Skip to end of banner
Go to start of banner

Format of JWS to send in keys

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 8 Next »

Keys shall be delivered within an JWS according to mts4 but with the following content:

The JWS Protected Header shall contain the following fields:
{
    "alg": 'JWA',
    "kid": string <kid defined from the AB>,
    "authid": string <your PID> ,
    "notvalidafter": integer (unix timestamp),
    "serial": integer (serialNumber),
}

The JWS Payload shall contain the following fields:

{
    'mtbPublicKeys':  [ JWK Object, JWK Object .. JWK Object ], (only new keys, existing keys still in use shall not be listed again)
    'removemtbPublicKeys': [ Object with kid, Object with kid .. ], (if no keys are to be removed, this field can be omitted)
}

 

The JWS  shall be formated as JWS compact serialization according to https://tools.ietf.org/html/rfc7515#section-3.1

BASE64URL(UTF8(JWS Protected Header)) || '.' || 
BASE64URL(JWS Payload) || '.' || 
BASE64URL(JWS Signature)

 

  • No labels