tRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ",
     "tag": "WuGzxmcreYjpHGJoa17EBg"
   }
        

Figure 118: General JWE JSON Serialization

图118:通用JWE JSON序列化

The resulting JWE object using the flattened JWE JSON Serialization:

使用平坦JWE JSON序列化生成的JWE对象:

   {
     "protected": "eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcm
         VncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdH
         kiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bD
         B4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUT
         Z3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3
         BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbm
         MiOiJBMTI4R0NNIn0",
     "encrypted_key": "0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2",
     "iv": "mH-G2zVqgztUtnW_",
     "ciphertext": "tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz
         5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzs
         XaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05
         jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93Y
         cdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkU
         ZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVn
         tRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ",
     "tag": "WuGzxmcreYjpHGJoa17EBg"
   }
        
   {
     "protected": "eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcm
         VncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdH
         kiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bD
         B4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUT
         Z3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3
         BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbm
         MiOiJBMTI4R0NNIn0",
     "encrypted_key": "0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2",
     "iv": "mH-G2zVqgztUtnW_",
     "ciphertext": "tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz
         5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzs
         XaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05
         jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93Y
         cdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkU
         ZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVn
         tRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ",
     "tag": "WuGzxmcreYjpHGJoa17EBg"
   }
        

Figure 119: Flattened JWE JSON Serialization

图119:扁平化JWE JSON序列化

5.5. Key Agreement Using ECDH-ES with AES-CBC-HMAC-SHA2
5.5. 使用ECDH-ES与AES-CBC-HMAC-SHA2的密钥协议

This example illustrates encrypting content using the "ECDH-ES" (Elliptic Curve Diffie-Hellman Ephemeral-Static) key agreement algorithm and the "A128CBC-HS256" (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.

此示例说明了使用“ECDH-ES”(椭圆曲线Diffie-Hellman瞬时静态)密钥协商算法和“A128CBC-HS256”(AES-128-CBC-HMAC-SHA-256)内容加密算法加密内容。

Note that only the EC public key is necessary to perform the key agreement. However, the example includes the EC private key to allow readers to validate the output.

请注意,执行密钥协议只需要EC公钥。但是,该示例包括EC私钥,以允许读卡器验证输出。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

5.5.1. Input Factors
5.5.1. 输入因素

The following are supplied before beginning the encryption process:

在开始加密过程之前,将提供以下信息:

o Plaintext content; this example uses the content from Figure 72.

o 明文内容;此示例使用图72中的内容。

o EC public key; this example uses the public key from Figure 120.

o EC公钥;此示例使用图120中的公钥。

o "alg" parameter of "ECDH-ES".

o “ECDH-ES”的“alg”参数。

o "enc" parameter of "A128CBC-HS256".

o “A128CBC-HS256”的“enc”参数。

   {
     "kty": "EC",
     "kid": "meriadoc.brandybuck@buckland.example",
     "use": "enc",
     "crv": "P-256",
     "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
     "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
     "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8"
   }
        
   {
     "kty": "EC",
     "kid": "meriadoc.brandybuck@buckland.example",
     "use": "enc",
     "crv": "P-256",
     "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
     "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
     "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8"
   }
        

Figure 120: Elliptic Curve P-256 Key

图120:椭圆曲线P-256密钥

(NOTE: While the key includes the private parameters, only the public parameters "crv", "x", and "y" are necessary for the encryption operation.)

(注意:虽然密钥包括私有参数,但加密操作只需要公共参数“crv”、“x”和“y”。)

5.5.2. Generated Factors
5.5.2. 生成因素

The following is generated before encrypting:

加密前会生成以下内容:

o Initialization Vector; this example uses the Initialization Vector from Figure 121.

o 初始化向量;此示例使用图121中的初始化向量。

yc9N8v5sYyv3iGQT926IUg

yc9N8v5sYyv3iGQT926IUg

Figure 121: Initialization Vector, base64url-encoded

图121:初始化向量,base64url编码

NOTE: The Content Encryption Key (CEK) is not randomly generated; instead, it is determined using ECDH-ES key agreement.

注意:内容加密密钥(CEK)不是随机生成的;而是使用ECDH-ES密钥协议确定。

5.5.3. Key Agreement
5.5.3. 关键协议

The following is generated to agree on a CEK:

生成以下内容以就CEK达成一致:

o Ephemeral private key; this example uses the private key from Figure 122.

o 短暂私钥;此示例使用图122中的私钥。

   {
     "kty": "EC",
     "crv": "P-256",
     "x": "mPUKT_bAWGHIhg0TpjjqVsP1rXWQu_vwVOHHtNkdYoA",
     "y": "8BQAsImGeAS46fyWw5MhYfGTT0IjBpFw2SS34Dv4Irs",
     "d": "AtH35vJsQ9SGjYfOsjUxYXQKrPH3FjZHmEtSKoSN8cM"
   }
        
   {
     "kty": "EC",
     "crv": "P-256",
     "x": "mPUKT_bAWGHIhg0TpjjqVsP1rXWQu_vwVOHHtNkdYoA",
     "y": "8BQAsImGeAS46fyWw5MhYfGTT0IjBpFw2SS34Dv4Irs",
     "d": "AtH35vJsQ9SGjYfOsjUxYXQKrPH3FjZHmEtSKoSN8cM"
   }
        

Figure 122: Ephemeral Private Key, in JWK Format

图122:JWK格式的临时私钥

Performing the ECDH operation using the static EC public key (Figure 120) over the ephemeral private key (Figure 122) produces the following CEK:

在临时私钥(图122)上使用静态EC公钥(图120)执行ECDH操作会产生以下CEK:

hzHdlfQIAEehb8Hrd_mFRhKsKLEzPfshfXs9l6areCc

hzHdlfQIAEehb8Hrd_mFRhKsKLEzPfshfXs9l6areCc

Figure 123: Agreed-to Content Encryption Key, base64url-encoded

图123:同意内容加密密钥,base64url编码

5.5.4. Encrypting the Content
5.5.4. 加密内容

The following is generated before encrypting the content:

加密内容之前会生成以下内容:

o JWE Protected Header; this example uses the header from Figure 124, encoded to base64url [RFC4648] as Figure 125.

o JWE保护头;本例使用图124中的标题,编码为base64url[RFC4648],如图125所示。

   {
     "alg": "ECDH-ES",
     "kid": "meriadoc.brandybuck@buckland.example",
     "epk": {
       "kty": "EC",
       "crv": "P-256",
       "x": "mPUKT_bAWGHIhg0TpjjqVsP1rXWQu_vwVOHHtNkdYoA",
       "y": "8BQAsImGeAS46fyWw5MhYfGTT0IjBpFw2SS34Dv4Irs"
     },
     "enc": "A128CBC-HS256"
   }
        
   {
     "alg": "ECDH-ES",
     "kid": "meriadoc.brandybuck@buckland.example",
     "epk": {
       "kty": "EC",
       "crv": "P-256",
       "x": "mPUKT_bAWGHIhg0TpjjqVsP1rXWQu_vwVOHHtNkdYoA",
       "y": "8BQAsImGeAS46fyWw5MhYfGTT0IjBpFw2SS34Dv4Irs"
     },
     "enc": "A128CBC-HS256"
   }
        

Figure 124: JWE Protected Header JSON

图124:JWE保护的头JSON

   eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidW
   NrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYi
   LCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqanFWc1AxclhXUXVfdndWT0hIdE5rZF
   lvQSIsInkiOiI4QlFBc0ltR2VBUzQ2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0
   RHY0SXJzIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ
        
   eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidW
   NrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYi
   LCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqanFWc1AxclhXUXVfdndWT0hIdE5rZF
   lvQSIsInkiOiI4QlFBc0ltR2VBUzQ2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0
   RHY0SXJzIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ
        

Figure 125: JWE Protected Header, base64url-encoded

图125:JWE保护标头,base64url编码

Performing the content encryption operation on the Plaintext (Figure 72) using the following:

使用以下命令对明文(图72)执行内容加密操作:

o CEK (Figure 123);

o CEK(图123);

o Initialization Vector (Figure 121); and

o 初始化向量(图121);和

o JWE Protected Header (Figure 125) as authenticated data

o JWE将头(图125)保护为经过身份验证的数据

produces the following:

产生以下结果:

o Ciphertext from Figure 126.

o 图126中的密文。

o Authentication Tag from Figure 127.

o 图127中的身份验证标记。

BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9 IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_e vAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7- IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI -sD5PZ3l4NDCCei9XkoIAfsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7 MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ61 95_JGG2m9Csg

BodlwpntypQ-ivjmQvAYJLb5Q6l-F3LIGQOMLZ87YW4OPKBWE1ZSTEFJFHU9 IPIOSA9Bml4m7iDFwA-1ZxVHTELDTW4R1RGMESDIQATSKTTMZMZNA-q4F-e vAPUmwlO-ZG45Mnq4uhM1fm和两个LQZSF3XGNNKFQF1CL8I8WJZRLI7-IXGYIRQSLKBHHQRZK8V8IK8IKZK8I8IK4J03C-2R7K4J03C-2R7K7K4K4K4K4K4K4K4K4K4K4K4K7K4K4K4K4K4K4K4K4K4K4K4K4K4K4K4K4K4K4K7K7KMsFfI_K767G9C9AZP73GKZD0DYYX_yJ-3AROq8p1WZBfG-ZyJ61 95_JGG2m9Csg

Figure 126: Ciphertext, base64url-encoded

图126:密文,base64url编码

WCCkNa-x4BeB9hIDIfFuhg

WCCkNa-x4BeB9hIDIfFuhg

Figure 127: Authentication Tag, base64url-encoded

图127:身份验证标签,base64url编码

5.5.5. Output Results
5.5.5. 输出结果

The following compose the resulting JWE object:

以下内容构成了生成的JWE对象:

o JWE Protected Header (Figure 114)

o JWE保护头(图114)

o Initialization Vector (Figure 110)

o 初始化向量(图110)

o Ciphertext (Figure 115)

o 密文(图115)

o Authentication Tag (Figure 116)

o 身份验证标签(图116)

Only the general JWE JSON Serialization is presented because the flattened JWE JSON Serialization is identical.

只显示一般的JWE JSON序列化,因为扁平化的JWE JSON序列化是相同的。

The resulting JWE object using the JWE Compact Serialization:

使用JWE压缩序列化生成的JWE对象:

eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidW NrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYi LCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqanFWc1AxclhXUXVfdndWT0hIdE5rZF lvQSIsInkiOiI4QlFBc0ltR2VBUzQ2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0 RHY0SXJzIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ . . yc9N8v5sYyv3iGQT926IUg . BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9 IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_e vAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7- IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI -sD5PZ3l4NDCCei9XkoIAfsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7 MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ61 95_JGG2m9Csg . WCCkNa-x4BeB9hIDIfFuhg

EYJHBGCIJJJJJJJJJ0IJJ0IJ0IJ0IJ0IJ0IJ0IJ0IJ0IJ0IJ0IJ0IJ0IJ0IJ0IJ0IJ0IJ0IJ0IJ0IJ0AGCWVHBQANFWC1XALHXXVFDNDWT01HIDE5RZF LVQSISINKIOII4QLFC00LTR2VBQ2ZNZNZLZNZNZVNAFM1RUMELQQQQLQQNZYNZYNZYNZJ0IKM0RJ0R0RJ0RJ0RJ0RYYKZYNZYNZZYNZZYNZZYNZYNZYNZYNZYNZ。yc9N8v5sYyv3iGQT926IUg。BodlwpntypQ-ivjmQvAYJLb5Q6l-F3LIGQOMLZ87YW4OPKBWE1ZSTEFJFHU9 IPIOSA9Bml4m7iDFwA-1ZxVHTELDTW4R1RGMESDIQATSKTTMZMZNA-q4F-e vAPUmwlO-ZG45Mnq4uhM1fm和两个LQZSF3XGNNKFQF1CL8I8WJZRLI7-IXGYIRQSLKBHHQRZK8V8IK8IKZK8I8IK4J03C-2R7K4J03C-2R7K7K4K4K4K4K4K4K4K4K4K4K4K7K4K4K4K4K4K4K4K4K4K4K4K4K4K4K4K4K4K4K7K7KMsFfI_K767G9C9AZP73GKZD0DYYX_yJ-3AROq8p1WZBfG-ZyJ61 95_JGG2m9Csg。WCCkNa-x4BeB9hIDIfFuhg

Figure 128: JWE Compact Serialization

图128:JWE压缩序列化

The resulting JWE object using the general JWE JSON Serialization:

使用通用JWE JSON序列化生成的JWE对象:

   {
     "protected": "eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYn
         JhbmR5YnVja0BidWNrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6Ik
         VDIiwiY3J2IjoiUC0yNTYiLCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqan
         FWc1AxclhXUXVfdndWT0hIdE5rZFlvQSIsInkiOiI4QlFBc0ltR2VBUz
         Q2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0RHY0SXJzIn0sImVuYyI6Ik
         ExMjhDQkMtSFMyNTYifQ",
     "iv": "yc9N8v5sYyv3iGQT926IUg",
     "ciphertext": "BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4O
         PKbWE1zSTEFjDfhU9IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEs
         DIqAYtskTTmzmzNa-_q4F_evAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolq
         ZSF3xGNNkpOMQKF1Cl8i8wjzRli7-IXgyirlKQsbhhqRzkv8IcY6aHl2
         4j03C-AR2le1r7URUhArM79BY8soZU0lzwI-sD5PZ3l4NDCCei9XkoIA
         fsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7MsFfI_K767G9C9A
         zp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ6195_JGG2m9
         Csg",
     "tag": "WCCkNa-x4BeB9hIDIfFuhg"
   }
        
   {
     "protected": "eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYn
         JhbmR5YnVja0BidWNrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6Ik
         VDIiwiY3J2IjoiUC0yNTYiLCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqan
         FWc1AxclhXUXVfdndWT0hIdE5rZFlvQSIsInkiOiI4QlFBc0ltR2VBUz
         Q2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0RHY0SXJzIn0sImVuYyI6Ik
         ExMjhDQkMtSFMyNTYifQ",
     "iv": "yc9N8v5sYyv3iGQT926IUg",
     "ciphertext": "BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4O
         PKbWE1zSTEFjDfhU9IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEs
         DIqAYtskTTmzmzNa-_q4F_evAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolq
         ZSF3xGNNkpOMQKF1Cl8i8wjzRli7-IXgyirlKQsbhhqRzkv8IcY6aHl2
         4j03C-AR2le1r7URUhArM79BY8soZU0lzwI-sD5PZ3l4NDCCei9XkoIA
         fsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7MsFfI_K767G9C9A
         zp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ6195_JGG2m9
         Csg",
     "tag": "WCCkNa-x4BeB9hIDIfFuhg"
   }
        

Figure 129: General JWE JSON Serialization

图129:通用JWE JSON序列化

5.6. Direct Encryption Using AES-GCM
5.6. 使用AES-GCM的直接加密

This example illustrates encrypting content using a previously exchanged key directly and the "A128GCM" (AES-GCM) content encryption algorithm.

此示例演示了使用先前交换的密钥直接加密内容和“A128GCM”(AES-GCM)内容加密算法。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

5.6.1. Input Factors
5.6.1. 输入因素

The following are supplied before beginning the encryption process:

在开始加密过程之前,将提供以下信息:

o Plaintext content; this example uses the content from Figure 72.

o 明文内容;此示例使用图72中的内容。

o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 130.

o AES对称密钥作为内容加密密钥(CEK);此示例使用图130中的键。

o "alg" parameter of "dir".

o “dir”的“alg”参数。

o "enc" parameter of "A128GCM".

o “A128GCM”的“enc”参数。

   {
     "kty": "oct",
     "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
     "use": "enc",
     "alg": "A128GCM",
     "k": "XctOhJAkA-pD9Lh7ZgW_2A"
   }
        
   {
     "kty": "oct",
     "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
     "use": "enc",
     "alg": "A128GCM",
     "k": "XctOhJAkA-pD9Lh7ZgW_2A"
   }
        

Figure 130: AES 128-Bit Key, in JWK Format

图130:AES 128位密钥,JWK格式

5.6.2. Generated Factors
5.6.2. 生成因素

The following is generated before encrypting:

加密前会生成以下内容:

o Initialization Vector; this example uses the Initialization Vector from Figure 131.

o 初始化向量;此示例使用图131中的初始化向量。

refa467QzzKx6QAB

REFA467QZKX6QAB

Figure 131: Initialization Vector, base64url-encoded

图131:初始化向量,base64url编码

5.6.3. Encrypting the Content
5.6.3. 加密内容

The following is generated before encrypting the content:

加密内容之前会生成以下内容:

o JWE Protected Header; this example uses the header from Figure 132, encoded as base64url [RFC4648] to produce Figure 133.

o JWE保护头;本例使用图132中的标题(编码为base64url[RFC4648])生成图133。

   {
     "alg": "dir",
     "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
     "enc": "A128GCM"
   }
        
   {
     "alg": "dir",
     "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
     "enc": "A128GCM"
   }
        

Figure 132: JWE Protected Header JSON

图132:JWE保护的头JSON

   eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MT
   diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0
        
   eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MT
   diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0
        

Figure 133: JWE Protected Header, base64url-encoded

图133:JWE保护标头,base64url编码

Performing the encryption operation on the Plaintext (Figure 72) using the following:

使用以下命令对明文(图72)执行加密操作:

o CEK (Figure 130);

o CEK(图130);

o Initialization Vector (Figure 131); and

o 初始化向量(图131);和

o JWE Protected Header (Figure 133) as authenticated data

o JWE将头(图133)保护为经过身份验证的数据

produces the following:

产生以下结果:

o Ciphertext from Figure 134.

o 图134中的密文。

o Authentication Tag from Figure 135.

o 图135中的身份验证标签。

JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJoBcW29rHP8yZOZG7Y hLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zM DB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_ BIwCPTjb9o0SbdcdREEMJMyZBH8ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5 g-NJsUPbjk29-s7LJAGb15wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSIn ZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp

2.在中国的一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,5UZ9AKZSRSINZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp

Figure 134: Ciphertext, base64url-encoded

图134:密文,base64url编码

vbb32Xvllea2OtmHAdccRQ

VBB32xVLLEA2OTMADCCRQ

Figure 135: Authentication Tag, base64url-encoded

图135:身份验证标签,base64url编码

5.6.4. Output Results
5.6.4. 输出结果

The following compose the resulting JWE object:

以下内容构成了生成的JWE对象:

o JWE Protected Header (Figure 133)

o JWE保护头(图133)

o Initialization Vector (Figure 131)

o 初始化向量(图131)

o Ciphertext (Figure 134)

o 密文(图134)

o Authentication Tag (Figure 135)

o 身份验证标签(图135)

Only the general JWE JSON Serialization is presented because the flattened JWE JSON Serialization is identical.

只显示一般的JWE JSON序列化,因为扁平化的JWE JSON序列化是相同的。

The resulting JWE object using the JWE Compact Serialization:

使用JWE压缩序列化生成的JWE对象:

eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MT diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0 . . refa467QzzKx6QAB . JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJoBcW29rHP8yZOZG7Y hLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zM DB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_ BIwCPTjb9o0SbdcdREEMJMyZBH8ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5 g-NJsUPbjk29-s7LJAGb15wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSIn ZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp . vbb32Xvllea2OtmHAdccRQ

EYJHBGCIOIJKAXIILCJRAWQII3N3ZTJIOC02ZTEZLTQ12YTODY3Mt DINWI2 ILCJLBMMIOIJBMTI4R0NNIN0。REFA467QZKX6QAB。2.在中国的一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,一个城市,5UZ9AKZSRSINZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp。VBB32xVLLEA2OTMADCCRQ

Figure 136: JWE Compact Serialization

图136:JWE压缩序列化

The resulting JWE object using the general JWE JSON Serialization:

使用通用JWE JSON序列化生成的JWE对象:

   {
     "protected": "eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLT
         Q1Y2YtODY3Mi02MTdiNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0",
     "iv": "refa467QzzKx6QAB",
     "ciphertext": "JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJ
         oBcW29rHP8yZOZG7YhLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9
         HRUYkshtrMmIUAyGmUnd9zMDB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdc
         qMyiBoCO-FBdE-Nceb4h3-FtBP-c_BIwCPTjb9o0SbdcdREEMJMyZBH8
         ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5g-NJsUPbjk29-s7LJAGb1
         5wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSInZI-wjsY0yu3cT4_
         aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp",
     "tag": "vbb32Xvllea2OtmHAdccRQ"
   }
        
   {
     "protected": "eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLT
         Q1Y2YtODY3Mi02MTdiNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0",
     "iv": "refa467QzzKx6QAB",
     "ciphertext": "JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJ
         oBcW29rHP8yZOZG7YhLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9
         HRUYkshtrMmIUAyGmUnd9zMDB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdc
         qMyiBoCO-FBdE-Nceb4h3-FtBP-c_BIwCPTjb9o0SbdcdREEMJMyZBH8
         ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5g-NJsUPbjk29-s7LJAGb1
         5wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSInZI-wjsY0yu3cT4_
         aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp",
     "tag": "vbb32Xvllea2OtmHAdccRQ"
   }
        

Figure 137: General JWE JSON Serialization

图137:通用JWE JSON序列化

5.7. Key Wrap Using AES-GCM KeyWrap with AES-CBC-HMAC-SHA2
5.7. 密钥封装使用AES-GCM密钥封装和AES-CBC-HMAC-SHA2

This example illustrates encrypting content using the "A256GCMKW" (AES-256-GCM-KeyWrap) key encryption algorithm with the "A128CBC-HS256" (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.

此示例演示了使用“A256GCMKW”(AES-256-GCM-KeyWrap)密钥加密算法和“A128CBC-HS256”(AES-128-CBC-HMAC-SHA-256)内容加密算法对内容进行加密。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

5.7.1. Input Factors
5.7.1. 输入因素

The following are supplied before beginning the encryption process:

在开始加密过程之前,将提供以下信息:

o Plaintext content; this example uses the content from Figure 72.

o 明文内容;此示例使用图72中的内容。

o AES symmetric key; this example uses the key from Figure 138.

o AES对称密钥;此示例使用图138中的键。

o "alg" parameter of "A256GCMKW".

o “A256GCMKW”的“alg”参数。

o "enc" parameter of "A128CBC-HS256".

o “A128CBC-HS256”的“enc”参数。

   {
     "kty": "oct",
     "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
     "use": "enc",
     "alg": "A256GCMKW",
     "k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8"
   }
        
   {
     "kty": "oct",
     "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
     "use": "enc",
     "alg": "A256GCMKW",
     "k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8"
   }
        

Figure 138: AES 256-Bit Key

图138:AES 256位密钥

5.7.2. Generated Factors
5.7.2. 生成因素

The following are generated before encrypting:

加密前会生成以下内容:

o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 139.

o AES对称密钥作为内容加密密钥(CEK);此示例使用图139中的键。

o Initialization Vector for content encryption; this example uses the Initialization Vector from Figure 140.

o 用于内容加密的初始化向量;此示例使用图140中的初始化向量。

UWxARpat23nL9ReIj4WG3D1ee9I4r-Mv5QLuFXdy_rE

UWXARPAT23NL9REIJ4WG31EE9I4R-Mv5QLuFXdy\U rE

Figure 139: Content Encryption Key, base64url-encoded

图139:内容加密密钥,base64url编码

gz6NjyEFNm_vm8Gj6FwoFQ

gz6NjyEFNm_vm8Gj6FwoFQ

Figure 140: Initialization Vector, base64url-encoded

图140:初始化向量,base64url编码

5.7.3. Encrypting the Key
5.7.3. 加密密钥

The following is generated before encrypting the CEK:

加密CEK之前会生成以下内容:

o Initialization Vector for key wrapping; this example uses the Initialization Vector from Figure 141.

o 密钥包装的初始化向量;此示例使用图141中的初始化向量。

KkYT0GX_2jHlfqN_

KkYT0GX_2jHlfqN_

Figure 141: Initialization Vector for Key Wrapping, base64url-encoded

图141:密钥包装的初始化向量,base64url编码

Performing the key encryption operation over the CEK (Figure 139) with the following:

在CEK上执行密钥加密操作(图139),方法如下:

o AES symmetric key (Figure 138);

o AES对称密钥(图138);

o Initialization Vector (Figure 141); and

o 初始化向量(图141);和

o The empty string as authenticated data

o 作为已验证数据的空字符串

produces the following:

产生以下结果:

o Encrypted Key from Figure 142.

o 图142中的加密密钥。

o Authentication Tag from Figure 143.

o 图143中的身份验证标签。

lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok

lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok

Figure 142: Encrypted Key, base64url-encoded

图142:加密密钥,base64url编码

kfPduVQ3T3H6vnewt--ksw

kfPduVQ3T3H6vnewt--ksw

Figure 143: Authentication Tag from Key Wrapping, base64url-encoded

图143:密钥包装的身份验证标签,base64url编码

5.7.4. Encrypting the Content
5.7.4. 加密内容

The following is generated before encrypting the content:

加密内容之前会生成以下内容:

o JWE Protected Header; this example uses the header from Figure 144, encoded to base64url [RFC4648] as Figure 145.

o JWE保护头;该示例使用图144中的头,编码为base64url[RFC4648],如图145所示。

   {
     "alg": "A256GCMKW",
     "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
     "tag": "kfPduVQ3T3H6vnewt--ksw",
     "iv": "KkYT0GX_2jHlfqN_",
     "enc": "A128CBC-HS256"
   }
        
   {
     "alg": "A256GCMKW",
     "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
     "tag": "kfPduVQ3T3H6vnewt--ksw",
     "iv": "KkYT0GX_2jHlfqN_",
     "enc": "A128CBC-HS256"
   }
        

Figure 144: JWE Protected Header JSON

图144:JWE保护的头JSON

eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYj IwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3 IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIiwiZW5jIjoiQTEyOENCQy1IUzI1Ni J9

EYJHBgCioijBMJU2R0n1cJJJRKZDFKNDMYJLJ0yJRKZDKZLKDvZrM1QZSDZ2BMV3dC03n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n

Figure 145: JWE Protected Header, base64url-encoded

图145:JWE保护的标头,base64url编码

Performing the content encryption operation over the Plaintext (Figure 72) with the following:

使用以下命令在明文上执行内容加密操作(图72):

o CEK (Figure 139);

o CEK(图139);

o Initialization Vector (Figure 140); and

o 初始化向量(图140);和

o JWE Protected Header (Figure 145) as authenticated data

o JWE将受保护的头(图145)作为经过身份验证的数据

produces the following:

产生以下结果:

o Ciphertext from Figure 146.

o 图146中的密文。

o Authentication Tag from Figure 147.

o 图147中的身份验证标签。

Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8EqoDZHyFKFBupS8iaE eVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyWtZKX0gxKdy6HgLvqoGNbZCz LjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQHLcqAHxy51449xkjZ7ewzZaGV3eFq hpco8o4DijXaG5_7kp3h2cajRfDgymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hde b6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0Jtj xAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR 1B-gxpNk3xWU

4.一个中国大学的一个中国大学的一个中国大学的一个智商测试(智商测试)的一个中国大学的一个中国大学的一个中国大学的一个中国大学的一个中国大学的一个中国大学的一个中国大学的一个智商测试(智商测试)的一个中国大学的一个中国大学的一个智商测试(一个中国大学的一个中国大学的一个智商测试。一个中国大学的一个智商测试(一个智商测试)在一个中国的一个中国大学的一个中国大学的一个中国大学的一个中国的一个智商测试测试测试。一个智商测试的研究。在一个中国的一个中国的智商测试。在一个中国的一个中国的一个大学的一个大学的一个大学的研究。在一个大学的一个大学的一个大学的一个大学的研究。在一个大学的一个大学的研究。在一个大学的研究。在一个研究。K0JTJxAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR 1B-gxpNk3xWU

Figure 146: Ciphertext, base64url-encoded

图146:密文,base64url编码

DKW7jrb4WaRSNfbXVPlT5g

DKW7jrb4WaRSNfbXVPlT5g

Figure 147: Authentication Tag, base64url-encoded

图147:身份验证标签,base64url编码

5.7.5. Output Results
5.7.5. 输出结果

The following compose the resulting JWE object:

以下内容构成了生成的JWE对象:

o JWE Protected Header (Figure 145)

o JWE保护头(图145)

o Encrypted Key (Figure 142)

o 加密密钥(图142)

o Initialization Vector (Figure 140)

o 初始化向量(图140)

o Ciphertext (Figure 146)

o 密文(图146)

o Authentication Tag (Figure 147)

o 身份验证标签(图147)

The resulting JWE object using the JWE Compact Serialization:

使用JWE压缩序列化生成的JWE对象:

eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYj IwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3 IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIiwiZW5jIjoiQTEyOENCQy1IUzI1Ni J9 . lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok . gz6NjyEFNm_vm8Gj6FwoFQ . Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8EqoDZHyFKFBupS8iaE eVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyWtZKX0gxKdy6HgLvqoGNbZCz LjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQHLcqAHxy51449xkjZ7ewzZaGV3eFq hpco8o4DijXaG5_7kp3h2cajRfDgymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hde b6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0Jtj xAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR 1B-gxpNk3xWU . DKW7jrb4WaRSNfbXVPlT5g

EYJHBgCioijBMJU2R0n1cJJJRKZDFKNDMYJLJ0yJRKZDBKDvZrM1QZSDZ2BMV3dC03n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n3n。lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok。gz6NjyEFNm_vm8Gj6FwoFQ。4.一个中国大学的一个中国大学的一个中国大学的一个智商测试(智商测试)的一个中国大学的一个中国大学的一个中国大学的一个中国大学的一个中国大学的一个中国大学的一个中国大学的一个智商测试(智商测试)的一个中国大学的一个中国大学的一个智商测试(一个中国大学的一个中国大学的一个智商测试。一个中国大学的一个智商测试(一个智商测试)在一个中国的一个中国大学的一个中国大学的一个中国大学的一个中国的一个智商测试测试测试。一个智商测试的研究。在一个中国的一个中国的智商测试。在一个中国的一个中国的一个大学的一个大学的一个大学的研究。在一个大学的一个大学的一个大学的一个大学的研究。在一个大学的一个大学的研究。在一个大学的研究。在一个研究。K0JTJxAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR 1B-gxpNk3xWU。DKW7jrb4WaRSNfbXVPlT5g

Figure 148: JWE Compact Serialization

图148:JWE压缩序列化

The resulting JWE object using the general JWE JSON Serialization:

使用通用JWE JSON序列化生成的JWE对象:

   {
     "recipients": [
       {
         "encrypted_key": "lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElL
             vYNok"
       }
     ],
     "protected": "eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS
         1iZmE5LTRkOTUtYjIwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdV
         ZRM1QzSDZ2bmV3dC0ta3N3IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIi
         wiZW5jIjoiQTEyOENCQy1IUzI1NiJ9",
     "iv": "gz6NjyEFNm_vm8Gj6FwoFQ",
     "ciphertext": "Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8E
         qoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyW
         tZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQ
         HLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfD
         gymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec
         4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7z
         zFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3
         xWU",
     "tag": "DKW7jrb4WaRSNfbXVPlT5g"
   }
        
   {
     "recipients": [
       {
         "encrypted_key": "lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElL
             vYNok"
       }
     ],
     "protected": "eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS
         1iZmE5LTRkOTUtYjIwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdV
         ZRM1QzSDZ2bmV3dC0ta3N3IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIi
         wiZW5jIjoiQTEyOENCQy1IUzI1NiJ9",
     "iv": "gz6NjyEFNm_vm8Gj6FwoFQ",
     "ciphertext": "Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8E
         qoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyW
         tZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQ
         HLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfD
         gymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec
         4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7z
         zFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3
         xWU",
     "tag": "DKW7jrb4WaRSNfbXVPlT5g"
   }
        

Figure 149: General JWE JSON Serialization

图149:通用JWE JSON序列化

The resulting JWE object using the flattened JWE JSON Serialization:

使用平坦JWE JSON序列化生成的JWE对象:

   {
     "protected": "eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6IktrWVQwR1hfMm
         pIbGZxTl8iLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYjIwNS0yYj
         RkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3Ii
         wiZW5jIjoiQTEyOENCQy1IUzI1NiJ9",
     "encrypted_key": "lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNo
         k",
     "iv": "gz6NjyEFNm_vm8Gj6FwoFQ",
     "ciphertext": "Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8E
         qoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyW
         tZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQ
         HLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfD
         gymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec
         4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7z
         zFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3
         xWU",
     "tag": "NvBveHr_vonkvflfnUrmBQ"
   }
        
   {
     "protected": "eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6IktrWVQwR1hfMm
         pIbGZxTl8iLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYjIwNS0yYj
         RkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3Ii
         wiZW5jIjoiQTEyOENCQy1IUzI1NiJ9",
     "encrypted_key": "lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNo
         k",
     "iv": "gz6NjyEFNm_vm8Gj6FwoFQ",
     "ciphertext": "Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8E
         qoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyW
         tZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQ
         HLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfD
         gymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec
         4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7z
         zFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3
         xWU",
     "tag": "NvBveHr_vonkvflfnUrmBQ"
   }
        

Figure 150: Flattened JWE JSON Serialization

图150:扁平化JWE JSON序列化

5.8. Key Wrap Using AES-KeyWrap with AES-GCM
5.8. 使用AES密钥封装和AES-GCM进行密钥封装

The following example illustrates content encryption using the "A128KW" (AES-128-KeyWrap) key encryption algorithm and the "A128GCM" (AES-128-GCM) content encryption algorithm.

以下示例说明了使用“A128KW”(AES-128-KeyWrap)密钥加密算法和“A128GCM”(AES-128-GCM)内容加密算法的内容加密。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

5.8.1. Input Factors
5.8.1. 输入因素

The following are supplied before beginning the encryption process:

在开始加密过程之前,将提供以下信息:

o Plaintext content; this example uses the content from Figure 72.

o 明文内容;此示例使用图72中的内容。

o AES symmetric key; this example uses the key from Figure 151.

o AES对称密钥;此示例使用图151中的键。

o "alg" parameter of "A128KW".

o “alg”参数为“A128KW”。

o "enc" parameter of "A128GCM".

o “A128GCM”的“enc”参数。

   {
     "kty": "oct",
     "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
     "use": "enc",
     "alg": "A128KW",
     "k": "GZy6sIZ6wl9NJOKB-jnmVQ"
   }
        
   {
     "kty": "oct",
     "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
     "use": "enc",
     "alg": "A128KW",
     "k": "GZy6sIZ6wl9NJOKB-jnmVQ"
   }
        

Figure 151: AES 128-Bit Key

图151:AES 128位密钥

5.8.2. Generated Factors
5.8.2. 生成因素

The following are generated before encrypting:

加密前会生成以下内容:

o AES symmetric key as the Content Encryption Key; this example uses the key from Figure 152.

o AES对称密钥作为内容加密密钥;此示例使用图152中的键。

o Initialization Vector; this example uses the Initialization Vector from Figure 153.

o 初始化向量;此示例使用图153中的初始化向量。

aY5_Ghmk9KxWPBLu_glx1w

aY5_Ghmk9KxWPBLu_glx1w

Figure 152: Content Encryption Key, base64url-encoded

图152:内容加密密钥,base64url编码

Qx0pmsDa8KnJc9Jo

Qx0pmsDa8KnJc9Jo

Figure 153: Initialization Vector, base64url-encoded

图153:初始化向量,base64url编码

5.8.3. Encrypting the Key
5.8.3. 加密密钥

Performing the key encryption operation over the CEK (Figure 152) with the AES symmetric key (Figure 151) produces the following Encrypted Key:

使用AES对称密钥(图151)在CEK上执行密钥加密操作(图152)会生成以下加密密钥:

CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx

CBI6ODW8YDIX1IBNTF_lQcw2MmJKIQx

Figure 154: Encrypted Key, base64url-encoded

图154:加密密钥,base64url编码

5.8.4. Encrypting the Content
5.8.4. 加密内容

The following is generated before encrypting the content:

加密内容之前会生成以下内容:

o JWE Protected Header; this example uses the header from Figure 155, encoded to base64url [RFC4648] as Figure 156.

o JWE保护头;此示例使用图155中的标题,编码为base64url[RFC4648],如图156所示。

   {
     "alg": "A128KW",
     "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
     "enc": "A128GCM"
   }
        
   {
     "alg": "A128KW",
     "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
     "enc": "A128GCM"
   }
        

Figure 155: JWE Protected Header JSON

图155:JWE保护的头JSON

   eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
   04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0
        
   eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
   04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0
        

Figure 156: JWE Protected Header, base64url-encoded

图156:JWE保护标头,base64url编码

Performing the content encryption over the Plaintext (Figure 72) with the following:

在纯文本上执行内容加密(图72),方法如下:

o CEK (Figure 152);

o CEK(图152);

o Initialization Vector (Figure 153); and

o 初始化向量(图153);和

o JWE Protected Header (Figure 156) as authenticated data

o JWE将头(图156)保护为经过身份验证的数据

produces the following:

产生以下结果:

o Ciphertext from Figure 157.

o 图157中的密文。

o Authentication Tag from Figure 158.

o 图158中的身份验证标签。

AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD6 1A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfe F0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8RE wOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-p uQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRa a8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF

AwliP-KMWGS37BVZCEFNEN6VTBRK3QMA4TvKH0TP1BTDHTFJGJXEVMJKLD6 HNWGETDG11C9ADSNWGL56NYXWWWWZYGK3EKU0VJHI9GTLB90QSYFFE F0LWKCTTJBYKCSINQKCIP1YM03OMUIYSOYJVSFP7EJYCMV3WWDXDFL8RE WOHNIMK2XLD2JXQ6R5FKKKKKYKJJQ5FKKJJJJJQL3SFKKKKKKK7FK7FYKKK7FYKKKK7FYYKKJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJKKA8Z7MOZ7UGXGIMVEXRGCPEJA14SLV2-gaqK0kEThkaSqdYw0FkQZF

Figure 157: Ciphertext, base64url-encoded

图157:密文,base64url编码

ER7MWJZ1FBI_NKvn7Zb1Lw

ER7MWJZ1FBI_NKvn7Zb1Lw

Figure 158: Authentication Tag, base64url-encoded

图158:身份验证标签,base64url编码

5.8.5. Output Results
5.8.5. 输出结果

The following compose the resulting JWE object:

以下内容构成了生成的JWE对象:

o JWE Protected Header (Figure 156)

o JWE保护头(图156)

o Encrypted Key (Figure 154)

o 加密密钥(图154)

o Initialization Vector (Figure 153)

o 初始化向量(图153)

o Ciphertext (Figure 157)

o 密文(图157)

o Authentication Tag (Figure 158)

o 身份验证标签(图158)

The resulting JWE object using the JWE Compact Serialization:

使用JWE压缩序列化生成的JWE对象:

eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC 04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0 . CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx . Qx0pmsDa8KnJc9Jo . AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD6 1A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfe F0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8RE wOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-p uQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRa a8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF . ER7MWJZ1FBI_NKvn7Zb1Lw

EYJHBGCIOIJBMTI4CILCJRAWQII4WIYMDK2NS04MYLTQZZZDKTYTQ2OC 04MJE2 MGFKOTFHYZGILCJLBMMOIJBMTI4R0NNIN0。CBI6ODW8YDIX1IBNTFlQCW2MMJKIQX。Qx0pmsDa8KnJc9Jo。AwliP-KMWGS37BVZCEFNEN6VTBRK3QMA4TvKH0TP1BTDHTFJGJXEVMJKLD6 HNWGETDG11C9ADSNWGL56NYXWWWWZYGK3EKU0VJHI9GTLB90QSYFFE F0LWKCTTJBYKCSINQKCIP1YM03OMUIYSOYJVSFP7EJYCMV3WWDXDFL8RE WOHNIMK2XLD2JXQ6R5FKKKKKYKJJQ5FKKJJJJJQL3SFKKKKKKK7FK7FYKKK7FYKKKK7FYYKKJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJKKA8Z7MOZ7UGXGIMVEXRGCPEJA14SLV2-gaqK0kEThkaSqdYw0FkQZF。ER7MWJZ1FBI_NKvn7Zb1Lw

Figure 159: JWE Compact Serialization

图159:JWE压缩序列化

The resulting JWE object using the general JWE JSON Serialization:

使用通用JWE JSON序列化生成的JWE对象:

   {
     "recipients": [
       {
         "encrypted_key": "CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx"
       }
     ],
     "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
         MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn
         0",
     "iv": "Qx0pmsDa8KnJc9Jo",
     "ciphertext": "AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1b
         TdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGk
         d3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiY
         SoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7
         PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvE
         TUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMv
         EmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF",
     "tag": "ER7MWJZ1FBI_NKvn7Zb1Lw"
   }
        
   {
     "recipients": [
       {
         "encrypted_key": "CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx"
       }
     ],
     "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
         MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn
         0",
     "iv": "Qx0pmsDa8KnJc9Jo",
     "ciphertext": "AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1b
         TdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGk
         d3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiY
         SoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7
         PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvE
         TUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMv
         EmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF",
     "tag": "ER7MWJZ1FBI_NKvn7Zb1Lw"
   }
        

Figure 160: General JWE JSON Serialization

图160:通用JWE JSON序列化

The resulting JWE object using the flattened JWE JSON Serialization:

使用平坦JWE JSON序列化生成的JWE对象:

   {
     "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
         MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn
         0",
     "encrypted_key": "CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx",
     "iv": "Qx0pmsDa8KnJc9Jo",
     "ciphertext": "AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1b
         TdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGk
         d3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiY
         SoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7
         PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvE
         TUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMv
         EmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF",
     "tag": "ER7MWJZ1FBI_NKvn7Zb1Lw"
   }
        
   {
     "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
         MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn
         0",
     "encrypted_key": "CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx",
     "iv": "Qx0pmsDa8KnJc9Jo",
     "ciphertext": "AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1b
         TdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGk
         d3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiY
         SoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7
         PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvE
         TUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMv
         EmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF",
     "tag": "ER7MWJZ1FBI_NKvn7Zb1Lw"
   }
        

Figure 161: Flattened JWE JSON Serialization

图161:扁平化JWE JSON序列化

5.9. Compressed Content
5.9. 压缩内容

This example illustrates encrypting content that is first compressed. It reuses the AES symmetric key, key encryption algorithm, and content encryption algorithm from Section 5.8.

此示例演示如何加密首先压缩的内容。它重用第5.8节中的AES对称密钥、密钥加密算法和内容加密算法。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

5.9.1. Input Factors
5.9.1. 输入因素

The following are supplied before beginning the encryption process:

在开始加密过程之前,将提供以下信息:

o Plaintext content; this example uses the content from Figure 72.

o 明文内容;此示例使用图72中的内容。

o Recipient encryption key; this example uses the key from Figure 151.

o 接收方加密密钥;此示例使用图151中的键。

o Key encryption algorithm; this example uses "A128KW".

o 密钥加密算法;本例使用“A128KW”。

o Content encryption algorithm; this example uses "A128GCM".

o 内容加密算法;本例使用“A128GCM”。

o "zip" parameter of "DEF".

o “DEF”的“zip”参数。

5.9.2. Generated Factors
5.9.2. 生成因素

The following are generated before encrypting:

加密前会生成以下内容:

o Compressed Plaintext from the original Plaintext content; compressing Figure 72 using the DEFLATE [RFC1951] algorithm produces the compressed Plaintext from Figure 162.

o 从原始纯文本内容压缩纯文本;使用DEFLATE[RFC1951]算法压缩图72,生成图162中的压缩明文。

o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 163.

o AES对称密钥作为内容加密密钥(CEK);此示例使用图163中的键。

o Initialization Vector; this example uses the Initialization Vector from Figure 164.

o 初始化向量;此示例使用图164中的初始化向量。

   bY_BDcIwDEVX-QNU3QEOrIA4pqlDokYxchxVvbEDGzIJbioOSJwc-f___HPjBu
   8KVFpVtAplVE1-wZo0YjNZo3C7R5v72pV5f5X382VWjYQpqZKAyjziZOr2B7kQ
   PSy6oZIXUnDYbVKN4jNXi2u0yB7t1qSHTjmMODf9QgvrDzfTIQXnyQRuUya4zI
   WG3vTOdir0v7BRHFYWq3k1k1A_gSDJqtcBF-GZxw8
        
   bY_BDcIwDEVX-QNU3QEOrIA4pqlDokYxchxVvbEDGzIJbioOSJwc-f___HPjBu
   8KVFpVtAplVE1-wZo0YjNZo3C7R5v72pV5f5X382VWjYQpqZKAyjziZOr2B7kQ
   PSy6oZIXUnDYbVKN4jNXi2u0yB7t1qSHTjmMODf9QgvrDzfTIQXnyQRuUya4zI
   WG3vTOdir0v7BRHFYWq3k1k1A_gSDJqtcBF-GZxw8
        

Figure 162: Compressed Plaintext, base64url-encoded

图162:压缩明文,base64url编码

hC-MpLZSuwWv8sexS6ydfw

hC-MpLZSuwWv8sexS6ydfw

Figure 163: Content Encryption Key, base64url-encoded

图163:内容加密密钥,base64url编码

p9pUq6XHY0jfEZIl

p9pUq6XHY0jfEZIl

Figure 164: Initialization Vector, base64url-encoded

图164:初始化向量,base64url编码

5.9.3. Encrypting the Key
5.9.3. 加密密钥

Performing the key encryption operation over the CEK (Figure 163) with the AES symmetric key (Figure 151) produces the following Encrypted Key:

使用AES对称密钥(图151)在CEK上执行密钥加密操作(图163)会生成以下加密密钥:

5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi

5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi

Figure 165: Encrypted Key, base64url-encoded

图165:加密密钥,base64url编码

5.9.4. Encrypting the Content
5.9.4. 加密内容

The following is generated before encrypting the content:

加密内容之前会生成以下内容:

o JWE Protected Header; this example uses the header from Figure 166, encoded to base64url [RFC4648] as Figure 167.

o JWE保护头;本例使用图166中的标题,编码为base64url[RFC4648],如图167所示。

   {
     "alg": "A128KW",
     "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
     "enc": "A128GCM",
     "zip": "DEF"
   }
        
   {
     "alg": "A128KW",
     "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
     "enc": "A128GCM",
     "zip": "DEF"
   }
        

Figure 166: JWE Protected Header JSON

图166:JWE保护的头JSON

   eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
   04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0
        
   eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
   04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0
        

Figure 167: JWE Protected Header, base64url-encoded

图167:JWE保护标头,base64url编码

Performing the content encryption operation over the compressed Plaintext (Figure 162, encoded as an octet string) with the following:

在压缩的明文(图162,编码为八位字节字符串)上执行内容加密操作,如下所示:

o CEK (Figure 163);

o CEK(图163);

o Initialization Vector (Figure 164); and

o 初始化向量(图164);和

o JWE Protected Header (Figure 167) as authenticated data

o JWE将头(图167)保护为经过身份验证的数据

produces the following:

产生以下结果:

o Ciphertext from Figure 168.

o 图168中的密文。

o Authentication Tag from Figure 169.

o 图169中的身份验证标记。

   HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6VB8hry57tDZ61jXyez
   SPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0
   m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDHj0aBMG6152PsM-w5E_o2B3jDbrYBK
   hpYA7qi3AyijnCJ7BP9rr3U8kxExCpG3mK420TjOw
        
   HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6VB8hry57tDZ61jXyez
   SPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0
   m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDHj0aBMG6152PsM-w5E_o2B3jDbrYBK
   hpYA7qi3AyijnCJ7BP9rr3U8kxExCpG3mK420TjOw
        

Figure 168: Ciphertext, base64url-encoded

图168:密文,base64url编码

VILuUwuIxaLVmh5X-T7kmA

VILuUwuIxaLVmh5X-T7kmA

Figure 169: Authentication Tag, base64url-encoded

图169:身份验证标签,base64url编码

5.9.5. Output Results
5.9.5. 输出结果

The following compose the resulting JWE object:

以下内容构成了生成的JWE对象:

o JWE Protected Header (Figure 167)

o JWE受保护的标头(图167)

o Encrypted Key (Figure 165)

o 加密密钥(图165)

o Initialization Vector (Figure 164)

o 初始化向量(图164)

o Ciphertext (Figure 168)

o 密文(图168)

o Authentication Tag (Figure 169)

o 身份验证标签(图169)

The resulting JWE object using the JWE Compact Serialization:

使用JWE压缩序列化生成的JWE对象:

eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC 04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0 . 5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi . p9pUq6XHY0jfEZIl . HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6VB8hry57tDZ61jXyez SPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0 m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDHj0aBMG6152PsM-w5E_o2B3jDbrYBK hpYA7qi3AyijnCJ7BP9rr3U8kxExCpG3mK420TjOw . VILuUwuIxaLVmh5X-T7kmA

EYJHBGCIOIJBMTI4CILJJWIMDK2NS04MYLTQZZDKTYTQ2OC 04MJE2 MGFKOTFHYZGILJBMTI4R0NniIWIMLWIJOIN0。5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi。p9pUq6XHY0jfEZIl。HBDTOSDAI1OYZX25KEETXMWH8JKMFNC1K3ZMMI6VB8RY57TDZ61JXYEZ SPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J——XHlyG0 m-Bhaqfdo5ITOWxFxMuedX7WCY8MxGDHJ0ABMG6152SM-W5E2B3;J2B3JDBRYBK HPYA7AYIJJJYJJ7B7B7P9RRU8XEXPG3MK420TJOW。VILuUwuIxaLVmh5X-T7kmA

Figure 170: JWE Compact Serialization

图170:JWE压缩序列化

The resulting JWE object using the general JWE JSON Serialization:

使用通用JWE JSON序列化生成的JWE对象:

   {
     "recipients": [
       {
         "encrypted_key": "5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi"
       }
     ],
     "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
         MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIi
         wiemlwIjoiREVGIn0",
     "iv": "p9pUq6XHY0jfEZIl",
     "ciphertext": "HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6V
         B8hry57tDZ61jXyezSPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWG
         ml8blyiMQmOn9J--XhhlYg0m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDH
         j0aBMG6152PsM-w5E_o2B3jDbrYBKhpYA7qi3AyijnCJ7BP9rr3U8kxE
         xCpG3mK420TjOw",
     "tag": "VILuUwuIxaLVmh5X-T7kmA"
   }
        
   {
     "recipients": [
       {
         "encrypted_key": "5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi"
       }
     ],
     "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
         MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIi
         wiemlwIjoiREVGIn0",
     "iv": "p9pUq6XHY0jfEZIl",
     "ciphertext": "HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6V
         B8hry57tDZ61jXyezSPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWG
         ml8blyiMQmOn9J--XhhlYg0m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDH
         j0aBMG6152PsM-w5E_o2B3jDbrYBKhpYA7qi3AyijnCJ7BP9rr3U8kxE
         xCpG3mK420TjOw",
     "tag": "VILuUwuIxaLVmh5X-T7kmA"
   }
        

Figure 171: General JWE JSON Serialization

图171:通用JWE JSON序列化

The resulting JWE object using the flattened JWE JSON Serialization:

使用平坦JWE JSON序列化生成的JWE对象:

   {
     "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
         MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIi
         wiemlwIjoiREVGIn0",
     "encrypted_key": "5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi",
     "iv": "p9pUq6XHY0jfEZIl",
     "ciphertext": "HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6V
         B8hry57tDZ61jXyezSPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWG
         ml8blyiMQmOn9J--XhhlYg0m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDH
         j0aBMG6152PsM-w5E_o2B3jDbrYBKhpYA7qi3AyijnCJ7BP9rr3U8kxE
         xCpG3mK420TjOw",
     "tag": "VILuUwuIxaLVmh5X-T7kmA"
   }
        
   {
     "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
         MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIi
         wiemlwIjoiREVGIn0",
     "encrypted_key": "5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi",
     "iv": "p9pUq6XHY0jfEZIl",
     "ciphertext": "HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6V
         B8hry57tDZ61jXyezSPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWG
         ml8blyiMQmOn9J--XhhlYg0m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDH
         j0aBMG6152PsM-w5E_o2B3jDbrYBKhpYA7qi3AyijnCJ7BP9rr3U8kxE
         xCpG3mK420TjOw",
     "tag": "VILuUwuIxaLVmh5X-T7kmA"
   }
        

Figure 172: Flattened JWE JSON Serialization

图172:扁平化JWE JSON序列化

5.10. Including Additional Authenticated Data
5.10. 包括其他经过身份验证的数据

This example illustrates encrypting content that includes additional authenticated data. As this example includes an additional top-level property not present in the JWE Compact Serialization, only the flattened JWE JSON Serialization and general JWE JSON Serialization are possible.

此示例演示了加密包含其他已验证数据的内容。由于此示例包含JWE压缩序列化中不存在的其他顶级属性,因此只有平坦的JWE JSON序列化和一般的JWE JSON序列化是可能的。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

5.10.1. Input Factors
5.10.1. 输入因素

The following are supplied before beginning the encryption process:

在开始加密过程之前,将提供以下信息:

o Plaintext content; this example uses the content from Figure 72.

o 明文内容;此示例使用图72中的内容。

o Recipient encryption key; this example uses the key from Figure 151.

o 接收方加密密钥;此示例使用图151中的键。

o Key encryption algorithm; this example uses "A128KW".

o 密钥加密算法;本例使用“A128KW”。

o Content encryption algorithm; this example uses "A128GCM".

o 内容加密算法;本例使用“A128GCM”。

o Additional Authenticated Data; this example uses a vCard [RFC7095] from Figure 173, serialized to UTF-8.

o 附加认证数据;此示例使用图173中的vCard[RFC7095],序列化为UTF-8。

   [
     "vcard",
     [
       [ "version", {}, "text", "4.0" ],
       [ "fn", {}, "text", "Meriadoc Brandybuck" ],
       [ "n", {},
         "text", [
           "Brandybuck", "Meriadoc", "Mr.", ""
         ]
       ],
       [ "bday", {}, "text", "TA 2982" ],
       [ "gender", {}, "text", "M" ]
     ]
   ]
        
   [
     "vcard",
     [
       [ "version", {}, "text", "4.0" ],
       [ "fn", {}, "text", "Meriadoc Brandybuck" ],
       [ "n", {},
         "text", [
           "Brandybuck", "Meriadoc", "Mr.", ""
         ]
       ],
       [ "bday", {}, "text", "TA 2982" ],
       [ "gender", {}, "text", "M" ]
     ]
   ]
        

Figure 173: Additional Authenticated Data, in JSON Format

图173:JSON格式的附加认证数据

NOTE: Whitespace between JSON values was added for readability.

注意:为了可读性,JSON值之间添加了空格。

5.10.2. Generated Factors
5.10.2. 生成因素

The following are generated before encrypting:

加密前会生成以下内容:

o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 174.

o AES对称密钥作为内容加密密钥(CEK);此示例使用图174中的键。

o Initialization Vector; this example uses the Initialization Vector from Figure 175.

o 初始化向量;此示例使用图175中的初始化向量。

o Encoded Additional Authenticated Data (AAD); this example uses the Additional Authenticated Data from Figure 173, encoded to base64url [RFC4648] as Figure 176.

o 编码附加认证数据(AAD);该示例使用图173中的附加认证数据,编码为base64url[RFC4648],如图176所示。

75m1ALsYv10pZTKPWrsqdg

75m1ALsYv10pZTKPWrsqdg

Figure 174: Content Encryption Key, base64url-encoded

图174:内容加密密钥,base64url编码

veCx9ece2orS7c_N

veCx9ece2orS7c\u N

Figure 175: Initialization Vector, base64url-encoded

图175:初始化向量,base64url编码

   WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuIix7fS
   widGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4iLHt9LCJ0ZXh0Iixb
   IkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbImJkYXkiLHt9LC
   J0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV4dCIsIk0iXV1d
        
   WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuIix7fS
   widGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4iLHt9LCJ0ZXh0Iixb
   IkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbImJkYXkiLHt9LC
   J0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV4dCIsIk0iXV1d
        

Figure 176: Additional Authenticated Data, base64url-encoded

图176:附加认证数据,base64url编码

5.10.3. Encrypting the Key
5.10.3. 加密密钥

Performing the key encryption operation over the CEK (Figure 174) with the AES symmetric key (Figure 151) produces the following Encrypted Key:

使用AES对称密钥(图151)在CEK上执行密钥加密操作(图174)会生成以下加密密钥:

4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X

4Yiiqzzh76taikjmyfrfgov9mipnx4x

Figure 177: Encrypted Key, base64url-encoded

图177:加密密钥,base64url编码

5.10.4. Encrypting the Content
5.10.4. 加密内容

The following is generated before encrypting the content:

加密内容之前会生成以下内容:

o JWE Protected Header; this example uses the header from Figure 178, encoded to base64url [RFC4648] as Figure 179.

o JWE保护头;该示例使用图178中的标题,编码为base64url[RFC4648],如图179所示。

   {
     "alg": "A128KW",
     "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
     "enc": "A128GCM"
   }
        
   {
     "alg": "A128KW",
     "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
     "enc": "A128GCM"
   }
        

Figure 178: JWE Protected Header JSON

图178:JWE保护的头JSON

   eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
   04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0
        
   eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
   04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0
        

Figure 179: JWE Protected Header, base64url-encoded

图179:JWE保护标头,base64url编码

Performing the content encryption operation over the Plaintext with the following:

使用以下命令在明文上执行内容加密操作:

o CEK (Figure 174);

o CEK(图174);

o Initialization Vector (Figure 175); and

o 初始化向量(图175);和

o Concatenation of the JWE Protected Header (Figure 179), ".", and the base64url [RFC4648] encoding of Figure 173 as authenticated data

o 将JWE保护的报头(图179)、“”和图173的base64url[RFC4648]编码串联为经过身份验证的数据

produces the following:

产生以下结果:

o Ciphertext from Figure 180.

o 图180中的密文。

o Authentication Tag from Figure 181.

o 图181中的身份验证标签。

Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0Ui8p74SchQP8xygM1 oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14T_4NFqF-p2Mx8zkbKxI7oPK 8KNarFbyxIDvICNqBLba-v3uzXBdB89fzOI-Lv4PjOFAQGHrgv1rjXAmKbgkft 9cB4WeyZw8MldbBhc-V_KWZslrsLNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4a q3FXBxOxCys35PhCdaggy2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHr RDQeHyMRoBljoV3X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV

NfQf-p2Mx8zkbKxI7oPK-KNARFBYVICNQBLBA-v3uzXBdB89fzOI-LV4JOFAQGHRGV1RJXAMKBGKFT-9CB4WEYZW8LDBBHC-V KWZLRSLNYGON-JJJJWD-FxBY2KW9KW9KW9KW9KW9KW9KW9KW9KW9KW9KW9KW9KW9KW9KKW9KW9KW9KW9KW9KW9KKKW9KW9KW9KW9KW9KKKKW9KW9KW9KKKKKW9KW9KW9KKKW9H9H9H9H9H9H9KKKKKKKW9H9H9H9KKKKKKKKRDQeHyMRoBljoV3X_butjdnkbood7NLZ-cj48JMx3SnCZTpbQAkFV

Figure 180: Ciphertext, base64url-encoded

图180:密文,base64url编码

vOaH_Rajnpy_3hOtqvZHRA

瞧,拉金比·霍奇夫兹拉

Figure 181: Authentication Tag, base64url-encoded

图181:身份验证标签,base64url编码

5.10.5. Output Results
5.10.5. 输出结果

The following compose the resulting JWE object:

以下内容构成了生成的JWE对象:

o JWE Protected Header (Figure 179)

o JWE保护头(图179)

o Encrypted Key (Figure 177)

o 加密密钥(图177)

o Initialization Vector (Figure 175)

o 初始化向量(图175)

o Additional Authenticated Data (Figure 176)

o 附加认证数据(图176)

o Ciphertext (Figure 180)

o 密文(图180)

o Authentication Tag (Figure 181)

o 身份验证标签(图181)

The JWE Compact Serialization is not presented because it does not support this use case.

没有提供JWE Compact序列化,因为它不支持此用例。

The resulting JWE object using the general JWE JSON Serialization:

使用通用JWE JSON序列化生成的JWE对象:

   {
     "recipients": [
       {
         "encrypted_key": "4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X"
       }
     ],
     "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
         MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn
         0",
     "iv": "veCx9ece2orS7c_N",
     "aad": "WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxb
         ImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4i
         LHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIs
         IiJdXSxbImJkYXkiLHt9LCJ0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVy
         Iix7fSwidGV4dCIsIk0iXV1d",
     "ciphertext": "Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0
         Ui8p74SchQP8xygM1oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14
         T_4NFqF-p2Mx8zkbKxI7oPK8KNarFbyxIDvICNqBLba-v3uzXBdB89fz
         OI-Lv4PjOFAQGHrgv1rjXAmKbgkft9cB4WeyZw8MldbBhc-V_KWZslrs
         LNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4aq3FXBxOxCys35PhCdaggy
         2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHrRDQeHyMRoBljoV3
         X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV",
     "tag": "vOaH_Rajnpy_3hOtqvZHRA"
   }
        
   {
     "recipients": [
       {
         "encrypted_key": "4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X"
       }
     ],
     "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
         MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn
         0",
     "iv": "veCx9ece2orS7c_N",
     "aad": "WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxb
         ImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4i
         LHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIs
         IiJdXSxbImJkYXkiLHt9LCJ0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVy
         Iix7fSwidGV4dCIsIk0iXV1d",
     "ciphertext": "Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0
         Ui8p74SchQP8xygM1oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14
         T_4NFqF-p2Mx8zkbKxI7oPK8KNarFbyxIDvICNqBLba-v3uzXBdB89fz
         OI-Lv4PjOFAQGHrgv1rjXAmKbgkft9cB4WeyZw8MldbBhc-V_KWZslrs
         LNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4aq3FXBxOxCys35PhCdaggy
         2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHrRDQeHyMRoBljoV3
         X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV",
     "tag": "vOaH_Rajnpy_3hOtqvZHRA"
   }
        

Figure 182: General JWE JSON Serialization

图182:通用JWE JSON序列化

The resulting JWE object using the flattened JWE JSON Serialization:

使用平坦JWE JSON序列化生成的JWE对象:

   {
     "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
         MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn
         0",
     "encrypted_key": "4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X",
     "aad": "WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxb
         ImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4i
         LHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIs
         IiJdXSxbImJkYXkiLHt9LCJ0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVy
         Iix7fSwidGV4dCIsIk0iXV1d",
     "iv": "veCx9ece2orS7c_N",
     "ciphertext": "Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0
         Ui8p74SchQP8xygM1oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14
         T_4NFqF-p2Mx8zkbKxI7oPK8KNarFbyxIDvICNqBLba-v3uzXBdB89fz
         OI-Lv4PjOFAQGHrgv1rjXAmKbgkft9cB4WeyZw8MldbBhc-V_KWZslrs
         LNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4aq3FXBxOxCys35PhCdaggy
         2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHrRDQeHyMRoBljoV3
         X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV",
     "tag": "vOaH_Rajnpy_3hOtqvZHRA"
   }
        
   {
     "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
         MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn
         0",
     "encrypted_key": "4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X",
     "aad": "WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxb
         ImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4i
         LHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIs
         IiJdXSxbImJkYXkiLHt9LCJ0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVy
         Iix7fSwidGV4dCIsIk0iXV1d",
     "iv": "veCx9ece2orS7c_N",
     "ciphertext": "Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0
         Ui8p74SchQP8xygM1oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14
         T_4NFqF-p2Mx8zkbKxI7oPK8KNarFbyxIDvICNqBLba-v3uzXBdB89fz
         OI-Lv4PjOFAQGHrgv1rjXAmKbgkft9cB4WeyZw8MldbBhc-V_KWZslrs
         LNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4aq3FXBxOxCys35PhCdaggy
         2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHrRDQeHyMRoBljoV3
         X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV",
     "tag": "vOaH_Rajnpy_3hOtqvZHRA"
   }
        

Figure 183: Flattened JWE JSON Serialization

图183:扁平化JWE JSON序列化

5.11. Protecting Specific Header Fields
5.11. 保护特定的头字段

This example illustrates encrypting content where only certain JOSE Header Parameters are protected. As this example includes parameters in the JWE Shared Unprotected Header, only the general JWE JSON Serialization and flattened JWE JSON Serialization are possible.

此示例演示了仅保护某些JOSE标头参数的加密内容。由于此示例在JWE共享的无保护标头中包含参数,因此只有常规JWE JSON序列化和扁平化JWE JSON序列化是可能的。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

5.11.1. Input Factors
5.11.1. 输入因素

The following are supplied before beginning the encryption process:

在开始加密过程之前,将提供以下信息:

o Plaintext content; this example uses the content from Figure 72.

o 明文内容;此示例使用图72中的内容。

o Recipient encryption key; this example uses the key from Figure 151.

o 接收方加密密钥;此示例使用图151中的键。

o Key encryption algorithm; this example uses "A128KW".

o 密钥加密算法;本例使用“A128KW”。

o Content encryption algorithm; this example uses "A128GCM".

o 内容加密算法;本例使用“A128GCM”。

5.11.2. Generated Factors
5.11.2. 生成因素

The following are generated before encrypting:

加密前会生成以下内容:

o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 184.

o AES对称密钥作为内容加密密钥(CEK);此示例使用图184中的键。

o Initialization Vector; this example uses the Initialization Vector from Figure 185.

o 初始化向量;此示例使用图185中的初始化向量。

WDgEptBmQs9ouUvArz6x6g

WDgEptBmQs9ouUvArz6x6g

Figure 184: Content Encryption Key, base64url-encoded

图184:内容加密密钥,base64url编码

WgEJsDS9bkoXQ3nR

WgEJsDS9bkoXQ3nR

Figure 185: Initialization Vector, base64url-encoded

图185:初始化向量,base64url编码

5.11.3. Encrypting the Key
5.11.3. 加密密钥

Performing the key encryption operation over the CEK (Figure 184) with the AES symmetric key (Figure 151) produces the following Encrypted Key:

使用AES对称密钥(图151)在CEK上执行密钥加密操作(图184)会生成以下加密密钥:

jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H

jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H

Figure 186: Encrypted Key, base64url-encoded

图186:加密密钥,base64url编码

5.11.4. Encrypting the Content
5.11.4. 加密内容

The following is generated before encrypting the content:

加密内容之前会生成以下内容:

o JWE Protected Header; this example uses the header from Figure 187, encoded to base64url [RFC4648] as Figure 188.

o JWE保护头;该示例使用图187中的头,编码为base64url[RFC4648],如图188所示。

   {
     "enc": "A128GCM"
   }
        
   {
     "enc": "A128GCM"
   }
        

Figure 187: JWE Protected Header JSON

图187:JWE保护的头JSON

eyJlbmMiOiJBMTI4R0NNIn0

eyJlbmMiOiJBMTI4R0NNIn0

Figure 188: JWE Protected Header, base64url-encoded

图188:JWE保护标头,base64url编码

Performing the content encryption operation over the Plaintext with the following:

使用以下命令在明文上执行内容加密操作:

o CEK (Figure 184);

o CEK(图184);

o Initialization Vector (Figure 185); and

o 初始化向量(图185);和

o JWE Protected Header (Figure 188) as authenticated data

o JWE将头(图188)保护为经过身份验证的数据

produces the following:

产生以下结果:

o Ciphertext from Figure 189.

o 图189中的密文。

o Authentication Tag from Figure 190.

o 图190中的身份验证标签。

lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2DM3swKkjOwQyZtWsFL YMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9OCCJ1IHAolUv4MyOt80MoPb8 fZYbNKqplzYJgIL58g8N2v46OgyG637d6uuKPwhAnTGm_zWhqc_srOvgiLkzyF XPq1hBAURbc3-8BqeRb48iR1-_5g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nO WL4teUPS8yHLbWeL83olU4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWL Hs1NqBbre0dEwK3HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf

LibcyrmRjxNb2YLQoTqjCdkV3H30OSOW3UD9DPSql2DM3SWKKKJOWQYZTWSFL YMJ5YLJJJU64T8D4T6C7KCJ9OCCJ1HAOLUV4MYOKBKQLZYGIL58G8N2V46OGYG637D6UUUKWHKKKZYF XPQ1HBARBC3-8B8IrB8IrB8IrB8IrB8IrB8IrB8IrB8IrB8U5U5UJ8U5UJ8UK8UJ8UJ8UJ8UK8UJ8UJ8UK8UK8UK8UK8UK8UK8UJ8UJ8UK8UJ8UK8UJ8UK8UK8UJ8UJHs1NqBbre0dEwK3HX_xm0LJUZ77KRPGEGOUTPF5QAKG3L-_xMINmf

Figure 189: Ciphertext, base64url-encoded

图189:密文,base64url编码

fNYLqpUe84KD45lvDiaBAQ

fNYLqpUe84KD45lvDiaBAQ

Figure 190: Authentication Tag, base64url-encoded

图190:身份验证标签,base64url编码

5.11.5. Output Results
5.11.5. 输出结果

The following compose the resulting JWE object:

以下内容构成了生成的JWE对象:

o JWE Shared Unprotected Header (Figure 191)

o JWE共享未受保护的标头(图191)

o JWE Protected Header (Figure 188)

o JWE保护头(图188)

o Encrypted Key (Figure 186)

o 加密密钥(图186)

o Initialization Vector (Figure 185)

o 初始化向量(图185)

o Ciphertext (Figure 189)

o 密文(图189)

o Authentication Tag (Figure 190)

o 身份验证标签(图190)

The JWE Compact Serialization is not presented because it does not support this use case.

没有提供JWE Compact序列化,因为它不支持此用例。

The following JWE Shared Unprotected Header is generated before assembling the output results:

在组装输出结果之前,将生成以下JWE Shared Unprotected标头:

   {
     "alg": "A128KW",
     "kid": "81b20965-8332-43d9-a468-82160ad91ac8"
   }
        
   {
     "alg": "A128KW",
     "kid": "81b20965-8332-43d9-a468-82160ad91ac8"
   }
        

Figure 191: JWE Shared Unprotected Header JSON

图191:JWE共享未受保护的头JSON

The resulting JWE object using the general JWE JSON Serialization:

使用通用JWE JSON序列化生成的JWE对象:

   {
     "recipients": [
       {
         "encrypted_key": "jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H"
       }
     ],
     "unprotected": {
       "alg": "A128KW",
       "kid": "81b20965-8332-43d9-a468-82160ad91ac8"
     },
     "protected": "eyJlbmMiOiJBMTI4R0NNIn0",
     "iv": "WgEJsDS9bkoXQ3nR",
     "ciphertext": "lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2D
         M3swKkjOwQyZtWsFLYMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9O
         CCJ1IHAolUv4MyOt80MoPb8fZYbNKqplzYJgIL58g8N2v46OgyG637d6
         uuKPwhAnTGm_zWhqc_srOvgiLkzyFXPq1hBAURbc3-8BqeRb48iR1-_5
         g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nOWL4teUPS8yHLbWeL83olU
         4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWLHs1NqBbre0dEwK3
         HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf",
     "tag": "fNYLqpUe84KD45lvDiaBAQ"
   }
        
   {
     "recipients": [
       {
         "encrypted_key": "jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H"
       }
     ],
     "unprotected": {
       "alg": "A128KW",
       "kid": "81b20965-8332-43d9-a468-82160ad91ac8"
     },
     "protected": "eyJlbmMiOiJBMTI4R0NNIn0",
     "iv": "WgEJsDS9bkoXQ3nR",
     "ciphertext": "lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2D
         M3swKkjOwQyZtWsFLYMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9O
         CCJ1IHAolUv4MyOt80MoPb8fZYbNKqplzYJgIL58g8N2v46OgyG637d6
         uuKPwhAnTGm_zWhqc_srOvgiLkzyFXPq1hBAURbc3-8BqeRb48iR1-_5
         g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nOWL4teUPS8yHLbWeL83olU
         4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWLHs1NqBbre0dEwK3
         HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf",
     "tag": "fNYLqpUe84KD45lvDiaBAQ"
   }
        

Figure 192: General JWE JSON Serialization

图192:通用JWE JSON序列化

The resulting JWE object using the flattened JWE JSON Serialization:

使用平坦JWE JSON序列化生成的JWE对象:

   {
     "protected": "eyJlbmMiOiJBMTI4R0NNIn0",
     "unprotected": {
       "alg": "A128KW",
       "kid": "81b20965-8332-43d9-a468-82160ad91ac8"
     },
     "encrypted_key": "jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H",
     "iv": "WgEJsDS9bkoXQ3nR",
     "ciphertext": "lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2D
         M3swKkjOwQyZtWsFLYMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9O
         CCJ1IHAolUv4MyOt80MoPb8fZYbNKqplzYJgIL58g8N2v46OgyG637d6
         uuKPwhAnTGm_zWhqc_srOvgiLkzyFXPq1hBAURbc3-8BqeRb48iR1-_5
         g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nOWL4teUPS8yHLbWeL83olU
         4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWLHs1NqBbre0dEwK3
         HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf",
     "tag": "fNYLqpUe84KD45lvDiaBAQ"
   }
        
   {
     "protected": "eyJlbmMiOiJBMTI4R0NNIn0",
     "unprotected": {
       "alg": "A128KW",
       "kid": "81b20965-8332-43d9-a468-82160ad91ac8"
     },
     "encrypted_key": "jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H",
     "iv": "WgEJsDS9bkoXQ3nR",
     "ciphertext": "lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2D
         M3swKkjOwQyZtWsFLYMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9O
         CCJ1IHAolUv4MyOt80MoPb8fZYbNKqplzYJgIL58g8N2v46OgyG637d6
         uuKPwhAnTGm_zWhqc_srOvgiLkzyFXPq1hBAURbc3-8BqeRb48iR1-_5
         g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nOWL4teUPS8yHLbWeL83olU
         4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWLHs1NqBbre0dEwK3
         HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf",
     "tag": "fNYLqpUe84KD45lvDiaBAQ"
   }
        

Figure 193: Flattened JWE JSON Serialization

图193:扁平化JWE JSON序列化

5.12. Protecting Content Only
5.12. 仅保护内容

This example illustrates encrypting content where none of the JOSE header parameters are protected. As this example includes parameters only in the JWE Shared Unprotected Header, only the flattened JWE JSON Serialization and general JWE JSON Serialization are possible.

此示例演示了在没有任何JOSE标头参数受保护的情况下加密内容。由于此示例仅在JWE共享的无保护头中包含参数,因此只有平坦的JWE JSON序列化和一般的JWE JSON序列化是可能的。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

5.12.1. Input Factors
5.12.1. 输入因素

The following are supplied before beginning the encryption process:

在开始加密过程之前,将提供以下信息:

o Plaintext content; this example uses the content from Figure 72.

o 明文内容;此示例使用图72中的内容。

o Recipient encryption key; this example uses the key from Figure 151.

o 接收方加密密钥;此示例使用图151中的键。

o Key encryption algorithm; this example uses "A128KW".

o 密钥加密算法;本例使用“A128KW”。

o Content encryption algorithm; this example uses "A128GCM".

o 内容加密算法;本例使用“A128GCM”。

5.12.2. Generated Factors
5.12.2. 生成因素

The following are generated before encrypting:

加密前会生成以下内容:

o AES symmetric key as the Content Encryption Key; this example the key from Figure 194.

o AES对称密钥作为内容加密密钥;此示例使用图194中的键。

o Initialization Vector; this example uses the Initialization Vector from Figure 195.

o 初始化向量;此示例使用图195中的初始化向量。

KBooAFl30QPV3vkcZlXnzQ

KBooAFl30QPV3vkcZlXnzQ

Figure 194: Content Encryption Key, base64url-encoded

图194:内容加密密钥,base64url编码

YihBoVOGsR1l7jCD

YihBoVOGsR1l7jCD

Figure 195: Initialization Vector, base64url-encoded

图195:初始化向量,base64url编码

5.12.3. Encrypting the Key
5.12.3. 加密密钥

Performing the key encryption operation over the CEK (Figure 194) with the AES symmetric key (Figure 151) produces the following Encrypted Key:

使用AES对称密钥(图151)在CEK上执行密钥加密操作(图194)会生成以下加密密钥:

244YHfO_W7RMpQW81UjQrZcq5LSyqiPv

244YHfO_W7RMpQW81UjQrZcq5LSyqiPv

Figure 196: Encrypted Key, base64url-encoded

图196:加密密钥,base64url编码

5.12.4. Encrypting the Content
5.12.4. 加密内容

Performing the content encryption operation over the Plaintext (Figure 72) using the following:

使用以下命令在纯文本上执行内容加密操作(图72):

o CEK (Figure 194);

o CEK(图194);

o Initialization Vector (Figure 195); and

o 初始化向量(图195);和

o Empty string as authenticated data

o 作为已验证数据的空字符串

produces the following:

产生以下结果:

o Ciphertext from Figure 197.

o 图197中的密文。

o Authentication Tag from Figure 198.

o 图198中的身份验证标签。

qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-arsVCPaIeFwQfzrSS 6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHFSP3eqQPb4Ic1SDSqyXjw_L3 svybhHYUGyQuTmUQEDjgjJfBOifwHIsDsRPeBz1NomqeifVPq5GTCWFo5k_MNI QURR2Wj0AHC2k7JZfu2iWjUHLF8ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISO a6O73yPZtL04k_1FI7WDfrb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z 4KX9lfz1cne31N4-8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF

qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq ARSVCPAIEFQFZRSS 6OEUWBBTXEASE0VC6R7SPHYVZIMCVJEURJJJYOFSP3EQB4IC1DSQYXJJJJJJJJFBOIFWIDSRPEBZ1NOMIFFQQ5TCWFO5K5KWWWW2W0AHC2K7JZFZU2IWZJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJ0FZYFZYF7ZL7FZL7W7WZZL7W7ZZL7WZZZL7WZL7WZZZL7WZZL7FZL7FZL7W7ZZ4KX9lfz1cne31N4-8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF

Figure 197: Ciphertext, base64url-encoded

图197:密文,base64url编码

e2m0Vm7JvjK2VpCKXS-kyg

e2m0Vm7JvjK2VpCKXS kyg

Figure 198: Authentication Tag, base64url-encoded

图198:身份验证标签,base64url编码

5.12.5. Output Results
5.12.5. 输出结果

The JWE Compact Serialization is not presented because it does not support this use case.

没有提供JWE Compact序列化,因为它不支持此用例。

The following JWE Shared Unprotected Header is generated before assembling the output results:

在组装输出结果之前,将生成以下JWE Shared Unprotected标头:

   {
     "alg": "A128KW",
     "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
     "enc": "A128GCM"
   }
        
   {
     "alg": "A128KW",
     "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
     "enc": "A128GCM"
   }
        

Figure 199: JWE Shared Unprotected Header JSON

图199:JWE共享未受保护的头JSON

The following compose the resulting JWE object:

以下内容构成了生成的JWE对象:

o JWE Shared Unprotected Header (Figure 199)

o JWE共享未受保护的标头(图199)

o Encrypted Key (Figure 196)

o 加密密钥(图196)

o Initialization Vector (Figure 195)

o 初始化向量(图195)

o Ciphertext (Figure 197)

o 密文(图197)

o Authentication Tag (Figure 198)

o 身份验证标签(图198)

The resulting JWE object using the general JWE JSON Serialization:

使用通用JWE JSON序列化生成的JWE对象:

   {
     "recipients": [
       {
         "encrypted_key": "244YHfO_W7RMpQW81UjQrZcq5LSyqiPv"
       }
     ],
     "unprotected": {
       "alg": "A128KW",
       "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
       "enc": "A128GCM"
     },
     "iv": "YihBoVOGsR1l7jCD",
     "ciphertext": "qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-
         arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHF
         SP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDs
         RPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8
         ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDf
         rb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4
         -8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF",
     "tag": "e2m0Vm7JvjK2VpCKXS-kyg"
   }
        
   {
     "recipients": [
       {
         "encrypted_key": "244YHfO_W7RMpQW81UjQrZcq5LSyqiPv"
       }
     ],
     "unprotected": {
       "alg": "A128KW",
       "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
       "enc": "A128GCM"
     },
     "iv": "YihBoVOGsR1l7jCD",
     "ciphertext": "qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-
         arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHF
         SP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDs
         RPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8
         ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDf
         rb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4
         -8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF",
     "tag": "e2m0Vm7JvjK2VpCKXS-kyg"
   }
        

Figure 200: General JWE JSON Serialization

图200:通用JWEJSON序列化

The resulting JWE object using the flattened JWE JSON Serialization:

使用平坦JWE JSON序列化生成的JWE对象:

   {
     "unprotected": {
       "alg": "A128KW",
       "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
       "enc": "A128GCM"
     },
     "encrypted_key": "244YHfO_W7RMpQW81UjQrZcq5LSyqiPv",
     "iv": "YihBoVOGsR1l7jCD",
     "ciphertext": "qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-
         arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHF
         SP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDs
         RPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8
         ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDf
         rb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4
         -8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF",
     "tag": "e2m0Vm7JvjK2VpCKXS-kyg"
   }
        
   {
     "unprotected": {
       "alg": "A128KW",
       "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
       "enc": "A128GCM"
     },
     "encrypted_key": "244YHfO_W7RMpQW81UjQrZcq5LSyqiPv",
     "iv": "YihBoVOGsR1l7jCD",
     "ciphertext": "qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-
         arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHF
         SP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDs
         RPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8
         ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDf
         rb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4
         -8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF",
     "tag": "e2m0Vm7JvjK2VpCKXS-kyg"
   }
        

Figure 201: Flattened JWE JSON Serialization

图201:扁平化JWE JSON序列化

5.13. Encrypting to Multiple Recipients
5.13. 向多个收件人加密

This example illustrates encryption content for multiple recipients. As this example has multiple recipients, only the general JWE JSON Serialization is possible.

此示例演示了多个收件人的加密内容。由于此示例有多个收件人,因此只能进行一般的JWE JSON序列化。

Note that RSAES-PKCS1-v1_5 uses random data to generate the ciphertext; it might not be possible to exactly replicate the results in this section.

请注意,RSAES-PKCS1-v1_5使用随机数据生成密文;可能无法准确复制本节中的结果。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

5.13.1. Input Factors
5.13.1. 输入因素

The following are supplied before beginning the encryption process:

在开始加密过程之前,将提供以下信息:

o Plaintext content; this example uses the Plaintext from Figure 72.

o 明文内容;此示例使用图72中的纯文本。

o Recipient keys; this example uses the following:

o 收件人密钥;此示例使用以下内容:

* The RSA public key from Figure 73 for the first recipient.

* 图73中第一个收件人的RSA公钥。

* The EC public key from Figure 108 for the second recipient.

* 图108中第二个接收者的EC公钥。

* The AES symmetric key from Figure 138 for the third recipient.

* 第三个接收者的AES对称密钥如图138所示。

o Key encryption algorithms; this example uses the following:

o 密钥加密算法;此示例使用以下内容:

* "RSA1_5" for the first recipient.

* “RSA1_5”表示第一个收件人。

* "ECDH-ES+A256KW" for the second recipient.

* “ECDH-ES+256千瓦”用于第二个接收者。

* "A256GCMKW" for the third recipient.

* “A256GCMKW”用于第三个收件人。

o Content encryption algorithm; this example uses "A128CBC-HS256".

o 内容加密算法;本例使用“A128CBC-HS256”。

5.13.2. Generated Factors
5.13.2. 生成因素

The following are generated before encrypting:

加密前会生成以下内容:

o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 202.

o AES对称密钥作为内容加密密钥(CEK);此示例使用图202中的键。

o Initialization Vector; this example uses the Initialization Vector from Figure 203.

o 初始化向量;此示例使用图203中的初始化向量。

zXayeJ4gvm8NJr3IUInyokTUO-LbQNKEhe_zWlYbdpQ

ZXAYEJ4GVM8NJR3IUINYOKTOO-LBQNKHE_zWlYbdpQ

Figure 202: Content Encryption Key, base64url-encoded

图202:内容加密密钥,base64url编码

VgEIHY20EnzUtZFl2RpB1g

VgEIHY20EnzUtZFl2RpB1g

Figure 203: Initialization Vector, base64url-encoded

图203:初始化向量,base64url编码

5.13.3. Encrypting the Key to the First Recipient
5.13.3. 加密第一个收件人的密钥

Performing the "RSA1_5" key encryption operation over the CEK (Figure 202) with the first recipient's RSA key (Figure 73) produces the following Encrypted Key:

使用第一个收件人的RSA密钥(图73)在CEK上执行“RSA1_5”密钥加密操作(图202)会生成以下加密密钥:

dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zjwj4w6Y5G4XJQsNNIBiqyvUUA OcpL7S7-cFe7Pio7gV_Q06WmCSa-vhW6me4bWrBf7cHwEQJdXihidAYWVajJIa KMXMvFRMV6iDlRr076DFthg2_AV0_tSiV6xSEIFqt1xnYPpmP91tc5WJDOGb-w qjw0-b-S1laS11QVbuP78dQ7Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbeYS rRicJK5xodvWgkpIdkMHo4LvdhRRvzoKzlic89jFWPlnBq_V4n5trGuExtp_-d bHcGlihqc_wGgho9fLMK8JOArYLcMDNQ

2.一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府在一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的一个中国政府的GUEXTP_uudBHCGLIHQC_wGgho9fLMK8JOArYLcMDNQ

Figure 204: Recipient #1 Encrypted Key, base64url-encoded

图204:收件人#1加密密钥,base64url编码

The following is generated after encrypting the CEK for the first recipient:

为第一个收件人加密CEK后生成以下内容:

o Recipient JWE Unprotected Header from Figure 205.

o 图205中的收件人JWE未受保护的标头。

   {
     "alg": "RSA1_5",
     "kid": "frodo.baggins@hobbiton.example"
   }
        
   {
     "alg": "RSA1_5",
     "kid": "frodo.baggins@hobbiton.example"
   }
        

Figure 205: Recipient #1 JWE Per-Recipient Unprotected Header JSON

图205:收件人#每个未受保护的收件人1个JWE头JSON

The following is the assembled first recipient JSON:

以下是组装的第一个收件人JSON:

   {
     "encrypted_key": "dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zjwj4w
         6Y5G4XJQsNNIBiqyvUUAOcpL7S7-cFe7Pio7gV_Q06WmCSa-vhW6me4b
         WrBf7cHwEQJdXihidAYWVajJIaKMXMvFRMV6iDlRr076DFthg2_AV0_t
         SiV6xSEIFqt1xnYPpmP91tc5WJDOGb-wqjw0-b-S1laS11QVbuP78dQ7
         Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbeYSrRicJK5xodvWgkpIdk
         MHo4LvdhRRvzoKzlic89jFWPlnBq_V4n5trGuExtp_-dbHcGlihqc_wG
         gho9fLMK8JOArYLcMDNQ",
     "header": {
       "alg": "RSA1_5",
       "kid": "frodo.baggins@hobbiton.example"
     }
   }
        
   {
     "encrypted_key": "dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zjwj4w
         6Y5G4XJQsNNIBiqyvUUAOcpL7S7-cFe7Pio7gV_Q06WmCSa-vhW6me4b
         WrBf7cHwEQJdXihidAYWVajJIaKMXMvFRMV6iDlRr076DFthg2_AV0_t
         SiV6xSEIFqt1xnYPpmP91tc5WJDOGb-wqjw0-b-S1laS11QVbuP78dQ7
         Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbeYSrRicJK5xodvWgkpIdk
         MHo4LvdhRRvzoKzlic89jFWPlnBq_V4n5trGuExtp_-dbHcGlihqc_wG
         gho9fLMK8JOArYLcMDNQ",
     "header": {
       "alg": "RSA1_5",
       "kid": "frodo.baggins@hobbiton.example"
     }
   }
        

Figure 206: Recipient #1 JSON

图206:收件人#1 JSON

5.13.4. Encrypting the Key to the Second Recipient
5.13.4. 将密钥加密到第二个收件人

The following is generated before encrypting the CEK for the second recipient:

在为第二个收件人加密CEK之前生成以下内容:

o Ephemeral EC private key on the same curve as the EC public key; this example uses the private key from Figure 207.

o 与EC公钥在同一曲线上的短暂EC私钥;此示例使用图207中的私钥。

   {
     "kty": "EC",
     "crv": "P-384",
     "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xAn2Dt
         MRb25Ma2CX",
     "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pOMbw9
         1fzZ84pbfm",
     "d": "1DKHfTv-PiifVw2VBHM_ZiVcwOMxkOyANS_lQHJcrDxVY3jhVCvZPw
         MxJKIE793C"
   }
        
   {
     "kty": "EC",
     "crv": "P-384",
     "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xAn2Dt
         MRb25Ma2CX",
     "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pOMbw9
         1fzZ84pbfm",
     "d": "1DKHfTv-PiifVw2VBHM_ZiVcwOMxkOyANS_lQHJcrDxVY3jhVCvZPw
         MxJKIE793C"
   }
        

Figure 207: Ephemeral Private Key for Recipient #2, in JWK Format

图207:JWK格式的收件人#2的临时私钥

Performing the "ECDH-ES+A256KW" key encryption operation over the CEK (Figure 202) with the following:

在CEK上执行“ECDH-ES+A256KW”密钥加密操作(图202),操作如下:

o Static Elliptic Curve public key (Figure 108).

o 静态椭圆曲线公钥(图108)。

o Ephemeral Elliptic Curve private key (Figure 207).

o 临时椭圆曲线私钥(图207)。

produces the following Encrypted Key:

生成以下加密密钥:

ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHixJuw_elY4gSSId_w

现有0IO9BQBMYF6-maw5tZlgoZXThD1zWKsHixJuw

Figure 208: Recipient #2 Encrypted Key, base64url-encoded

图208:收件人#2加密密钥,base64url编码

The following is generated after encrypting the CEK for the second recipient:

为第二个收件人加密CEK后生成以下内容:

o Recipient JWE Unprotected Header from Figure 209.

o 图209中的收件人JWE未受保护的标头。

   {
     "alg": "ECDH-ES+A256KW",
     "kid": "peregrin.took@tuckborough.example",
     "epk": {
       "kty": "EC",
       "crv": "P-384",
       "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xAn2
           DtMRb25Ma2CX",
       "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pOMb
           w91fzZ84pbfm"
     }
   }
        
   {
     "alg": "ECDH-ES+A256KW",
     "kid": "peregrin.took@tuckborough.example",
     "epk": {
       "kty": "EC",
       "crv": "P-384",
       "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xAn2
           DtMRb25Ma2CX",
       "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pOMb
           w91fzZ84pbfm"
     }
   }
        

Figure 209: Recipient #2 JWE Per-Recipient Unprotected Header JSON

图209:收件人#每个收件人2个JWE未受保护的头JSON

The following is the assembled second recipient JSON:

以下是组装的第二个收件人JSON:

   {
     "encrypted_key": "ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHixJuw
         _elY4gSSId_w",
     "header": {
       "alg": "ECDH-ES+A256KW",
       "kid": "peregrin.took@tuckborough.example",
       "epk": {
         "kty": "EC",
         "crv": "P-384",
         "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xA
             n2DtMRb25Ma2CX",
         "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pO
             Mbw91fzZ84pbfm"
       }
     }
   }
        
   {
     "encrypted_key": "ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHixJuw
         _elY4gSSId_w",
     "header": {
       "alg": "ECDH-ES+A256KW",
       "kid": "peregrin.took@tuckborough.example",
       "epk": {
         "kty": "EC",
         "crv": "P-384",
         "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xA
             n2DtMRb25Ma2CX",
         "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pO
             Mbw91fzZ84pbfm"
       }
     }
   }
        

Figure 210: Recipient #2 JSON

图210:收件人#2

5.13.5. Encrypting the Key to the Third Recipient
5.13.5. 向第三个收件人加密密钥

The following is generated before encrypting the CEK for the third recipient:

在为第三个收件人加密CEK之前生成以下内容:

o Initialization Vector for key wrapping; this example uses the Initialization Vector from Figure 211.

o 密钥包装的初始化向量;此示例使用图211中的初始化向量。

AvpeoPZ9Ncn9mkBn

AvpeoPZ9Ncn9mkBn

Figure 211: Recipient #2 Initialization Vector for Key Wrapping, base64url-encoded

图211:密钥包装的收件人#2初始化向量,base64url编码

Performing the "A256GCMKW" key encryption operation over the CEK (Figure 202) with the following:

在CEK上执行“A256GCMKW”密钥加密操作(图202),操作如下:

o AES symmetric key (Figure 138); and

o AES对称密钥(图138);和

o Initialization Vector (Figure 211)

o 初始化向量(图211)

produces the following:

产生以下结果:

o Encrypted Key from Figure 212.

o 图212中的加密密钥。

o Authentication Tag from Figure 213.

o 图213中的身份验证标签。

a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-WyTpS1E

a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-WyTpS1E

Figure 212: Recipient #3 Encrypted Key, base64url-encoded

图212:收件人#3加密密钥,base64url编码

59Nqh1LlYtVIhfD3pgRGvw

59Nqh1LlYtVIhfD3pgRGvw

Figure 213: Recipient #3 Authentication Tag from Key Wrapping, base64url-encoded

图213:密钥包装的收件人#3身份验证标记,base64url编码

The following is generated after encrypting the CEK for the third recipient:

为第三个收件人加密CEK后生成以下内容:

o Recipient JWE Unprotected Header; this example uses the header from Figure 214.

o 收件人JWE未受保护的标头;此示例使用图214中的标题。

   {
     "alg": "A256GCMKW",
     "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
     "tag": "59Nqh1LlYtVIhfD3pgRGvw",
     "iv": "AvpeoPZ9Ncn9mkBn"
   }
        
   {
     "alg": "A256GCMKW",
     "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
     "tag": "59Nqh1LlYtVIhfD3pgRGvw",
     "iv": "AvpeoPZ9Ncn9mkBn"
   }
        

Figure 214: Recipient #3 JWE Per-Recipient Unprotected Header JSON

图214:收件人#3 JWE每个未受保护的收件人头JSON

The following is the assembled third recipient JSON:

以下是组装的第三个收件人JSON:

   {
     "encrypted_key": "a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-WyTpS1
         E",
     "header": {
       "alg": "A256GCMKW",
       "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
       "tag": "59Nqh1LlYtVIhfD3pgRGvw",
       "iv": "AvpeoPZ9Ncn9mkBn"
     }
   }
        
   {
     "encrypted_key": "a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-WyTpS1
         E",
     "header": {
       "alg": "A256GCMKW",
       "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
       "tag": "59Nqh1LlYtVIhfD3pgRGvw",
       "iv": "AvpeoPZ9Ncn9mkBn"
     }
   }
        

Figure 215: Recipient #3 JSON

图215:收件人#3

5.13.6. Encrypting the Content
5.13.6. 加密内容

The following is generated before encrypting the content:

加密内容之前会生成以下内容:

o JWE Protected Header; this example uses the header from Figure 216, encoded to base64url [RFC4648] as Figure 217.

o JWE保护头;该示例使用图216中的头,编码为base64url[RFC4648],如图217所示。

   {
     "enc": "A128CBC-HS256"
   }
        
   {
     "enc": "A128CBC-HS256"
   }
        

Figure 216: JWE Protected Header JSON

图216:JWE保护的头JSON

eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0

eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0

Figure 217: JWE Protected Header, base64url-encoded

图217:JWE保护标头,base64url编码

Performing the content encryption operation over the Plaintext (Figure 72) with the following:

使用以下命令在明文上执行内容加密操作(图72):

o CEK (Figure 202),

o CEK(图202),

o Initialization Vector (Figure 203), and

o 初始化向量(图203),以及

o JWE Protected Header (Figure 217) as the authenticated data

o JWE保护头(图217)作为经过身份验证的数据

produces the following:

产生以下结果:

o Ciphertext from Figure 218.

o 图218中的密文。

o Authentication Tag from Figure 219.

o 图219中的身份验证标记。

   ajm2Q-OpPXCr7-MHXicknb1lsxLdXxK_yLds0KuhJzfWK04SjdxQeSw2L9mu3a
   _k1C55kCQ_3xlkcVKC5yr__Is48VOoK0k63_QRM9tBURMFqLByJ8vOYQX0oJW4
   VUHJLmGhF-tVQWB7Kz8mr8zeE7txF0MSaP6ga7-siYxStR7_G07Thd1jh-zGT0
   wxM5g-VRORtq0K6AXpLlwEqRp7pkt2zRM0ZAXqSpe1O6FJ7FHLDyEFnD-zDIZu
   kLpCbzhzMDLLw2-8I14FQrgi-iEuzHgIJFIJn2wh9Tj0cg_kOZy9BqMRZbmYXM
   Y9YQjorZ_P_JYG3ARAIF3OjDNqpdYe-K_5Q5crGJSDNyij_ygEiItR5jssQVH2
   ofDQdLChtazE
        
   ajm2Q-OpPXCr7-MHXicknb1lsxLdXxK_yLds0KuhJzfWK04SjdxQeSw2L9mu3a
   _k1C55kCQ_3xlkcVKC5yr__Is48VOoK0k63_QRM9tBURMFqLByJ8vOYQX0oJW4
   VUHJLmGhF-tVQWB7Kz8mr8zeE7txF0MSaP6ga7-siYxStR7_G07Thd1jh-zGT0
   wxM5g-VRORtq0K6AXpLlwEqRp7pkt2zRM0ZAXqSpe1O6FJ7FHLDyEFnD-zDIZu
   kLpCbzhzMDLLw2-8I14FQrgi-iEuzHgIJFIJn2wh9Tj0cg_kOZy9BqMRZbmYXM
   Y9YQjorZ_P_JYG3ARAIF3OjDNqpdYe-K_5Q5crGJSDNyij_ygEiItR5jssQVH2
   ofDQdLChtazE
        

Figure 218: Ciphertext, base64url-encoded

图218:密文,base64url编码

BESYyFN7T09KY7i8zKs5_g

BESYyFN7T09KY7i8zKs5_g

Figure 219: Authentication Tag, base64url-encoded

图219:身份验证标签,base64url编码

The following is generated after encrypting the Plaintext:

加密明文后生成以下内容:

o JWE Shared Unprotected Header parameters; this example uses the header from Figure 220.

o JWE共享未受保护的头参数;此示例使用图220中的标题。

   {
     "cty": "text/plain"
   }
        
   {
     "cty": "text/plain"
   }
        

Figure 220: JWE Shared Unprotected Header JSON

图220:JWE共享未受保护的头JSON

5.13.7. Output Results
5.13.7. 输出结果

The following compose the resulting JWE object:

以下内容构成了生成的JWE对象:

o Recipient #1 JSON (Figure 206)

o 收件人#1 JSON(图206)

o Recipient #2 JSON (Figure 210)

o 收件人#2 JSON(图210)

o Recipient #3 JSON (Figure 215)

o 收件人#3 JSON(图215)

o Initialization Vector (Figure 203)

o 初始化向量(图203)

o Ciphertext (Figure 218)

o 密文(图218)

o Authentication Tag (Figure 219)

o 身份验证标签(图219)

The JWE Compact Serialization is not presented because it does not support this use case; the flattened JWE JSON Serialization is not presented because there is more than one recipient.

没有提供JWE紧凑序列化,因为它不支持此用例;由于存在多个收件人,因此未显示平坦的JWE JSON序列化。

The resulting JWE object using the general JWE JSON Serialization:

使用通用JWE JSON序列化生成的JWE对象:

   {
     "recipients": [
       {
         "encrypted_key": "dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zj
             wj4w6Y5G4XJQsNNIBiqyvUUAOcpL7S7-cFe7Pio7gV_Q06WmCSa-
             vhW6me4bWrBf7cHwEQJdXihidAYWVajJIaKMXMvFRMV6iDlRr076
             DFthg2_AV0_tSiV6xSEIFqt1xnYPpmP91tc5WJDOGb-wqjw0-b-S
             1laS11QVbuP78dQ7Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbe
             YSrRicJK5xodvWgkpIdkMHo4LvdhRRvzoKzlic89jFWPlnBq_V4n
             5trGuExtp_-dbHcGlihqc_wGgho9fLMK8JOArYLcMDNQ",
         "header": {
           "alg": "RSA1_5",
           "kid": "frodo.baggins@hobbiton.example"
         }
       },
       {
         "encrypted_key": "ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHi
             xJuw_elY4gSSId_w",
         "header": {
           "alg": "ECDH-ES+A256KW",
           "kid": "peregrin.took@tuckborough.example",
           "epk": {
             "kty": "EC",
             "crv": "P-384",
             "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhs
                 E2xAn2DtMRb25Ma2CX",
             "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEj
                 I1pOMbw91fzZ84pbfm"
           }
         }
       },
       {
         "encrypted_key": "a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-Wy
             TpS1E",
         "header": {
           "alg": "A256GCMKW",
           "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
           "tag": "59Nqh1LlYtVIhfD3pgRGvw",
           "iv": "AvpeoPZ9Ncn9mkBn"
         }
       }
     ],
     "unprotected": {
       "cty": "text/plain"
     },
     "protected": "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
        
   {
     "recipients": [
       {
         "encrypted_key": "dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zj
             wj4w6Y5G4XJQsNNIBiqyvUUAOcpL7S7-cFe7Pio7gV_Q06WmCSa-
             vhW6me4bWrBf7cHwEQJdXihidAYWVajJIaKMXMvFRMV6iDlRr076
             DFthg2_AV0_tSiV6xSEIFqt1xnYPpmP91tc5WJDOGb-wqjw0-b-S
             1laS11QVbuP78dQ7Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbe
             YSrRicJK5xodvWgkpIdkMHo4LvdhRRvzoKzlic89jFWPlnBq_V4n
             5trGuExtp_-dbHcGlihqc_wGgho9fLMK8JOArYLcMDNQ",
         "header": {
           "alg": "RSA1_5",
           "kid": "frodo.baggins@hobbiton.example"
         }
       },
       {
         "encrypted_key": "ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHi
             xJuw_elY4gSSId_w",
         "header": {
           "alg": "ECDH-ES+A256KW",
           "kid": "peregrin.took@tuckborough.example",
           "epk": {
             "kty": "EC",
             "crv": "P-384",
             "x": "Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhs
                 E2xAn2DtMRb25Ma2CX",
             "y": "VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEj
                 I1pOMbw91fzZ84pbfm"
           }
         }
       },
       {
         "encrypted_key": "a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-Wy
             TpS1E",
         "header": {
           "alg": "A256GCMKW",
           "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
           "tag": "59Nqh1LlYtVIhfD3pgRGvw",
           "iv": "AvpeoPZ9Ncn9mkBn"
         }
       }
     ],
     "unprotected": {
       "cty": "text/plain"
     },
     "protected": "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
        
     "iv": "VgEIHY20EnzUtZFl2RpB1g",
     "ciphertext": "ajm2Q-OpPXCr7-MHXicknb1lsxLdXxK_yLds0KuhJzfWK
         04SjdxQeSw2L9mu3a_k1C55kCQ_3xlkcVKC5yr__Is48VOoK0k63_QRM
         9tBURMFqLByJ8vOYQX0oJW4VUHJLmGhF-tVQWB7Kz8mr8zeE7txF0MSa
         P6ga7-siYxStR7_G07Thd1jh-zGT0wxM5g-VRORtq0K6AXpLlwEqRp7p
         kt2zRM0ZAXqSpe1O6FJ7FHLDyEFnD-zDIZukLpCbzhzMDLLw2-8I14FQ
         rgi-iEuzHgIJFIJn2wh9Tj0cg_kOZy9BqMRZbmYXMY9YQjorZ_P_JYG3
         ARAIF3OjDNqpdYe-K_5Q5crGJSDNyij_ygEiItR5jssQVH2ofDQdLCht
         azE",
     "tag": "BESYyFN7T09KY7i8zKs5_g"
   }
        
     "iv": "VgEIHY20EnzUtZFl2RpB1g",
     "ciphertext": "ajm2Q-OpPXCr7-MHXicknb1lsxLdXxK_yLds0KuhJzfWK
         04SjdxQeSw2L9mu3a_k1C55kCQ_3xlkcVKC5yr__Is48VOoK0k63_QRM
         9tBURMFqLByJ8vOYQX0oJW4VUHJLmGhF-tVQWB7Kz8mr8zeE7txF0MSa
         P6ga7-siYxStR7_G07Thd1jh-zGT0wxM5g-VRORtq0K6AXpLlwEqRp7p
         kt2zRM0ZAXqSpe1O6FJ7FHLDyEFnD-zDIZukLpCbzhzMDLLw2-8I14FQ
         rgi-iEuzHgIJFIJn2wh9Tj0cg_kOZy9BqMRZbmYXMY9YQjorZ_P_JYG3
         ARAIF3OjDNqpdYe-K_5Q5crGJSDNyij_ygEiItR5jssQVH2ofDQdLCht
         azE",
     "tag": "BESYyFN7T09KY7i8zKs5_g"
   }
        

Figure 221: General JWE JSON Serialization

图221:通用JWE JSON序列化

6. Nesting Signatures and Encryption
6. 嵌套签名和加密

This example illustrates nesting a JSON Web Signature (JWS) structure within a JSON Web Encryption (JWE) structure. The signature uses the "PS256" (RSASSA-PSS) algorithm; the encryption uses the "RSA-OAEP" (RSAES-OAEP) key encryption algorithm and the "A128GCM" (AES-GCM) content encryption algorithm.

此示例演示了在JSON Web加密(JWE)结构中嵌套JSON Web签名(JWS)结构。签名使用“PS256”(RSASSA-PSS)算法;加密使用“RSA-OAEP”(RSAES-OAEP)密钥加密算法和“A128GCM”(AES-GCM)内容加密算法。

Note that RSASSA-PSS uses random data to generate the signature, and RSAES-OAEP uses random data to generate the ciphertext; it might not be possible to exactly replicate the results in this section.

注意,RSASSA-PSS使用随机数据生成签名,RSAES-OAEP使用随机数据生成密文;可能无法准确复制本节中的结果。

Note that whitespace is added for readability as described in Section 1.1.

请注意,如第1.1节所述,添加空格是为了可读性。

6.1. Signing Input Factors
6.1. 符号输入因素

The following are supplied before beginning the signing operation:

在开始签名操作之前,将提供以下内容:

o Payload content; this example uses the JSON Web Token [JWT] content from Figure 222, encoded as base64url [RFC4648] to produce Figure 223.

o 有效载荷内容;本例使用图222中的JSON Web令牌[JWT]内容(编码为base64url[RFC4648])生成图223。

o RSA private key; this example uses the key from Figure 224.

o RSA私钥;此示例使用图224中的键。

o "alg" parameter of "PS256".

o “PS256”的“alg”参数。

   {
     "iss": "hobbiton.example",
     "exp": 1300819380,
     "http://example.com/is_root": true
   }
        
   {
     "iss": "hobbiton.example",
     "exp": 1300819380,
     "http://example.com/is_root": true
   }
        

Figure 222: Payload Content, in JSON Format

图222:JSON格式的有效负载内容

   eyJpc3MiOiJob2JiaXRvbi5leGFtcGxlIiwiZXhwIjoxMzAwODE5MzgwLCJodH
   RwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZX0
        
   eyJpc3MiOiJob2JiaXRvbi5leGFtcGxlIiwiZXhwIjoxMzAwODE5MzgwLCJodH
   RwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZX0
        

Figure 223: Payload Content, base64url-encoded

图223:负载内容,base64url编码

   {
     "kty": "RSA",
     "kid": "hobbiton.example",
     "use": "sig",
     "n": "kNrPIBDXMU6fcyv5i-QHQAQ-K8gsC3HJb7FYhYaw8hXbNJa-t8q0lD
         KwLZgQXYV-ffWxXJv5GGrlZE4GU52lfMEegTDzYTrRQ3tepgKFjMGg6I
         y6fkl1ZNsx2gEonsnlShfzA9GJwRTmtKPbk1s-hwx1IU5AT-AIelNqBg
         cF2vE5W25_SGGBoaROVdUYxqETDggM1z5cKV4ZjDZ8-lh4oVB07bkac6
         LQdHpJUUySH_Er20DXx30Kyi97PciXKTS-QKXnmm8ivyRCmux22ZoPUi
         nd2BKC5OiG4MwALhaL2Z2k8CsRdfy-7dg7z41Rp6D0ZeEvtaUp4bX4aK
         raL4rTfw",
     "e": "AQAB",
     "d": "ZLe_TIxpE9-W_n2VBa-HWvuYPtjvxwVXClJFOpJsdea8g9RMx34qEO
         EtnoYc2un3CZ3LtJi-mju5RAT8YSc76YJds3ZVw0UiO8mMBeG6-iOnvg
         obobNx7K57-xjTJZU72EjOr9kB7z6ZKwDDq7HFyCDhUEcYcHFVc7iL_6
         TibVhAhOFONWlqlJgEgwVYd0rybNGKifdnpEbwyHoMwY6HM1qvnEFgP7
         iZ0YzHUT535x6jj4VKcdA7ZduFkhUauysySEW7mxZM6fj1vdjJIy9LD1
         fIz30Xv4ckoqhKF5GONU6tNmMmNgAD6gIViyEle1PrIxl1tBhCI14bRW
         -zrpHgAQ",
     "p": "yKWYoNIAqwMRQlgIBOdT1NIcbDNUUs2Rh-pBaxD_mIkweMt4Mg-0-B
         2iSYvMrs8horhonV7vxCQagcBAATGW-hAafUehWjxWSH-3KccRM8toL4
         e0q7M-idRDOBXSoe7Z2-CV2x_ZCY3RP8qp642R13WgXqGDIM4MbUkZSj
         cY9-c",
     "q": "uND4o15V30KDzf8vFJw589p1vlQVQ3NEilrinRUPHkkxaAzDzccGgr
         WMWpGxGFFnNL3w5CqPLeU76-5IVYQq0HwYVl0hVXQHr7sgaGu-483Ad3
         ENcL23FrOnF45m7_2ooAstJDe49MeLTTQKrSIBl_SKvqpYvfSPTczPcZ
         kh9Kk",
     "dp": "jmTnEoq2qqa8ouaymjhJSCnsveUXnMQC2gAneQJRQkFqQu-zV2PKP
         KNbPvKVyiF5b2-L3tM3OW2d2iNDyRUWXlT7V5l0KwPTABSTOnTqAmYCh
         Gi8kXXdlhcrtSvXldBakC6saxwI_TzGGY2MVXzc2ZnCvCXHV4qjSxOrf
         P3pHFU",
     "dq": "R9FUvU88OVzEkTkXl3-5-WusE4DjHmndeZIlu3rifBdfLpq_P-iWP
         BbGaq9wzQ1c-J7SzCdJqkEJDv5yd2C7rnZ6kpzwBh_nmL8zscAk1qsun
         nt9CJGAYz7-sGWy1JGShFazfP52ThB4rlCJ0YuEaQMrIzpY77_oLAhpm
         DA0hLk",
     "qi": "S8tC7ZknW6hPITkjcwttQOPLVmRfwirRlFAViuDb8NW9CrV_7F2Oq
         UZCqmzHTYAumwGFHI1WVRep7anleWaJjxC_1b3fq_al4qH3Pe-EKiHg6
         IMazuRtZLUROcThrExDbF5dYbsciDnfRUWLErZ4N1Be0bnxYuPqxwKd9
         QZwMo0"
   }
        
   {
     "kty": "RSA",
     "kid": "hobbiton.example",
     "use": "sig",
     "n": "kNrPIBDXMU6fcyv5i-QHQAQ-K8gsC3HJb7FYhYaw8hXbNJa-t8q0lD
         KwLZgQXYV-ffWxXJv5GGrlZE4GU52lfMEegTDzYTrRQ3tepgKFjMGg6I
         y6fkl1ZNsx2gEonsnlShfzA9GJwRTmtKPbk1s-hwx1IU5AT-AIelNqBg
         cF2vE5W25_SGGBoaROVdUYxqETDggM1z5cKV4ZjDZ8-lh4oVB07bkac6
         LQdHpJUUySH_Er20DXx30Kyi97PciXKTS-QKXnmm8ivyRCmux22ZoPUi
         nd2BKC5OiG4MwALhaL2Z2k8CsRdfy-7dg7z41Rp6D0ZeEvtaUp4bX4aK
         raL4rTfw",
     "e": "AQAB",
     "d": "ZLe_TIxpE9-W_n2VBa-HWvuYPtjvxwVXClJFOpJsdea8g9RMx34qEO
         EtnoYc2un3CZ3LtJi-mju5RAT8YSc76YJds3ZVw0UiO8mMBeG6-iOnvg
         obobNx7K57-xjTJZU72EjOr9kB7z6ZKwDDq7HFyCDhUEcYcHFVc7iL_6
         TibVhAhOFONWlqlJgEgwVYd0rybNGKifdnpEbwyHoMwY6HM1qvnEFgP7
         iZ0YzHUT535x6jj4VKcdA7ZduFkhUauysySEW7mxZM6fj1vdjJIy9LD1
         fIz30Xv4ckoqhKF5GONU6tNmMmNgAD6gIViyEle1PrIxl1tBhCI14bRW
         -zrpHgAQ",
     "p": "yKWYoNIAqwMRQlgIBOdT1NIcbDNUUs2Rh-pBaxD_mIkweMt4Mg-0-B
         2iSYvMrs8horhonV7vxCQagcBAATGW-hAafUehWjxWSH-3KccRM8toL4
         e0q7M-idRDOBXSoe7Z2-CV2x_ZCY3RP8qp642R13WgXqGDIM4MbUkZSj
         cY9-c",
     "q": "uND4o15V30KDzf8vFJw589p1vlQVQ3NEilrinRUPHkkxaAzDzccGgr
         WMWpGxGFFnNL3w5CqPLeU76-5IVYQq0HwYVl0hVXQHr7sgaGu-483Ad3
         ENcL23FrOnF45m7_2ooAstJDe49MeLTTQKrSIBl_SKvqpYvfSPTczPcZ
         kh9Kk",
     "dp": "jmTnEoq2qqa8ouaymjhJSCnsveUXnMQC2gAneQJRQkFqQu-zV2PKP
         KNbPvKVyiF5b2-L3tM3OW2d2iNDyRUWXlT7V5l0KwPTABSTOnTqAmYCh
         Gi8kXXdlhcrtSvXldBakC6saxwI_TzGGY2MVXzc2ZnCvCXHV4qjSxOrf
         P3pHFU",
     "dq": "R9FUvU88OVzEkTkXl3-5-WusE4DjHmndeZIlu3rifBdfLpq_P-iWP
         BbGaq9wzQ1c-J7SzCdJqkEJDv5yd2C7rnZ6kpzwBh_nmL8zscAk1qsun
         nt9CJGAYz7-sGWy1JGShFazfP52ThB4rlCJ0YuEaQMrIzpY77_oLAhpm
         DA0hLk",
     "qi": "S8tC7ZknW6hPITkjcwttQOPLVmRfwirRlFAViuDb8NW9CrV_7F2Oq
         UZCqmzHTYAumwGFHI1WVRep7anleWaJjxC_1b3fq_al4qH3Pe-EKiHg6
         IMazuRtZLUROcThrExDbF5dYbsciDnfRUWLErZ4N1Be0bnxYuPqxwKd9
         QZwMo0"
   }
        

Figure 224: RSA 2048-Bit Private Key, in JWK Format

图224:JWK格式的RSA 2048位私钥

6.2. Signing Operation
6.2. 签名操作

The following is generated to complete the signing operation:

生成以下内容以完成签名操作:

o JWS Protected Header; this example uses the header from Figure 225, encoded using base64url [RFC4648] to produce Figure 226.

o JWS保护头;此示例使用图225中的标题,使用base64url[RFC4648]编码以生成图226。

   {
     "alg": "PS256",
     "typ": "JWT"
   }
        
   {
     "alg": "PS256",
     "typ": "JWT"
   }
        

Figure 225: JWS Protected Header JSON

图225:JWS保护的头JSON

   eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9
        
   eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9
        

Figure 226: JWS Protected Header, base64url-encoded

图226:JWS保护的标头,base64url编码

Performing the signature operation over the combined JWS Protected Header (Figure 226) and payload content (Figure 222) produces the following signature:

在组合的JWS保护头(图226)和有效负载内容(图222)上执行签名操作会产生以下签名:

dPpMqwRZxFYi1UfcDAaf8M99o7kwUWtiXZ-ByvVuJih4MhJ_aZqciprz0OWaIA kIvn1qskChirjKvY9ESZNUCP4JjvfyPS-nqjJxYoA5ztWOyFk2cZNIPXjcJXSQ wXPO9tEe-v4VSqgD0aKHqPxYog4N6Cz1lKph1U1sYDSI67_bLL7elg_vkjfMp5 _W5l5LuUYGMeh6hxQIaIUXf9EwV2JmvTMuZ-vBOWy0Sniy1EFo72CRTvmtrIf5 AROo5MNliY3KtUxeP-SOmD-LEYwW9SlkohYzMVAZDDOrVbv7KVRHpeYNaK75KE QqdCEEkS_rskZS-Qtt_nlegTWh1mEYaA

2.在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,一个研究领域,在一个研究一个研究领域,一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,一个研究领域,在一个研究领域,一个研究领域,在一个研究领域,一个研究一个研究一个研究领域,一个研究领域,一个研究一个研究一个关于关于关于一个关于一个关于一个关于关于一个关于关于关于关于可用于rskZS-Qtt-nlegTWh1mEYaA

Figure 227: JWS Signature, base64url-encoded

图227:JWS签名,base64url编码

6.3. Signing Output
6.3. 签名输出

The following compose the resulting JWS object:

以下内容构成生成的JWS对象:

o JWS Protected Header (Figure 226)

o JWS保护头(图226)

o Payload content (Figure 223)

o 有效载荷内容(图223)

o Signature (Figure 227)

o 签名(图227)

The resulting JWS object using the JWS Compact Serialization (which is the plaintext input to the following encryption operation):

使用JWS压缩序列化(以下加密操作的明文输入)生成的JWS对象:

eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9 . eyJpc3MiOiJob2JiaXRvbi5leGFtcGxlIiwiZXhwIjoxMzAwODE5MzgwLCJodH RwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZX0 . dPpMqwRZxFYi1UfcDAaf8M99o7kwUWtiXZ-ByvVuJih4MhJ_aZqciprz0OWaIA kIvn1qskChirjKvY9ESZNUCP4JjvfyPS-nqjJxYoA5ztWOyFk2cZNIPXjcJXSQ wXPO9tEe-v4VSqgD0aKHqPxYog4N6Cz1lKph1U1sYDSI67_bLL7elg_vkjfMp5 _W5l5LuUYGMeh6hxQIaIUXf9EwV2JmvTMuZ-vBOWy0Sniy1EFo72CRTvmtrIf5 AROo5MNliY3KtUxeP-SOmD-LEYwW9SlkohYzMVAZDDOrVbv7KVRHpeYNaK75KE QqdCEEkS_rskZS-Qtt_nlegTWh1mEYaA

eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9。EYJPC3MIOIJOB2JIAXRVBI5LEGFTCGCXLIIWIZXHWIJOXMZAWODE5MZGLCJODH RWOI8VZXHHBXBSS5JB20VAXNFCM9VDCI6DHJ1ZX0。2.在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,一个研究领域,在一个研究一个研究领域,一个研究领域,在一个研究领域,在一个研究领域,在一个研究领域,一个研究领域,在一个研究领域,一个研究领域,在一个研究领域,一个研究一个研究一个研究领域,一个研究领域,一个研究一个研究一个关于关于关于一个关于一个关于一个关于关于一个关于关于关于关于可用于rskZS-Qtt-nlegTWh1mEYaA

Figure 228: JWS Compact Serialization

图228:JWS紧凑序列化

6.4. Encryption Input Factors
6.4. 加密输入因子

The following are supplied before beginning the encryption process:

在开始加密过程之前,将提供以下信息:

o Plaintext content; this example uses the content from Figure 228.

o 明文内容;此示例使用图228中的内容。

o RSA public key; this example uses the key from Figure 84.

o RSA公钥;此示例使用图84中的键。

o "alg" parameter of "RSA-OAEP".

o “RSA-OAEP”的“alg”参数。

o "enc" parameter of "A128GCM".

o “A128GCM”的“enc”参数。

6.5. Encryption Generated Factors
6.5. 加密生成因素

The following are generated before encrypting:

加密前会生成以下内容:

o AES symmetric key as the Content Encryption Key (CEK); this example uses the key from Figure 229.

o AES对称密钥作为内容加密密钥(CEK);此示例使用图229中的键。

o Initialization Vector; this example uses the Initialization Vector from Figure 230.

o 初始化向量;此示例使用图230中的初始化向量。

0RHSNYwN-6-2QBGsYTZLSQ

0RHSNYwN-6-2QBGsYTZLSQ

Figure 229: Content Encryption Key, base64url-encoded

图229:内容加密密钥,base64url编码

GbX1i9kXz0sxXPmA

GbX1i9kXz0sxXPmA

Figure 230: Initialization Vector, base64url-encoded

图230:初始化向量,base64url编码

6.6. Encrypting the Key
6.6. 加密密钥

Performing the key encryption operation over the CEK (Figure 229) with the RSA key (Figure 84) produces the following Encrypted Key:

使用RSA密钥(图84)在CEK上执行密钥加密操作(图229)会生成以下加密密钥:

a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurCyrBg3I7YhCRYjphDOOS4 E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4g zMedpiJHQVeyI-zkZV7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21 O0ul4YxSHV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5I R7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDU F_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-I apSjVFnMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAa mBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDhi1smxS_X_x pkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_GnVrNwlK7Lgxw6FSQvDO 0

A0JHROITFPX4QREWIMJLSTN8M3CPXBV1EYLvHJYRBG3I7YHCryJPHDOOS4 E7RXBR2FNYQQ-A-GQT0FXQNJVORG-BI13MWY7ROYJTKBEC6P7SMYMXXX4G ZMEDPIJQVEYI-ZKZV7A9MATPGEVAJWRZUYZZYGTTW2SN6GTL6GTL6GTV2O0YXSHVHV-BYKYEETRP-BYKYPTR4KYBYBZF4F4BYBZZL5F4F4F4BYBZL-E5F4F4F4F4F4F4F4F4F4F4F4F4F4YYYZYZYYYZYZYYYZ25-BYZYZYZYZ2.2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2_XpkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_GnVrNwlK7Lgxw6FSQvDO 0

Figure 231: Encrypted Key, base64url-encoded

图231:加密密钥,base64url编码

6.7. Encrypting the Content
6.7. 加密内容

The following is generated before encrypting the Plaintext:

在加密明文之前生成以下内容:

o JWE Protected Header; this example uses the header from Figure 232, encoded using base64url [RFC4648] to produce Figure 233.

o JWE保护头;此示例使用图232中的标题,使用base64url[RFC4648]编码以生成图233。

   {
     "alg": "RSA-OAEP",
     "cty": "JWT",
     "enc": "A128GCM"
   }
        
   {
     "alg": "RSA-OAEP",
     "cty": "JWT",
     "enc": "A128GCM"
   }
        

Figure 232: JWE Protected Header JSON

图232:JWE保护的头JSON

   eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYyI6IkExMjhHQ00ifQ
        
   eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYyI6IkExMjhHQ00ifQ
        

Figure 233: JWE Protected Header, base64url-encoded

图233:JWE受保护的标头,base64url编码

Performing the content encryption operation over the Plaintext (Figure 228) with the following:

在纯文本上执行内容加密操作(图228),方法如下:

o CEK (Figure 229);

o CEK(图229);

o Initialization Vector (Figure 230); and

o 初始化向量(图230);和

o JWE Protected Header (Figure 233) as authenticated data

o JWE将头(图233)保护为经过身份验证的数据

produces the following:

产生以下结果:

o Ciphertext from Figure 234.

o 图234中的密文。

o Authentication Tag from Figure 235.

o 图235中的身份验证标记。

SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBNgCe2OFMf66cSJ8k2Q kxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAvVLsAXB0_UTCBGyBg3C2bWLX qZlfJAAoJRUPRk-BimYZY81zVBuIhc7HsQePCpu33SzMsFHjn4lP_idrJz_glZ TNgKDt8zdnUPauKTKDNOH1DD4fuzvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9C hMPqW1QNhzuX_Zul3bvrJwr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEa ulV18l4Fg9tLejdkAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2 zI3Q_1sYjKUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUr lx4gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gYjLf hn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5XmnwZMyNc 9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMxtlMizR88NKU1WkB siXMCjy1Noue7MD-ShDp5dmM

SZI4IvKHmwpazl Pjqxx3mhv1anou4wf9-utWYUcKrBNgCe2OFMf66cSJ8k2Q kxaQD3(r60mge9OfMwKy3GfxEGRTPm9Oavvlsaxb0)UTCBGyBg3C2bWLX Qzlfjaaojrupruk-Bimyz81zzzzVmSzFhJn4Lp IdJn7HdJz(glZ TnGdGd8zNupauKdKdKdKdKdKdKdKdKdKdKdKdKdKdKdKdKdKdKdKdKdNdNdNdNdNdNdNdNdNdNdNdNdNdNdNdNdNdNdN4.一个8岁的学生在一个8岁的一个8岁的学生在一个8岁的一个8岁的一个8岁的一个8岁的一个8岁的学生在一个8岁的一个8岁的学校在一个8岁的一个8岁的学校在一个8岁的一个8岁的学生在一个8岁的一个8岁的学校在一个8岁的一个8岁的学校在一个8岁的一个8岁的学生在一个8岁的一个8岁的一个8岁的学校在一个8岁的一个8岁的学校在一个8岁的一个8岁的一个8岁的一个8岁的学校在一个8岁的一个8岁的一个8岁的一个8岁的一个8岁的一个8岁的一个8岁的学生在一个8岁的一个8岁的学校在一个8岁的一个8岁的一个8岁的一个8岁的学校88NKU1WKB六芯JY1NOUE7MD-ShDp5dmM

Figure 234: Ciphertext, base64url-encoded

图234:密文,base64url编码

KnIKEhN8U-3C9s4gtSpjSw

KnIKEhN8U-3C9s4gtSpjSw

Figure 235: Authentication Tag, base64url-encoded

图235:身份验证标签,base64url编码

6.8. Encryption Output
6.8. 加密输出

The following compose the resulting JWE object:

以下内容构成了生成的JWE对象:

o JWE Protected Header (Figure 233)

o JWE受保护的标头(图233)

o Encrypted Key (Figure 231)

o 加密密钥(图231)

o Initialization Vector (Figure 230)

o 初始化向量(图230)

o Ciphertext (Figure 234)

o 密文(图234)

o Authentication Tag (Figure 235)

o 身份验证标签(图235)

The resulting JWE object using the JWE Compact Serialization:

使用JWE压缩序列化生成的JWE对象:

eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYyI6IkExMjhHQ00ifQ . a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurCyrBg3I7YhCRYjphDOOS4 E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4g zMedpiJHQVeyI-zkZV7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21 O0ul4YxSHV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5I R7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDU F_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-I apSjVFnMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAa mBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDhi1smxS_X_x pkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_GnVrNwlK7Lgxw6FSQvDO 0 . GbX1i9kXz0sxXPmA . SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBNgCe2OFMf66cSJ8k2Q kxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAvVLsAXB0_UTCBGyBg3C2bWLX qZlfJAAoJRUPRk-BimYZY81zVBuIhc7HsQePCpu33SzMsFHjn4lP_idrJz_glZ TNgKDt8zdnUPauKTKDNOH1DD4fuzvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9C hMPqW1QNhzuX_Zul3bvrJwr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEa ulV18l4Fg9tLejdkAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2 zI3Q_1sYjKUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUr lx4gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gYjLf hn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5XmnwZMyNc 9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMxtlMizR88NKU1WkB siXMCjy1Noue7MD-ShDp5dmM . KnIKEhN8U-3C9s4gtSpjSw

EYJHBGCIOIJSU0ETT0FFUCISIMN0ESIKPXVCISIMVUYIKEXMJHQ00IFQ。A0JHROITFPX4QREWIMJLSTN8M3CPXBV1EYLvHJYRBG3I7YHCryJPHDOOS4 E7RXBR2FNYQQ-A-GQT0FXQNJVORG-BI13MWY7ROYJTKBEC6P7SMYMXXX4G ZMEDPIJQVEYI-ZKZV7A9MATPGEVAJWRZUYZZYGTTW2SN6GTL6GTL6GTV2O0YXSHVHV-BYKYEETRP-BYKYPTR4KYBYBZF4F4BYBZZL5F4F4F4BYBZL-E5F4F4F4F4F4F4F4F4F4F4F4F4F4YYYZYZYYYZYZYYYZ25-BYZYZYZYZ2.2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2_XpkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_GnVrNwlK7Lgxw6FSQvDO 0。GbX1i9kXz0sxXPmA。SZI4IvKHmwpazl Pjqxx3mhv1anou4wf9-utWYUcKrBNgCe2OFMf66cSJ8k2Q kxaQD3(r60mge9OfMwKy3GfxEGRTPm9Oavvlsaxb0)UTCBGyBg3C2bWLX Qzlfjaaojrupruk-Bimyz81zzzzVmSzFhJn4Lp IdJn7HdJz(glZ TnGdGd8zNupauKdKdKdKdKdKdKdKdKdKdKdKdKdKdKdKdKdKdKdKdKdNdNdNdNdNdNdNdNdNdNdNdNdNdNdNdNdNdNdN4.一个8岁的学生在一个8岁的一个8岁的学生在一个8岁的一个8岁的一个8岁的一个8岁的一个8岁的学生在一个8岁的一个8岁的学校在一个8岁的一个8岁的学校在一个8岁的一个8岁的学生在一个8岁的一个8岁的学校在一个8岁的一个8岁的学校在一个8岁的一个8岁的学生在一个8岁的一个8岁的一个8岁的学校在一个8岁的一个8岁的学校在一个8岁的一个8岁的一个8岁的一个8岁的学校在一个8岁的一个8岁的一个8岁的一个8岁的一个8岁的一个8岁的一个8岁的学生在一个8岁的一个8岁的学校在一个8岁的一个8岁的一个8岁的一个8岁的学校88NKU1WKB六MCJY1NOUE7MD-ShDp5dmM。KnIKEhN8U-3C9s4gtSpjSw

Figure 236: JWE Compact Serialization

图236:JWE压缩序列化

The resulting JWE object using the general JWE JSON Serialization:

使用通用JWE JSON序列化生成的JWE对象:

   {
     "recipients": [
       {
         "encrypted_key": "a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVh
             jurCyrBg3I7YhCRYjphDOOS4E7rXbr2Fn6NyQq-A-gqT0FXqNjVO
             GrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4gzMedpiJHQVeyI-zkZV
             7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21O0ul4YxS
             HV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e
             5IR7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5
             o6yV64x6yzDUF_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBq
             XxXvIjLeZivjNkzogCq3-IapSjVFnMjBxjpYLT8muaawo1yy1XXM
             uinIpNcOY3n4KKrXLrCcteX85m4IIHMZa38s1Hpr56fPPseMA-Jl
             tmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAamBKOYwfk7J
             hLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp
             ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDh
             i1smxS_X_xpkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_
             GnVrNwlK7Lgxw6FSQvDO0"
       }
     ],
     "protected": "eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYy
         I6IkExMjhHQ00ifQ",
     "iv": "GbX1i9kXz0sxXPmA",
     "ciphertext": "SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBN
         gCe2OFMf66cSJ8k2QkxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAv
         VLsAXB0_UTCBGyBg3C2bWLXqZlfJAAoJRUPRk-BimYZY81zVBuIhc7Hs
         QePCpu33SzMsFHjn4lP_idrJz_glZTNgKDt8zdnUPauKTKDNOH1DD4fu
         zvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9ChMPqW1QNhzuX_Zul3bvrJ
         wr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEaulV18l4Fg9tLejd
         kAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2zI3Q_1sYj
         KUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUrlx4
         gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gY
         jLfhn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5
         XmnwZMyNc9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMx
         tlMizR88NKU1WkBsiXMCjy1Noue7MD-ShDp5dmM",
     "tag": "KnIKEhN8U-3C9s4gtSpjSw"
   }
        
   {
     "recipients": [
       {
         "encrypted_key": "a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVh
             jurCyrBg3I7YhCRYjphDOOS4E7rXbr2Fn6NyQq-A-gqT0FXqNjVO
             GrG-bi13mwy7RoYhjTkBEC6P7sMYMXXx4gzMedpiJHQVeyI-zkZV
             7A9matpgevAJWrXzOUysYGTtwoSN6gtUVtlLaivjvb21O0ul4YxS
             HV-ByK1kyeetRp_fuYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e
             5IR7nany-25_UmC2urosNkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5
             o6yV64x6yzDUF_5JCIdl-Qv6H5dMVIY7q1eKpXcV1lWO_2FefEBq
             XxXvIjLeZivjNkzogCq3-IapSjVFnMjBxjpYLT8muaawo1yy1XXM
             uinIpNcOY3n4KKrXLrCcteX85m4IIHMZa38s1Hpr56fPPseMA-Jl
             tmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3kJusAamBKOYwfk7J
             hLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15qJIEXNJtqnblp
             ymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TXuPC8yDDh
             i1smxS_X_xpkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX2Fo_
             GnVrNwlK7Lgxw6FSQvDO0"
       }
     ],
     "protected": "eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYy
         I6IkExMjhHQ00ifQ",
     "iv": "GbX1i9kXz0sxXPmA",
     "ciphertext": "SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBN
         gCe2OFMf66cSJ8k2QkxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAv
         VLsAXB0_UTCBGyBg3C2bWLXqZlfJAAoJRUPRk-BimYZY81zVBuIhc7Hs
         QePCpu33SzMsFHjn4lP_idrJz_glZTNgKDt8zdnUPauKTKDNOH1DD4fu
         zvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9ChMPqW1QNhzuX_Zul3bvrJ
         wr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEaulV18l4Fg9tLejd
         kAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2zI3Q_1sYj
         KUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUrlx4
         gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gY
         jLfhn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5
         XmnwZMyNc9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMx
         tlMizR88NKU1WkBsiXMCjy1Noue7MD-ShDp5dmM",
     "tag": "KnIKEhN8U-3C9s4gtSpjSw"
   }
        

Figure 237: General JWE JSON Serialization

图237:通用JWE JSON序列化

The resulting JWE object using the flattened JWE JSON Serialization:

使用平坦JWE JSON序列化生成的JWE对象:

   {
     "encrypted_key": "a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurC
         yrBg3I7YhCRYjphDOOS4E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13
         mwy7RoYhjTkBEC6P7sMYMXXx4gzMedpiJHQVeyI-zkZV7A9matpgevAJ
         WrXzOUysYGTtwoSN6gtUVtlLaivjvb21O0ul4YxSHV-ByK1kyeetRp_f
         uYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5IR7nany-25_UmC2uros
         NkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDUF_5JCIdl-Qv6
         H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-IapSjVF
         nMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ
         a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3
         kJusAamBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15q
         JIEXNJtqnblpymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TX
         uPC8yDDhi1smxS_X_xpkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX
         2Fo_GnVrNwlK7Lgxw6FSQvDO0",
     "protected": "eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYy
         I6IkExMjhHQ00ifQ",
     "iv": "GbX1i9kXz0sxXPmA",
     "ciphertext": "SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBN
         gCe2OFMf66cSJ8k2QkxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAv
         VLsAXB0_UTCBGyBg3C2bWLXqZlfJAAoJRUPRk-BimYZY81zVBuIhc7Hs
         QePCpu33SzMsFHjn4lP_idrJz_glZTNgKDt8zdnUPauKTKDNOH1DD4fu
         zvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9ChMPqW1QNhzuX_Zul3bvrJ
         wr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEaulV18l4Fg9tLejd
         kAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2zI3Q_1sYj
         KUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUrlx4
         gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gY
         jLfhn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5
         XmnwZMyNc9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMx
         tlMizR88NKU1WkBsiXMCjy1Noue7MD-ShDp5dmM",
     "tag": "KnIKEhN8U-3C9s4gtSpjSw"
   }
        
   {
     "encrypted_key": "a0JHRoITfpX4qRewImjlStn8m3CPxBV1ueYlVhjurC
         yrBg3I7YhCRYjphDOOS4E7rXbr2Fn6NyQq-A-gqT0FXqNjVOGrG-bi13
         mwy7RoYhjTkBEC6P7sMYMXXx4gzMedpiJHQVeyI-zkZV7A9matpgevAJ
         WrXzOUysYGTtwoSN6gtUVtlLaivjvb21O0ul4YxSHV-ByK1kyeetRp_f
         uYJxHoKLQL9P424sKx2WGYb4zsBIPF4ssl_e5IR7nany-25_UmC2uros
         NkoFz9cQ82MypZP8gqbQJyPN-Fpp4Z-5o6yV64x6yzDUF_5JCIdl-Qv6
         H5dMVIY7q1eKpXcV1lWO_2FefEBqXxXvIjLeZivjNkzogCq3-IapSjVF
         nMjBxjpYLT8muaawo1yy1XXMuinIpNcOY3n4KKrXLrCcteX85m4IIHMZ
         a38s1Hpr56fPPseMA-Jltmt-a9iEDtOzhtxz8AXy9tsCAZV2XBWNG8c3
         kJusAamBKOYwfk7JhLRDgOnJjlJLhn7TI4UxDp9dCmUXEN6z0v23W15q
         JIEXNJtqnblpymooeWAHCT4e_Owbim1g0AEpTHUdA2iiLNs9WTX_H_TX
         uPC8yDDhi1smxS_X_xpkIHkiIHWDOLx03BpqDTivpKkBYwqP2UZkcxqX
         2Fo_GnVrNwlK7Lgxw6FSQvDO0",
     "protected": "eyJhbGciOiJSU0EtT0FFUCIsImN0eSI6IkpXVCIsImVuYy
         I6IkExMjhHQ00ifQ",
     "iv": "GbX1i9kXz0sxXPmA",
     "ciphertext": "SZI4IvKHmwpazl_pJQXX3mHv1ANnOU4Wf9-utWYUcKrBN
         gCe2OFMf66cSJ8k2QkxaQD3_R60MGE9ofomwtky3GFxMeGRjtpMt9OAv
         VLsAXB0_UTCBGyBg3C2bWLXqZlfJAAoJRUPRk-BimYZY81zVBuIhc7Hs
         QePCpu33SzMsFHjn4lP_idrJz_glZTNgKDt8zdnUPauKTKDNOH1DD4fu
         zvDYfDIAfqGPyL5sVRwbiXpXdGokEszM-9ChMPqW1QNhzuX_Zul3bvrJ
         wr7nuGZs4cUScY3n8yE3AHCLurgls-A9mz1X38xEaulV18l4Fg9tLejd
         kAuQZjPbqeHQBJe4IwGD5Ee0dQ-Mtz4NnhkIWx-YKBb_Xo2zI3Q_1sYj
         KUuis7yWW-HTr_vqvFt0bj7WJf2vzB0TZ3dvsoGaTvPH2dyWwumUrlx4
         gmPUzBdwTO6ubfYSDUEEz5py0d_OtWeUSYcCYBKD-aM7tXg26qJo21gY
         jLfhn9zy-W19sOCZGuzgFjPhawXHpvnj_t-0_ES96kogjJLxS1IMU9Y5
         XmnwZMyNc9EIwnogsCg-hVuvzyP0sIruktmI94_SL1xgMl7o03phcTMx
         tlMizR88NKU1WkBsiXMCjy1Noue7MD-ShDp5dmM",
     "tag": "KnIKEhN8U-3C9s4gtSpjSw"
   }
        

Figure 238: Flattened JWE JSON Serialization

图238:扁平化JWE JSON序列化

7. Security Considerations
7. 安全考虑

This document is designed to provide examples for developers to use in checking their implementations. As such, it does not follow some of the security considerations and recommendations in the core documents (i.e., [JWS], [JWE], [JWK], and [JWA]). For instance:

本文档旨在为开发人员提供用于检查其实现的示例。因此,它没有遵循核心文档(即[JWS]、[JWE]、[JWK]和[JWA])中的一些安全注意事项和建议。例如:

o it does not always generate a new CEK value for every encrypted example;

o 它并不总是为每个加密的示例生成新的CEK值;

o it does not always generate a new Initialization Vector (IV) value for every encrypted example; and

o 它并不总是为每个加密示例生成新的初始化向量(IV)值;和

o it does not always generate a new ephemeral key for every ephemeral key example.

o 它并不总是为每个临时密钥示例生成新的临时密钥。

For each example, data that is expected to be generated for each signing or encryption operation is isolated to sections titled "Generated Factors".

对于每个示例,预期为每个签名或加密操作生成的数据被隔离到标题为“生成的因素”的部分。

8. References
8. 工具书类
8.1. Normative References
8.1. 规范性引用文件

[JWA] Jones, M., "JSON Web Algorithms (JWA)", RFC 7518, DOI 10.17487/RFC7518, May 2015, <http://www.rfc-editor.org/info/rfc7518>.

[JWA]Jones,M.,“JSON网络算法(JWA)”,RFC 7518,DOI 10.17487/RFC7518,2015年5月<http://www.rfc-editor.org/info/rfc7518>.

[JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", RFC 7516, DOI 10.17487/RFC7516, May 2015, <http://www.rfc-editor.org/info/rfc7516>.

[JWE]Jones,M.和J.Hildebrand,“JSON Web加密(JWE)”,RFC 7516,DOI 10.17487/RFC7516,2015年5月<http://www.rfc-editor.org/info/rfc7516>.

[JWK] Jones, M., "JSON Web Key (JWK)", RFC 7517, DOI 10.17487/RFC7517, May 2015, <http://www.rfc-editor.org/info/rfc7517>.

[JWK]Jones,M.,“JSON Web密钥(JWK)”,RFC 7517,DOI 10.17487/RFC75172015年5月<http://www.rfc-editor.org/info/rfc7517>.

[JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May 2015, <http://www.rfc-editor.org/info/rfc7515>.

[JWS]Jones,M.,Bradley,J.,和N.Sakimura,“JSON网络签名(JWS)”,RFC 7515,DOI 10.17487/RFC7515,2015年5月<http://www.rfc-editor.org/info/rfc7515>.

[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006, <http://www.rfc-editor.org/info/rfc4648>.

[RFC4648]Josefsson,S.,“Base16、Base32和Base64数据编码”,RFC 4648,DOI 10.17487/RFC4648,2006年10月<http://www.rfc-editor.org/info/rfc4648>.

8.2. Informative References
8.2. 资料性引用

[JWT] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015, <http://www.rfc-editor.org/info/rfc7519>.

[JWT]Jones,M.,Bradley,J.,和N.Sakimura,“JSON网络令牌(JWT)”,RFC 7519,DOI 10.17487/RFC7519,2015年5月<http://www.rfc-editor.org/info/rfc7519>.

[LOTR-FELLOWSHIP] Tolkien, J., "The Fellowship of the Ring", HarperCollins Publishers, ePub Edition, ISBN 9780061952838, March 2009.

[LOTR-FESSURY]托尔金,J.,“魔戒的团契”,哈珀柯林斯出版社,电子出版版,ISBN 97800619528382009年3月。

[RFC1951] Deutsch, P., "DEFLATE Compressed Data Format Specification version 1.3", RFC 1951, DOI 10.17487/RFC1951, May 1996, <http://www.rfc-editor.org/info/rfc1951>.

[RFC1951]Deutsch,P.,“DEFLATE压缩数据格式规范1.3版”,RFC 1951,DOI 10.17487/RFC1951,1996年5月<http://www.rfc-editor.org/info/rfc1951>.

[RFC7095] Kewisch, P., "jCard: The JSON Format for vCard", RFC 7095, DOI 10.17487/RFC7095, January 2014, <http://www.rfc-editor.org/info/rfc7095>.

[RFC7095]Kewisch,P.,“jCard:vCard的JSON格式”,RFC 7095,DOI 10.17487/RFC7095,2014年1月<http://www.rfc-editor.org/info/rfc7095>.

Acknowledgements

致谢

Most of the examples herein use quotes and character names found in the novel "The Fellowship of the Ring" [LOTR-FELLOWSHIP], written by J. R. R. Tolkien.

这里的大多数例子都使用了J.R.R.Tolkien写的小说《魔戒团契》[LOTR-FESSURY]中的引号和人物名字。

Thanks to Richard Barnes, Brian Campbell, Mike Jones, and Jim Schaad for their input and review of the text. Thanks to Brian Campbell for verifying the Compact Serialization examples.

感谢Richard Barnes、Brian Campbell、Mike Jones和Jim Schaad对本文的输入和评论。感谢Brian Campbell验证紧凑序列化示例。

Author's Address

作者地址

Matthew Miller Cisco Systems, Inc.

马修·米勒思科系统公司。

   EMail: mamille2@cisco.com
        
   EMail: mamille2@cisco.com