Custom key for key wrapping using JOSE/JWK

enzian

1/7/24, 7:13 PM

I am trying to figure out how to use a custom password with a JWK that uses the password for key wrapping. The JWA spec contains for example "PBES2-HS512+A256KW", which does "PBES2 with HMAC SHA-512 and 'A256KW' wrapping". So, if I understand correctly, PBES2 involves using a KDF, so can I just use a password and a key will be derived from that is used to encrypt a randomly generated DEK?

For example,

{"alg":"PBES2-HS512+A256KW","k":"<whatsexpectedhere?>","key_ops":["wrapKey","unwrapKey"],"kty":"oct"}

I am wondering, what I can put into the "k" field and whether there are any requirements for entropy, length apart from being in "oct" format (when using "PBES2-HS512+A256KW" or a similar alg). I have not found anything in the RFCs so far.

0 + 0

password-based-encryption

password-hashing

jwe

jose

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Custom key for key wrapping using JOSE/JWK

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.