マイクロソフト系技術情報 Wiki」は、「Open棟梁Project」,「OSSコンソーシアム .NET開発基盤部会」によって運営されています。

目次

概要

  • JWSJWEJWKで利用される各アルゴリズムおよびそれらの識別子を定義する。
  • これは、これらの識別子のためのいくつかのIANAレジストリを定義する。

詳細

JWS

alg

デジタル署名とMACのための暗号アルゴリズム

  +--------------+-------------------------------+--------------------+
  | "alg" Param  | Digital Signature or MAC      | Implementation     |
  | Value        | Algorithm                     | Requirements       |
  +--------------+-------------------------------+--------------------+
  | HS256        | HMAC using SHA-256            | Required           |
  | HS384        | HMAC using SHA-384            | Optional           |
  | HS512        | HMAC using SHA-512            | Optional           |
  | RS256        | RSASSA-PKCS1-v1_5 using       | Recommended        |
  |              | SHA-256                       |                    |
  | RS384        | RSASSA-PKCS1-v1_5 using       | Optional           |
  |              | SHA-384                       |                    |
  | RS512        | RSASSA-PKCS1-v1_5 using       | Optional           |
  |              | SHA-512                       |                    |
  | ES256        | ECDSA using P-256 and SHA-256 | Recommended+       |
  | ES384        | ECDSA using P-384 and SHA-384 | Optional           |
  | ES512        | ECDSA using P-521 and SHA-512 | Optional           |
  | PS256        | RSASSA-PSS using SHA-256 and  | Optional           |
  |              | MGF1 with SHA-256             |                    |
  | PS384        | RSASSA-PSS using SHA-384 and  | Optional           |
  |              | MGF1 with SHA-384             |                    |
  | PS512        | RSASSA-PSS using SHA-512 and  | Optional           |
  |              | MGF1 with SHA-512             |                    |
  | none         | No digital signature or MAC   | Optional           |
  |              | performed                     |                    |
  +--------------+-------------------------------+--------------------+

主要なalg

取り敢えず以下を抑えると良さそう。

  • Required
    • HS256
  • Recommended

JWE

alg

鍵管理のための暗号アルゴリズム

  +--------------------+--------------------+--------+----------------+
  | "alg" Param Value  | Key Management     | More   | Implementation |
  |                    | Algorithm          | Header | Requirements   |
  |                    |                    | Params |                |
  +--------------------+--------------------+--------+----------------+
  | RSA1_5             | RSAES-PKCS1-v1_5   | (none) | Recommended-   |
  | RSA-OAEP           | RSAES OAEP using   | (none) | Recommended+   |
  |                    | default parameters |        |                |
  | RSA-OAEP-256       | RSAES OAEP using   | (none) | Optional       |
  |                    | SHA-256 and MGF1   |        |                |
  |                    | with SHA-256       |        |                |
  | A128KW             | AES Key Wrap with  | (none) | Recommended    |
  |                    | default initial    |        |                |
  |                    | value using        |        |                |
  |                    | 128-bit key        |        |                |
  | A192KW             | AES Key Wrap with  | (none) | Optional       |
  |                    | default initial    |        |                |
  |                    | value using        |        |                |
  |                    | 192-bit key        |        |                |
  | A256KW             | AES Key Wrap with  | (none) | Recommended    |
  |                    | default initial    |        |                |
  |                    | value using        |        |                |
  |                    | 256-bit key        |        |                |
  | dir                | Direct use of a    | (none) | Recommended    |
  |                    | shared symmetric   |        |                |
  |                    | key as the CEK     |        |                |
  | ECDH-ES            | Elliptic Curve     | "epk", | Recommended+   |
  |                    | Diffie-Hellman     | "apu", |                |
  |                    | Ephemeral Static   | "apv"  |                |
  |                    | key agreement      |        |                |
  |                    | using Concat KDF   |        |                |
  | ECDH-ES+A128KW     | ECDH-ES using      | "epk", | Recommended    |
  |                    | Concat KDF and CEK | "apu", |                |
  |                    | wrapped with       | "apv"  |                |
  |                    | "A128KW"           |        |                |
  | ECDH-ES+A192KW     | ECDH-ES using      | "epk", | Optional       |
  |                    | Concat KDF and CEK | "apu", |                |
  |                    | wrapped with       | "apv"  |                |
  |                    | "A192KW"           |        |                |
  | ECDH-ES+A256KW     | ECDH-ES using      | "epk", | Recommended    |
  |                    | Concat KDF and CEK | "apu", |                |
  |                    | wrapped with       | "apv"  |                |
  |                    | "A256KW"           |        |                |
  | A128GCMKW          | Key wrapping with  | "iv",  | Optional       |
  |                    | AES GCM using      | "tag"  |                |
  |                    | 128-bit key        |        |                |
  | A192GCMKW          | Key wrapping with  | "iv",  | Optional       |
  |                    | AES GCM using      | "tag"  |                |
  |                    | 192-bit key        |        |                |
  | A256GCMKW          | Key wrapping with  | "iv",  | Optional       |
  |                    | AES GCM using      | "tag"  |                |
  |                    | 256-bit key        |        |                |
  | PBES2-HS256+A128KW | PBES2 with HMAC    | "p2s", | Optional       |
  |                    | SHA-256 and        | "p2c"  |                |
  |                    | "A128KW" wrapping  |        |                |
  | PBES2-HS384+A192KW | PBES2 with HMAC    | "p2s", | Optional       |
  |                    | SHA-384 and        | "p2c"  |                |
  |                    | "A192KW" wrapping  |        |                |
  | PBES2-HS512+A256KW | PBES2 with HMAC    | "p2s", | Optional       |
  |                    | SHA-512 and        | "p2c"  |                |
  |                    | "A256KW" wrapping  |        |                |
  +--------------------+--------------------+--------+----------------+

主要なalg

  • Required
  • Recommended+
    • RSA-OAEP
    • ECDH-ES

enc

コンテンツ暗号化のための暗号アルゴリズム

  +---------------+----------------------------------+----------------+
  | "enc" Param   | Content Encryption Algorithm     | Implementation |
  | Value         |                                  | Requirements   |
  +---------------+----------------------------------+----------------+
  | A128CBC-HS256 | AES_128_CBC_HMAC_SHA_256         | Required       |
  |               | authenticated encryption         |                |
  |               | algorithm, as defined in Section |                |
  |               | 5.2.3                            |                |
  | A192CBC-HS384 | AES_192_CBC_HMAC_SHA_384         | Optional       |
  |               | authenticated encryption         |                |
  |               | algorithm, as defined in Section |                |
  |               | 5.2.4                            |                |
  | A256CBC-HS512 | AES_256_CBC_HMAC_SHA_512         | Required       |
  |               | authenticated encryption         |                |
  |               | algorithm, as defined in Section |                |
  |               | 5.2.5                            |                |
  | A128GCM       | AES GCM using 128-bit key        | Recommended    |
  | A192GCM       | AES GCM using 192-bit key        | Optional       |
  | A256GCM       | AES GCM using 256-bit key        | Recommended    |
  +---------------+----------------------------------+----------------+

主要なenc

  • Required
    • A128CBC-HS256
    • A256CBC-HS512
  • Recommended
    • A128GCM
    • A256GCM

JWK

鍵の暗号アルゴリズム

kty

https://tools.ietf.org/html/rfc7518#section-6.1

ASymmetric Keys(ECC)

https://tools.ietf.org/html/rfc7518#section-6.2

ASymmetric Keys(RSA)

https://tools.ietf.org/html/rfc7518#section-6.3

Symmetric Keys

https://tools.ietf.org/html/rfc7518#section-6.4

参考


Tags: :IT国際標準, :認証基盤, :クレームベース認証, :暗号化


トップ   編集 凍結 差分 バックアップ 添付 複製 名前変更 リロード   新規 一覧 単語検索 最終更新   ヘルプ   最終更新のRSS
Last-modified: 2018-10-09 (火) 22:09:54 (70d)