tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Gloss.     Arch.     IMS     UICC    |    Misc.    |    search     info

RFC 7520

 
 
 

Examples of Protecting Content Using JSON Object Signing and Encryption (JOSE)

Part 2 of 4, p. 11 to 45
Prev RFC Part       Next RFC Part

 


prevText      Top      Up      ToC       Page 11 
4.  JSON Web Signature Examples

   The following sections demonstrate how to generate various JWS
   objects.

   All of the signature examples use the following payload content (an
   abridged quote from "The Fellowship of the Ring" [LOTR-FELLOWSHIP]),
   serialized as UTF-8.  The payload is presented here as a series of
   quoted strings that are concatenated to produce the JWS Payload.  The
   sequence "\xe2\x80\x99" is substituted for (U+2019 RIGHT SINGLE
   QUOTATION MARK), and quotation marks (U+0022 QUOTATION MARK) are
   added for readability but are not present in the JWS Payload.

   "It\xe2\x80\x99s a dangerous business, Frodo, going out your "
   "door. You step onto the road, and if you don't keep your feet, "
   "there\xe2\x80\x99s no knowing where you might be swept off "
   "to."

                    Figure 7: Payload Content Plaintext

Top      Up      ToC       Page 12 
   The payload -- with the sequence "\xe2\x80\x99" replaced with (U+2019
   RIGHT SINGLE QUOTATION MARK) and quotations marks (U+0022 QUOTATION
   MARK) are removed -- is encoded as UTF-8 and then as base64url
   [RFC4648]:

   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4

               Figure 8: Payload Content, base64url-encoded

4.1.  RSA v1.5 Signature

   This example illustrates signing content using the "RS256" (RSASSA-
   PKCS1-v1_5 with SHA-256) algorithm.

   Note that whitespace is added for readability as described in
   Section 1.1.

4.1.1.  Input Factors

   The following are supplied before beginning the signing operation:

   o  Payload content; this example uses the content from Figure 7,
      encoded using base64url [RFC4648] to produce Figure 8.

   o  RSA private key; this example uses the key from Figure 4.

   o  "alg" parameter of "RS256".

4.1.2.  Signing Operation

   The following is generated to complete the signing operation:

   o  JWS Protected Header; this example uses the header from Figure 9,
      encoded using base64url [RFC4648] to produce Figure 10.

   {
     "alg": "RS256",
     "kid": "bilbo.baggins@hobbiton.example"
   }

                    Figure 9: JWS Protected Header JSON

Top      Up      ToC       Page 13 
   eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
   hhbXBsZSJ9

            Figure 10: JWS Protected Header, base64url-encoded

   The JWS Protected Header (Figure 10) and JWS Payload (Figure 8) are
   combined as described in Section 5.1 of [JWS] to produce the JWS
   Signing Input (Figure 11).

   eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
   hhbXBsZSJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4

                       Figure 11: JWS Signing Input

   Performing the signature operation over the JWS Signing Input
   (Figure 11) produces the JWS Signature (Figure 12).

   MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmK
   ZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4J
   IwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8w
   W1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluP
   xUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_f
   cIe8u9ipH84ogoree7vjbU5y18kDquDg

                Figure 12: JWS Signature, base64url-encoded

4.1.3.  Output Results

   The following compose the resulting JWS object:

   o  JWS Protected Header (Figure 9)

   o  Payload content (Figure 8)

   o  Signature (Figure 12)

Top      Up      ToC       Page 14 
   The resulting JWS object using the JWS Compact Serialization:

   eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
   hhbXBsZSJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
   .
   MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmK
   ZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4J
   IwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8w
   W1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluP
   xUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_f
   cIe8u9ipH84ogoree7vjbU5y18kDquDg

                   Figure 13: JWS Compact Serialization

   The resulting JWS object using the general JWS JSON Serialization:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "protected": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2
             dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
         "signature": "MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHo
             xnW2e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII
             7PNDi84wnB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0Rnlt
             uYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPo
             cSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxU
             Ahb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJush
             Z41Axf_fcIe8u9ipH84ogoree7vjbU5y18kDquDg"
       }
     ]
   }

                 Figure 14: General JWS JSON Serialization

Top      Up      ToC       Page 15 
   The resulting JWS object using the flattened JWS JSON Serialization:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "protected": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbn
         NAaG9iYml0b24uZXhhbXBsZSJ9",
     "signature": "MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2
         e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84w
         nB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0RnltuYv746iYTh_q
         HRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPocSadnHXFxnt8Is9U
         zpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxUAhb6L2aXic1U12podGU0
         KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_fcIe8u9ipH84ogore
         e7vjbU5y18kDquDg"
   }

                Figure 15: Flattened JWS JSON Serialization

4.2.  RSA-PSS Signature

   This example illustrates signing content using the "PS384" (RSASSA-
   PSS with SHA-384) algorithm.

   Note that RSASSA-PSS uses random data to generate the signature; it
   might not be possible to exactly replicate the results in this
   section.

   Note that whitespace is added for readability as described in
   Section 1.1.

4.2.1.  Input Factors

   The following are supplied before beginning the signing operation:

   o  Payload content; this example uses the content from Figure 7,
      encoded using base64url [RFC4648] to produce Figure 8.

   o  RSA private key; this example uses the key from Figure 4.

   o  "alg" parameter of "PS384".

Top      Up      ToC       Page 16 
4.2.2.  Signing Operation

   The following is generated to complete the signing operation:

   o  JWS Protected Header; this example uses the header from Figure 16,
      encoded using base64url [RFC4648] to produce Figure 17.

   {
     "alg": "PS384",
     "kid": "bilbo.baggins@hobbiton.example"
   }

                   Figure 16: JWS Protected Header JSON

   eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
   hhbXBsZSJ9

            Figure 17: JWS Protected Header, base64url-encoded

   The JWS Protected Header (Figure 17) and JWS Payload (Figure 8) are
   combined as described in [JWS] to produce the JWS Signing Input
   (Figure 18).

   eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
   hhbXBsZSJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4

                       Figure 18: JWS Signing Input

   Performing the signature operation over the JWS Signing Input
   (Figure 18) produces the JWS Signature (Figure 19).

   cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2I
   pN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXU
   vdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRX
   e8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT
   0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a
   6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw

                Figure 19: JWS Signature, base64url-encoded

Top      Up      ToC       Page 17 
4.2.3.  Output Results

   The following compose the resulting JWS object:

   o  JWS Protected Header (Figure 17)

   o  Payload content (Figure 8)

   o  Signature (Figure 19)

   The resulting JWS object using the JWS Compact Serialization:

   eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
   hhbXBsZSJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
   .
   cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2I
   pN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXU
   vdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRX
   e8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT
   0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a
   6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw

                   Figure 20: JWS Compact Serialization

Top      Up      ToC       Page 18 
   The resulting JWS object using the general JWS JSON Serialization:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "protected": "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2
             dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
         "signature": "cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy
             42miAh2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5
             dDDItllVo6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz2
             8zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vd
             z0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0q
             I0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uT
             OcbH510a6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw"
       }
     ]
   }

                 Figure 21: General JWS JSON Serialization

   The resulting JWS object using the flattened JWS JSON Serialization:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "protected": "eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbn
         NAaG9iYml0b24uZXhhbXBsZSJ9",
     "signature": "cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42mi
         Ah2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllV
         o6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf
         8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vdz0TTrxUeT3lm8d9s
         hnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0qI0n6uiP1aCN_2_jLAeQT
         lqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a6GYmJUAfmWjwZ6oD
         4ifKo8DYM-X72Eaw"
   }

                Figure 22: Flattened JWS JSON Serialization

Top      Up      ToC       Page 19 
4.3.  ECDSA Signature

   This example illustrates signing content using the "ES512" (Elliptic
   Curve Digital Signature Algorithm (ECDSA) with curve P-521 and SHA-
   512) algorithm.

   Note that ECDSA uses random data to generate the signature; it might
   not be possible to exactly replicate the results in this section.

   Note that whitespace is added for readability as described in
   Section 1.1.

4.3.1.  Input Factors

   The following are supplied before beginning the signing operation:

   o  Payload content; this example uses the content from Figure 7,
      encoded using base64url [RFC4648] to produce Figure 8.

   o  EC private key on the curve P-521; this example uses the key from
      Figure 2.

   o  "alg" parameter of "ES512".

4.3.2.  Signing Operation

   The following is generated before beginning the signature process:

   o  JWS Protected Header; this example uses the header from Figure 23,
      encoded using base64url [RFC4648] to produce Figure 24.

   {
     "alg": "ES512",
     "kid": "bilbo.baggins@hobbiton.example"
   }

                   Figure 23: JWS Protected Header JSON

   eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
   hhbXBsZSJ9

            Figure 24: JWS Protected Header, base64url-encoded

Top      Up      ToC       Page 20 
   The JWS Protected Header (Figure 24) and JWS Payload (Figure 8) are
   combined as described in [JWS] to produce the JWS Signing Input
   (Figure 25).

   eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
   hhbXBsZSJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4

                       Figure 25: JWS Signing Input

   Performing the signature operation over the JWS Signing Input
   (Figure 25) produces the JWS Signature (Figure 26).

   AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb
   u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv
   AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2

                Figure 26: JWS Signature, base64url-encoded

4.3.3.  Output Results

   The following compose the resulting JWS object:

   o  JWS Protected Header (Figure 24)

   o  Payload content (Figure 8)

   o  Signature (Figure 26)

   The resulting JWS object using the JWS Compact Serialization:

   eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX
   hhbXBsZSJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
   .
   AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb
   u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv
   AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2

                   Figure 27: JWS Compact Serialization

Top      Up      ToC       Page 21 
   The resulting JWS object using the general JWS JSON Serialization:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "protected": "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2
             dpbnNAaG9iYml0b24uZXhhbXBsZSJ9",
         "signature": "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNl
             aAjP2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mt
             PBu_u_sDDyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBp
             HABlsbEPX6sFY8OcGDqoRuBomu9xQ2"
       }
     ]
   }

                 Figure 28: General JWS JSON Serialization

   The resulting JWS object using the flattened JWS JSON Serialization:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "protected": "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbn
         NAaG9iYml0b24uZXhhbXBsZSJ9",
     "signature": "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP
         2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sD
         DyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBpHABlsbEPX6sF
         Y8OcGDqoRuBomu9xQ2"
   }

                Figure 29: Flattened JWS JSON Serialization

4.4.  HMAC-SHA2 Integrity Protection

   This example illustrates integrity protecting content using the
   "HS256" (HMAC-SHA-256) algorithm.

   Note that whitespace is added for readability as described in
   Section 1.1.

Top      Up      ToC       Page 22 
4.4.1.  Input Factors

   The following are supplied before beginning the signing operation:

   o  Payload content; this example uses the content from Figure 7,
      encoded using base64url [RFC4648] to produce Figure 8.

   o  HMAC symmetric key; this example uses the key from Figure 5.

   o  "alg" parameter of "HS256".

4.4.2.  Signing Operation

   The following is generated before completing the signing operation:

   o  JWS Protected Header; this example uses the header from Figure 30,
      encoded using base64url [RFC4648] to produce Figure 31.

   {
     "alg": "HS256",
     "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
   }

                   Figure 30: JWS Protected Header JSON

   eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
   VlZjMxNGJjNzAzNyJ9

            Figure 31: JWS Protected Header, base64url-encoded

   The JWS Protected Header (Figure 31) and JWS Payload (Figure 8) are
   combined as described in [JWS] to produce the JWS Signing Input
   (Figure 32).

   eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
   VlZjMxNGJjNzAzNyJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4

                       Figure 32: JWS Signing Input

Top      Up      ToC       Page 23 
   Performing the signature operation over the JWS Signing Input
   (Figure 32) produces the JWS Signature (Figure 33).

   s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0

                Figure 33: JWS Signature, base64url-encoded

4.4.3.  Output Results

   The following compose the resulting JWS object:

   o  JWS Protected Header (Figure 31)

   o  Payload content (Figure 8)

   o  Signature (Figure 33)

   The resulting JWS object using the JWS Compact Serialization:

   eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
   VlZjMxNGJjNzAzNyJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4
   .
   s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0

                   Figure 34: JWS Compact Serialization

Top      Up      ToC       Page 24 
   The resulting JWS object using the general JWS JSON Serialization:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
             RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
         "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
             0"
       }
     ]
   }

                 Figure 35: General JWS JSON Serialization

   The resulting JWS object using the flattened JWS JSON Serialization:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW
         ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
     "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"
   }

                Figure 36: Flattened JWS JSON Serialization

4.5.  Signature with Detached Content

   This example illustrates a signature with detached content.  This
   example is identical to other examples in Section 4, except the
   resulting JWS objects do not include the JWS Payload field.  Instead,
   the application is expected to locate it elsewhere.  For example, the
   signature might be in a metadata section, with the payload being the
   content.

   Note that whitespace is added for readability as described in
   Section 1.1.

Top      Up      ToC       Page 25 
4.5.1.  Input Factors

   The following are supplied before beginning the signing operation:

   o  Payload content; this example uses the content from Figure 7,
      encoded using base64url [RFC4648] to produce Figure 8.

   o  Signing key; this example uses the AES symmetric key from
      Figure 5.

   o  Signing algorithm; this example uses "HS256".

4.5.2.  Signing Operation

   The following is generated before completing the signing operation:

   o  JWS Protected Header; this example uses the header from Figure 37,
      encoded using base64url [RFC4648] to produce Figure 38.

   {
     "alg": "HS256",
     "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
   }

                   Figure 37: JWS Protected Header JSON

   eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
   VlZjMxNGJjNzAzNyJ9

            Figure 38: JWS Protected Header, base64url-encoded

   The JWS Protected Header (Figure 38) and JWS Payload (Figure 8) are
   combined as described in [JWS] to produce the JWS Signing Input
   (Figure 39).

   eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
   VlZjMxNGJjNzAzNyJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4

                       Figure 39: JWS Signing Input

Top      Up      ToC       Page 26 
   Performing the signature operation over the JWS Signing Input
   (Figure 39) produces the JWS Signature (Figure 40).

   s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0

                Figure 40: JWS Signature, base64url-encoded

4.5.3.  Output Results

   The following compose the resulting JWS object:

   o  JWS Protected Header (Figure 38)

   o  Signature (Figure 40)

   The resulting JWS object using the JWS Compact Serialization:

   eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
   VlZjMxNGJjNzAzNyJ9
   .
   .
   s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0

                 Figure 41: General JWS JSON Serialization

   The resulting JWS object using the general JWS JSON Serialization:

   {
     "signatures": [
       {
         "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
             RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
         "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
             0"
       }
     ]
   }

                 Figure 42: General JWS JSON Serialization

Top      Up      ToC       Page 27 
   The resulting JWS object using the flattened JWS JSON Serialization:

   {
     "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW
         ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
     "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"
   }

                Figure 43: Flattened JWS JSON Serialization

4.6.  Protecting Specific Header Fields

   This example illustrates a signature where only certain Header
   Parameters are protected.  Since this example contains both
   unprotected and protected Header Parameters, only the general JWS
   JSON Serialization and flattened JWS JSON Serialization are possible.

   Note that whitespace is added for readability as described in
   Section 1.1.

4.6.1.  Input Factors

   The following are supplied before beginning the signing operation:

   o  Payload content; this example uses the content from Figure 7,
      encoded using base64url [RFC4648] to produce Figure 8.

   o  Signing key; this example uses the AES symmetric key from
      Figure 5.

   o  Signing algorithm; this example uses "HS256".

4.6.2.  Signing Operation

   The following are generated before completing the signing operation:

   o  JWS Protected Header; this example uses the header from Figure 44,
      encoded using base64url [RFC4648] to produce Figure 45.

   o  JWS Unprotected Header; this example uses the header from
      Figure 46.

   {
     "alg": "HS256"
   }

                   Figure 44: JWS Protected Header JSON

Top      Up      ToC       Page 28 
   eyJhbGciOiJIUzI1NiJ9

            Figure 45: JWS Protected Header, base64url-encoded

   {
     "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
   }

                  Figure 46: JWS Unprotected Header JSON

   The JWS Protected Header (Figure 45) and JWS Payload (Figure 8) are
   combined as described in [JWS] to produce the JWS Signing Input
   (Figure 47).

   eyJhbGciOiJIUzI1NiJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4

                       Figure 47: JWS Signing Input

   Performing the signature operation over the JWS Signing Input
   (Figure 47) produces the JWS Signature (Figure 48).

   bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr20

                Figure 48: JWS Signature, base64url-encoded

4.6.3.  Output Results

   The following compose the resulting JWS object:

   o  JWS Protected Header (Figure 45)

   o  JWS Unprotected Header (Figure 46)

   o  Payload content (Figure 8)

   o  Signature (Figure 48)

   The JWS Compact Serialization is not presented because it does not
   support this use case.

Top      Up      ToC       Page 29 
   The resulting JWS object using the general JWS JSON Serialization:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "protected": "eyJhbGciOiJIUzI1NiJ9",
         "header": {
           "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
         },
         "signature": "bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr2
             0"
       }
     ]
   }

                 Figure 49: General JWS JSON Serialization

   The resulting JWS object using the flattened JWS JSON Serialization:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "protected": "eyJhbGciOiJIUzI1NiJ9",
     "header": {
       "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
     },
     "signature": "bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr20"
   }

                Figure 50: Flattened JWS JSON Serialization

4.7.  Protecting Content Only

   This example illustrates a signature where none of the Header
   Parameters are protected.  Since this example contains only
   unprotected Header Parameters, only the general JWS JSON
   Serialization and flattened JWS JSON Serialization are possible.

   Note that whitespace is added for readability as described in
   Section 1.1.

Top      Up      ToC       Page 30 
4.7.1.  Input Factors

   The following are supplied before beginning the signing operation:

   o  Payload content; this example uses the content from Figure 7,
      encoded using base64url [RFC4648] to produce Figure 8.

   o  Signing key; this example uses the AES symmetric key from
      Figure 5.

   o  Signing algorithm; this example uses "HS256".

4.7.2.  Signing Operation

   The following is generated before completing the signing operation:

   o  JWS Unprotected Header; this example uses the header from
      Figure 51.

   {
     "alg": "HS256",
     "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
   }

                  Figure 51: JWS Unprotected Header JSON

   The empty string (as there is no JWS Protected Header) and JWS
   Payload (Figure 8) are combined as described in [JWS] to produce the
   JWS Signing Input (Figure 52).

   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4

                       Figure 52: JWS Signing Input

   Performing the signature operation over the JWS Signing Input
   (Figure 52) produces the JWS Signature (Figure 53).

   xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZuk

                Figure 53: JWS Signature, base64url-encoded

Top      Up      ToC       Page 31 
4.7.3.  Output Results

   The following compose the resulting JWS object:

   o  JWS Unprotected Header (Figure 51)

   o  Payload content (Figure 8)

   o  Signature (Figure 53)

   The JWS Compact Serialization is not presented because it does not
   support this use case.

   The resulting JWS object using the general JWS JSON Serialization:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "header": {
           "alg": "HS256",
           "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
         },
         "signature": "xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZu
             k"
       }
     ]
   }

                 Figure 54: General JWS JSON Serialization

Top      Up      ToC       Page 32 
   The resulting JWS object using the flattened JWS JSON Serialization:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "header": {
       "alg": "HS256",
       "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
     },
     "signature": "xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZuk"
   }

                Figure 55: Flattened JWS JSON Serialization

4.8.  Multiple Signatures

   This example illustrates multiple signatures applied to the same
   payload.  Since this example contains more than one signature, only
   the JSON General Serialization is possible.

   Note that whitespace is added for readability as described in
   Section 1.1.

4.8.1.  Input Factors

   The following are supplied before beginning the signing operation:

   o  Payload content; this example uses the content from Figure 7,
      encoded using base64url [RFC4648] to produce Figure 8.

   o  Signing keys; this example uses the following:

      *  RSA private key from Figure 4 for the first signature

      *  EC private key from Figure 2 for the second signature

      *  AES symmetric key from Figure 5 for the third signature

   o  Signing algorithms; this example uses the following:

      *  "RS256" for the first signature

      *  "ES512" for the second signature

      *  "HS256" for the third signature

Top      Up      ToC       Page 33 
4.8.2.  First Signing Operation

   The following are generated before completing the first signing
   operation:

   o  JWS Protected Header; this example uses the header from Figure 56,
      encoded using base64url [RFC4648] to produce Figure 57.

   o  JWS Unprotected Header; this example uses the header from
      Figure 58.

   {
     "alg": "RS256"
   }

             Figure 56: Signature #1 JWS Protected Header JSON

   eyJhbGciOiJSUzI1NiJ9

      Figure 57: Signature #1 JWS Protected Header, base64url-encoded

   {
     "kid": "bilbo.baggins@hobbiton.example"
   }

            Figure 58: Signature #1 JWS Unprotected Header JSON

   The JWS Protected Header (Figure 57) and JWS Payload (Figure 8) are
   combined as described in [JWS] to produce the JWS Signing Input
   (Figure 59).

   eyJhbGciOiJSUzI1NiJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4

                       Figure 59: JWS Signing Input

Top      Up      ToC       Page 34 
   Performing the signature operation over the JWS Signing Input
   (Figure 59) produces the JWS Signature (Figure 60).

   MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5NvyG53uoimic1tcMdSg-qpt
   rzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFcryNFiHkSw129EghGpwkpxaTn_THJTC
   glNbADko1MZBCdwzJxwqZc-1RlpO2HibUYyXSwO97BSe0_evZKdjvvKSgsIqjy
   tKSeAMbhMBdMma622_BG5t4sdbuCHtFjp9iJmkio47AIwqkZV1aIZsv33uPUqB
   BCXbYoQJwt7mxPftHmNlGoOSMxR_3thmXTCm4US-xiNOyhbm8afKK64jU6_TPt
   QHiJeQJxz9G3Tx-083B745_AfYOnlC9w

              Figure 60: JWS Signature #1, base64url-encoded

   The following is the assembled first signature serialized as JSON:

   {
     "protected": "eyJhbGciOiJSUzI1NiJ9",
     "header": {
       "kid": "bilbo.baggins@hobbiton.example"
     },
     "signature": "MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5NvyG53u
         oimic1tcMdSg-qptrzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFcryNFiHkS
         w129EghGpwkpxaTn_THJTCglNbADko1MZBCdwzJxwqZc-1RlpO2HibUY
         yXSwO97BSe0_evZKdjvvKSgsIqjytKSeAMbhMBdMma622_BG5t4sdbuC
         HtFjp9iJmkio47AIwqkZV1aIZsv33uPUqBBCXbYoQJwt7mxPftHmNlGo
         OSMxR_3thmXTCm4US-xiNOyhbm8afKK64jU6_TPtQHiJeQJxz9G3Tx-0
         83B745_AfYOnlC9w"
   }

                       Figure 61: Signature #1 JSON

4.8.3.  Second Signing Operation

   The following is generated before completing the second signing
   operation:

   o  JWS Unprotected Header; this example uses the header from
      Figure 62.

   {
     "alg": "ES512",
     "kid": "bilbo.baggins@hobbiton.example"
   }

            Figure 62: Signature #2 JWS Unprotected Header JSON

Top      Up      ToC       Page 35 
   The empty string (as there is no JWS Protected Header) and JWS
   Payload (Figure 8) are combined as described in [JWS] to produce the
   JWS Signing Input (Figure 63).

   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4

                       Figure 63: JWS Signing Input

   Performing the signature operation over the JWS Signing Input
   (Figure 63) produces the JWS Signature (Figure 64).

   ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhcdCoFZFFjfISu0Cdkn9Yb
   dlmi54ho0x924DUz8sK7ZXkhc7AFM8ObLfTvNCrqcI3Jkl2U5IX3utNhODH6v7
   xgy1Qahsn0fyb4zSAkje8bAWz4vIfj5pCMYxxm4fgV3q7ZYhm5eD

              Figure 64: JWS Signature #2, base64url-encoded

   The following is the assembled second signature serialized as JSON:

   {
     "header": {
       "alg": "ES512",
       "kid": "bilbo.baggins@hobbiton.example"
     },
     "signature": "ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhcdCoF
         ZFFjfISu0Cdkn9Ybdlmi54ho0x924DUz8sK7ZXkhc7AFM8ObLfTvNCrq
         cI3Jkl2U5IX3utNhODH6v7xgy1Qahsn0fyb4zSAkje8bAWz4vIfj5pCM
         Yxxm4fgV3q7ZYhm5eD"
   }

                       Figure 65: Signature #2 JSON

Top      Up      ToC       Page 36 
4.8.4.  Third Signing Operation

   The following is generated before completing the third signing
   operation:

   o  JWS Protected Header; this example uses the header from Figure 66,
      encoded using base64url [RFC4648] to produce Figure 67.

   {
     "alg": "HS256",
     "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037"
   }

             Figure 66: Signature #3 JWS Protected Header JSON

   eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
   VlZjMxNGJjNzAzNyJ9

      Figure 67: Signature #3 JWS Protected Header, base64url-encoded

   The JWS Protected Header (Figure 67) and JWS Payload (Figure 8) are
   combined as described in [JWS] to produce the JWS Signing Input
   (Figure 68).

   eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW
   VlZjMxNGJjNzAzNyJ9
   .
   SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH
   lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk
   b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm
   UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4

                       Figure 68: JWS Signing Input

   Performing the signature operation over the JWS Signing Input
   (Figure 68) produces the JWS Signature (Figure 69).

   s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0

              Figure 69: JWS Signature #3, base64url-encoded

Top      Up      ToC       Page 37 
   The following is the assembled third signature serialized as JSON:

   {
     "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOW
         ItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
     "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"
   }

                       Figure 70: Signature #3 JSON

4.8.5.  Output Results

   The following compose the resulting JWS object:

   o  Payload content (Figure 8)

   o  Signature #1 JSON (Figure 61)

   o  Signature #2 JSON (Figure 65)

   o  Signature #3 JSON (Figure 70)

   The JWS Compact Serialization is not presented because it does not
   support this use case; the flattened JWS JSON Serialization is not
   presented because there is more than one signature.

Top      Up      ToC       Page 38 
   The resulting JWS object using the general JWS JSON Serialization:

   {
     "payload": "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg
         Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h
         ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi
         gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m
         ZiB0by4",
     "signatures": [
       {
         "protected": "eyJhbGciOiJSUzI1NiJ9",
         "header": {
           "kid": "bilbo.baggins@hobbiton.example"
         },
         "signature": "MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5Nvy
             G53uoimic1tcMdSg-qptrzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFc
             ryNFiHkSw129EghGpwkpxaTn_THJTCglNbADko1MZBCdwzJxwqZc
             -1RlpO2HibUYyXSwO97BSe0_evZKdjvvKSgsIqjytKSeAMbhMBdM
             ma622_BG5t4sdbuCHtFjp9iJmkio47AIwqkZV1aIZsv33uPUqBBC
             XbYoQJwt7mxPftHmNlGoOSMxR_3thmXTCm4US-xiNOyhbm8afKK6
             4jU6_TPtQHiJeQJxz9G3Tx-083B745_AfYOnlC9w"
       },
       {
         "header": {
           "alg": "ES512",
           "kid": "bilbo.baggins@hobbiton.example"
         },
         "signature": "ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhc
             dCoFZFFjfISu0Cdkn9Ybdlmi54ho0x924DUz8sK7ZXkhc7AFM8Ob
             LfTvNCrqcI3Jkl2U5IX3utNhODH6v7xgy1Qahsn0fyb4zSAkje8b
             AWz4vIfj5pCMYxxm4fgV3q7ZYhm5eD"
       },
       {
         "protected": "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LT
             RkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9",
         "signature": "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p
             0"
       }
     ]
   }

                 Figure 71: General JWS JSON Serialization

Top      Up      ToC       Page 39 
5.  JSON Web Encryption Examples

   The following sections demonstrate how to generate various JWE
   objects.

   All of the encryption examples (unless otherwise noted) use the
   following Plaintext content (an abridged quote from "The Fellowship
   of the Ring" [LOTR-FELLOWSHIP]), serialized as UTF-8.  The Plaintext
   is presented here as a series of quoted strings that are concatenated
   to produce the JWE Plaintext.  The sequence "\xe2\x80\x93" is
   substituted for (U+2013 EN DASH), and quotation marks (U+0022
   QUOTATION MARK) are added for readability but are not present in the
   JWE Plaintext.

   "You can trust us to stick with you through thick and "
   "thin\xe2\x80\x93to the bitter end. And you can trust us to "
   "keep any secret of yours\xe2\x80\x93closer than you keep it "
   "yourself. But you cannot trust us to let you face trouble "
   "alone, and go off without a word. We are your friends, Frodo."

                       Figure 72: Plaintext Content

5.1.  Key Encryption Using RSA v1.5 and AES-HMAC-SHA2

   This example illustrates encrypting content using the "RSA1_5"
   (RSAES-PKCS1-v1_5) key encryption algorithm and the "A128CBC-HS256"
   (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.

   Note that RSAES-PKCS1-v1_5 uses random data to generate the
   ciphertext; it might not be possible to exactly replicate the results
   in this section.

   Note that only the RSA public key is necessary to perform the
   encryption.  However, the example includes the RSA private key to
   allow readers to validate the output.

   Note that whitespace is added for readability as described in
   Section 1.1.

5.1.1.  Input Factors

   The following are supplied before beginning the encryption process:

   o  Plaintext content; this example uses the content from Figure 72.

   o  RSA public key; this example uses the key from Figure 73.

Top      Up      ToC       Page 40 
   o  "alg" parameter of "RSA1_5".

   o  "enc" parameter of "A128CBC-HS256".

   {
     "kty": "RSA",
     "kid": "frodo.baggins@hobbiton.example",
     "use": "enc",
     "n": "maxhbsmBtdQ3CNrKvprUE6n9lYcregDMLYNeTAWcLj8NnPU9XIYegT
         HVHQjxKDSHP2l-F5jS7sppG1wgdAqZyhnWvXhYNvcM7RfgKxqNx_xAHx
         6f3yy7s-M9PSNCwPC2lh6UAkR4I00EhV9lrypM9Pi4lBUop9t5fS9W5U
         NwaAllhrd-osQGPjIeI1deHTwx-ZTHu3C60Pu_LJIl6hKn9wbwaUmA4c
         R5Bd2pgbaY7ASgsjCUbtYJaNIHSoHXprUdJZKUMAzV0WOKPfA6OPI4oy
         pBadjvMZ4ZAj3BnXaSYsEZhaueTXvZB4eZOAjIyh2e_VOIKVMsnDrJYA
         VotGlvMQ",
     "e": "AQAB",
     "d": "Kn9tgoHfiTVi8uPu5b9TnwyHwG5dK6RE0uFdlpCGnJN7ZEi963R7wy
         bQ1PLAHmpIbNTztfrheoAniRV1NCIqXaW_qS461xiDTp4ntEPnqcKsyO
         5jMAji7-CL8vhpYYowNFvIesgMoVaPRYMYT9TW63hNM0aWs7USZ_hLg6
         Oe1mY0vHTI3FucjSM86Nff4oIENt43r2fspgEPGRrdE6fpLc9Oaq-qeP
         1GFULimrRdndm-P8q8kvN3KHlNAtEgrQAgTTgz80S-3VD0FgWfgnb1PN
         miuPUxO8OpI9KDIfu_acc6fg14nsNaJqXe6RESvhGPH2afjHqSy_Fd2v
         pzj85bQQ",
     "p": "2DwQmZ43FoTnQ8IkUj3BmKRf5Eh2mizZA5xEJ2MinUE3sdTYKSLtaE
         oekX9vbBZuWxHdVhM6UnKCJ_2iNk8Z0ayLYHL0_G21aXf9-unynEpUsH
         7HHTklLpYAzOOx1ZgVljoxAdWNn3hiEFrjZLZGS7lOH-a3QQlDDQoJOJ
         2VFmU",
     "q": "te8LY4-W7IyaqH1ExujjMqkTAlTeRbv0VLQnfLY2xINnrWdwiQ93_V
         F099aP1ESeLja2nw-6iKIe-qT7mtCPozKfVtUYfz5HrJ_XY2kfexJINb
         9lhZHMv5p1skZpeIS-GPHCC6gRlKo1q-idn_qxyusfWv7WAxlSVfQfk8
         d6Et0",
     "dp": "UfYKcL_or492vVc0PzwLSplbg4L3-Z5wL48mwiswbpzOyIgd2xHTH
         QmjJpFAIZ8q-zf9RmgJXkDrFs9rkdxPtAsL1WYdeCT5c125Fkdg317JV
         RDo1inX7x2Kdh8ERCreW8_4zXItuTl_KiXZNU5lvMQjWbIw2eTx1lpsf
         lo0rYU",
     "dq": "iEgcO-QfpepdH8FWd7mUFyrXdnOkXJBCogChY6YKuIHGc_p8Le9Mb
         pFKESzEaLlN1Ehf3B6oGBl5Iz_ayUlZj2IoQZ82znoUrpa9fVYNot87A
         CfzIG7q9Mv7RiPAderZi03tkVXAdaBau_9vs5rS-7HMtxkVrxSUvJY14
         TkXlHE",
     "qi": "kC-lzZOqoFaZCr5l0tOVtREKoVqaAYhQiqIRGL-MzS4sCmRkxm5vZ
         lXYx6RtE1n_AagjqajlkjieGlxTTThHD8Iga6foGBMaAr5uR1hGQpSc7
         Gl7CF1DZkBJMTQN6EshYzZfxW08mIO8M6Rzuh0beL6fG9mkDcIyPrBXx
         2bQ_mM"
   }

                Figure 73: RSA 2048-Bit Key, in JWK Format

Top      Up      ToC       Page 41 
   (NOTE: While the key includes the private parameters, only the public
   parameters "e" and "n" are necessary for the encryption operation.)

5.1.2.  Generated Factors

   The following are generated before encrypting:

   o  AES symmetric key as the Content Encryption Key (CEK); this
      example uses the key from Figure 74.

   o  Initialization Vector; this example uses the Initialization Vector
      from Figure 75.

   3qyTVhIWt5juqZUCpfRqpvauwB956MEJL2Rt-8qXKSo

           Figure 74: Content Encryption Key, base64url-encoded

   bbd5sTkYwhAIqfHsx8DayA

            Figure 75: Initialization Vector, base64url-encoded

5.1.3.  Encrypting the Key

   Performing the key encryption operation over the CEK (Figure 74) with
   the RSA key (Figure 73) results in the following Encrypted Key:

   laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePF
   vG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2G
   Xfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcG
   TSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8Vl
   zNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOh
   MBs9M8XL223Fg47xlGsMXdfuY-4jaqVw

                Figure 76: Encrypted Key, base64url-encoded

Top      Up      ToC       Page 42 
5.1.4.  Encrypting the Content

   The following is generated before encrypting the Plaintext:

   o  JWE Protected Header; this example uses the header from Figure 77,
      encoded using base64url [RFC4648] to produce Figure 78.

   {
     "alg": "RSA1_5",
     "kid": "frodo.baggins@hobbiton.example",
     "enc": "A128CBC-HS256"
   }

                   Figure 77: JWE Protected Header JSON

   eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm
   V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0

            Figure 78: JWE Protected Header, base64url-encoded

   Performing the content encryption operation on the Plaintext
   (Figure 72) using the following:

   o  CEK (Figure 74);

   o  Initialization Vector (Figure 75); and

   o  JWE Protected Header (Figure 77) as authenticated data

   produces the following:

   o  Ciphertext from Figure 79.

   o  Authentication Tag from Figure 80.

   0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_r
   aa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8O
   WzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZV
   yeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0
   zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2
   O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VW
   i7lzA6BP430m

                 Figure 79: Ciphertext, base64url-encoded

   kvKuFBXHe5mQr4lqgobAUg

             Figure 80: Authentication Tag, base64url-encoded

Top      Up      ToC       Page 43 
5.1.5.  Output Results

   The following compose the resulting JWE object:

   o  JWE Protected Header (Figure 78)

   o  Encrypted Key (Figure 76)

   o  Initialization Vector (Figure 75)

   o  Ciphertext (Figure 79)

   o  Authentication Tag (Figure 80)

   The resulting JWE object using the JWE Compact Serialization:

   eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLm
   V4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0
   .
   laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePF
   vG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2G
   Xfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcG
   TSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8Vl
   zNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOh
   MBs9M8XL223Fg47xlGsMXdfuY-4jaqVw
   .
   bbd5sTkYwhAIqfHsx8DayA
   .
   0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_r
   aa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8O
   WzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZV
   yeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0
   zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2
   O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VW
   i7lzA6BP430m
   .
   kvKuFBXHe5mQr4lqgobAUg

                   Figure 81: JWE Compact Serialization

Top      Up      ToC       Page 44 
   The resulting JWE object using the general JWE JSON Serialization:

   {
     "recipients": [
       {
         "encrypted_key": "laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzf
             TihJBuuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai_
             _3TDON395H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WX
             C2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt
             36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8
             VlzNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx
             1BpyIfgvfjOhMBs9M8XL223Fg47xlGsMXdfuY-4jaqVw"
       }
     ],
     "protected": "eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW
         5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In
         0",
     "iv": "bbd5sTkYwhAIqfHsx8DayA",
     "ciphertext": "0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62
         JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wn
         I3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc
         2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtm
         RdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0y
         KVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4c
         tHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP4
         30m",
     "tag": "kvKuFBXHe5mQr4lqgobAUg"
   }

                 Figure 82: General JWE JSON Serialization

Top      Up      ToC       Page 45 
   The resulting JWE object using the flattened JWE JSON Serialization:

   {
     "protected": "eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW
         5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In
         0",
     "encrypted_key": "laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJ
         Buuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai__3TDON39
         5H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WXC2F5Xbb71ClQ
         1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt36r1Kt3OSj7EyBQX
         oZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8VlzNmoxaGMny3YnGir5W
         f6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOhMBs9M8XL223F
         g47xlGsMXdfuY-4jaqVw",
     "iv": "bbd5sTkYwhAIqfHsx8DayA",
     "ciphertext": "0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62
         JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wn
         I3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc
         2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtm
         RdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0y
         KVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4c
         tHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP4
         30m",
     "tag": "kvKuFBXHe5mQr4lqgobAUg"
   }

                Figure 83: Flattened JWE JSON Serialization



(page 45 continued on part 3)

Next RFC Part