/
Format of JWS to manage MTB public keys

Format of JWS to manage MTB public keys

Owned by Magnus Lundgren (Unlicensed)
Last updated: 2015-10-30

Keys shall be delivered within a JSON structure signed using JWS (RFC 7515) with the following parameters and content:

The JWS Protected Header shall contain the following fields:

{
    "alg": 'ES256',
    "kid": string <kid of the key-management key, supplied by the AB>,
    "authid": string <Participants ID (PID)> ,
    "notvalidafter": string (ISO 8601),
    "serial": integer (serialNumber)
}

The JWS Payload shall contain the following fields:

{
    'addMtbPublicKeys':  [ JWK Object, JWK Object .. JWK Object ], 
               (only new keys, existing keys still in use shall not be listed again)
    'delMtbPublicKeys': [ JWK Object kid, JWK Object kid .. JWK Object kid] 
               (if no keys are to be removed, this field can be omitted)
}

The JWS shall be formated in the JWS compact serialization format according to RFC 7515, section 3.1:

BASE64URL(UTF8(JWS Protected Header)) || '.' || 
BASE64URL(JWS Payload) || '.' || 
BASE64URL(JWS Signature)

Notes:

A JWK with an existing kid is skipped as you can't update an specific key. To do an update the existing key must be removed and a new defined.