Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AISS > JOSE > Flashcards

JOSE Flashcards

1
Q

JSON generalities

A

It is a data format widely used in web applications and simple enough for IoT and embedded systems. The idea is to make simple thing simple and complex things possible, so its goals are to be compact and have a URL-safe representation (in order to pass data also in a GET).

There are 4 main data formats:
* JSON Web Token
* JSON Web Signature
* JSON Web Encryption
* JSON Web Key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

JWS

A

It can be a true digital signature or a HMAC and it can be used to sign arbitrary content.
The only problem is that one JWS can only have one singnature.

A JWS is made of three parts that are Base64url encoded and concatened with a period character:
header_b64u “.” payload_b64u “.” signature_b64u

The signature is computed over header_b64u “.” payload_b64u and then it is Base64url-encoded and appended to the payload after a period.

The JWS header can have the following parameters:
- “alg”: signature algorithm (required), for example: “none”, “HS256”, …
- “jku”: JSON Web Key URL
- …

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

JSON encoding

A

Base64
- encodes 6 bits at a time making them 8
- each code is transformed in one of 64 ASCII characters
- “=” is used for padding
- not URL-safe

Base64url
- uses “-“ and “_” instead of “+” and “/” that are not URL safe
- no padding
- url-safe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

JWK

A

JSON Web Key is the JSON representation for asymmetic public and private keys or symmetric shared keys.

Its header can have:
- “kty”: key type, for example “EC”, “RSA”, …
- “kid”: Key identifier that can be used to reference the key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

JWE

A

JSON Web Encryption allows to encrypt arbitrary content using two possible representations:
- JWE compact serialization: for only one recipient
- JWE JSON serialization: the “recipients” tag is an array of JSON objects to identify each recipient and provide the CEK encrypted with the recipient’s public key

In general the result is in the form
header_b64u "." encrypted_CEK_b64u "." iv_b64u "." ciphertext_b64u "." authN_tag_b64u
which is compact and URL-safe.

CEK: Content Enccryption Key

IV and and Auth Tag are optional but, if the tag is used (AE modes), it is computed on everything.

The header has:
- “alg”: key encryption algorithm for CEK
- “enc”: content encryption algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AISS (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions