oauth2.dev

d

IESG

Registry Context

`d` is the private-key parameter for OKP JWKs. It must contain the base64url-encoded private key and must not appear in public keys.

Technical Summary

RFC 8037 Section 2 defines `d` for the OKP key type. It MUST be present for private keys and contain the private key encoded using base64url. It MUST NOT be present for public keys.

When Used

Used when representing an OKP private key as a JSON Web Key.

Normative Requirements

The `d` parameter

MUST NOT
1
  1. RFC 8037 - Section 2

    be present.

    Condition: for an OKP public key

    This parameter MUST NOT be present for public keys.

MUST
1
  1. RFC 8037 - Section 2

    be present and contain the private key encoded using base64url.

    Condition: for an OKP private key

    The parameter "d" MUST be present for private keys and contain the private key encoded using the base64url encoding.

Validation Guidance

error

Reject an OKP public JWK containing `d`.

error

Reject an OKP private JWK if `d` is absent or is not a valid base64url encoding of the private key.

Reference

Details

Entry Id
d
Parameter Name
d
Parameter Description
ECC Private Key
Used With Kty Value
EC
Parameter Information Class
Private
Change Controller
IESG
Reference
RFC7518 - Section 6.2.2.1