RSA JWK format and parameters meaning

These are probably the parameters of an RSA key, as you can see here: https://www.gnupg.org/documentation/manuals/gcrypt-devel/RSA-key-parameters.html

The naming convention matches with that one used in the JWK:

n-mpi
    RSA public modulus n. 
e-mpi
    RSA public exponent e. 
d-mpi
    RSA secret exponent d = e^-1 \bmod (p-1)(q-1). 
p-mpi
    RSA secret prime p. 
q-mpi
    RSA secret prime q with p < q. 
u-mpi
    Multiplicative inverse u = p^-1 \bmod q.

Cheers !


They are defined in the JWA Specification, RFC 7518 section 6

6.3.1. Parameters for RSA Public Keys

The following members MUST be present for RSA public keys.

6.3.1.1. "n" (Modulus) Parameter

The "n" (modulus) parameter contains the modulus value for the RSA public key. It is represented as a Base64urlUInt-encoded value.

Note that implementers have found that some cryptographic libraries prefix an extra zero-valued octet to the modulus representations they return, for instance, returning 257 octets for a 2048-bit key, rather than 256. Implementations using such libraries will need to take
care to omit the extra octet from the base64url-encoded
representation.

6.3.1.2. "e" (Exponent) Parameter

The "e" (exponent) parameter contains the exponent value for the RSA public key. It is represented as a Base64urlUInt-encoded value.

For instance, when representing the value 65537, the octet sequence to be base64url-encoded MUST consist of the three octets [1, 0, 1];
the resulting representation for this value is "AQAB".

The rest of the section goes on to detail private keys:

6.3.2. Parameters for RSA Private Keys

In addition to the members used to represent RSA public keys, the
following members are used to represent RSA private keys. The
parameter "d" is REQUIRED for RSA private keys. The others enable
optimizations and SHOULD be included by producers of JWKs
representing RSA private keys. If the producer includes any of the
other private key parameters, then all of the others MUST be present, with the exception of "oth", which MUST only be present when more
than two prime factors were used.

6.3.2.1. "d" (Private Exponent) Parameter

The "d" (private exponent) parameter contains the private exponent value for the RSA private key. It is represented as a Base64urlUInt- encoded value.

Jones Standards Track [Page 30]

RFC 7518 JSON Web Algorithms (JWA) May 2015

6.3.2.2. "p" (First Prime Factor) Parameter

The "p" (first prime factor) parameter contains the first prime
factor. It is represented as a Base64urlUInt-encoded value.

6.3.2.3. "q" (Second Prime Factor) Parameter

The "q" (second prime factor) parameter contains the second prime
factor. It is represented as a Base64urlUInt-encoded value.

6.3.2.4. "dp" (First Factor CRT Exponent) Parameter

The "dp" (first factor CRT exponent) parameter contains the Chinese Remainder Theorem (CRT) exponent of the first factor. It is
represented as a Base64urlUInt-encoded value.

6.3.2.5. "dq" (Second Factor CRT Exponent) Parameter

The "dq" (second factor CRT exponent) parameter contains the CRT
exponent of the second factor. It is represented as a Base64urlUInt- encoded value.

6.3.2.6. "qi" (First CRT Coefficient) Parameter

The "qi" (first CRT coefficient) parameter contains the CRT
coefficient of the second factor. It is represented as a
Base64urlUInt-encoded value.

6.3.2.7. "oth" (Other Primes Info) Parameter

The "oth" (other primes info) parameter contains an array of
information about any third and subsequent primes, should they exist. When only two primes have been used (the normal case), this parameter MUST be omitted. When three or more primes have been used, the
number of array elements MUST be the number of primes used minus two. For more information on this case, see the description of the
OtherPrimeInfo parameters in Appendix A.1.2 of RFC 3447 [RFC3447],
upon which the following parameters are modeled. If the consumer of
a JWK does not support private keys with more than two primes and it
encounters a private key that includes the "oth" parameter, then it
MUST NOT use the key. Each array element MUST be an object with the
following members.

6.3.2.7.1. "r" (Prime Factor)

The "r" (prime factor) parameter within an "oth" array member
represents the value of a subsequent prime factor. It is represented as a Base64urlUInt-encoded value.

6.3.2.7.2. "d" (Factor CRT Exponent)

The "d" (factor CRT exponent) parameter within an "oth" array member represents the CRT exponent of the corresponding prime factor. It is represented as a Base64urlUInt-encoded value.

6.3.2.7.3. "t" (Factor CRT Coefficient)

The "t" (factor CRT coefficient) parameter within an "oth" array
member represents the CRT coefficient of the corresponding prime
factor. It is represented as a Base64urlUInt-encoded value.

Section 6.2 details the values used for Elliptic Curve keys, but I'll spare the quotation here.

Tags:

Jwt

Related

How does a client know an SSL cert has been signed by a CA if the client doesn't have the CA's public key? Is it safe to upload & scan personal files on VirusTotal? What are the security implications of systemd compared to systemv init? Is it safe to connect a random USB battery from a bin to my phone without stopping data transfer in some way? Internal network address contains my name - problematic? Where to find Google Authenticator backup codes? Is receiving fake torrent data possible? Isn't Ubuntu's system prompt for my password spoofable? How can I access the certificate transparency logs? How to allow users to connect from multiple devices with refresh tokens? My bank support just asked me for my online banking credentials How to add X-Frame-Options header to a simple HTML file?

Recent Posts