wrapKey
Registry Context
wrapKey is the JWK key operation for encrypting a key.
Technical Summary
`wrapKey` is a defined and registered value for a JWK `key_ops` array, indicating that the key is intended to encrypt another key.
When Used
When a JWK is intended for key wrapping, meaning encryption of another key.
Normative Requirements
Application assigning key operations to a JWK
RFC 7517 - Section 4.3
Specify multiple unrelated key operations for the key..
Multiple unrelated key operations SHOULD NOT be specified for a key
Application defining a JWK
RFC 7517 - Section 4.3
Use the `use` and `key_ops` members together..
The "use" and "key_ops" JWK members SHOULD NOT be used together
RFC 7517 - Section 4.3
Include the `key_ops` member..
Condition: Unless the application requires its presence.
Use of the "key_ops" member is OPTIONAL, unless the application requires its presence.
Application defining or processing a JWK
RFC 7517 - Section 4.3
Ensure that the `use` and `key_ops` members convey consistent information..
Condition: If both members are used.
if both are used, the information they convey MUST be consistent
Application generating a JWK `key_ops` array
RFC 7517 - Section 4.3
Include duplicate key operation values in the array..
Duplicate key operation values MUST NOT be present in the array.
Application processing a JWK `key_ops` array
RFC 7517 - Section 4.3
Use key operation values other than those defined by RFC 7517..
Other values MAY be used.
Validation Guidance
Reject `key_ops` arrays containing duplicate values.
Compare `wrapKey` and other `key_ops` values case-sensitively.
Allow unrecognized key operation values unless application policy restricts them.
Allow omission of `key_ops` unless application policy requires it.
Warn when `wrapKey` is combined with operations other than `unwrapKey`.
Warn when both `use` and `key_ops` are present.
Reject a JWK when `use` and `key_ops` are both present but convey inconsistent intended uses.
Security Notes
RFC 7517 - Section 4.3
Specifying multiple unrelated key operations can create vulnerabilities associated with using the same key with multiple algorithms.
Reference
Details
- Entry Id
wrapKey- Key Operation Value
wrapKey- Key Operation Description
Encrypt key- Change Controller
IESG- Reference
RFC7517 - Section 4.3