diff options
author | juerg <juerg@google.com> | 2021-06-11 02:37:57 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2021-06-11 02:38:39 -0700 |
commit | 88006a73f7f799706f599dd316dab941808998b0 (patch) | |
tree | 3e6cbb1554f55e03c197b7ee31a5fd31915fbbc0 /proto | |
parent | 7515701c46ae6e050913f82b1e672a12e3419b75 (diff) | |
download | tink-88006a73f7f799706f599dd316dab941808998b0.tar.gz |
Add optional custom "kid" parameter to JWT key types.
This value should only be set for RAW keys. If set, the kid value is set when
signing a token. For verification, the kid is always ignored, as for all RAW keys.
PiperOrigin-RevId: 378833740
Diffstat (limited to 'proto')
-rw-r--r-- | proto/jwt_ecdsa.proto | 4 | ||||
-rw-r--r-- | proto/jwt_hmac.proto | 4 | ||||
-rw-r--r-- | proto/jwt_rsa_ssa_pkcs1.proto | 4 | ||||
-rw-r--r-- | proto/jwt_rsa_ssa_pss.proto | 4 |
4 files changed, 16 insertions, 0 deletions
diff --git a/proto/jwt_ecdsa.proto b/proto/jwt_ecdsa.proto index a38d5d0d6..3c3732f0a 100644 --- a/proto/jwt_ecdsa.proto +++ b/proto/jwt_ecdsa.proto @@ -35,6 +35,10 @@ message JwtEcdsaPublicKey { JwtEcdsaAlgorithm algorithm = 2; bytes x = 3; bytes y = 4; + + // Optional, custom kid header value to be used with "RAW" keys. + // "TINK" keys with this value set will be rejected. + string custom_kid = 5; } // key_type: type.googleapis.com/google.crypto.tink.JwtEcdsaPrivateKey diff --git a/proto/jwt_hmac.proto b/proto/jwt_hmac.proto index 7ce9b8a86..998b8e4b8 100644 --- a/proto/jwt_hmac.proto +++ b/proto/jwt_hmac.proto @@ -34,6 +34,10 @@ message JwtHmacKey { uint32 version = 1; JwtHmacAlgorithm algorithm = 2; bytes key_value = 3; + + // Optional, custom kid header value to be used with "RAW" keys. + // "TINK" keys with this value set will be rejected. + string custom_kid = 4; } message JwtHmacKeyFormat { diff --git a/proto/jwt_rsa_ssa_pkcs1.proto b/proto/jwt_rsa_ssa_pkcs1.proto index 73709df96..ee14b8c9e 100644 --- a/proto/jwt_rsa_ssa_pkcs1.proto +++ b/proto/jwt_rsa_ssa_pkcs1.proto @@ -39,6 +39,10 @@ message JwtRsaSsaPkcs1PublicKey { // Public exponent. // Unsigned big integer in bigendian representation. bytes e = 4; + + // Optional, custom kid header value to be used with "RAW" keys. + // "TINK" keys with this value set will be rejected. + string custom_kid = 5; } // key_type: type.googleapis.com/google.crypto.tink.RsaSsaPkcs1PrivateKey diff --git a/proto/jwt_rsa_ssa_pss.proto b/proto/jwt_rsa_ssa_pss.proto index 561decbfe..00b5a543b 100644 --- a/proto/jwt_rsa_ssa_pss.proto +++ b/proto/jwt_rsa_ssa_pss.proto @@ -39,6 +39,10 @@ message JwtRsaSsaPssPublicKey { // Public exponent. // Unsigned big integer in bigendian representation. bytes e = 4; + + // Optional, custom kid header value to be used with "RAW" keys. + // "TINK" keys with this value set will be rejected. + string custom_kid = 5; } // key_type: type.googleapis.com/google.crypto.tink.JwtRsaSsaPssPrivateKey |