tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Glossaries     Architecture     IMS     UICC    |    search     info

RFC 7520

 
 
 

Examples of Protecting Content Using JSON Object Signing and Encryption (JOSE)

Part 3 of 4, p. 45 to 83
Prev RFC Part       Next RFC Part

 


prevText      Top      Up      ToC       Page 45 
5.2.  Key Encryption Using RSA-OAEP with AES-GCM

   This example illustrates encrypting content using the "RSA-OAEP"
   (RSAES-OAEP) key encryption algorithm and the "A256GCM" (AES-GCM)
   content encryption algorithm.

   Note that RSAES-OAEP uses random data to generate the ciphertext; it
   might not be possible to exactly replicate the results in this
   section.

   Note that only the RSA public key is necessary to perform the
   encryption.  However, the example includes the RSA private key to
   allow readers to validate the output.

   Note that whitespace is added for readability as described in
   Section 1.1.

Top      Up      ToC       Page 46 
5.2.1.  Input Factors

   The following are supplied before beginning the encryption process:

   o  Plaintext content; this example uses the Plaintext from Figure 72.

   o  RSA public key; this example uses the key from Figure 84.

   o  "alg" parameter of "RSA-OAEP".

   o  "enc" parameter of "A256GCM".

   {
     "kty": "RSA",
     "kid": "samwise.gamgee@hobbiton.example",
     "use": "enc",
     "n": "wbdxI55VaanZXPY29Lg5hdmv2XhvqAhoxUkanfzf2-5zVUxa6prHRr
         I4pP1AhoqJRlZfYtWWd5mmHRG2pAHIlh0ySJ9wi0BioZBl1XP2e-C-Fy
         XJGcTy0HdKQWlrfhTm42EW7Vv04r4gfao6uxjLGwfpGrZLarohiWCPnk
         Nrg71S2CuNZSQBIPGjXfkmIy2tl_VWgGnL22GplyXj5YlBLdxXp3XeSt
         sqo571utNfoUTU8E4qdzJ3U1DItoVkPGsMwlmmnJiwA7sXRItBCivR4M
         5qnZtdw-7v4WuR4779ubDuJ5nalMv2S66-RPcnFAzWSKxtBDnFJJDGIU
         e7Tzizjg1nms0Xq_yPub_UOlWn0ec85FCft1hACpWG8schrOBeNqHBOD
         FskYpUc2LC5JA2TaPF2dA67dg1TTsC_FupfQ2kNGcE1LgprxKHcVWYQb
         86B-HozjHZcqtauBzFNV5tbTuB-TpkcvJfNcFLlH3b8mb-H_ox35FjqB
         SAjLKyoeqfKTpVjvXhd09knwgJf6VKq6UC418_TOljMVfFTWXUxlnfhO
         OnzW6HSSzD1c9WrCuVzsUMv54szidQ9wf1cYWf3g5qFDxDQKis99gcDa
         iCAwM3yEBIzuNeeCa5dartHDb1xEB_HcHSeYbghbMjGfasvKn0aZRsnT
         yC0xhWBlsolZE",
     "e": "AQAB",
     "alg": "RSA-OAEP",
     "d": "n7fzJc3_WG59VEOBTkayzuSMM780OJQuZjN_KbH8lOZG25ZoA7T4Bx
         cc0xQn5oZE5uSCIwg91oCt0JvxPcpmqzaJZg1nirjcWZ-oBtVk7gCAWq
         -B3qhfF3izlbkosrzjHajIcY33HBhsy4_WerrXg4MDNE4HYojy68TcxT
         2LYQRxUOCf5TtJXvM8olexlSGtVnQnDRutxEUCwiewfmmrfveEogLx9E
         A-KMgAjTiISXxqIXQhWUQX1G7v_mV_Hr2YuImYcNcHkRvp9E7ook0876
         DhkO8v4UOZLwA1OlUX98mkoqwc58A_Y2lBYbVx1_s5lpPsEqbbH-nqIj
         h1fL0gdNfihLxnclWtW7pCztLnImZAyeCWAG7ZIfv-Rn9fLIv9jZ6r7r
         -MSH9sqbuziHN2grGjD_jfRluMHa0l84fFKl6bcqN1JWxPVhzNZo01yD
         F-1LiQnqUYSepPf6X3a2SOdkqBRiquE6EvLuSYIDpJq3jDIsgoL8Mo1L
         oomgiJxUwL_GWEOGu28gplyzm-9Q0U0nyhEf1uhSR8aJAQWAiFImWH5W
         _IQT9I7-yrindr_2fWQ_i1UgMsGzA7aOGzZfPljRy6z-tY_KuBG00-28
         S_aWvjyUc-Alp8AUyKjBZ-7CWH32fGWK48j1t-zomrwjL_mnhsPbGs0c
         9WsWgRzI-K8gE",
     "p": "7_2v3OQZzlPFcHyYfLABQ3XP85Es4hCdwCkbDeltaUXgVy9l9etKgh
         vM4hRkOvbb01kYVuLFmxIkCDtpi-zLCYAdXKrAK3PtSbtzld_XZ9nlsY
         a_QZWpXB_IrtFjVfdKUdMz94pHUhFGFj7nr6NNxfpiHSHWFE1zD_AC3m
         Y46J961Y2LRnreVwAGNw53p07Db8yD_92pDa97vqcZOdgtybH9q6uma-

Top      Up      ToC       Page 47 
         RFNhO1AoiJhYZj69hjmMRXx-x56HO9cnXNbmzNSCFCKnQmn4GQLmRj9s
         fbZRqL94bbtE4_e0Zrpo8RNo8vxRLqQNwIy85fc6BRgBJomt8QdQvIgP
         gWCv5HoQ",
     "q": "zqOHk1P6WN_rHuM7ZF1cXH0x6RuOHq67WuHiSknqQeefGBA9PWs6Zy
         KQCO-O6mKXtcgE8_Q_hA2kMRcKOcvHil1hqMCNSXlflM7WPRPZu2qCDc
         qssd_uMbP-DqYthH_EzwL9KnYoH7JQFxxmcv5An8oXUtTwk4knKjkIYG
         RuUwfQTus0w1NfjFAyxOOiAQ37ussIcE6C6ZSsM3n41UlbJ7TCqewzVJ
         aPJN5cxjySPZPD3Vp01a9YgAD6a3IIaKJdIxJS1ImnfPevSJQBE79-EX
         e2kSwVgOzvt-gsmM29QQ8veHy4uAqca5dZzMs7hkkHtw1z0jHV90epQJ
         JlXXnH8Q",
     "dp": "19oDkBh1AXelMIxQFm2zZTqUhAzCIr4xNIGEPNoDt1jK83_FJA-xn
         x5kA7-1erdHdms_Ef67HsONNv5A60JaR7w8LHnDiBGnjdaUmmuO8XAxQ
         J_ia5mxjxNjS6E2yD44USo2JmHvzeeNczq25elqbTPLhUpGo1IZuG72F
         ZQ5gTjXoTXC2-xtCDEUZfaUNh4IeAipfLugbpe0JAFlFfrTDAMUFpC3i
         XjxqzbEanflwPvj6V9iDSgjj8SozSM0dLtxvu0LIeIQAeEgT_yXcrKGm
         pKdSO08kLBx8VUjkbv_3Pn20Gyu2YEuwpFlM_H1NikuxJNKFGmnAq9Lc
         nwwT0jvoQ",
     "dq": "S6p59KrlmzGzaQYQM3o0XfHCGvfqHLYjCO557HYQf72O9kLMCfd_1
         VBEqeD-1jjwELKDjck8kOBl5UvohK1oDfSP1DleAy-cnmL29DqWmhgwM
         1ip0CCNmkmsmDSlqkUXDi6sAaZuntyukyflI-qSQ3C_BafPyFaKrt1fg
         dyEwYa08pESKwwWisy7KnmoUvaJ3SaHmohFS78TJ25cfc10wZ9hQNOrI
         ChZlkiOdFCtxDqdmCqNacnhgE3bZQjGp3n83ODSz9zwJcSUvODlXBPc2
         AycH6Ci5yjbxt4Ppox_5pjm6xnQkiPgj01GpsUssMmBN7iHVsrE7N2iz
         nBNCeOUIQ",
     "qi": "FZhClBMywVVjnuUud-05qd5CYU0dK79akAgy9oX6RX6I3IIIPckCc
         iRrokxglZn-omAY5CnCe4KdrnjFOT5YUZE7G_Pg44XgCXaarLQf4hl80
         oPEf6-jJ5Iy6wPRx7G2e8qLxnh9cOdf-kRqgOS3F48Ucvw3ma5V6KGMw
         QqWFeV31XtZ8l5cVI-I3NzBS7qltpUVgz2Ju021eyc7IlqgzR98qKONl
         27DuEES0aK0WE97jnsyO27Yp88Wa2RiBrEocM89QZI1seJiGDizHRUP4
         UZxw9zsXww46wy0P6f9grnYp7t8LkyDDk8eoI4KX6SNMNVcyVS9IWjlq
         8EzqZEKIA"
   }

                        Figure 84: RSA 4096-Bit Key

   (NOTE: While the key includes the private parameters, only the public
   parameters "e" and "n" are necessary for the encryption operation.)

5.2.2.  Generated Factors

   The following are generated before encrypting:

   o  AES symmetric key as the Content Encryption Key (CEK); this
      example uses the key from Figure 85.

   o  Initialization Vector; this example uses the Initialization Vector
      from Figure 86.

Top      Up      ToC       Page 48 
   mYMfsggkTAm0TbvtlFh2hyoXnbEzJQjMxmgLN3d8xXA

           Figure 85: Content Encryption Key, base64url-encoded

   -nBoKLH0YkLZPSI9

            Figure 86: Initialization Vector, base64url-encoded

5.2.3.  Encrypting the Key

   Performing the key encryption operation over the CEK (Figure 85) with
   the RSA key (Figure 84) produces the following Encrypted Key:

   rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQi
   beYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyu
   cvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58
   -Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8Bpx
   KdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pK
   IIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7
   pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ
   fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe3
   8UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU
   06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5
   Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDR
   s

                Figure 87: Encrypted Key, base64url-encoded

5.2.4.  Encrypting the Content

   The following is generated before encrypting the Plaintext:

   o  JWE Protected Header; this example uses the header from Figure 88,
      encoded using base64url [RFC4648] to produce Figure 89.

   {
     "alg": "RSA-OAEP",
     "kid": "samwise.gamgee@hobbiton.example",
     "enc": "A256GCM"
   }

                   Figure 88: JWE Protected Header JSON

   eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG
   9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0

            Figure 89: JWE Protected Header, base64url-encoded

Top      Up      ToC       Page 49 
   Performing the content encryption operation over the Plaintext
   (Figure 72) with the following:

   o  CEK (Figure 85);

   o  Initialization Vector (Figure 86); and

   o  JWE Protected Header (Figure 89) as authenticated data

   produces the following:

   o  Ciphertext from Figure 90.

   o  Authentication Tag from Figure 91.

   o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgR
   L-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEw
   P7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8
   iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML
   7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSV
   maPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw

                 Figure 90: Ciphertext, base64url-encoded

   UCGiqJxhBI3IFVdPalHHvA

             Figure 91: Authentication Tag, base64url-encoded

5.2.5.  Output Results

   The following compose the resulting JWE object:

   o  JWE Protected Header (Figure 89)

   o  Encrypted Key (Figure 87)

   o  Initialization Vector (Figure 86)

   o  Ciphertext (Figure 90)

   o  Authentication Tag (Figure 91)

Top      Up      ToC       Page 50 
   The resulting JWE object using the JWE Compact Serialization:

   eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG
   9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0
   .
   rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQi
   beYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyu
   cvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58
   -Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8Bpx
   KdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pK
   IIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7
   pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ
   fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe3
   8UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU
   06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5
   Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDR
   s
   .
   -nBoKLH0YkLZPSI9
   .
   o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgR
   L-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEw
   P7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8
   iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML
   7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSV
   maPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw
   .
   UCGiqJxhBI3IFVdPalHHvA

                   Figure 92: JWE Compact Serialization

Top      Up      ToC       Page 51 
   The resulting JWE object using the general JWE JSON Serialization:

   {
     "recipients": [
       {
         "encrypted_key": "rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNu
             h7lCiud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-Bb
             tsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4
             v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzM
             uo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8B
             pxKdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1
             asnuHtVMt2pKIIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq
             5pGqFmW2k8zpO878TRlZx7pZfPYDSXZyS0CfKKkMozT_qiCwZTSz
             4duYnt8hS4Z9sGthXn9uDqd6wycMagnQfOTs_lycTWmY-aqWVDKh
             jYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe38UjQb0lvXn
             1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU
             06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8a
             KaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xD
             EdHAVCGRzN3woEI2ozDRs"
       }
     ],
     "protected": "eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2
         FtZ2VlQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0",
     "iv": "-nBoKLH0YkLZPSI9",
     "ciphertext": "o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6
         UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYx
         rXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lh
         hNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz
         6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7a
         CflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525Dx
         DfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw",
     "tag": "UCGiqJxhBI3IFVdPalHHvA"
   }

                 Figure 93: General JWE JSON Serialization

Top      Up      ToC       Page 52 
   The resulting JWE object using the flattened JWE JSON Serialization:

   {
     "protected": "eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2
         FtZ2VlQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0",
     "encrypted_key": "rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lC
         iud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2U
         sPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4v1zx2k7O1D89
         mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzMuo3Fn9buEP2yXakL
         XYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8BpxKdUV9ScfJQTcYm6eJE
         Bz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pKIIfux5BC6huI
         vmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7pZfPYD
         SXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQ
         fOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO
         2AWBe38UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G
         7S2rscw5lQQU06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDP
         Tr6Cbo8aKaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ
         69xDEdHAVCGRzN3woEI2ozDRs",
     "iv": "-nBoKLH0YkLZPSI9",
     "ciphertext": "o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6
         UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYx
         rXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lh
         hNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz
         6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7a
         CflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525Dx
         DfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw",
     "tag": "UCGiqJxhBI3IFVdPalHHvA"
   }

                Figure 94: Flattened JWE JSON Serialization

5.3.  Key Wrap Using PBES2-AES-KeyWrap with AES-CBC-HMAC-SHA2

   The example illustrates encrypting content using the
   "PBES2-HS512+A256KW" (PBES2 Password-based Encryption using HMAC-
   SHA-512 and AES-256-KeyWrap) key encryption algorithm with the
   "A128CBC-HS256" (AES-128-CBC-HMAC-SHA-256) content encryption
   algorithm.

   A common use of password-based encryption is the import/export of
   keys.  Therefore, this example uses a JWK Set for the Plaintext
   content instead of the Plaintext from Figure 72.

Top      Up      ToC       Page 53 
   Note that if password-based encryption is used for multiple
   recipients, it is expected that each recipient use different values
   for the PBES2 parameters "p2s" and "p2c".

   Note that whitespace is added for readability as described in
   Section 1.1.

5.3.1.  Input Factors

   The following are supplied before beginning the encryption process:

   o  Plaintext content; this example uses the Plaintext from Figure 95
      (NOTE: All whitespace was added for readability).

   o  Password; this example uses the password from Figure 96 -- with
      the sequence "\xe2\x80\x93" replaced with (U+2013 EN DASH).

   o  "alg" parameter of "PBES2-HS512+A256KW".

   o  "enc" parameter of "A128CBC-HS256".

   {
     "keys": [
       {
         "kty": "oct",
         "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
         "use": "enc",
         "alg": "A128GCM",
         "k": "XctOhJAkA-pD9Lh7ZgW_2A"
       },
       {
         "kty": "oct",
         "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
         "use": "enc",
         "alg": "A128KW",
         "k": "GZy6sIZ6wl9NJOKB-jnmVQ"
       },
       {
         "kty": "oct",
         "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
         "use": "enc",
         "alg": "A256GCMKW",
         "k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8"
       }
     ]
   }

                       Figure 95: Plaintext Content

Top      Up      ToC       Page 54 
   entrap_o\xe2\x80\x93peter_long\xe2\x80\x93credit_tun

                            Figure 96: Password

5.3.2.  Generated Factors

   The following are generated before encrypting:

   o  AES symmetric key as the Content Encryption Key (CEK); this
      example uses the key from Figure 97.

   o  Initialization Vector; this example uses the Initialization Vector
      from Figure 98.

   uwsjJXaBK407Qaf0_zpcpmr1Cs0CC50hIUEyGNEt3m0

           Figure 97: Content Encryption Key, base64url-encoded

   VBiCzVHNoLiR3F4V82uoTQ

            Figure 98: Initialization Vector, base64url-encoded

5.3.3.  Encrypting the Key

   The following are generated before encrypting the CEK:

   o  Salt input; this example uses the salt input from Figure 99.

   o  Iteration count; this example uses the iteration count 8192.

   8Q1SzinasR3xchYz6ZZcHA

                 Figure 99: Salt Input, base64url-encoded

   Performing the key encryption operation over the CEK (Figure 97) with
   the following:

   o  Password (Figure 96);

   o  Salt input (Figure 99), encoded as an octet string; and

   o  Iteration count (8192)

   produces the following Encrypted Key:

   d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g

               Figure 100: Encrypted Key, base64url-encoded

Top      Up      ToC       Page 55 
5.3.4.  Encrypting the Content

   The following is generated before encrypting the content:

   o  JWE Protected Header; this example uses the header from
      Figure 101, encoded using base64url [RFC4648] to produce
      Figure 102.

   {
     "alg": "PBES2-HS512+A256KW",
     "p2s": "8Q1SzinasR3xchYz6ZZcHA",
     "p2c": 8192,
     "cty": "jwk-set+json",
     "enc": "A128CBC-HS256"
   }

                   Figure 101: JWE Protected Header JSON

   eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3
   hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJl
   bmMiOiJBMTI4Q0JDLUhTMjU2In0

            Figure 102: JWE Protected Header, base64url-encoded

   Performing the content encryption operation over the Plaintext
   (Figure 95) with the following:

   o  CEK (Figure 97);

   o  Initialization Vector (Figure 98); and

   o  JWE Protected Header (Figure 102) as authenticated data

   produces the following:

   o  Ciphertext from Figure 103.

   o  Authentication Tag from Figure 104.

Top      Up      ToC       Page 56 
   23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IR
   sfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6l
   TF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb
   6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL
   _SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKd
   PQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrok
   AKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-
   zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V
   3kobXZ77ulMwDs4p

                 Figure 103: Ciphertext, base64url-encoded

   0HlwodAhOCILG5SQ2LQ9dg

             Figure 104: Authentication Tag, base64url-encoded

5.3.5.  Output Results

   The following compose the resulting JWE object:

   o  JWE Protected Header (Figure 102)

   o  Encrypted Key (Figure 100)

   o  Initialization Vector (Figure 98)

   o  Ciphertext (Figure 103)

   o  Authentication Tag (Figure 104)

Top      Up      ToC       Page 57 
   The resulting JWE object using the JWE Compact Serialization:

   eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3
   hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJl
   bmMiOiJBMTI4Q0JDLUhTMjU2In0
   .
   d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g
   .
   VBiCzVHNoLiR3F4V82uoTQ
   .
   23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IR
   sfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6l
   TF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb
   6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL
   _SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKd
   PQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrok
   AKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-
   zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V
   3kobXZ77ulMwDs4p
   .
   0HlwodAhOCILG5SQ2LQ9dg

                   Figure 105: JWE Compact Serialization

Top      Up      ToC       Page 58 
   The resulting JWE object using the general JWE JSON Serialization:

   {
     "recipients": [
       {
         "encrypted_key": "d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlU
             tFPWdgtURtmeDV1g"
       }
     ],
     "protected": "eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOi
         I4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOi
         Jqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
     "iv": "VBiCzVHNoLiR3F4V82uoTQ",
     "ciphertext": "23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2
         nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpD
         jEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_
         hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz42
         4givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ
         7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru
         5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUe
         RdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5
         tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdT
         w8V3kobXZ77ulMwDs4p",
     "tag": "0HlwodAhOCILG5SQ2LQ9dg"
   }

                Figure 106: General JWE JSON Serialization

Top      Up      ToC       Page 59 
   The resulting JWE object using the flattened JWE JSON Serialization:

   {
     "protected": "eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOi
         I4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOi
         Jqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",
     "encrypted_key": "d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPW
         dgtURtmeDV1g",
     "iv": "VBiCzVHNoLiR3F4V82uoTQ",
     "ciphertext": "23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2
         nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpD
         jEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_
         hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz42
         4givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ
         7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru
         5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUe
         RdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5
         tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdT
         w8V3kobXZ77ulMwDs4p",
     "tag": "0HlwodAhOCILG5SQ2LQ9dg"
   }

               Figure 107: Flattened JWE JSON Serialization

5.4.  Key Agreement with Key Wrapping Using ECDH-ES and AES-KeyWrap with
      AES-GCM

   This example illustrates encrypting content using the "ECDH-
   ES+A128KW" (Elliptic Curve Diffie-Hellman Ephemeral-Static with AES-
   128-KeyWrap) key encryption algorithm and the "A128GCM" (AES-GCM)
   content encryption algorithm.

   Note that only the EC public key is necessary to perform the key
   agreement.  However, the example includes the EC private key to allow
   readers to validate the output.

   Note that whitespace is added for readability as described in
   Section 1.1.

5.4.1.  Input Factors

   The following are supplied before beginning the encryption process:

   o  Plaintext content; this example uses the content from Figure 72.

   o  EC public key; this example uses the public key from Figure 108.

Top      Up      ToC       Page 60 
   o  "alg" parameter of "ECDH-ES+A128KW".

   o  "enc" parameter of "A128GCM".

   {
     "kty": "EC",
     "kid": "peregrin.took@tuckborough.example",
     "use": "enc",
     "crv": "P-384",
     "x": "YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGaQL
         pe2FpxBmu2",
     "y": "A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D5-
         SkgaFL1ETP",
     "d": "iTx2pk7wW-GqJkHcEkFQb2EFyYcO7RugmaW3mRrQVAOUiPommT0Idn
         YK2xDlZh-j"
   }

            Figure 108: Elliptic Curve P-384 Key, in JWK Format

   (NOTE: While the key includes the private parameters, only the public
   parameters "crv", "x", and "y" are necessary for the encryption
   operation.)

5.4.2.  Generated Factors

   The following are generated before encrypting:

   o  AES symmetric key as the Content Encryption Key (CEK); this
      example uses the key from Figure 109.

   o  Initialization Vector; this example uses the Initialization Vector
      from Figure 110.

   Nou2ueKlP70ZXDbq9UrRwg

           Figure 109: Content Encryption Key, base64url-encoded

   mH-G2zVqgztUtnW_

           Figure 110: Initialization Vector, base64url-encoded

5.4.3.  Encrypting the Key

   To encrypt the Content Encryption Key, the following is generated:

   o  Ephemeral EC private key on the same curve as the EC public key;
      this example uses the private key from Figure 111.

Top      Up      ToC       Page 61 
   {
     "kty": "EC",
     "crv": "P-384",
     "x": "uBo4kHPw6kbjx5l0xowrd_oYzBmaz-GKFZu4xAFFkbYiWgutEK6iuE
         DsQ6wNdNg3",
     "y": "sp3p5SGhZVC2faXumI-e9JU2Mo8KpoYrFDr5yPNVtW4PgEwZOyQTA-
         JdaY8tb7E0",
     "d": "D5H4Y_5PSKZvhfVFbcCYJOtcGZygRgfZkpsBr59Icmmhe9sW6nkZ8W
         fwhinUfWJg"
   }

       Figure 111: Ephemeral Elliptic Curve P-384 Key, in JWK Format

   Performing the key encryption operation over the CEK (Figure 109)
   with the following:

   o  The static Elliptic Curve public key (Figure 108); and

   o  The ephemeral Elliptic Curve private key (Figure 111)

   produces the following JWE Encrypted Key:

   0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2

               Figure 112: Encrypted Key, base64url-encoded

5.4.4.  Encrypting the Content

   The following is generated before encrypting the content:

   o  JWE Protected Header; this example uses the header from
      Figure 113, encoded to base64url [RFC4648] as Figure 114.

   {
     "alg": "ECDH-ES+A128KW",
     "kid": "peregrin.took@tuckborough.example",
     "epk": {
       "kty": "EC",
       "crv": "P-384",
       "x": "uBo4kHPw6kbjx5l0xowrd_oYzBmaz-GKFZu4xAFFkbYiWgutEK6i
           uEDsQ6wNdNg3",
       "y": "sp3p5SGhZVC2faXumI-e9JU2Mo8KpoYrFDr5yPNVtW4PgEwZOyQT
           A-JdaY8tb7E0"
     },
     "enc": "A128GCM"
   }

                   Figure 113: JWE Protected Header JSON

Top      Up      ToC       Page 62 
   eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdH
   Vja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAt
   Mzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NH
   hBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMy
   ZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWT
   h0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0

            Figure 114: JWE Protected Header, base64url-encoded

   Performing the content encryption operation on the Plaintext
   (Figure 72) using the following:

   o  CEK (Figure 109);

   o  Initialization Vector (Figure 110); and

   o  JWE Protected Header (Figure 114) as authenticated data

   produces the following:

   o  Ciphertext from Figure 115.

   o  Authentication Tag from Figure 116.

   tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cP
   WJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0
   IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkc
   Y9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w0
   3XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu
   07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ

                 Figure 115: Ciphertext, base64url-encoded

   WuGzxmcreYjpHGJoa17EBg

             Figure 116: Authentication Tag, base64url-encoded

Top      Up      ToC       Page 63 
5.4.5.  Output Results

   The following compose the resulting JWE object:

   o  JWE Protected Header (Figure 114)

   o  Encrypted Key (Figure 112)

   o  Initialization Vector (Figure 110)

   o  Ciphertext (Figure 115)

   o  Authentication Tag (Figure 116)

   The resulting JWE object using the JWE Compact Serialization:

   eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdH
   Vja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAt
   Mzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NH
   hBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMy
   ZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWT
   h0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0
   .
   0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2
   .
   mH-G2zVqgztUtnW_
   .
   tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cP
   WJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0
   IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkc
   Y9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w0
   3XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu
   07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ
   .
   WuGzxmcreYjpHGJoa17EBg

                   Figure 117: JWE Compact Serialization

Top      Up      ToC       Page 64 
   The resulting JWE object using the general JWE JSON Serialization:

   {
     "recipients": [
       {
         "encrypted_key": "0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2"
       }
     ],
     "protected": "eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcm
         VncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdH
         kiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bD
         B4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUT
         Z3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3
         BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbm
         MiOiJBMTI4R0NNIn0",
     "iv": "mH-G2zVqgztUtnW_",
     "ciphertext": "tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz
         5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzs
         XaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05
         jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93Y
         cdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkU
         ZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVn
         tRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ",
     "tag": "WuGzxmcreYjpHGJoa17EBg"
   }

                Figure 118: General JWE JSON Serialization

Top      Up      ToC       Page 65 
   The resulting JWE object using the flattened JWE JSON Serialization:

   {
     "protected": "eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcm
         VncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdH
         kiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bD
         B4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUT
         Z3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3
         BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbm
         MiOiJBMTI4R0NNIn0",
     "encrypted_key": "0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2",
     "iv": "mH-G2zVqgztUtnW_",
     "ciphertext": "tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz
         5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzs
         XaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05
         jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93Y
         cdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkU
         ZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVn
         tRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ",
     "tag": "WuGzxmcreYjpHGJoa17EBg"
   }

               Figure 119: Flattened JWE JSON Serialization

5.5.  Key Agreement Using ECDH-ES with AES-CBC-HMAC-SHA2

   This example illustrates encrypting content using the "ECDH-ES"
   (Elliptic Curve Diffie-Hellman Ephemeral-Static) key agreement
   algorithm and the "A128CBC-HS256" (AES-128-CBC-HMAC-SHA-256) content
   encryption algorithm.

   Note that only the EC public key is necessary to perform the key
   agreement.  However, the example includes the EC private key to allow
   readers to validate the output.

   Note that whitespace is added for readability as described in
   Section 1.1.

Top      Up      ToC       Page 66 
5.5.1.  Input Factors

   The following are supplied before beginning the encryption process:

   o  Plaintext content; this example uses the content from Figure 72.

   o  EC public key; this example uses the public key from Figure 120.

   o  "alg" parameter of "ECDH-ES".

   o  "enc" parameter of "A128CBC-HS256".

   {
     "kty": "EC",
     "kid": "meriadoc.brandybuck@buckland.example",
     "use": "enc",
     "crv": "P-256",
     "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
     "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
     "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8"
   }

                   Figure 120: Elliptic Curve P-256 Key

   (NOTE: While the key includes the private parameters, only the public
   parameters "crv", "x", and "y" are necessary for the encryption
   operation.)

5.5.2.  Generated Factors

   The following is generated before encrypting:

   o  Initialization Vector; this example uses the Initialization Vector
      from Figure 121.

   yc9N8v5sYyv3iGQT926IUg

           Figure 121: Initialization Vector, base64url-encoded

   NOTE: The Content Encryption Key (CEK) is not randomly generated;
   instead, it is determined using ECDH-ES key agreement.

Top      Up      ToC       Page 67 
5.5.3.  Key Agreement

   The following is generated to agree on a CEK:

   o  Ephemeral private key; this example uses the private key from
      Figure 122.

   {
     "kty": "EC",
     "crv": "P-256",
     "x": "mPUKT_bAWGHIhg0TpjjqVsP1rXWQu_vwVOHHtNkdYoA",
     "y": "8BQAsImGeAS46fyWw5MhYfGTT0IjBpFw2SS34Dv4Irs",
     "d": "AtH35vJsQ9SGjYfOsjUxYXQKrPH3FjZHmEtSKoSN8cM"
   }

             Figure 122: Ephemeral Private Key, in JWK Format

   Performing the ECDH operation using the static EC public key
   (Figure 120) over the ephemeral private key (Figure 122) produces the
   following CEK:

   hzHdlfQIAEehb8Hrd_mFRhKsKLEzPfshfXs9l6areCc

      Figure 123: Agreed-to Content Encryption Key, base64url-encoded

5.5.4.  Encrypting the Content

   The following is generated before encrypting the content:

   o  JWE Protected Header; this example uses the header from
      Figure 124, encoded to base64url [RFC4648] as Figure 125.

   {
     "alg": "ECDH-ES",
     "kid": "meriadoc.brandybuck@buckland.example",
     "epk": {
       "kty": "EC",
       "crv": "P-256",
       "x": "mPUKT_bAWGHIhg0TpjjqVsP1rXWQu_vwVOHHtNkdYoA",
       "y": "8BQAsImGeAS46fyWw5MhYfGTT0IjBpFw2SS34Dv4Irs"
     },
     "enc": "A128CBC-HS256"
   }

                   Figure 124: JWE Protected Header JSON

Top      Up      ToC       Page 68 
   eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidW
   NrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYi
   LCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqanFWc1AxclhXUXVfdndWT0hIdE5rZF
   lvQSIsInkiOiI4QlFBc0ltR2VBUzQ2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0
   RHY0SXJzIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ

            Figure 125: JWE Protected Header, base64url-encoded

   Performing the content encryption operation on the Plaintext
   (Figure 72) using the following:

   o  CEK (Figure 123);

   o  Initialization Vector (Figure 121); and

   o  JWE Protected Header (Figure 125) as authenticated data

   produces the following:

   o  Ciphertext from Figure 126.

   o  Authentication Tag from Figure 127.

   BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9
   IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_e
   vAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7-
   IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI
   -sD5PZ3l4NDCCei9XkoIAfsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7
   MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ61
   95_JGG2m9Csg

                 Figure 126: Ciphertext, base64url-encoded

   WCCkNa-x4BeB9hIDIfFuhg

             Figure 127: Authentication Tag, base64url-encoded

5.5.5.  Output Results

   The following compose the resulting JWE object:

   o  JWE Protected Header (Figure 114)

   o  Initialization Vector (Figure 110)

   o  Ciphertext (Figure 115)

   o  Authentication Tag (Figure 116)

Top      Up      ToC       Page 69 
   Only the general JWE JSON Serialization is presented because the
   flattened JWE JSON Serialization is identical.

   The resulting JWE object using the JWE Compact Serialization:

   eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidW
   NrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYi
   LCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqanFWc1AxclhXUXVfdndWT0hIdE5rZF
   lvQSIsInkiOiI4QlFBc0ltR2VBUzQ2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0
   RHY0SXJzIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ
   .
   .
   yc9N8v5sYyv3iGQT926IUg
   .
   BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9
   IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_e
   vAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7-
   IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI
   -sD5PZ3l4NDCCei9XkoIAfsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7
   MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ61
   95_JGG2m9Csg
   .
   WCCkNa-x4BeB9hIDIfFuhg

                   Figure 128: JWE Compact Serialization

   The resulting JWE object using the general JWE JSON Serialization:

   {
     "protected": "eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYn
         JhbmR5YnVja0BidWNrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6Ik
         VDIiwiY3J2IjoiUC0yNTYiLCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqan
         FWc1AxclhXUXVfdndWT0hIdE5rZFlvQSIsInkiOiI4QlFBc0ltR2VBUz
         Q2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0RHY0SXJzIn0sImVuYyI6Ik
         ExMjhDQkMtSFMyNTYifQ",
     "iv": "yc9N8v5sYyv3iGQT926IUg",
     "ciphertext": "BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4O
         PKbWE1zSTEFjDfhU9IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEs
         DIqAYtskTTmzmzNa-_q4F_evAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolq
         ZSF3xGNNkpOMQKF1Cl8i8wjzRli7-IXgyirlKQsbhhqRzkv8IcY6aHl2
         4j03C-AR2le1r7URUhArM79BY8soZU0lzwI-sD5PZ3l4NDCCei9XkoIA
         fsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7MsFfI_K767G9C9A
         zp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ6195_JGG2m9
         Csg",
     "tag": "WCCkNa-x4BeB9hIDIfFuhg"
   }

                Figure 129: General JWE JSON Serialization

Top      Up      ToC       Page 70 
5.6.  Direct Encryption Using AES-GCM

   This example illustrates encrypting content using a previously
   exchanged key directly and the "A128GCM" (AES-GCM) content encryption
   algorithm.

   Note that whitespace is added for readability as described in
   Section 1.1.

5.6.1.  Input Factors

   The following are supplied before beginning the encryption process:

   o  Plaintext content; this example uses the content from Figure 72.

   o  AES symmetric key as the Content Encryption Key (CEK); this
      example uses the key from Figure 130.

   o  "alg" parameter of "dir".

   o  "enc" parameter of "A128GCM".

   {
     "kty": "oct",
     "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
     "use": "enc",
     "alg": "A128GCM",
     "k": "XctOhJAkA-pD9Lh7ZgW_2A"
   }

                Figure 130: AES 128-Bit Key, in JWK Format

5.6.2.  Generated Factors

   The following is generated before encrypting:

   o  Initialization Vector; this example uses the Initialization Vector
      from Figure 131.

   refa467QzzKx6QAB

           Figure 131: Initialization Vector, base64url-encoded

Top      Up      ToC       Page 71 
5.6.3.  Encrypting the Content

   The following is generated before encrypting the content:

   o  JWE Protected Header; this example uses the header from
      Figure 132, encoded as base64url [RFC4648] to produce Figure 133.

   {
     "alg": "dir",
     "kid": "77c7e2b8-6e13-45cf-8672-617b5b45243a",
     "enc": "A128GCM"
   }

                   Figure 132: JWE Protected Header JSON

   eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MT
   diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0

            Figure 133: JWE Protected Header, base64url-encoded

   Performing the encryption operation on the Plaintext (Figure 72)
   using the following:

   o  CEK (Figure 130);

   o  Initialization Vector (Figure 131); and

   o  JWE Protected Header (Figure 133) as authenticated data

   produces the following:

   o  Ciphertext from Figure 134.

   o  Authentication Tag from Figure 135.

   JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJoBcW29rHP8yZOZG7Y
   hLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zM
   DB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_
   BIwCPTjb9o0SbdcdREEMJMyZBH8ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5
   g-NJsUPbjk29-s7LJAGb15wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSIn
   ZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp

                 Figure 134: Ciphertext, base64url-encoded

   vbb32Xvllea2OtmHAdccRQ

             Figure 135: Authentication Tag, base64url-encoded

Top      Up      ToC       Page 72 
5.6.4.  Output Results

   The following compose the resulting JWE object:

   o  JWE Protected Header (Figure 133)

   o  Initialization Vector (Figure 131)

   o  Ciphertext (Figure 134)

   o  Authentication Tag (Figure 135)

   Only the general JWE JSON Serialization is presented because the
   flattened JWE JSON Serialization is identical.

   The resulting JWE object using the JWE Compact Serialization:

   eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MT
   diNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0
   .
   .
   refa467QzzKx6QAB
   .
   JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJoBcW29rHP8yZOZG7Y
   hLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zM
   DB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_
   BIwCPTjb9o0SbdcdREEMJMyZBH8ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5
   g-NJsUPbjk29-s7LJAGb15wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSIn
   ZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp
   .
   vbb32Xvllea2OtmHAdccRQ

                   Figure 136: JWE Compact Serialization

Top      Up      ToC       Page 73 
   The resulting JWE object using the general JWE JSON Serialization:

   {
     "protected": "eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLT
         Q1Y2YtODY3Mi02MTdiNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0",
     "iv": "refa467QzzKx6QAB",
     "ciphertext": "JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJ
         oBcW29rHP8yZOZG7YhLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9
         HRUYkshtrMmIUAyGmUnd9zMDB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdc
         qMyiBoCO-FBdE-Nceb4h3-FtBP-c_BIwCPTjb9o0SbdcdREEMJMyZBH8
         ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5g-NJsUPbjk29-s7LJAGb1
         5wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSInZI-wjsY0yu3cT4_
         aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp",
     "tag": "vbb32Xvllea2OtmHAdccRQ"
   }

                Figure 137: General JWE JSON Serialization

5.7.  Key Wrap Using AES-GCM KeyWrap with AES-CBC-HMAC-SHA2

   This example illustrates encrypting content using the "A256GCMKW"
   (AES-256-GCM-KeyWrap) key encryption algorithm with the "A128CBC-
   HS256" (AES-128-CBC-HMAC-SHA-256) content encryption algorithm.

   Note that whitespace is added for readability as described in
   Section 1.1.

5.7.1.  Input Factors

   The following are supplied before beginning the encryption process:

   o  Plaintext content; this example uses the content from Figure 72.

   o  AES symmetric key; this example uses the key from Figure 138.

   o  "alg" parameter of "A256GCMKW".

   o  "enc" parameter of "A128CBC-HS256".

Top      Up      ToC       Page 74 
   {
     "kty": "oct",
     "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
     "use": "enc",
     "alg": "A256GCMKW",
     "k": "qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8"
   }

                        Figure 138: AES 256-Bit Key

5.7.2.  Generated Factors

   The following are generated before encrypting:

   o  AES symmetric key as the Content Encryption Key (CEK); this
      example uses the key from Figure 139.

   o  Initialization Vector for content encryption; this example uses
      the Initialization Vector from Figure 140.

   UWxARpat23nL9ReIj4WG3D1ee9I4r-Mv5QLuFXdy_rE

           Figure 139: Content Encryption Key, base64url-encoded

   gz6NjyEFNm_vm8Gj6FwoFQ

           Figure 140: Initialization Vector, base64url-encoded

5.7.3.  Encrypting the Key

   The following is generated before encrypting the CEK:

   o  Initialization Vector for key wrapping; this example uses the
      Initialization Vector from Figure 141.

   KkYT0GX_2jHlfqN_

   Figure 141: Initialization Vector for Key Wrapping, base64url-encoded

Top      Up      ToC       Page 75 
   Performing the key encryption operation over the CEK (Figure 139)
   with the following:

   o  AES symmetric key (Figure 138);

   o  Initialization Vector (Figure 141); and

   o  The empty string as authenticated data

   produces the following:

   o  Encrypted Key from Figure 142.

   o  Authentication Tag from Figure 143.

   lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok

               Figure 142: Encrypted Key, base64url-encoded

   kfPduVQ3T3H6vnewt--ksw

    Figure 143: Authentication Tag from Key Wrapping, base64url-encoded

5.7.4.  Encrypting the Content

   The following is generated before encrypting the content:

   o  JWE Protected Header; this example uses the header from
      Figure 144, encoded to base64url [RFC4648] as Figure 145.

   {
     "alg": "A256GCMKW",
     "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
     "tag": "kfPduVQ3T3H6vnewt--ksw",
     "iv": "KkYT0GX_2jHlfqN_",
     "enc": "A128CBC-HS256"
   }

                   Figure 144: JWE Protected Header JSON

Top      Up      ToC       Page 76 
   eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYj
   IwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3
   IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIiwiZW5jIjoiQTEyOENCQy1IUzI1Ni
   J9

            Figure 145: JWE Protected Header, base64url-encoded

   Performing the content encryption operation over the Plaintext
   (Figure 72) with the following:

   o  CEK (Figure 139);

   o  Initialization Vector (Figure 140); and

   o  JWE Protected Header (Figure 145) as authenticated data

   produces the following:

   o  Ciphertext from Figure 146.

   o  Authentication Tag from Figure 147.

   Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8EqoDZHyFKFBupS8iaE
   eVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyWtZKX0gxKdy6HgLvqoGNbZCz
   LjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQHLcqAHxy51449xkjZ7ewzZaGV3eFq
   hpco8o4DijXaG5_7kp3h2cajRfDgymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hde
   b6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0Jtj
   xAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR
   1B-gxpNk3xWU

                 Figure 146: Ciphertext, base64url-encoded

   DKW7jrb4WaRSNfbXVPlT5g

             Figure 147: Authentication Tag, base64url-encoded

Top      Up      ToC       Page 77 
5.7.5.  Output Results

   The following compose the resulting JWE object:

   o  JWE Protected Header (Figure 145)

   o  Encrypted Key (Figure 142)

   o  Initialization Vector (Figure 140)

   o  Ciphertext (Figure 146)

   o  Authentication Tag (Figure 147)

   The resulting JWE object using the JWE Compact Serialization:

   eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYj
   IwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3
   IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIiwiZW5jIjoiQTEyOENCQy1IUzI1Ni
   J9
   .
   lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok
   .
   gz6NjyEFNm_vm8Gj6FwoFQ
   .
   Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8EqoDZHyFKFBupS8iaE
   eVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyWtZKX0gxKdy6HgLvqoGNbZCz
   LjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQHLcqAHxy51449xkjZ7ewzZaGV3eFq
   hpco8o4DijXaG5_7kp3h2cajRfDgymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hde
   b6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0Jtj
   xAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR
   1B-gxpNk3xWU
   .
   DKW7jrb4WaRSNfbXVPlT5g

                   Figure 148: JWE Compact Serialization

Top      Up      ToC       Page 78 
   The resulting JWE object using the general JWE JSON Serialization:

   {
     "recipients": [
       {
         "encrypted_key": "lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElL
             vYNok"
       }
     ],
     "protected": "eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS
         1iZmE5LTRkOTUtYjIwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdV
         ZRM1QzSDZ2bmV3dC0ta3N3IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIi
         wiZW5jIjoiQTEyOENCQy1IUzI1NiJ9",
     "iv": "gz6NjyEFNm_vm8Gj6FwoFQ",
     "ciphertext": "Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8E
         qoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyW
         tZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQ
         HLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfD
         gymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec
         4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7z
         zFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3
         xWU",
     "tag": "DKW7jrb4WaRSNfbXVPlT5g"
   }

                Figure 149: General JWE JSON Serialization

Top      Up      ToC       Page 79 
   The resulting JWE object using the flattened JWE JSON Serialization:

   {
     "protected": "eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6IktrWVQwR1hfMm
         pIbGZxTl8iLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYjIwNS0yYj
         RkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3Ii
         wiZW5jIjoiQTEyOENCQy1IUzI1NiJ9",
     "encrypted_key": "lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNo
         k",
     "iv": "gz6NjyEFNm_vm8Gj6FwoFQ",
     "ciphertext": "Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8E
         qoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyW
         tZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQ
         HLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfD
         gymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec
         4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7z
         zFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3
         xWU",
     "tag": "NvBveHr_vonkvflfnUrmBQ"
   }

               Figure 150: Flattened JWE JSON Serialization

5.8.  Key Wrap Using AES-KeyWrap with AES-GCM

   The following example illustrates content encryption using the
   "A128KW" (AES-128-KeyWrap) key encryption algorithm and the "A128GCM"
   (AES-128-GCM) content encryption algorithm.

   Note that whitespace is added for readability as described in
   Section 1.1.

5.8.1.  Input Factors

   The following are supplied before beginning the encryption process:

   o  Plaintext content; this example uses the content from Figure 72.

   o  AES symmetric key; this example uses the key from Figure 151.

   o  "alg" parameter of "A128KW".

   o  "enc" parameter of "A128GCM".

Top      Up      ToC       Page 80 
   {
     "kty": "oct",
     "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
     "use": "enc",
     "alg": "A128KW",
     "k": "GZy6sIZ6wl9NJOKB-jnmVQ"
   }

                        Figure 151: AES 128-Bit Key

5.8.2.  Generated Factors

   The following are generated before encrypting:

   o  AES symmetric key as the Content Encryption Key; this example uses
      the key from Figure 152.

   o  Initialization Vector; this example uses the Initialization Vector
      from Figure 153.

   aY5_Ghmk9KxWPBLu_glx1w

           Figure 152: Content Encryption Key, base64url-encoded

   Qx0pmsDa8KnJc9Jo

           Figure 153: Initialization Vector, base64url-encoded

5.8.3.  Encrypting the Key

   Performing the key encryption operation over the CEK (Figure 152)
   with the AES symmetric key (Figure 151) produces the following
   Encrypted Key:

   CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx

               Figure 154: Encrypted Key, base64url-encoded

5.8.4.  Encrypting the Content

   The following is generated before encrypting the content:

   o  JWE Protected Header; this example uses the header from
      Figure 155, encoded to base64url [RFC4648] as Figure 156.

Top      Up      ToC       Page 81 
   {
     "alg": "A128KW",
     "kid": "81b20965-8332-43d9-a468-82160ad91ac8",
     "enc": "A128GCM"
   }

                   Figure 155: JWE Protected Header JSON

   eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
   04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0

            Figure 156: JWE Protected Header, base64url-encoded

   Performing the content encryption over the Plaintext (Figure 72) with
   the following:

   o  CEK (Figure 152);

   o  Initialization Vector (Figure 153); and

   o  JWE Protected Header (Figure 156) as authenticated data

   produces the following:

   o  Ciphertext from Figure 157.

   o  Authentication Tag from Figure 158.

   AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD6
   1A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfe
   F0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8RE
   wOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-p
   uQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRa
   a8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF

                 Figure 157: Ciphertext, base64url-encoded

   ER7MWJZ1FBI_NKvn7Zb1Lw

             Figure 158: Authentication Tag, base64url-encoded

Top      Up      ToC       Page 82 
5.8.5.  Output Results

   The following compose the resulting JWE object:

   o  JWE Protected Header (Figure 156)

   o  Encrypted Key (Figure 154)

   o  Initialization Vector (Figure 153)

   o  Ciphertext (Figure 157)

   o  Authentication Tag (Figure 158)

   The resulting JWE object using the JWE Compact Serialization:

   eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC
   04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0
   .
   CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx
   .
   Qx0pmsDa8KnJc9Jo
   .
   AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD6
   1A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfe
   F0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8RE
   wOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-p
   uQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRa
   a8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF
   .
   ER7MWJZ1FBI_NKvn7Zb1Lw

                   Figure 159: JWE Compact Serialization

Top      Up      ToC       Page 83 
   The resulting JWE object using the general JWE JSON Serialization:

   {
     "recipients": [
       {
         "encrypted_key": "CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx"
       }
     ],
     "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
         MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn
         0",
     "iv": "Qx0pmsDa8KnJc9Jo",
     "ciphertext": "AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1b
         TdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGk
         d3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiY
         SoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7
         PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvE
         TUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMv
         EmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF",
     "tag": "ER7MWJZ1FBI_NKvn7Zb1Lw"
   }

                Figure 160: General JWE JSON Serialization

   The resulting JWE object using the flattened JWE JSON Serialization:

   {
     "protected": "eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04Mz
         MyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn
         0",
     "encrypted_key": "CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx",
     "iv": "Qx0pmsDa8KnJc9Jo",
     "ciphertext": "AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1b
         TdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGk
         d3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiY
         SoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7
         PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvE
         TUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMv
         EmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF",
     "tag": "ER7MWJZ1FBI_NKvn7Zb1Lw"
   }

               Figure 161: Flattened JWE JSON Serialization


Next RFC Part