oauth2.dev

sig

IESG

Registry Context

`sig` is the JWK `use` value indicating that a public key is intended for verifying signatures. The `use` member is optional unless required by the application, and its value is case-sensitive.

Technical Summary

RFC 7517 Section 4.2 defines `sig` as a `use` parameter value for a public key used to verify signatures. It permits other `use` values, defines values as case-sensitive strings, and makes the member optional unless required by the application.

When Used

Use `sig` to indicate that a public key is intended for signature verification.

Normative Requirements

JWK producer

MAY
1
  1. RFC 7517 - Section 4.2

    Use values other than `sig` and `enc` for the `use` member..

    Other values MAY be used.

OPTIONAL
1
  1. RFC 7517 - Section 4.2

    Include the `use` member..

    Condition: unless the application requires its presence

    Use of the "use" member is OPTIONAL, unless the application requires its presence.

Validation Guidance

info

Allow JWKs without a `use` member unless the application requires its presence.

error

Treat `use` values as case-sensitive; do not treat values such as `SIG` as equivalent to `sig`.

error

Do not reject an otherwise valid JWK solely because its `use` value is not `sig` or `enc`.

Reference

Details

Entry Id
sig
Use Member Value
sig
Use Description
Digital Signature or MAC
Change Controller
IESG
Reference
RFC7517 - Section 4.2