Keerthi Vibisan
Keerthi Vibisan
Software Engineer at Grootan Technologies

JOSE Standards

Written by Human, Not by AI

Posted on in Security • 788 words • 4 minute read
Tags: jwt

There were numerous formats to transfer data such as XML, INI, YAML and more. But JSON emerged as the widely adopted structure for its simplicity, efficiency and readability.

But JSON had no proper standard or method for securely transferring data and people were following inconsistent approaches for encryption and signing. Some solely relied on Transport Layer Security (TLS).

So the IETF designed JOSE (JSON Object Signing and Encryption) standards which addressed these gaps by providing a standardized framework to securely handle JSON data. JOSE includes components like JWS (for signing), JWE (for encryption), JWT (for compact tokens) and JWK (for representing cryptographic keys).

Token Structure

Is defined with 3 parts - Header, Payload and Signature.

base64UrlEncode(Header).
base64UrlEncode(Payload).
base64UrlEncode(Signature)
  • Header - Contains metadata about the token like how the token is signed or encrypted and the info to verify the token.
  • Payload - Contains the JSON Object / claims to be transfered.
  • Signature - Contain the signature formed by signing base64UrlEncode(Header) + base64UrlEncode(Payload) + Secret Key. This proves the Integrity & Authenticity of the token.

JWT: JSON Web Token

JWTs are simply Base64 URL-encoded JSON objects without any cryptographic protection.

By default JWT does not have any signature or encryption they are just base64 URL Encoded json objects, compact and self-contained for transmitting information between parties.

Encoded JWT:

eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.
eyJ1c2VySWQiOiIxMjMiLCJuYW1lIjoiSm9obiBEb2UifQ

Decoded

// Header
{
  "typ": "JWT",
  "alg": "none"
}

// Payload
{
  "userId": "123",
  "name": "John Doe"
}

// No Signature

As JWT lacks signature it does not provide data authenticity and integrity.

Also here Data Confidentiality is a Big Question

  • So to provide JWT with authenticity + integrity they must be signed (JWS – JSON Web Signature).

  • To provide JWT with confidentiality they must be encrypted (JWE – JSON Web Encryption).

  • To provide JWT with confidentiality + authenticity + integrity they must be signed & encrypted (JWS + JWE - Nested JWT).

jose_tree.png

JWS: JSON Web Signature

JWS is a format for digitally signing JSON data. A Signed JWT is know as JWS, by verifying the signature we can ensure its integrity and authenticity.

Note

JWTs can be signed under two different approaches

  • Symmetric Signing (HMAC) – Uses a Secret Key.

  • Asymmetric Signing (RSA/ECDSA) – Uses a Private/Public Key Pair

Encoded JWT:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.
eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IktlZXJ0aGkgVmliaXNhbiIsImlhdCI6MTUxNjIzOTAyMn0.
d-j0rji1_xNS4KrzpRHaZOrerLNLDHOMSiXAXo_pjDA

Decoded

// Header
{
  "alg": "HS256",
  "typ": "JWT"
}

// Payload
{
  "sub": "1234567890",
  "name": "Keerthi Vibisan",
  "iat": 1516239022
}

// Signature
HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  secretKey
)

Let’s see simple overview of the workfolw:

  1. The sender creates a JWT and signs it.
  2. JWS Transmission: The sender transmits the JWS to the recipient.
  3. JWS Signature Verification: The recipient retrives the public key of the sender and verifies the signature.

JWE: JSON Web Encryption

While JWS ensures integrity, it does not protect the confidentiality of the payload. So here comes JWE, format for representing encrypted content using JSON-based data structures.

So in simple a encrypted JWT is known as JWE.

Encoded JWE

eyJhbGciOiJSU0EtT0FFUCIsICJlbmMiOiJBMTI4R0NNIn0.
OKOawDo13gRp2ojaHV7LFpPqWAQ-oNUhE3j5Gleq-VQoT-5FoYMbqwxR7HmoJcOP.
48V1_ALb6US04U3b.
XFBoMYUZodetZdvTiFvSkQ.
GGoKlsv0A2uL6-LcSHJvaQ

Structure

BASE64URL(Protected Header) .
BASE64URL(Encrypted Key) .
BASE64URL(Initialization Vector) .
BASE64URL(Ciphertext) .
BASE64URL(Authentication Tag)

Let’s see simple overview of the workfolw:

  1. The sender retrives the recipient’s public key from a key management system or through some API call.
  2. JWE Creation:
    • A random symmetric key (AES) is generated to encrypt the payload.
    • The symmetric key is encrypted using the recipient’s public key.
    • A JWE structure is created with the encrypted key, IV, ciphertext and authentication tag.
  3. JWE Transmission: The sender transmits the JWE to the recipient.
  4. JWE Decryption:
    • The recipient decrypts the symmetric key using their private key.
    • The decrypted symmetric key is used to decrypt the payload.
    • The authentication tag is verified to ensure integrity.

Note

Authentication Tag

  • This helps us to ensure that ciphertext has not been tampered during transmission.
  • The tag is generated using Message Authentication Code (MAC) during encryption.

Tag = Encrypt(Ciphertext,Key,Initialization Vector,AAD / JWE Header)

JWK: JSON Web Key

JWK is a standard format for representing cryptographic keys in JSON format. It is commonly used to share public keys for verifying JWS signatures or encrypting JWE tokens.

Structure (RSA)

{
  "kid": "key ID",
  "kty": "key type",
  "use": "key use",
  "alg": "algorithm",
  "n": "base64url-encoded-modulus",
  "e": "base64url-encoded-exponent",
  
  // Optional
  "x5c": "X.509 Certificate Chain".
  "x5t": "X.509 Certificate Thumbprint",
  "x5t#S256": "X.509 Certificate Thumbprint using SHA-256"
}

Example (RSA)

    {
      "kid": "TC1GnujVChNbNHpPSmO_UXzOngcLY0lX5rDq4DHf31Q",
      "kty": "RSA",
      "alg": "RS256",
      "use": "sig",
      "n": "pTFvAA37vKYjU8vG3LZ9QFyWRgwSYfJIGwBJjkKdzFgxOnqXUEMsiXVCZP0xBccpf-SosepuMP19lhZUcCQdMZ-pO0Q-BDrBS5d9fzoxWybApDdA6Vedce8UAHl78D3EDfkhgdESgcf1slXGMDsYM0q9nRN2kpwzpGA7VVdOCqay_zWTEwyAo4rOYYDkNahjoB2RkvWuoC66oZlSP4dmHJBSQXT8hLzLIhSmrFjerwP48DuN-wT4heDMp-xLCJY5aotnTW6eIh2EtZhklazlPzlRPdYlcSteZ1yWivDhbxbm7DKdNO5zWYYTJoRCwL1hZmE78gWmcGLO9hQjFzQUZQ",
      "e": "AQAB",
      "x5c": [
        "MIICpTCCAY0CBgGJ8yQ0tjANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtzdXBlcmFwcGRldjAeFw0yMzA4MTQwODIxMjNaFw0zMzA4MTQwODIzMDNaMBYxFDASBgNVBAMMC3N1cGVyYXBwZGV2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTFvAA37vKYjU8vG3LZ9QFyWRgwSYfJIGwBJjkKdzFgxOnqXUEMsiXVCZP0xBccpf+SosepuMP19lhZUcCQdMZ+pO0Q+BDrBS5d9fzoxWybApDdA6Vedce8UAHl78D3EDfkhgdESgcf1slXGMDsYM0q9nRN2kpwzpGA7VVdOCqay/zWTEwyAo4rOYYDkNahjoB2RkvWuoC66oZlSP4dmHJBSQXT8hLzLIhSmrFjerwP48DuN+wT4heDMp+xLCJY5aotnTW6eIh2EtZhklazlPzlRPdYlcSteZ1yWivDhbxbm7DKdNO5zWYYTJoRCwL1hZmE78gWmcGLO9hQjFzQUZQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBYRUKk0VdOuSCiWRk16FA8XQTyfNeDiovcjtix+hM9qyQBPBLueAolBXLggbZ9k10kqdGz/J+CCdxAw6kDTH2XIsXSRLuS8hZ9X8zGtNObHSG/VsadQzTmUeS/L+eFnFp+XqVAEsgInCWZimmlTV5czEd7htJ6Ciw81gyyILVArBKUhHtwZRVngc3OhRlo8sEfBheE17TBhD082hXNdzEPb9K3GquAICugpCINV5f4SuVHByDEPGD9zJYP5JUarv4P1qNDl7diNXTyLkjko/S+W0mAHCTR2kiRrIATIkjwFKSqKWlW0XWJZBRF+pZqtQRfQN2yUeSpW67v3qboaaL3"
      ],
      "x5t": "1X9QVIJOaXyycr4RuqMXJFl3RjE",
      "x5t#S256": "5DklukGm4WF4sjvYCNAd0CWWcdff1sTmJNqDst3Iixo"
    }

We have three JWK Key types (kty)

  • RSA
  • EC (Elliptic Curve)
  • oct (Octet Sequence)

Conclusion

The JOSE Standards provide a framework for securely handling JSON data. So depending on our requirement we can use JWS for authenticity and integrity, JWE for confidentiality or combination of both to ensure complete security and JWK for representing cryptographic keys.