2

The JOSE standard introduces a signature (JWS) and encrypted data (JWE) which describe a data bundle, either signed or encrypted. However I cannot find a "request of signature" or "request of encryption" (it's possible to use JWE as request for decryption).

I would like to ask a remote end, as a proof of shared secret ownership, "sign me these bytes using this algorithm and this key" for which the response is a JWS as well as "encrypt these bytes using this key" for which the response is a JWE.

I'm trying to not reinvent the wheel here and while reading the JOSE spec I couldn't find anything like that that could be of use. It seems like such a common type of request that I wonder why/how it could be left out.

LiraNuna
  • 64,916
  • 15
  • 117
  • 140
  • FWIW I think if I were to reinvent the wheel, I would use a 2-part JWS/JWE like "request" object consisting of `header`.`message`, if `header` contains `alg`, it's a JWS request, if the `header` contains `alg` AND `enc`, it's an encryption request. Telling this apart from JWS/JWE is easy since it has only two parts instead of 3 (JWS) or 5 (JWE). But as I said, I don't want to reinvent the wheel if possible. – LiraNuna Dec 19 '17 at 07:46

1 Answers1

0

You're correct, there is nothing in the standards for this type of thing.

I'd question why you want to do things this way. Is there something significant in the content of the payload you want them to process? Why would it be unsuitable for the remote end to just send you a JWT?

kag0
  • 5,624
  • 7
  • 34
  • 67
  • Because I want the remote to prove it owns a certain key. The best way I can do it is to request a signature of random content (to avoid oracle attacks / replay attacks) of a specific key, which are the two first parts of a JWS. – LiraNuna Jul 15 '19 at 22:36
  • @LiraNuna it sounds like a JWT would do what you need. It is signed the same way as a JWS (the JOSE headers are the same), and in the payload there are timestamps (iat, exp, nbf) and a nonce (jti) to prevent replays. If for some reason the remote end doesn't know which key to use, you could send it just a key id and have it send back a JWT. – kag0 Jul 17 '19 at 01:52