[cifs-protocol] [MS-OAPXBC] Exchange PRT for Access Token, HS256 or RS256?
David Mulder
dmulder at samba.org
Fri Dec 15 20:51:52 UTC 2023
In section 3.2.5.1.3.1 the protocol initially says that "JWTs are signed
either with a device key or session keys".
Then for the jwt header alg field it says "HS256" is supported. The
session key (session_key_jwe) obtained during the request for PRT would
be the symmetric key for the HS256 algorithm. How do we sign instead
with the device key? The private key for the device isn't symmetric. Do
we instead sign it with RS256? The spec doesn't explain.
Likewise, in section 3.2.5.1.2.1, the PRT request says we can use either
"a device key or session keys". The PRT request then explicitly states
that we will use the "RS256" alg. RS256 isn't symmetric, so how would we
then use the symmetric session key for signing?
--
David Mulder
Labs Software Engineer, Samba
SUSE
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com
http://www.suse.com
More information about the cifs-protocol
mailing list