[jose] At a glance: JWS vs "in-object" ES6/JSON signatures

Anders Rundgren Wed, 28 Oct 2015 23:40:07 -0700

ES6-compliant in-object JS/JSON signature:

  var inObjectSignedData =
    {
        // Object data expressed as JS properties
        "device": "Pump2",
        "value": 1e-18,


        // Object signature
        "signature": {
            ...Protected headers + Signature value expressed as JS properties...
        }
    };

JavaScript's JSON.parse() and JSON.stringify() suffice for "canonicalization" 
purposes.


Converting the above to JWS JSON Serialization you would get:

var signedData =
  {
      // Object data in a coded format
      "payload":"<payload contents>",

      // Protected headers wrapped in Base64URL
      "protected":"<integrity-protected header contents>",

      // Signature in a unique format
      "signature":"<signature contents>"
  }

ES6 was released in June 2015 so this opportunity is actually quite new.

Cheers,
Anders

http://webpki.org/ietf/draft-rundgren-predictable-serialization-for-json-tools-00.html#rfc.section.3.3

_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose

[jose] At a glance: JWS vs "in-object" ES6/JSON signatures

Reply via email to