oauth2.dev

oth

IESG

Registry Context

`oth` carries information about third and subsequent RSA primes in a multi-prime private key.

Technical Summary

In an RSA private JWK, `oth` is an array containing information for each prime factor after the first two.

When Used

RSA private keys constructed using three or more prime factors.

Normative Requirements

JWK consumer

MUST NOT
1

  1. RFC 7518 - Section 6.3.2.7

    use the key.

    Condition: when it does not support private keys with more than two primes and encounters a private key containing `oth`

    MUST NOT use the key

JWK producer

MUST
3

  1. RFC 7518 - Section 6.3.2.7

    omit the `oth` parameter.

    Condition: when only two primes have been used

    this parameter MUST be omitted

  2. RFC 7518 - Section 6.3.2.7

    set the number of `oth` array elements to the number of primes used minus two.

    Condition: when three or more primes have been used

    the number of array elements MUST be the number of primes used minus two

  3. RFC 7518 - Section 6.3.2.7

    make each `oth` array element an object containing the defined `r`, `d`, and `t` members.

    Condition: when `oth` is present

    Each array element MUST be an object with the following members

Validation Guidance

error

Report an error if an RSA private JWK generated using exactly two primes contains `oth`.

error

Verify that the `oth` array length equals the number of primes used minus two.

error

Do not use a private key containing `oth` when the consumer lacks multi-prime RSA support.

error

Verify that every `oth` array element is an object containing `r`, `d`, and `t`.

error

Verify that each `r`, `d`, and `t` value is Base64urlUInt-encoded as specified by Sections 6.3.2.7.1 through 6.3.2.7.3.

Reference

RFC7518 - Section 6.3.2.7

Details

Entry Id
oth
Parameter Name
oth
Parameter Description
Other Primes Info
Used With Kty Value
RSA
Parameter Information Class
Private
Change Controller
IESG
Reference
RFC7518 - Section 6.3.2.7