「[[マイクロソフト系技術情報 Wiki>http://techinfoofmicrosofttech.osscons.jp/]]」は、「[[Open棟梁Project>https://github.com/OpenTouryoProject/]]」,「[[OSSコンソーシアム .NET開発基盤部会>https://www.osscons.jp/dotNetDevelopmentInfrastructure/]]」によって運営されています。 -[[戻る(JWT)>JWT]] --[[JWS]] --[[JWE]] --[[JWK]] * 目次 [#k3dc43dc] #contents *概要 [#o711e0c7] -[[JWS]]、[[JWE]]、[[JWK]]で利用される各アルゴリズムおよびそれらの識別子を定義する。 -これは、これらの識別子のためのいくつかのIANAレジストリを定義する。 *詳細 [#gc15b0d5] -RFC 7518 - JSON Web Algorithms (JWA)~ https://tools.ietf.org/html/rfc7518 **[[JWS]]用 [#zcf6ef0e] -3. Cryptographic Algorithms for Digital Signatures and MACs~ https://tools.ietf.org/html/rfc7518#section-3 ***alg [#xdc1604e] デジタル署名とMACのための暗号アルゴリズム -3.1. "alg" (Algorithm) Header Parameter Values for JWS~ https://tools.ietf.org/html/rfc7518#section-3.1 +--------------+-------------------------------+--------------------+ | "alg" Param | Digital Signature or MAC | Implementation | | Value | Algorithm | Requirements | +--------------+-------------------------------+--------------------+ | HS256 | HMAC using SHA-256 | Required | | HS384 | HMAC using SHA-384 | Optional | | HS512 | HMAC using SHA-512 | Optional | | RS256 | RSASSA-PKCS1-v1_5 using | Recommended | | | SHA-256 | | | RS384 | RSASSA-PKCS1-v1_5 using | Optional | | | SHA-384 | | | RS512 | RSASSA-PKCS1-v1_5 using | Optional | | | SHA-512 | | | ES256 | ECDSA using P-256 and SHA-256 | Recommended+ | | ES384 | ECDSA using P-384 and SHA-384 | Optional | | ES512 | ECDSA using P-521 and SHA-512 | Optional | | PS256 | RSASSA-PSS using SHA-256 and | Optional | | | MGF1 with SHA-256 | | | PS384 | RSASSA-PSS using SHA-384 and | Optional | | | MGF1 with SHA-384 | | | PS512 | RSASSA-PSS using SHA-512 and | Optional | | | MGF1 with SHA-512 | | | none | No digital signature or MAC | Optional | | | performed | | +--------------+-------------------------------+--------------------+ ***主要なalg [#o83bb55b] 取り敢えず以下を抑えると良さそう。 -Required --HS256 -Recommended --RS256 --ES256 ([[FAPI2>FAPI Part 2 (Read and Write API Security Profile)]]) -Else --PS256 ([[FAPI2>FAPI Part 2 (Read and Write API Security Profile)]]) **[[JWE]]用 [#o355e9ee] ***alg [#kc5a9bed] 鍵管理のための暗号アルゴリズム -4. Cryptographic Algorithms for Key Management~ https://tools.ietf.org/html/rfc7518#section-4 --4.1. "alg" (Algorithm) Header Parameter Values for JWE~ https://tools.ietf.org/html/rfc7518#section-4.1 +--------------------+--------------------+--------+----------------+ | "alg" Param Value | Key Management | More | Implementation | | | Algorithm | Header | Requirements | | | | Params | | +--------------------+--------------------+--------+----------------+ | RSA1_5 | RSAES-PKCS1-v1_5 | (none) | Recommended- | | RSA-OAEP | RSAES OAEP using | (none) | Recommended+ | | | default parameters | | | | RSA-OAEP-256 | RSAES OAEP using | (none) | Optional | | | SHA-256 and MGF1 | | | | | with SHA-256 | | | | A128KW | AES Key Wrap with | (none) | Recommended | | | default initial | | | | | value using | | | | | 128-bit key | | | | A192KW | AES Key Wrap with | (none) | Optional | | | default initial | | | | | value using | | | | | 192-bit key | | | | A256KW | AES Key Wrap with | (none) | Recommended | | | default initial | | | | | value using | | | | | 256-bit key | | | | dir | Direct use of a | (none) | Recommended | | | shared symmetric | | | | | key as the CEK | | | | ECDH-ES | Elliptic Curve | "epk", | Recommended+ | | | Diffie-Hellman | "apu", | | | | Ephemeral Static | "apv" | | | | key agreement | | | | | using Concat KDF | | | | ECDH-ES+A128KW | ECDH-ES using | "epk", | Recommended | | | Concat KDF and CEK | "apu", | | | | wrapped with | "apv" | | | | "A128KW" | | | | ECDH-ES+A192KW | ECDH-ES using | "epk", | Optional | | | Concat KDF and CEK | "apu", | | | | wrapped with | "apv" | | | | "A192KW" | | | | ECDH-ES+A256KW | ECDH-ES using | "epk", | Recommended | | | Concat KDF and CEK | "apu", | | | | wrapped with | "apv" | | | | "A256KW" | | | | A128GCMKW | Key wrapping with | "iv", | Optional | | | AES GCM using | "tag" | | | | 128-bit key | | | | A192GCMKW | Key wrapping with | "iv", | Optional | | | AES GCM using | "tag" | | | | 192-bit key | | | | A256GCMKW | Key wrapping with | "iv", | Optional | | | AES GCM using | "tag" | | | | 256-bit key | | | | PBES2-HS256+A128KW | PBES2 with HMAC | "p2s", | Optional | | | SHA-256 and | "p2c" | | | | "A128KW" wrapping | | | | PBES2-HS384+A192KW | PBES2 with HMAC | "p2s", | Optional | | | SHA-384 and | "p2c" | | | | "A192KW" wrapping | | | | PBES2-HS512+A256KW | PBES2 with HMAC | "p2s", | Optional | | | SHA-512 and | "p2c" | | | | "A256KW" wrapping | | | +--------------------+--------------------+--------+----------------+ ***主要なalg [#tc818133] -Required~ - -Recommended+ --RSA-OAEP --ECDH-ES ***enc [#sb156839] コンテンツ暗号化のための暗号アルゴリズム -5. Cryptographic Algorithms for Content Encryption --5.1. "enc" (Encryption Algorithm) Header Parameter Values for JWE~ https://tools.ietf.org/html/rfc7518#section-5 +---------------+----------------------------------+----------------+ | "enc" Param | Content Encryption Algorithm | Implementation | | Value | | Requirements | +---------------+----------------------------------+----------------+ | A128CBC-HS256 | AES_128_CBC_HMAC_SHA_256 | Required | | | authenticated encryption | | | | algorithm, as defined in Section | | | | 5.2.3 | | | A192CBC-HS384 | AES_192_CBC_HMAC_SHA_384 | Optional | | | authenticated encryption | | | | algorithm, as defined in Section | | | | 5.2.4 | | | A256CBC-HS512 | AES_256_CBC_HMAC_SHA_512 | Required | | | authenticated encryption | | | | algorithm, as defined in Section | | | | 5.2.5 | | | A128GCM | AES GCM using 128-bit key | Recommended | | A192GCM | AES GCM using 192-bit key | Optional | | A256GCM | AES GCM using 256-bit key | Recommended | +---------------+----------------------------------+----------------+ ***主要なenc [#a5ee5218] -Required --A128CBC-HS256 --A256CBC-HS512 -Recommended --A128GCM --A256GCM **[[JWK]]用 [#y901bfc0] 鍵の暗号アルゴリズム ***kty [#cec7495e] https://tools.ietf.org/html/rfc7518#section-6.1 ***ASymmetric Keys(ECC) [#y16f1449] https://tools.ietf.org/html/rfc7518#section-6.2 ***ASymmetric Keys(RSA) [#a93d4f74] https://tools.ietf.org/html/rfc7518#section-6.3 ***Symmetric Keys [#w5aac2d6] https://tools.ietf.org/html/rfc7518#section-6.4 *参考 [#n699ba57] -RFC 7518 - JSON Web Algorithms (JWA)~ https://tools.ietf.org/html/rfc7518 ---- Tags: [[:認証基盤]], [[:クレームベース認証]], [[:暗号化]]