JSON Web Key (JWK) Thumbprint
RFC 7638

Document Type RFC - Proposed Standard (September 2015; No errata)
Last updated 2015-10-14
Stream IETF
Formats plain text pdf html bibtex
Stream WG state Submitted to IESG for Publication
Document shepherd Karen O'Donoghue
Shepherd write-up Show (last changed 2015-06-30)
IESG IESG state RFC 7638 (Proposed Standard)
Consensus Boilerplate Yes
Telechat date
Responsible AD Kathleen Moriarty
Send notices to (None)
IANA IANA review state IANA OK - Actions Needed
IANA action state RFC-Ed-Ack
Internet Engineering Task Force (IETF)                          M. Jones
Request for Comments: 7638                                     Microsoft
Category: Standards Track                                    N. Sakimura
ISSN: 2070-1721                                Nomura Research Institute
                                                          September 2015

                     JSON Web Key (JWK) Thumbprint

Abstract

   This specification defines a method for computing a hash value over a
   JSON Web Key (JWK).  It defines which fields in a JWK are used in the
   hash computation, the method of creating a canonical form for those
   fields, and how to convert the resulting Unicode string into a byte
   sequence to be hashed.  The resulting hash value can be used for
   identifying or selecting the key represented by the JWK that is the
   subject of the thumbprint.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc7638.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Jones & Sakimura             Standards Track                    [Page 1]
RFC 7638              JSON Web Key (JWK) Thumbprint       September 2015

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Notational Conventions  . . . . . . . . . . . . . . . . .   2
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  JSON Web Key (JWK) Thumbprint . . . . . . . . . . . . . . . .   3
     3.1.  Example JWK Thumbprint Computation  . . . . . . . . . . .   4
     3.2.  JWK Members Used in the Thumbprint Computation  . . . . .   6
       3.2.1.  JWK Thumbprint of a Private Key . . . . . . . . . . .   6
       3.2.2.  Why Not Include Optional Members? . . . . . . . . . .   7
     3.3.  Order and Representation of Members in Hash Input . . . .   7
     3.4.  Selection of Hash Function  . . . . . . . . . . . . . . .   8
     3.5.  JWK Thumbprints of Keys Not in JWK Format . . . . . . . .   8
   4.  Practical JSON and Unicode Considerations . . . . . . . . . .   8
   5.  Relationship to Digests of X.509 Values . . . . . . . . . . .   9
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  10
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  10
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  11
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  11
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  12
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  13
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  13

1.  Introduction

   This specification defines a method for computing a hash value
   (a.k.a. digest) over a JSON Web Key (JWK) [JWK].  It defines which
   fields in a JWK are used in the hash computation, the method of
   creating a canonical form for those fields, and how to convert the
   resulting Unicode string into a byte sequence to be hashed.  The
   resulting hash value can be used for identifying or selecting the key
   represented by the JWK that is the subject of the thumbprint, for
   instance, by using the base64url-encoded JWK Thumbprint value as a
   "kid" (key ID) value.

1.1.  Notational Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   "Key words for use in RFCs to Indicate Requirement Levels" [RFC2119].
Show full document text