Skip to content

clarify encryption keys use field#752

Open
c2bo wants to merge 2 commits into
mainfrom
642-clarify-jwks-use
Open

clarify encryption keys use field#752
c2bo wants to merge 2 commits into
mainfrom
642-clarify-jwks-use

Conversation

@c2bo

@c2bo c2bo commented Jul 3, 2026

Copy link
Copy Markdown
Member

Closes #642

@c2bo c2bo requested review from awoie, bc-pi, fkj, jogu and paulbastian July 8, 2026 08:22
@c2bo

c2bo commented Jul 8, 2026

Copy link
Copy Markdown
Member Author

@QZHelen could i ask for your review as well? Couldn't select you for reviewers (probably because you didn't joint the gh org?).

@fkj fkj left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The requirement that the Wallet MUST NOT select a key with the wrong use is new normative text, and surprisingly RFC 7517 does not contain any normative text saying what to actually do with a use parameter (e.g. that you MUST or SHOULD use a use=enc key only for encryption).

So this is technically a breaking change. However, I think any implementation that ignores use will never actually work anyway. So in this case I think we can make an exception. But this should be discussed in the WG. One option is to weaken the MUST NOT to a SHOULD NOT.

@QZHelen

QZHelen commented Jul 8, 2026

Copy link
Copy Markdown

Looks good to me, many thanks for the work to clarify this!

: OPTIONAL. A JSON object containing the Verifier metadata values. It MUST be UTF-8 encoded. The following metadata parameters MAY be used:

* `jwks`: OPTIONAL. A JSON Web Key Set, as defined in [@!RFC7591], that contains one or more public keys, such as those used by the Wallet as an input to a key agreement that may be used for encryption of the Authorization Response (see (#response_encryption)), or where the Wallet will require the public key of the Verifier to generate a Verifiable Presentation. This allows the Verifier to pass ephemeral keys specific to this Authorization Request. Public keys included in this parameter MUST NOT be used to verify the signature of signed Authorization Requests. Each JWK in the set MUST have a `kid` (Key ID) parameter that uniquely identifies the key within the context of the request.
* `jwks`: OPTIONAL. A JSON Web Key Set, as defined in [@!RFC7591], that contains one or more public keys, such as those used by the Wallet as an input to a key agreement that may be used for encryption of the Authorization Response (see (#response_encryption)), or where the Wallet will require the public key of the Verifier to generate a Verifiable Presentation. This allows the Verifier to pass ephemeral keys specific to this Authorization Request. JWKs in this set that do not contain a `use` parameter are intended to be used for encryption of the Authorization Response. If the Verifier includes keys intended for different purposes, it SHOULD set the `use` parameter in each key of the set to avoid ambiguity about which key to use for which purpose. Public keys included in this parameter MUST NOT be used to verify the signature of signed Authorization Requests. Each JWK in the set MUST have a `kid` (Key ID) parameter that uniquely identifies the key within the context of the request.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this a breaking change?

@paulbastian paulbastian left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My opinion is that "enc" actually fits well for the Credential Response encryption, while ECDH+MAC-based cryptographic holder binding should actually use sig value or register a new value for the use parameter. I believe the current language is a breaking change which we wanted to avoid.

@c2bo

c2bo commented Jul 9, 2026

Copy link
Copy Markdown
Member Author

My opinion is that "enc" actually fits well for the Credential Response encryption, while ECDH+MAC-based cryptographic holder binding should actually use sig value or register a new value for the use parameter. I believe the current language is a breaking change which we wanted to avoid.

That is pretty much what the PR says? It just adds a simplification that if use isn't present, then encryption should be assumed as a simplification / leniency clause (since we've already seen implementations do that and it's strictly speaking not required right now).

Comment thread 1.0/openid-4-verifiable-presentations-1_0.md Outdated
Comment thread 1.1/openid-4-verifiable-presentations-1_1.md Outdated
Co-authored-by: Christian Bormann <chris.bormann@gmx.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Should we mandate the use field for keys in the JSON Web Key Set in client_metadata

5 participants