jwts and jose in a flash
TRANSCRIPT
JWTs and JOSE in a FlashEvan Johnson
About Me● CloudFlare Security Systems Engineer
● Previously an engineer at LastPass
● Wrote passgo (https://github.com/ejcx/passgo)
● On twitter @ejcx_● Personal sites:
○ https://ejj.io
○ https://twiinsen.com
What is JOSE● Fairly new standard.
● It is actually a “suite” of standards.● Methods for encrypting and signing javascript objects.
● Useful for stateless tokens● https://jwt.io has a great demo but we’re about to do one ourselves
What is a stateless token?● Used in large web applications.
● Server provides a client with a token containing some information needed by other servers to service the request
● Cryptographically validated● Meant to decrease load. Crypto is cheaper than databases
● Commonly used for authentication● Less code
What does JOSE look likeeyJhbGciOiJSUzI1NiIsImp3ayI6eyJrdHkiOiJSU0EiLCJuIjoieVRxNnRPbFdWNnBDdGJMT2Z5dXZxVzlaeFlramxtX0pWbnZrN0syMEFYakxUV0dmTlI0bUNNU3A0djhuZXdhVUZITnIyYlJUYXZxc213Q1U3M3lONUlmclBYcU5sOVdWeTJ2eGh0dnZOM01sVXREWklFVkJDWkl2WVpZVlBsOW82LW9HbnR6bUZqMmc1bDRERjFRNkc0enRhVGlER2s5V3BHRnNHVW4xNHJyWnR4a0JJeVVfMS1fRjRfcnR0bHlQcjRSSW02QTM0OGU4cWV5SU9KZW9rbXNQZWNPWnRzN01RenRnVEVmMVJYTnRXQUg4ZGZFbG9PT0FpRG1sX0dtU1BCZ0RhYU5MQnhlV3ZPT1FITVU4NU5YbXFLVndkYWJESVcxQTlRUUg3LW1NMmw0QzVLUGJmcEtvNklhbU5jX0dCRGd3TjFzd2kzcThNcTkwb2UtSmx3IiwiZSI6IkFRQUIifX0.eydqdGknOidkZWFkYmVlZicsICdtc2cnOidUaGFua3MgZm9yIGNvbWluZyB0byBteSB0YWxrJ30.DQU1MV5NaWadp45mT66oH7-yQ_ltZNTU88gHOnrcnAjxRummFEH7wuAXaHSPChf7pPc-ZBE5kEMEPFN0e_pY1df58xfabNPlJNpKnZJjiqClYRZ2VZbbB9_ePgj-XxVPgGeAmFakh-O59xxvyHyG97NKtnBjwtdnvLgp5jnnwIiojh8LXdSmjyo2yJNbj34mluSF1qf3IgVGYUUuJAMy_lxX8bIXLTnwLxCSd28mK6CqF7yBnmYLx6rzk1KMKkgzDrmLJMSdvwR-JYV6fFSnWixNLk-Ttf7pJSZAV_n2TlGlTlgO-YkL-tGi2YFmzg2PLYcXrFJ1cutvtCp3Z_0BvA
What does JOSE look likebase64url({JSON JOSE HEADER})
.
base64url({JSON JWT Payload})
.
base64url(signature of previous two)
What does JOSE look likeeyJhbGciOiJSUzI1NiIsImp3ayI6eyJrdHkiOiJSU0EiLCJuIjoieVRxNnRPbFdWNnBDdGJMT2Z5dXZxVzlaeFlramxtX0pWbnZrN0syMEFYakxUV0dmTlI0bUNNU3A0djhuZXdhVUZITnIyYlJUYXZxc213Q1U3M3lONUlmclBYcU5sOVdWeTJ2eGh0dnZOM01sVXREWklFVkJDWkl2WVpZVlBsOW82LW9HbnR6bUZqMmc1bDRERjFRNkc0enRhVGlER2s5V3BHRnNHVW4xNHJyWnR4a0JJeVVfMS1fRjRfcnR0bHlQcjRSSW02QTM0OGU4cWV5SU9KZW9rbXNQZWNPWnRzN01RenRnVEVmMVJYTnRXQUg4ZGZFbG9PT0FpRG1sX0dtU1BCZ0RhYU5MQnhlV3ZPT1FITVU4NU5YbXFLVndkYWJESVcxQTlRUUg3LW1NMmw0QzVLUGJmcEtvNklhbU5jX0dCRGd3TjFzd2kzcThNcTkwb2UtSmx3IiwiZSI6IkFRQUIifX0.eydqdGknOidkZWFkYmVlZicsICdtc2cnOidUaGFua3MgZm9yIGNvbWluZyB0byBteSB0YWxrJ30.DQU1MV5NaWadp45mT66oH7-yQ_ltZNTU88gHOnrcnAjxRummFEH7wuAXaHSPChf7pPc-ZBE5kEMEPFN0e_pY1df58xfabNPlJNpKnZJjiqClYRZ2VZbbB9_ePgj-XxVPgGeAmFakh-O59xxvyHyG97NKtnBjwtdnvLgp5jnnwIiojh8LXdSmjyo2yJNbj34mluSF1qf3IgVGYUUuJAMy_lxX8bIXLTnwLxCSd28mK6CqF7yBnmYLx6rzk1KMKkgzDrmLJMSdvwR-JYV6fFSnWixNLk-Ttf7pJSZAV_n2TlGlTlgO-YkL-tGi2YFmzg2PLYcXrFJ1cutvtCp3Z_0BvA
What does JOSE look like (JOSE Header)eyJhbGciOiJSUzI1NiIsImp3ayI6eyJrdHkiOiJSU0EiLCJuIjoieVRxNnRPbFdWNnBDdGJMT2Z5dXZxVzlaeFlramxtX0pWbnZrN0syMEFYakxUV0dmTlI0bUNNU3A0djhuZXdhVUZITnIyYlJUYXZxc213Q1U3M3lONUlmclBYcU5sOVdWeTJ2eGh0dnZOM01sVXREWklFVkJDWkl2WVpZVlBsOW82LW9HbnR6bUZqMmc1bDRERjFRNkc0enRhVGlER2s5V3BHRnNHVW4xNHJyWnR4a0JJeVVfMS1fRjRfcnR0bHlQcjRSSW02QTM0OGU4cWV5SU9KZW9rbXNQZWNPWnRzN01RenRnVEVmMVJYTnRXQUg4ZGZFbG9PT0FpRG1sX0dtU1BCZ0RhYU5MQnhlV3ZPT1FITVU4NU5YbXFLVndkYWJESVcxQTlRUUg3LW1NMmw0QzVLUGJmcEtvNklhbU5jX0dCRGd3TjFzd2kzcThNcTkwb2UtSmx3IiwiZSI6IkFRQUIifX0.eydqdGknOidkZWFkYmVlZicsICdtc2cnOidUaGFua3MgZm9yIGNvbWluZyB0byBteSB0YWxrJ30.DQU1MV5NaWadp45mT66oH7-yQ_ltZNTU88gHOnrcnAjxRummFEH7wuAXaHSPChf7pPc-ZBE5kEMEPFN0e_pY1df58xfabNPlJNpKnZJjiqClYRZ2VZbbB9_ePgj-XxVPgGeAmFakh-O59xxvyHyG97NKtnBjwtdnvLgp5jnnwIiojh8LXdSmjyo2yJNbj34mluSF1qf3IgVGYUUuJAMy_lxX8bIXLTnwLxCSd28mK6CqF7yBnmYLx6rzk1KMKkgzDrmLJMSdvwR-JYV6fFSnWixNLk-Ttf7pJSZAV_n2TlGlTlgO-YkL-tGi2YFmzg2PLYcXrFJ1cutvtCp3Z_0BvA
What does JOSE look like
What does JOSE look like (JWT Payload)eyJhbGciOiJSUzI1NiIsImp3ayI6eyJrdHkiOiJSU0EiLCJuIjoieVRxNnRPbFdWNnBDdGJMT2Z5dXZxVzlaeFlramxtX0pWbnZrN0syMEFYakxUV0dmTlI0bUNNU3A0djhuZXdhVUZITnIyYlJUYXZxc213Q1U3M3lONUlmclBYcU5sOVdWeTJ2eGh0dnZOM01sVXREWklFVkJDWkl2WVpZVlBsOW82LW9HbnR6bUZqMmc1bDRERjFRNkc0enRhVGlER2s5V3BHRnNHVW4xNHJyWnR4a0JJeVVfMS1fRjRfcnR0bHlQcjRSSW02QTM0OGU4cWV5SU9KZW9rbXNQZWNPWnRzN01RenRnVEVmMVJYTnRXQUg4ZGZFbG9PT0FpRG1sX0dtU1BCZ0RhYU5MQnhlV3ZPT1FITVU4NU5YbXFLVndkYWJESVcxQTlRUUg3LW1NMmw0QzVLUGJmcEtvNklhbU5jX0dCRGd3TjFzd2kzcThNcTkwb2UtSmx3IiwiZSI6IkFRQUIifX0.eydqdGknOidkZWFkYmVlZicsICdtc2cnOidUaGFua3MgZm9yIGNvbWluZyB0byBteSB0YWxrJ30.DQU1MV5NaWadp45mT66oH7-yQ_ltZNTU88gHOnrcnAjxRummFEH7wuAXaHSPChf7pPc-ZBE5kEMEPFN0e_pY1df58xfabNPlJNpKnZJjiqClYRZ2VZbbB9_ePgj-XxVPgGeAmFakh-O59xxvyHyG97NKtnBjwtdnvLgp5jnnwIiojh8LXdSmjyo2yJNbj34mluSF1qf3IgVGYUUuJAMy_lxX8bIXLTnwLxCSd28mK6CqF7yBnmYLx6rzk1KMKkgzDrmLJMSdvwR-JYV6fFSnWixNLk-Ttf7pJSZAV_n2TlGlTlgO-YkL-tGi2YFmzg2PLYcXrFJ1cutvtCp3Z_0BvA
What does JOSE look like (Body + Claims){
'jti':'deadbeef',
'msg':'Thanks for coming to my talk’
}
What does JOSE look likeeyJhbGciOiJSUzI1NiIsImp3ayI6eyJrdHkiOiJSU0EiLCJuIjoieVRxNnRPbFdWNnBDdGJMT2Z5dXZxVzlaeFlramxtX0pWbnZrN0syMEFYakxUV0dmTlI0bUNNU3A0djhuZXdhVUZITnIyYlJUYXZxc213Q1U3M3lONUlmclBYcU5sOVdWeTJ2eGh0dnZOM01sVXREWklFVkJDWkl2WVpZVlBsOW82LW9HbnR6bUZqMmc1bDRERjFRNkc0enRhVGlER2s5V3BHRnNHVW4xNHJyWnR4a0JJeVVfMS1fRjRfcnR0bHlQcjRSSW02QTM0OGU4cWV5SU9KZW9rbXNQZWNPWnRzN01RenRnVEVmMVJYTnRXQUg4ZGZFbG9PT0FpRG1sX0dtU1BCZ0RhYU5MQnhlV3ZPT1FITVU4NU5YbXFLVndkYWJESVcxQTlRUUg3LW1NMmw0QzVLUGJmcEtvNklhbU5jX0dCRGd3TjFzd2kzcThNcTkwb2UtSmx3IiwiZSI6IkFRQUIifX0.eydqdGknOidkZWFkYmVlZicsICdtc2cnOidUaGFua3MgZm9yIGNvbWluZyB0byBteSB0YWxrJ30.DQU1MV5NaWadp45mT66oH7-yQ_ltZNTU88gHOnrcnAjxRummFEH7wuAXaHSPChf7pPc-ZBE5kEMEPFN0e_pY1df58xfabNPlJNpKnZJjiqClYRZ2VZbbB9_ePgj-XxVPgGeAmFakh-O59xxvyHyG97NKtnBjwtdnvLgp5jnnwIiojh8LXdSmjyo2yJNbj34mluSF1qf3IgVGYUUuJAMy_lxX8bIXLTnwLxCSd28mK6CqF7yBnmYLx6rzk1KMKkgzDrmLJMSdvwR-JYV6fFSnWixNLk-Ttf7pJSZAV_n2TlGlTlgO-YkL-tGi2YFmzg2PLYcXrFJ1cutvtCp3Z_0BvA
Why do we need JOSE?
Why do we need JOSE?func generateMyJwt(userName, userId, jwtUse) {
return encThenSign( userName + “||” + userId + “||” + jwtUse, secretKey);
}
func validateMyJwt(myJwt) {
jwtData = valThenDecThenSplit(myJwt)
return jwtData[1], jwtData[2], jwtData[3]
}
What does JOSE fix?Json is fairly universally supported. Easy.
No hacky parsing for homebrew solutions required.
Asymmetric key support.
Lots of cryptographic options
Compact and URL Safe.
Useful for many trust models.
URL Safe
What vocab do we need?JSON Web Token (JWT)
JSON Web Encryption (JWE)
JSON Web Signature (JWS)
JSON Web Key (JWK)
JSON Web Algorithms (JWA)
JOSE HeaderAll types of JWTs contain a JOSE Header.
Type, Recommended to be ‘JWT’.
Content Type, image, video, etc.
Algorithm, Variety of algorithms. Sometimes ‘none’.
Certificates, can contain x509 certs, json web keys, or URLs to published x509 certs
JSON Web Signatures (JWS) RFC 7515 (JOSE Header) Data integrity but no encryption. Like our example.
Key ID, The Key ID used to secure the JWT.
JWK Set URL, URL of public keys.
JSON Web Key, A public key
x509 URL, x509 Chain, x509 Fingerprint (SHA1/2). Must support TLS
JSON Web Encryption (JWE) RFC 7516 (JOSE Header)Data protection and integrity.
Compression Algorithm, DEFLATE.
Encryption Algorithm, Defined in JWA
Public Keys,
THIS RFC IS MASSIVE
What is in the Payload? JWT ID, Random ID of that individual JWT.
Issued At, Not Before, Expiration, Standard Time Stuff.
Audience, Who is the JWT for. Must be checked.
Issuer, Who issued it? A StringOrUri should go here.
Subject, What is it for? A StringOrUri should go here.
Other, Applications can agree on non-registered claims.
JSON Web Algorithms (JWA) RFC 7518Just a list of supported crypto algorithms, and what is necessary to use them. Very confusing.
Lots and lots of algorithms
Lots and lots of logic
Lots and lots of special tags for the JOSE Header
JSON Web Algorithms (JWA) RFC 7518
JWT Best PracticesCompartmentalize. Different keys for each service
Short lived? Long lived? Think about it.
Follow the algorithms for validating and generating. They are in the RFC (if you’re writing code for this)
Strict JSON Format Checking.
Use a library
JWT Best PracticesDistinguish between JWS and JWEs
Look for 5 sections and 4 periods for a JWE.
alg in the header.
Look for payload versus ciphertext
Security Considerations
Security Considerations- Moxie’s Cryptographic Doom Principal
- https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
- Great bug ^
Trouble with JWTs
JOSE ConclusionThe RFCs are massively over-engineered.
Tons of features. Tons of ways to do things that few use.
It’s getting worse.
Is slow JWT adoption because of this?
JOSE has gotten a lot more popular.
Think about revocation
Questions?