- 追加された行はこの色です。
- 削除された行はこの色です。
「[[マイクロソフト系技術情報 Wiki>http://techinfoofmicrosofttech.osscons.jp/]]」は、「[[Open棟梁Project>https://github.com/OpenTouryoProject/]]」,「[[OSSコンソーシアム .NET開発基盤部会>https://www.osscons.jp/dotNetDevelopmentInfrastructure/]]」によって運営されています。
-[[戻る(JWT)>JWT]]
--[[JWS]]
--[[JWE]]
--[[JWK]]
* 目次 [#k3dc43dc]
#contents
*概要 [#o711e0c7]
-[[JWS]]、[[JWE]]、[[JWK]]で利用される各アルゴリズムおよびそれらの識別子を定義する。
-これは、これらの識別子のためのいくつかのIANAレジストリを定義する。
*詳細 [#gc15b0d5]
-RFC 7518 - JSON Web Algorithms (JWA)~
https://tools.ietf.org/html/rfc7518
**[[JWS]]用 [#zcf6ef0e]
-3. Cryptographic Algorithms for Digital Signatures and MACs~
https://tools.ietf.org/html/rfc7518#section-3
***alg [#xdc1604e]
デジタル署名とMACのための暗号アルゴリズム
-3.1. "alg" (Algorithm) Header Parameter Values for JWS~
https://tools.ietf.org/html/rfc7518#section-3.1
+--------------+-------------------------------+--------------------+
| "alg" Param | Digital Signature or MAC | Implementation |
| Value | Algorithm | Requirements |
+--------------+-------------------------------+--------------------+
| HS256 | HMAC using SHA-256 | Required |
| HS384 | HMAC using SHA-384 | Optional |
| HS512 | HMAC using SHA-512 | Optional |
| RS256 | RSASSA-PKCS1-v1_5 using | Recommended |
| | SHA-256 | |
| RS384 | RSASSA-PKCS1-v1_5 using | Optional |
| | SHA-384 | |
| RS512 | RSASSA-PKCS1-v1_5 using | Optional |
| | SHA-512 | |
| ES256 | ECDSA using P-256 and SHA-256 | Recommended+ |
| ES384 | ECDSA using P-384 and SHA-384 | Optional |
| ES512 | ECDSA using P-521 and SHA-512 | Optional |
| PS256 | RSASSA-PSS using SHA-256 and | Optional |
| | MGF1 with SHA-256 | |
| PS384 | RSASSA-PSS using SHA-384 and | Optional |
| | MGF1 with SHA-384 | |
| PS512 | RSASSA-PSS using SHA-512 and | Optional |
| | MGF1 with SHA-512 | |
| none | No digital signature or MAC | Optional |
| | performed | |
+--------------+-------------------------------+--------------------+
***主要なalg [#o83bb55b]
取り敢えず以下を抑えると良さそう。
-HS256
-RS256
-ES256
-Required
--HS256
-Recommended
--RS256
--ES256 ([[FAPI2>FAPI Part 2 (Read and Write API Security Profile)]])
-Else
--PS256 ([[FAPI2>FAPI Part 2 (Read and Write API Security Profile)]])
**[[JWE]]用 [#o355e9ee]
***alg [#kc5a9bed]
鍵管理のための暗号アルゴリズム
-4. Cryptographic Algorithms for Key Management~
https://tools.ietf.org/html/rfc7518#section-4
--4.1. "alg" (Algorithm) Header Parameter Values for JWE~
https://tools.ietf.org/html/rfc7518#section-4.1
+--------------------+--------------------+--------+----------------+
| "alg" Param Value | Key Management | More | Implementation |
| | Algorithm | Header | Requirements |
| | | Params | |
+--------------------+--------------------+--------+----------------+
| RSA1_5 | RSAES-PKCS1-v1_5 | (none) | Recommended- |
| RSA-OAEP | RSAES OAEP using | (none) | Recommended+ |
| | default parameters | | |
| RSA-OAEP-256 | RSAES OAEP using | (none) | Optional |
| | SHA-256 and MGF1 | | |
| | with SHA-256 | | |
| A128KW | AES Key Wrap with | (none) | Recommended |
| | default initial | | |
| | value using | | |
| | 128-bit key | | |
| A192KW | AES Key Wrap with | (none) | Optional |
| | default initial | | |
| | value using | | |
| | 192-bit key | | |
| A256KW | AES Key Wrap with | (none) | Recommended |
| | default initial | | |
| | value using | | |
| | 256-bit key | | |
| dir | Direct use of a | (none) | Recommended |
| | shared symmetric | | |
| | key as the CEK | | |
| ECDH-ES | Elliptic Curve | "epk", | Recommended+ |
| | Diffie-Hellman | "apu", | |
| | Ephemeral Static | "apv" | |
| | key agreement | | |
| | using Concat KDF | | |
| ECDH-ES+A128KW | ECDH-ES using | "epk", | Recommended |
| | Concat KDF and CEK | "apu", | |
| | wrapped with | "apv" | |
| | "A128KW" | | |
| ECDH-ES+A192KW | ECDH-ES using | "epk", | Optional |
| | Concat KDF and CEK | "apu", | |
| | wrapped with | "apv" | |
| | "A192KW" | | |
| ECDH-ES+A256KW | ECDH-ES using | "epk", | Recommended |
| | Concat KDF and CEK | "apu", | |
| | wrapped with | "apv" | |
| | "A256KW" | | |
| A128GCMKW | Key wrapping with | "iv", | Optional |
| | AES GCM using | "tag" | |
| | 128-bit key | | |
| A192GCMKW | Key wrapping with | "iv", | Optional |
| | AES GCM using | "tag" | |
| | 192-bit key | | |
| A256GCMKW | Key wrapping with | "iv", | Optional |
| | AES GCM using | "tag" | |
| | 256-bit key | | |
| PBES2-HS256+A128KW | PBES2 with HMAC | "p2s", | Optional |
| | SHA-256 and | "p2c" | |
| | "A128KW" wrapping | | |
| PBES2-HS384+A192KW | PBES2 with HMAC | "p2s", | Optional |
| | SHA-384 and | "p2c" | |
| | "A192KW" wrapping | | |
| PBES2-HS512+A256KW | PBES2 with HMAC | "p2s", | Optional |
| | SHA-512 and | "p2c" | |
| | "A256KW" wrapping | | |
+--------------------+--------------------+--------+----------------+
***主要なalg [#tc818133]
Recommended+
-RSA-OAEP
-ECDH-ES
-Required~
-
-Recommended+
--RSA-OAEP
--ECDH-ES
***enc [#sb156839]
コンテンツ暗号化のための暗号アルゴリズム
-5. Cryptographic Algorithms for Content Encryption
--5.1. "enc" (Encryption Algorithm) Header Parameter Values for JWE~
https://tools.ietf.org/html/rfc7518#section-5
+---------------+----------------------------------+----------------+
| "enc" Param | Content Encryption Algorithm | Implementation |
| Value | | Requirements |
+---------------+----------------------------------+----------------+
| A128CBC-HS256 | AES_128_CBC_HMAC_SHA_256 | Required |
| | authenticated encryption | |
| | algorithm, as defined in Section | |
| | 5.2.3 | |
| A192CBC-HS384 | AES_192_CBC_HMAC_SHA_384 | Optional |
| | authenticated encryption | |
| | algorithm, as defined in Section | |
| | 5.2.4 | |
| A256CBC-HS512 | AES_256_CBC_HMAC_SHA_512 | Required |
| | authenticated encryption | |
| | algorithm, as defined in Section | |
| | 5.2.5 | |
| A128GCM | AES GCM using 128-bit key | Recommended |
| A192GCM | AES GCM using 192-bit key | Optional |
| A256GCM | AES GCM using 256-bit key | Recommended |
+---------------+----------------------------------+----------------+
***主要なenc [#a5ee5218]
-Required
--A128CBC-HS256
--A256CBC-HS512
-Recommended
--A128GCM
--A256GCM
**[[JWK]]用 [#y901bfc0]
鍵の暗号アルゴリズム
***kty [#cec7495e]
https://tools.ietf.org/html/rfc7518#section-6.1
***ASymmetric Keys(ECC) [#y16f1449]
https://tools.ietf.org/html/rfc7518#section-6.2
***ASymmetric Keys(RSA) [#a93d4f74]
https://tools.ietf.org/html/rfc7518#section-6.3
***Symmetric Keys [#w5aac2d6]
https://tools.ietf.org/html/rfc7518#section-6.4
*参考 [#n699ba57]
-RFC 7518 - JSON Web Algorithms (JWA)~
https://tools.ietf.org/html/rfc7518
----
Tags: [[:認証基盤]], [[:クレームベース認証]], [[:暗号化]]