What does "e": "AQAB" mean in jwks?

About

Asked 18/11, 2021 at 15:52 Answered 18/11, 2021 at 16:43

What does "e": "AQAB" mean in JWKS - Json Web Key Set

{
  "keys": [
    {
      "kty": "RSA", #key type
      "e": "AQAB",  #Question - what does "e" mean or stand for. And what values can e take. What is AQAB here. 
      "use": "sig", #verify client assertion signature. This means what is the use of the key. Answer - to verify signature. Right?
      "kid": "somebase64encodestring", #key id
      "alg": "RS256",  #key algoritham. Here it is RSA.
      "n": "anotherbase64encodestring"  #This is the actual public key base64 encoded.
    }
  ]
}

Dong answered 18/11, 2021 at 15:52 Comment(2)

Does this answer your question? Can Anyone Explain what keys are in dict of jwk when generating key – Telophase 18/11, 2021 at 15:55

further to the Q - when the alg is specified and the public key is present. Can not "e": "AQAB" be inferred from public key. I think yes. Then why specify it explicitly in the jwks. What is the extra benefit or requirement. – Dong 19/11, 2021 at 7:50

It's part of the public key too. From https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.1.2

6.3.1.2. "e" (Exponent) Parameter

The "e" (exponent) parameter contains the exponent value for the RSA public key. It is represented as a Base64urlUInt-encoded value.

For instance, when representing the value 65537, the octet sequence to be base64url-encoded MUST consist of the three octets [1, 0, 1]; the resulting representation for this value is "AQAB".

Example on Bash command line:
Decimal 65537 => converts to hexadecimal 0x010001 => encodes to Base64 AQAB like so:

$ printf '%06x' 65537 | xxd -r -p | xxd
00000000: 0100 01                                  ...

$ printf '%06x' 65537 | xxd -r -p | base64
AQAB

Freudian answered 18/11, 2021 at 16:43 Comment(4)

when the alg is specified and the public key is present. Can not "e": "AQAB" be inferred from public key. ++1. I think yes. Then why specify it explicitly in the jwks. What is the extra benefit or requirement. – Dong 19/11, 2021 at 7:48

I'm confused here - are you saying the value of the exponent crypto parameter is base64.decode("AQAB"), which is something like 010001 in binary or 17? Is this accurate, and where did 65537 come from? Is that a common exponent? – Boggs 28/3, 2022 at 23:48

Ahh I see, 010001 is actually base16, which translates to 65537. My question remains on "is 65537 a common exponent?" It appears to be. I'm guessing it's just a reasonably sized prime number which makes it a good candidate for an exponent. From what I recall, you'd still need two coprime numbers g and d for calculating the modulus and performing asymmetric encryption. – Boggs 29/3, 2022 at 20:58

@h0r53: en.wikipedia.org/wiki/65,537#Applications => 65537 is commonly used as a public exponent in the RSA cryptosystem. [...] – Literally 19/12, 2023 at 16:11

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

6.3.1.2. "e" (Exponent) Parameter

Recommended topics

Hot tags