RFC 7515 - JSON Web Signature (JWS)

发布日期: 2015年5月
状态: 标准跟踪协议 (Standards Track)
作者: M. Jones (Microsoft), J. Bradley (Ping Identity), N. Sakimura (NRI)

---

摘要 (Abstract)

JSON Web Signature (JWS) 使用基于JSON的数据结构表示使用数字签名 (Digital Signatures) 或消息认证码 (Message Authentication Codes, MACs) 保护的内容. 与本规范一起使用的加密算法和标识符在单独的JSON Web Algorithms (JWA) 规范和该规范定义的IANA注册表中描述. 相关的加密功能在单独的JSON Web Encryption (JWE) 规范中描述.

---

目录 (Contents)

• 1. Introduction (简介)
  • 1.1 Notational Conventions
• 2. Terminology (术语)
• 3. JSON Web Signature (JWS) Overview (JWS概述)
  • 3.1 JWS Compact Serialization Overview
  • 3.2 JWS JSON Serialization Overview
  • 3.3 Example JWS
• 4. JOSE Header (JOSE头部)
  • 4.1 Registered Header Parameter Names
  • 4.2 Public Header Parameter Names
  • 4.3 Private Header Parameter Names
• 5. Producing and Consuming JWSs (生成和使用JWS)
  • 5.1 Message Signature or MAC Computation
  • 5.2 Message Signature or MAC Validation
  • 5.3 String Comparison Rules
• 6. Key Identification (密钥识别)
• 7. Serializations (序列化)
  • 7.1 JWS Compact Serialization
  • 7.2 JWS JSON Serialization
• 8. TLS Requirements (TLS要求)
• 9. IANA Considerations (IANA注意事项)
  • 9.1 JSON Web Signature and Encryption Header Parameters Registry
  • 9.2 Media Type Registration
• 10. Security Considerations (安全考虑)
  • 10.1 Key Entropy and Random Values
  • 10.2 Key Protection
  • 10.3 Key Origin Authentication
  • 10.4 Cryptographic Agility
  • 10.5 Differences between Digital Signatures and MACs
  • 10.6 Algorithm Validation
  • 10.7 Algorithm Protection
  • 10.8 Chosen Plaintext Attacks
  • 10.9 Timing Attacks
  • 10.10 Replay Protection
  • 10.11 SHA-1 Certificate Thumbprints
  • 10.12 JSON Security Considerations
  • 10.13 Unicode Comparison Security Considerations
• 11. References (参考文献)
  • 11.1 Normative References
  • 11.2 Informative References

附录 (Appendices)

• Appendix A. JWS Examples (JWS示例)
  • A.1 Example JWS Using HMAC SHA-256
  • A.2 Example JWS Using RSASSA-PKCS1-v1_5 SHA-256
  • A.3 Example JWS Using ECDSA P-256 SHA-256
  • A.4 Example JWS Using ECDSA P-521 SHA-512
  • A.5 Example Unsecured JWS
  • A.6 Example JWS Using General JWS JSON Serialization
  • A.7 Example JWS Using Flattened JWS JSON Serialization
• Appendix B. "x5c" Example
• Appendix C. Notes on base64url Encoding
• Appendix D. Notes on Key Selection
• Appendix E. Negative Test Case for "crit"
• Appendix F. Detached Content
• Acknowledgements (致谢)

---

相关资源

• 官方原文: RFC 7515
• 官方页面: RFC 7515 DataTracker
• 勘误表: RFC Editor Errata

JOSE系列RFC

• RFC 7515 - JSON Web Signature (JWS) ← 本文档
• RFC 7516 - JSON Web Encryption (JWE)
• RFC 7517 - JSON Web Key (JWK)
• RFC 7518 - JSON Web Algorithms (JWA)
• RFC 7519 - JSON Web Token (JWT)