Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

OpenId Connect > JWS 5 (30.12.2022 3M) > Flashcards

JWS 5 (30.12.2022 3M) Flashcards

1
Q

Describe x5u Header Parameter.

A

The “x5u” (X.509 URL) Header Parameter is a URI that refers to a resource for the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS.

The certificate or certificate chain MUST conform to RFC5280 and be in PEM-encoded form, with each certificate delimited like
—–BEGIN CERTIFICATE—–

—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–

—–END CERTIFICATE—–

The certificate containing the public key corresponding to the key used to digitally sign the JWS MUST be the first certificate. This MAY be followed by additional certificates, with each subsequent certificate being the one used to certify the previous one.

Use of this Header Parameter is OPTIONAL.

The protocol used to acquire the resource MUST provide integrity protection and allow to verify of the server identity. The TLS with a trusted certificate is OK for this purpose.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe “x5c” Header Parameter.

A

The “x5c” (X.509 certificate chain) Header Parameter contains the X.509 public key certificate or certificate chain [RFC5280] corresponding to the key used to digitally sign the JWS.

The certificate or certificate chain is represented as a JSON array of certificate value strings. Each string in the array is a base64-encoded DER PKIX certificate value.

The certificate containing the public key corresponding to the key used to digitally sign the JWS MUST be the first certificate. This MAY be followed by additional certificates, with each subsequent certificate being the one used to certify the previous one.

The recipient MUST validate the certificate chain according to RFC 5280 and consider the certificate or certificate chain to be invalid if any validation failure occurs.

Use of this Header Parameter is OPTIONAL.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Describe “x5t” Header Parameter.

A

The “x5t” (X.509 certificate SHA-1 thumbprint) Header Parameter is a base64url-encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of the X.509 certificate [RFC5280] corresponding to the key used to digitally sign the JWS.

Note that certificate thumbprints are also sometimes known as certificate fingerprints.

Use of this Header Parameter is OPTIONAL.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe “x5t#S256” Header Parameter

A

The “x5t#S256” (X.509 certificate SHA-256 thumbprint) Header Parameter is a base64url-encoded SHA-256 thumbprint (a.k.a. digest) of the DER encoding of the X.509 certificate [RFC5280] corresponding to the key used to digitally sign the JWS.

Note that certificate thumbprints are also sometimes known as certificate fingerprints.

Use of this Header Parameter is OPTIONAL.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is certificate thumbprint (or fingerpring)?

A

Is just a hash over the certificate to make it easier to compare certificates. It is not included in a certificate itself but computed when needed.

You can create thumbprints using different hash algorithms e.g. SHA-1, SHA-256

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

OpenId Connect (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions