「[[マイクロソフト系技術情報 Wiki>http://techinfoofmicrosofttech.osscons.jp/]]」は、「[[Open棟梁Project>https://github.com/OpenTouryoProject/]]」,「[[OSSコンソーシアム .NET開発基盤部会>https://www.osscons.jp/dotNetDevelopmentInfrastructure/]]」によって運営されています。

-[[戻る(JWT)>JWT]]
--[[JWS]]
--[[JWE]]
--[[JWK]]

* 目次 [#k3dc43dc]
#contents

*概要 [#o711e0c7]
-[[JWS]]、[[JWE]]、[[JWK]]で利用される各アルゴリズムおよびそれらの識別子を定義する。
-これは、これらの識別子のためのいくつかのIANAレジストリを定義する。

*詳細 [#gc15b0d5]
-RFC 7518 - JSON Web Algorithms (JWA)~
https://tools.ietf.org/html/rfc7518

**[[JWS]]用 [#zcf6ef0e]
-3. Cryptographic Algorithms for Digital Signatures and MACs~
https://tools.ietf.org/html/rfc7518#section-3

***alg [#xdc1604e]
デジタル署名とMACのための暗号アルゴリズム

-3.1. "alg" (Algorithm) Header Parameter Values for JWS~
https://tools.ietf.org/html/rfc7518#section-3.1

   +--------------+-------------------------------+--------------------+
   | "alg" Param  | Digital Signature or MAC      | Implementation     |
   | Value        | Algorithm                     | Requirements       |
   +--------------+-------------------------------+--------------------+
   | HS256        | HMAC using SHA-256            | Required           |
   | HS384        | HMAC using SHA-384            | Optional           |
   | HS512        | HMAC using SHA-512            | Optional           |
   | RS256        | RSASSA-PKCS1-v1_5 using       | Recommended        |
   |              | SHA-256                       |                    |
   | RS384        | RSASSA-PKCS1-v1_5 using       | Optional           |
   |              | SHA-384                       |                    |
   | RS512        | RSASSA-PKCS1-v1_5 using       | Optional           |
   |              | SHA-512                       |                    |
   | ES256        | ECDSA using P-256 and SHA-256 | Recommended+       |
   | ES384        | ECDSA using P-384 and SHA-384 | Optional           |
   | ES512        | ECDSA using P-521 and SHA-512 | Optional           |
   | PS256        | RSASSA-PSS using SHA-256 and  | Optional           |
   |              | MGF1 with SHA-256             |                    |
   | PS384        | RSASSA-PSS using SHA-384 and  | Optional           |
   |              | MGF1 with SHA-384             |                    |
   | PS512        | RSASSA-PSS using SHA-512 and  | Optional           |
   |              | MGF1 with SHA-512             |                    |
   | none         | No digital signature or MAC   | Optional           |
   |              | performed                     |                    |
   +--------------+-------------------------------+--------------------+

***主要なalg [#o83bb55b]
取り敢えず以下を抑えると良さそう。

-Required
--HS256

-Recommended 
--RS256
--ES256 ([[FAPI2>FAPI Part 2 (Read and Write API Security Profile)]])

-Else
--PS256 ([[FAPI2>FAPI Part 2 (Read and Write API Security Profile)]])


**[[JWE]]用 [#o355e9ee]

***alg [#kc5a9bed]
鍵管理のための暗号アルゴリズム

-4. Cryptographic Algorithms for Key Management~
https://tools.ietf.org/html/rfc7518#section-4
--4.1. "alg" (Algorithm) Header Parameter Values for JWE~
https://tools.ietf.org/html/rfc7518#section-4.1

   +--------------------+--------------------+--------+----------------+
   | "alg" Param Value  | Key Management     | More   | Implementation |
   |                    | Algorithm          | Header | Requirements   |
   |                    |                    | Params |                |
   +--------------------+--------------------+--------+----------------+
   | RSA1_5             | RSAES-PKCS1-v1_5   | (none) | Recommended-   |
   | RSA-OAEP           | RSAES OAEP using   | (none) | Recommended+   |
   |                    | default parameters |        |                |
   | RSA-OAEP-256       | RSAES OAEP using   | (none) | Optional       |
   |                    | SHA-256 and MGF1   |        |                |
   |                    | with SHA-256       |        |                |
   | A128KW             | AES Key Wrap with  | (none) | Recommended    |
   |                    | default initial    |        |                |
   |                    | value using        |        |                |
   |                    | 128-bit key        |        |                |
   | A192KW             | AES Key Wrap with  | (none) | Optional       |
   |                    | default initial    |        |                |
   |                    | value using        |        |                |
   |                    | 192-bit key        |        |                |
   | A256KW             | AES Key Wrap with  | (none) | Recommended    |
   |                    | default initial    |        |                |
   |                    | value using        |        |                |
   |                    | 256-bit key        |        |                |
   | dir                | Direct use of a    | (none) | Recommended    |
   |                    | shared symmetric   |        |                |
   |                    | key as the CEK     |        |                |
   | ECDH-ES            | Elliptic Curve     | "epk", | Recommended+   |
   |                    | Diffie-Hellman     | "apu", |                |
   |                    | Ephemeral Static   | "apv"  |                |
   |                    | key agreement      |        |                |
   |                    | using Concat KDF   |        |                |
   | ECDH-ES+A128KW     | ECDH-ES using      | "epk", | Recommended    |
   |                    | Concat KDF and CEK | "apu", |                |
   |                    | wrapped with       | "apv"  |                |
   |                    | "A128KW"           |        |                |
   | ECDH-ES+A192KW     | ECDH-ES using      | "epk", | Optional       |
   |                    | Concat KDF and CEK | "apu", |                |
   |                    | wrapped with       | "apv"  |                |
   |                    | "A192KW"           |        |                |
   | ECDH-ES+A256KW     | ECDH-ES using      | "epk", | Recommended    |
   |                    | Concat KDF and CEK | "apu", |                |
   |                    | wrapped with       | "apv"  |                |
   |                    | "A256KW"           |        |                |
   | A128GCMKW          | Key wrapping with  | "iv",  | Optional       |
   |                    | AES GCM using      | "tag"  |                |
   |                    | 128-bit key        |        |                |
   | A192GCMKW          | Key wrapping with  | "iv",  | Optional       |
   |                    | AES GCM using      | "tag"  |                |
   |                    | 192-bit key        |        |                |
   | A256GCMKW          | Key wrapping with  | "iv",  | Optional       |
   |                    | AES GCM using      | "tag"  |                |
   |                    | 256-bit key        |        |                |
   | PBES2-HS256+A128KW | PBES2 with HMAC    | "p2s", | Optional       |
   |                    | SHA-256 and        | "p2c"  |                |
   |                    | "A128KW" wrapping  |        |                |
   | PBES2-HS384+A192KW | PBES2 with HMAC    | "p2s", | Optional       |
   |                    | SHA-384 and        | "p2c"  |                |
   |                    | "A192KW" wrapping  |        |                |
   | PBES2-HS512+A256KW | PBES2 with HMAC    | "p2s", | Optional       |
   |                    | SHA-512 and        | "p2c"  |                |
   |                    | "A256KW" wrapping  |        |                |
   +--------------------+--------------------+--------+----------------+

***主要なalg [#tc818133]

-Required~
-

-Recommended+
--RSA-OAEP
--ECDH-ES

***enc [#sb156839]
コンテンツ暗号化のための暗号アルゴリズム

-5.  Cryptographic Algorithms for Content Encryption
--5.1.  "enc" (Encryption Algorithm) Header Parameter Values for JWE~
https://tools.ietf.org/html/rfc7518#section-5

   +---------------+----------------------------------+----------------+
   | "enc" Param   | Content Encryption Algorithm     | Implementation |
   | Value         |                                  | Requirements   |
   +---------------+----------------------------------+----------------+
   | A128CBC-HS256 | AES_128_CBC_HMAC_SHA_256         | Required       |
   |               | authenticated encryption         |                |
   |               | algorithm, as defined in Section |                |
   |               | 5.2.3                            |                |
   | A192CBC-HS384 | AES_192_CBC_HMAC_SHA_384         | Optional       |
   |               | authenticated encryption         |                |
   |               | algorithm, as defined in Section |                |
   |               | 5.2.4                            |                |
   | A256CBC-HS512 | AES_256_CBC_HMAC_SHA_512         | Required       |
   |               | authenticated encryption         |                |
   |               | algorithm, as defined in Section |                |
   |               | 5.2.5                            |                |
   | A128GCM       | AES GCM using 128-bit key        | Recommended    |
   | A192GCM       | AES GCM using 192-bit key        | Optional       |
   | A256GCM       | AES GCM using 256-bit key        | Recommended    |
   +---------------+----------------------------------+----------------+

***主要なenc [#a5ee5218]
-Required
--A128CBC-HS256
--A256CBC-HS512
-Recommended 
--A128GCM
--A256GCM

**[[JWK]]用 [#y901bfc0]
鍵の暗号アルゴリズム

***kty [#cec7495e]
https://tools.ietf.org/html/rfc7518#section-6.1

***ASymmetric Keys(ECC) [#y16f1449]
https://tools.ietf.org/html/rfc7518#section-6.2

***ASymmetric Keys(RSA) [#a93d4f74]
https://tools.ietf.org/html/rfc7518#section-6.3

***Symmetric Keys [#w5aac2d6]
https://tools.ietf.org/html/rfc7518#section-6.4

*参考 [#n699ba57]
-RFC 7518 - JSON Web Algorithms (JWA)~
https://tools.ietf.org/html/rfc7518

----
Tags: [[:認証基盤]], [[:クレームベース認証]], [[:暗号化]]
Tags: [[:IT国際標準]], [[:認証基盤]], [[:クレームベース認証]], [[:暗号化]]



トップ   新規 一覧 単語検索 最終更新   ヘルプ   最終更新のRSS