JWS is Json Web Signature, is the basis of the structural configuration JWT (JWT actually covers two JWE JWS and wherein JWT load may also be nested JWT), comprising three parts JOSE Header, JWS Payload, JWS Signature.
Signature here there are two ways to generate a standard signature, asymmetric encryption, confidentiality because the private key, the signature can be confirmed in the body, while protecting the integrity of energy; the other is the message authentication code MAC ( Message authentication Code), using a symmetric secret key, the secret key needs to be shared between a plurality of issuing body, verification, so the body can not be confirmed issued, only serves to protect the integrity.
JWS eventually sequence of two forms, one is JWS Compact Serialization, a string of characters; the other is JWS JSON Serialization, is a standard Json objects, allowing to generate a plurality of signatures for the same content / message authentication code.
JWS Compact Serialization, to the parts '.' Separator.
BASE64URL(UTF8(JWS Protected Header)) || ’.’ ||
BASE64URL(JWS Payload) || ’.’ ||
BASE64URL(JWS Signature)
JWS Json Serialization may also be sub-divided into two formats: common flat.
The general format, the outermost layer payload, signatures. json signatures can contain multiple objects, objects from the inner json protected, header, signature composition. Different protected header generate different Signature.
{
"payload": "<payload contents>",
"signatures":
[
{
"protected": "<integrity-protected header 1 contents>",
"header": "<non-integrity-protected header 1 contents>",
"signature": "<signature 1 contents>"
},
...
{
"protected": "<integrity-protected header N contents>",
"header": "<non-integrity-protected header 1 contents>",
"signature": "<signature N contents>"
}
]
}
Flat format, is for only one signature / mac prepared.
{
"payload": "<payload contents>",
"protected": "<integrity-protected header contents>",
"header": "<non-integrity-protected header contents>",
"signature": "<signature contents>"
}
JOSE Header: Json Object Signing and Encryption Header. Describe the behavior of encryption and other parameters used, is JWS Protected / Unprotected Header of the collection.
JWS Protected Header, has a head parameter integrity protection.
JWS Unprotected Header, head without integrity protection parameters appear only JWS Json Serialization Format.
Following is a list of specified parameters JOSE Header, the parameters detailed information, please refer to rfc7515
| Header parameter | Full name | Explanation | required |
|---|---|---|---|
| Alg | algorithm | Specifies the signature algorithm is none, they said they did not use signatures to secure the integrity of the | Yes |
| is a natural | JWK set URL | URI corresponding to the public key signature with the key is located | no |
| Ctte | json web key | Signature key corresponding to the public key with | no |
| kid | key id | The use of the signature key id | no |
| type | Type | Jws indicate the entire media types, JOSE means is compact, JOSE + JSON meant to json | no |
| Content Type | Load media type | no | |
| crit | Critical | This field lists the extension header parameter of the receiver must be understood and processed, otherwise the jws invalid, the field is an array format | no |
| x5u | X.509 URL | – | no |
| x5c | X.509 Certificate Chain | – | no |
| x5t | X.509 Certificate SHA-1 Thumbprint | – | no |
| x5t#S256 | X.509 Certificate SHA-256 Thumbprint | – | no |
# crit 参数例子
{
"alg":"ES256",
"crit":["exp","iss"],
"exp":1363284000,
"iss":"test"
}
The following is a case rfc7515 provided, using HMAC_SHA256 generated JWS Signature.
1. The head is a compact string that does not wrap, no spaces.
Header = {“typ”:“JWT”,“alg”:“HS256”}
base64url(Header) = eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9
import base64
header_encoded = base64.urlsafe_b64encode(b'{"typ":"JWT","alg":"HS256"}')
print(header_encoded)
2. 载荷是一个包括了换行和空格的 json 对象,换行取 win 系统的 CRLF,且除第一行外,每一行开头有一个空格,行尾无空格。
Payload = {“iss”:“joe”,\r\n “exp”:1300819380,\r\n “http://example.com/is_root”:true}
base64url(Payload) = eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ
import base64
Payload = {"iss":"joe",\r\n "exp":1300819380,\r\n "http://example.com/is_root":true}
payload_encoded = (b'{"iss":"joe",\r\n "exp":1300819380,\r\n "http://example.com/is_root":true}')
print(payload_encoded)
3. 生成 Signature 时将头部和载荷视为一体
Message = ASCII(BASE64URL(UTF8(JWS Protected Header)) || ’.’ || BASE64URL(JWS Payload))
HMAC_SHA256 签名时需要用到对称密匙 Key,这里的 Key 是预先商量好的
Key = AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow
因为 Key 也是 base64url 编码后的内容,所以要获取 Key 的字节数组需要 base64url 解码一把,解码时由于 Key 的长度为 86,86%4=2,需要添加 ‘==’ 后再进行解码
# 也即解码时用的是这个
Key = AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow==
Signature = base64url( HMAC_SHA256(Message, Key) )
Finally, get signature dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk =
import hashlib
import hmac
import base64
message = bytes('eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ','ascii')
secret = base64.urlsafe_b64decode('AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow==')
signature = base64.urlsafe_b64encode(hmac.new(secret, message, digestmod=hashlib.sha256).digest())
print(signature)
Remove excess '=', is the ultimate Signature: dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk
In this way, it is the final JWS (wrapped for convenience of view, is actually a bunch)
eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9
.
eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ
.
dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk
Of course, you may choose the actual algorithm like RSA to sign, may refer the case RFC document.
Reference documents: rfc7515