JWS 1 (18.12.2022 3M)

Question 1

Name RFC number of JWS.

Answer 1

RFC 7515

Question 2

What JWS stands for?

Answer 2

JWS is JSON Web Signature. A data structure representing a digitally signed or MACed message.

Question 3

What JWS is used for?

Answer 3

To provide integrity protection for an arbitrary sequence of octets.

Question 4

How does JWS secure content?

Answer 4

JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs)

Question 5

Name serializations of JWS.

Answer 5

Two closely related serializations for JWSs are defined.

1. The JWS Compact Serialization
2. JWS JSON Serialization

Question 6

Name purpose of JWS Compact Serialization.

Answer 6

The JWS Compact Serialization is a compact, URL-safe representation intended for space-constrained environments such as HTTP Authorization headers and URI query parameters.

Question 7

How does JWS JSON Serialization represent JWS?

Answer 7

The JWS JSON Serialization represents JWS as JSON object.

This representation is neither optimized for compactness nor URL-safe.

Question 8

What is JWS payload?

Answer 8

The sequence of octets to be secured – a.k.a. the message. The payload can contain an arbitrary sequence of octets.

Question 9

What is JWS Signature?

Answer 9

Digital signature or MAC over the JWS Protected Header and the JWS Payload.

Question 10

What is Header Parameter?

Answer 10

A name/value pair that is member of the JOSE Header.

Question 11

What base64 encoding is used for JWS?

Answer 11

Base64 encoding using the URL- and filename-safe character set defined in Section 5 of RFC 4648 (‘-‘ instead of ‘+’ and ‘_’ instead of ‘/’) with all trailing ‘=’ characters omitted.

Question 12

Can you use multiple signatures with JWS Compact Serialization?

Answer 12

No.

But JWS JSON Serialization enables multiple digital signatures and/or MACs to be applied to the same content.

Question 13

What is unsecured JWS?

Answer 13

A JWS that provides no integrity protection. Unsecured JWSs use the “alg” value “none”.

Question 14

What is StringOrURI? How values of this type are compared?

Answer 14

The same as for JWT.

A JSON string value, with the additional requirement, that while arbitrary string values MAY be used, any value containing a “:”
character MUST be a URI.

StringOrURI values are compared as case-sensitive strings with no transformations or canonicalizations applied.

Question 15

What does JOSE stand for?

Answer 15

JOSE (Javascript Object Signing And Encryption) describes the cryptographic operations used when creating JWS or JWE.

This is not HTTP header. It looks like a JSON object. For example {“typ”:”JWT”, “alg”:”HS256”}

It’s important to understand that JOSE header is a part of JWS and JWE standards.